mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-12 07:36:07 +00:00
feat(xray): update xray-core to v26.7.11 and adapt panel
Bump xtls/xray-core to 50231eaf (v26.7.11) and the three binary pins (DockerInit.sh, release.yml x2) in lockstep. Adapt the panel to the upstream changes: - Shadowsocks "none"/"plain" and VMess "none"/"zero" were removed from the core. A migration rewrites stored none/plain SS methods to a supported cipher and none/zero VMess security to "auto" (on both the clients column and inbound settings JSON); the SS build-time heal does the same so a row injected after boot cannot brick startup. The removed values are dropped from every frontend option list, schema and adapter, and coerced to "auto" at the Go link/sub/Clash emit sites and both link importers. Fix the CipherType_NONE sentinel that no longer compiles. - Unencrypted vless/trojan outbounds to a public address are now refused by the core. Validate outbounds through the vendored config loader when saving the xray template and when storing/merging outbound subscriptions, so one such outbound cannot keep the core from starting. - New TCP finalmask type "xmc" (Minecraft mimicry): add it to the sub link allowlist, the frontend enum and the FinalMask form (hostname, usernames, required password), and document it. - streamSettings gained a "method" alias for "network"; canonicalize it to "network" at inbound save time and in the form adapters/schema so a method-keyed config keeps its transport. - New root "env" config key is passed through xray.Config, compared in Equals, and forces a restart in the hot diff. - REALITY now defaults minClientVer to 26.3.27; update the form placeholder.
This commit is contained in:
@@ -121,6 +121,12 @@ func initModels() error {
|
||||
if err := migrateLegacySocksInboundsToMixed(); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := migrateShadowsocksRemovedCiphers(); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := migrateVmessRemovedSecurities(); err != nil {
|
||||
return err
|
||||
}
|
||||
if IsPostgres() {
|
||||
if err := resyncPostgresSequences(db, models); err != nil {
|
||||
log.Printf("Error resyncing postgres sequences: %v", err)
|
||||
@@ -754,6 +760,125 @@ func migrateLegacySocksInboundsToMixed() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// migrateShadowsocksRemovedCiphers rewrites shadowsocks inbounds still using
|
||||
// the "none"/"plain" ciphers that xray-core v26.7.11 removed; one such row
|
||||
// makes the whole generated config unbuildable and keeps xray from starting.
|
||||
func migrateShadowsocksRemovedCiphers() error {
|
||||
var inbounds []model.Inbound
|
||||
if err := db.Where("protocol = ?", model.Shadowsocks).Find(&inbounds).Error; err != nil {
|
||||
return err
|
||||
}
|
||||
migrated := int64(0)
|
||||
for _, inbound := range inbounds {
|
||||
if strings.TrimSpace(inbound.Settings) == "" {
|
||||
continue
|
||||
}
|
||||
var settings map[string]any
|
||||
if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
|
||||
continue
|
||||
}
|
||||
changed := false
|
||||
if method, _ := settings["method"].(string); method != "" {
|
||||
if replacement, removed := model.ReplaceRemovedShadowsocksCipher(method); removed {
|
||||
settings["method"] = replacement
|
||||
changed = true
|
||||
}
|
||||
}
|
||||
if clients, ok := settings["clients"].([]any); ok {
|
||||
for i := range clients {
|
||||
cm, ok := clients[i].(map[string]any)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
method, _ := cm["method"].(string)
|
||||
if replacement, removed := model.ReplaceRemovedShadowsocksCipher(method); removed {
|
||||
cm["method"] = replacement
|
||||
clients[i] = cm
|
||||
changed = true
|
||||
}
|
||||
}
|
||||
}
|
||||
if !changed {
|
||||
continue
|
||||
}
|
||||
newSettings, err := json.MarshalIndent(settings, "", " ")
|
||||
if err != nil {
|
||||
log.Printf("migrateShadowsocksRemovedCiphers: skip inbound %d (marshal failed): %v", inbound.Id, err)
|
||||
continue
|
||||
}
|
||||
if err := db.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
|
||||
Update("settings", string(newSettings)).Error; err != nil {
|
||||
return err
|
||||
}
|
||||
migrated++
|
||||
}
|
||||
if migrated > 0 {
|
||||
log.Printf("Rewrote removed shadowsocks cipher on %d inbound(s)", migrated)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// migrateVmessRemovedSecurities rewrites the vmess "none"/"zero" security
|
||||
// values that xray-core v26.7.11 removed to "auto" (what the core now treats
|
||||
// them as), on both the clients column and each vmess inbound's settings.
|
||||
func migrateVmessRemovedSecurities() error {
|
||||
res := db.Exec("UPDATE clients SET security = 'auto' WHERE security IN ('none', 'zero')")
|
||||
if res.Error != nil {
|
||||
log.Printf("Error migrating removed vmess security values on clients: %v", res.Error)
|
||||
return res.Error
|
||||
}
|
||||
if res.RowsAffected > 0 {
|
||||
log.Printf("Migrated %d client(s) off removed vmess security values", res.RowsAffected)
|
||||
}
|
||||
var inbounds []model.Inbound
|
||||
if err := db.Where("protocol = ?", model.VMESS).Find(&inbounds).Error; err != nil {
|
||||
return err
|
||||
}
|
||||
migrated := int64(0)
|
||||
for _, inbound := range inbounds {
|
||||
if strings.TrimSpace(inbound.Settings) == "" {
|
||||
continue
|
||||
}
|
||||
var settings map[string]any
|
||||
if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
|
||||
continue
|
||||
}
|
||||
clients, ok := settings["clients"].([]any)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
changed := false
|
||||
for i := range clients {
|
||||
cm, ok := clients[i].(map[string]any)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
if security, _ := cm["security"].(string); security == "none" || security == "zero" {
|
||||
cm["security"] = "auto"
|
||||
clients[i] = cm
|
||||
changed = true
|
||||
}
|
||||
}
|
||||
if !changed {
|
||||
continue
|
||||
}
|
||||
newSettings, err := json.MarshalIndent(settings, "", " ")
|
||||
if err != nil {
|
||||
log.Printf("migrateVmessRemovedSecurities: skip inbound %d (marshal failed): %v", inbound.Id, err)
|
||||
continue
|
||||
}
|
||||
if err := db.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
|
||||
Update("settings", string(newSettings)).Error; err != nil {
|
||||
return err
|
||||
}
|
||||
migrated++
|
||||
}
|
||||
if migrated > 0 {
|
||||
log.Printf("Rewrote removed vmess security values on %d inbound(s)", migrated)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// normalizeInboundSubSortIndex lifts sub_sort_index values below the 1-based
|
||||
// minimum (rows written by builds that defaulted the column to 0, or by nodes
|
||||
// predating the field) so they cannot sort ahead of explicitly ranked inbounds.
|
||||
|
||||
@@ -442,8 +442,23 @@ func StripVlessInboundEncryption(settings string) (string, bool) {
|
||||
return string(out), true
|
||||
}
|
||||
|
||||
// HealShadowsocksClientMethods normalises the per-client `method` field
|
||||
// on a shadowsocks inbound's settings JSON before it leaves for xray-core:
|
||||
// ReplaceRemovedShadowsocksCipher maps ciphers that xray-core v26.7.11
|
||||
// deleted ("none"/"plain" make the whole config fail with "unknown cipher
|
||||
// method") to a still-supported replacement. Returns the replacement and
|
||||
// true when the given method is one of the removed ciphers.
|
||||
func ReplaceRemovedShadowsocksCipher(method string) (string, bool) {
|
||||
switch method {
|
||||
case "none", "plain":
|
||||
return "chacha20-ietf-poly1305", true
|
||||
}
|
||||
return method, false
|
||||
}
|
||||
|
||||
// HealShadowsocksClientMethods normalises the `method` fields on a
|
||||
// shadowsocks inbound's settings JSON before it leaves for xray-core:
|
||||
// - Ciphers removed upstream (none/plain): rewritten via
|
||||
// ReplaceRemovedShadowsocksCipher so one legacy row cannot prevent
|
||||
// xray from starting.
|
||||
// - Legacy ciphers (aes-*, chacha20-*): every client must carry a
|
||||
// per-user `method` matching the inbound's top-level method, otherwise
|
||||
// xray fails with "unsupported cipher method:".
|
||||
@@ -462,12 +477,24 @@ func HealShadowsocksClientMethods(settings string) (string, bool) {
|
||||
return settings, false
|
||||
}
|
||||
method, _ := parsed["method"].(string)
|
||||
changed := false
|
||||
if replacement, removed := ReplaceRemovedShadowsocksCipher(method); removed {
|
||||
method = replacement
|
||||
parsed["method"] = method
|
||||
changed = true
|
||||
}
|
||||
clients, ok := parsed["clients"].([]any)
|
||||
if !ok {
|
||||
return settings, false
|
||||
if !changed {
|
||||
return settings, false
|
||||
}
|
||||
out, err := json.MarshalIndent(parsed, "", " ")
|
||||
if err != nil {
|
||||
return settings, false
|
||||
}
|
||||
return string(out), true
|
||||
}
|
||||
is2022 := strings.HasPrefix(method, "2022-blake3-")
|
||||
changed := false
|
||||
for i := range clients {
|
||||
cm, ok := clients[i].(map[string]any)
|
||||
if !ok {
|
||||
|
||||
@@ -0,0 +1,43 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"testing"
|
||||
)
|
||||
|
||||
// TestHealShadowsocksClientMethods_RewritesRemovedCipher covers the last-gate
|
||||
// build-time heal for xray-core v26.7.11's removed "none"/"plain" ciphers: a
|
||||
// row that survives to config generation (restored backup, direct DB edit)
|
||||
// must be rewritten to a supported cipher on both the inbound method and its
|
||||
// clients so one such inbound cannot keep xray from starting.
|
||||
func TestHealShadowsocksClientMethods_RewritesRemovedCipher(t *testing.T) {
|
||||
settings := `{"method": "plain", "clients": [{"email": "a@x", "password": "p", "method": "plain"}]}`
|
||||
healed, ok := HealShadowsocksClientMethods(settings)
|
||||
if !ok {
|
||||
t.Fatal("expected heal to report a change for a removed cipher")
|
||||
}
|
||||
var parsed struct {
|
||||
Method string `json:"method"`
|
||||
Clients []map[string]any `json:"clients"`
|
||||
}
|
||||
if err := json.Unmarshal([]byte(healed), &parsed); err != nil {
|
||||
t.Fatalf("parse healed settings: %v", err)
|
||||
}
|
||||
if parsed.Method != "chacha20-ietf-poly1305" {
|
||||
t.Fatalf("expected inbound method rewritten to a supported cipher, got %q", parsed.Method)
|
||||
}
|
||||
if parsed.Clients[0]["method"] != "chacha20-ietf-poly1305" {
|
||||
t.Fatalf("expected client method to match the healed cipher, got %v", parsed.Clients[0]["method"])
|
||||
}
|
||||
}
|
||||
|
||||
func TestReplaceRemovedShadowsocksCipher(t *testing.T) {
|
||||
for _, method := range []string{"none", "plain"} {
|
||||
if got, removed := ReplaceRemovedShadowsocksCipher(method); !removed || got != "chacha20-ietf-poly1305" {
|
||||
t.Fatalf("ReplaceRemovedShadowsocksCipher(%q) = (%q, %v), want a supported replacement", method, got, removed)
|
||||
}
|
||||
}
|
||||
if got, removed := ReplaceRemovedShadowsocksCipher("aes-256-gcm"); removed || got != "aes-256-gcm" {
|
||||
t.Fatalf("ReplaceRemovedShadowsocksCipher(aes-256-gcm) = (%q, %v), want it left untouched", got, removed)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,117 @@
|
||||
package database
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"github.com/mhsanaei/3x-ui/v3/internal/database/model"
|
||||
)
|
||||
|
||||
// TestMigrateShadowsocksRemovedCiphers_RewritesNoneAndPlain covers the
|
||||
// xray-core v26.7.11 removal of the shadowsocks "none"/"plain" ciphers: one
|
||||
// such row makes the generated config unbuildable, so startup must rewrite
|
||||
// both the inbound method and any per-client method to a supported cipher and
|
||||
// leave a valid inbound untouched.
|
||||
func TestMigrateShadowsocksRemovedCiphers_RewritesNoneAndPlain(t *testing.T) {
|
||||
dbDir := t.TempDir()
|
||||
t.Setenv("XUI_DB_FOLDER", dbDir)
|
||||
if err := InitDB(filepath.Join(dbDir, "x-ui.db")); err != nil {
|
||||
t.Fatalf("InitDB failed: %v", err)
|
||||
}
|
||||
t.Cleanup(func() { _ = CloseDB() })
|
||||
|
||||
removed := `{"method": "none", "clients": [{"email": "a@x", "password": "p", "method": "plain"}]}`
|
||||
dirty := model.Inbound{UserId: 1, Port: 31001, Protocol: model.Shadowsocks, Tag: "ss-removed", Settings: removed}
|
||||
if err := db.Create(&dirty).Error; err != nil {
|
||||
t.Fatalf("create dirty inbound: %v", err)
|
||||
}
|
||||
|
||||
valid := `{"method": "aes-256-gcm", "clients": [{"email": "b@x", "password": "p"}]}`
|
||||
clean := model.Inbound{UserId: 1, Port: 31002, Protocol: model.Shadowsocks, Tag: "ss-valid", Settings: valid}
|
||||
if err := db.Create(&clean).Error; err != nil {
|
||||
t.Fatalf("create clean inbound: %v", err)
|
||||
}
|
||||
|
||||
if err := migrateShadowsocksRemovedCiphers(); err != nil {
|
||||
t.Fatalf("migrateShadowsocksRemovedCiphers: %v", err)
|
||||
}
|
||||
|
||||
var gotDirty model.Inbound
|
||||
if err := db.First(&gotDirty, dirty.Id).Error; err != nil {
|
||||
t.Fatalf("reload dirty inbound: %v", err)
|
||||
}
|
||||
var parsed struct {
|
||||
Method string `json:"method"`
|
||||
Clients []map[string]any `json:"clients"`
|
||||
}
|
||||
if err := json.Unmarshal([]byte(gotDirty.Settings), &parsed); err != nil {
|
||||
t.Fatalf("parse repaired settings: %v", err)
|
||||
}
|
||||
if parsed.Method != "chacha20-ietf-poly1305" {
|
||||
t.Fatalf("expected inbound method rewritten, got %q", parsed.Method)
|
||||
}
|
||||
if parsed.Clients[0]["method"] != "chacha20-ietf-poly1305" {
|
||||
t.Fatalf("expected client method rewritten, got %v", parsed.Clients[0]["method"])
|
||||
}
|
||||
|
||||
var gotClean model.Inbound
|
||||
if err := db.First(&gotClean, clean.Id).Error; err != nil {
|
||||
t.Fatalf("reload clean inbound: %v", err)
|
||||
}
|
||||
if gotClean.Settings != valid {
|
||||
t.Fatalf("valid inbound was rewritten:\nbefore: %s\nafter: %s", valid, gotClean.Settings)
|
||||
}
|
||||
}
|
||||
|
||||
// TestMigrateVmessRemovedSecurities_RewritesNoneAndZero covers the v26.7.11
|
||||
// removal of vmess "none"/"zero" security values: startup rewrites them to
|
||||
// "auto" on both the clients column and each vmess inbound's settings JSON.
|
||||
func TestMigrateVmessRemovedSecurities_RewritesNoneAndZero(t *testing.T) {
|
||||
dbDir := t.TempDir()
|
||||
t.Setenv("XUI_DB_FOLDER", dbDir)
|
||||
if err := InitDB(filepath.Join(dbDir, "x-ui.db")); err != nil {
|
||||
t.Fatalf("InitDB failed: %v", err)
|
||||
}
|
||||
t.Cleanup(func() { _ = CloseDB() })
|
||||
|
||||
settings := `{"clients": [{"id": "u1", "email": "a@x", "security": "none"},` +
|
||||
`{"id": "u2", "email": "b@x", "security": "zero"},` +
|
||||
`{"id": "u3", "email": "c@x", "security": "aes-128-gcm"}]}`
|
||||
inbound := model.Inbound{UserId: 1, Port: 32001, Protocol: model.VMESS, Tag: "vmess-removed", Settings: settings}
|
||||
if err := db.Create(&inbound).Error; err != nil {
|
||||
t.Fatalf("create vmess inbound: %v", err)
|
||||
}
|
||||
if err := db.Create(&model.ClientRecord{Email: "a@x", Security: "zero", Enable: true}).Error; err != nil {
|
||||
t.Fatalf("create client record: %v", err)
|
||||
}
|
||||
|
||||
if err := migrateVmessRemovedSecurities(); err != nil {
|
||||
t.Fatalf("migrateVmessRemovedSecurities: %v", err)
|
||||
}
|
||||
|
||||
var got model.Inbound
|
||||
if err := db.First(&got, inbound.Id).Error; err != nil {
|
||||
t.Fatalf("reload inbound: %v", err)
|
||||
}
|
||||
var parsed struct {
|
||||
Clients []map[string]any `json:"clients"`
|
||||
}
|
||||
if err := json.Unmarshal([]byte(got.Settings), &parsed); err != nil {
|
||||
t.Fatalf("parse settings: %v", err)
|
||||
}
|
||||
if parsed.Clients[0]["security"] != "auto" || parsed.Clients[1]["security"] != "auto" {
|
||||
t.Fatalf("expected removed securities rewritten to auto, got %v", parsed.Clients)
|
||||
}
|
||||
if parsed.Clients[2]["security"] != "aes-128-gcm" {
|
||||
t.Fatalf("expected valid security untouched, got %v", parsed.Clients[2]["security"])
|
||||
}
|
||||
|
||||
var rec model.ClientRecord
|
||||
if err := db.Where("email = ?", "a@x").First(&rec).Error; err != nil {
|
||||
t.Fatalf("reload client record: %v", err)
|
||||
}
|
||||
if rec.Security != "auto" {
|
||||
t.Fatalf("expected client record security rewritten to auto, got %q", rec.Security)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user