feat(xray): update xray-core to v26.7.11 and adapt panel

Bump xtls/xray-core to 50231eaf (v26.7.11) and the three binary pins
(DockerInit.sh, release.yml x2) in lockstep.

Adapt the panel to the upstream changes:

- Shadowsocks "none"/"plain" and VMess "none"/"zero" were removed from
  the core. A migration rewrites stored none/plain SS methods to a
  supported cipher and none/zero VMess security to "auto" (on both the
  clients column and inbound settings JSON); the SS build-time heal does
  the same so a row injected after boot cannot brick startup. The removed
  values are dropped from every frontend option list, schema and adapter,
  and coerced to "auto" at the Go link/sub/Clash emit sites and both link
  importers. Fix the CipherType_NONE sentinel that no longer compiles.

- Unencrypted vless/trojan outbounds to a public address are now refused
  by the core. Validate outbounds through the vendored config loader when
  saving the xray template and when storing/merging outbound
  subscriptions, so one such outbound cannot keep the core from starting.

- New TCP finalmask type "xmc" (Minecraft mimicry): add it to the sub
  link allowlist, the frontend enum and the FinalMask form (hostname,
  usernames, required password), and document it.

- streamSettings gained a "method" alias for "network"; canonicalize it
  to "network" at inbound save time and in the form adapters/schema so a
  method-keyed config keeps its transport.

- New root "env" config key is passed through xray.Config, compared in
  Equals, and forces a restart in the hot diff.

- REALITY now defaults minClientVer to 26.3.27; update the form
  placeholder.
This commit is contained in:
MHSanaei
2026-07-12 00:30:47 +02:00
parent affcf6c422
commit 814cda3fb4
39 changed files with 709 additions and 69 deletions
+125
View File
@@ -121,6 +121,12 @@ func initModels() error {
if err := migrateLegacySocksInboundsToMixed(); err != nil {
return err
}
if err := migrateShadowsocksRemovedCiphers(); err != nil {
return err
}
if err := migrateVmessRemovedSecurities(); err != nil {
return err
}
if IsPostgres() {
if err := resyncPostgresSequences(db, models); err != nil {
log.Printf("Error resyncing postgres sequences: %v", err)
@@ -754,6 +760,125 @@ func migrateLegacySocksInboundsToMixed() error {
return nil
}
// migrateShadowsocksRemovedCiphers rewrites shadowsocks inbounds still using
// the "none"/"plain" ciphers that xray-core v26.7.11 removed; one such row
// makes the whole generated config unbuildable and keeps xray from starting.
func migrateShadowsocksRemovedCiphers() error {
var inbounds []model.Inbound
if err := db.Where("protocol = ?", model.Shadowsocks).Find(&inbounds).Error; err != nil {
return err
}
migrated := int64(0)
for _, inbound := range inbounds {
if strings.TrimSpace(inbound.Settings) == "" {
continue
}
var settings map[string]any
if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
continue
}
changed := false
if method, _ := settings["method"].(string); method != "" {
if replacement, removed := model.ReplaceRemovedShadowsocksCipher(method); removed {
settings["method"] = replacement
changed = true
}
}
if clients, ok := settings["clients"].([]any); ok {
for i := range clients {
cm, ok := clients[i].(map[string]any)
if !ok {
continue
}
method, _ := cm["method"].(string)
if replacement, removed := model.ReplaceRemovedShadowsocksCipher(method); removed {
cm["method"] = replacement
clients[i] = cm
changed = true
}
}
}
if !changed {
continue
}
newSettings, err := json.MarshalIndent(settings, "", " ")
if err != nil {
log.Printf("migrateShadowsocksRemovedCiphers: skip inbound %d (marshal failed): %v", inbound.Id, err)
continue
}
if err := db.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
Update("settings", string(newSettings)).Error; err != nil {
return err
}
migrated++
}
if migrated > 0 {
log.Printf("Rewrote removed shadowsocks cipher on %d inbound(s)", migrated)
}
return nil
}
// migrateVmessRemovedSecurities rewrites the vmess "none"/"zero" security
// values that xray-core v26.7.11 removed to "auto" (what the core now treats
// them as), on both the clients column and each vmess inbound's settings.
func migrateVmessRemovedSecurities() error {
res := db.Exec("UPDATE clients SET security = 'auto' WHERE security IN ('none', 'zero')")
if res.Error != nil {
log.Printf("Error migrating removed vmess security values on clients: %v", res.Error)
return res.Error
}
if res.RowsAffected > 0 {
log.Printf("Migrated %d client(s) off removed vmess security values", res.RowsAffected)
}
var inbounds []model.Inbound
if err := db.Where("protocol = ?", model.VMESS).Find(&inbounds).Error; err != nil {
return err
}
migrated := int64(0)
for _, inbound := range inbounds {
if strings.TrimSpace(inbound.Settings) == "" {
continue
}
var settings map[string]any
if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
continue
}
clients, ok := settings["clients"].([]any)
if !ok {
continue
}
changed := false
for i := range clients {
cm, ok := clients[i].(map[string]any)
if !ok {
continue
}
if security, _ := cm["security"].(string); security == "none" || security == "zero" {
cm["security"] = "auto"
clients[i] = cm
changed = true
}
}
if !changed {
continue
}
newSettings, err := json.MarshalIndent(settings, "", " ")
if err != nil {
log.Printf("migrateVmessRemovedSecurities: skip inbound %d (marshal failed): %v", inbound.Id, err)
continue
}
if err := db.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
Update("settings", string(newSettings)).Error; err != nil {
return err
}
migrated++
}
if migrated > 0 {
log.Printf("Rewrote removed vmess security values on %d inbound(s)", migrated)
}
return nil
}
// normalizeInboundSubSortIndex lifts sub_sort_index values below the 1-based
// minimum (rows written by builds that defaulted the column to 0, or by nodes
// predating the field) so they cannot sort ahead of explicitly ranked inbounds.