mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-12 07:36:07 +00:00
feat(xray): update xray-core to v26.7.11 and adapt panel
Bump xtls/xray-core to 50231eaf (v26.7.11) and the three binary pins (DockerInit.sh, release.yml x2) in lockstep. Adapt the panel to the upstream changes: - Shadowsocks "none"/"plain" and VMess "none"/"zero" were removed from the core. A migration rewrites stored none/plain SS methods to a supported cipher and none/zero VMess security to "auto" (on both the clients column and inbound settings JSON); the SS build-time heal does the same so a row injected after boot cannot brick startup. The removed values are dropped from every frontend option list, schema and adapter, and coerced to "auto" at the Go link/sub/Clash emit sites and both link importers. Fix the CipherType_NONE sentinel that no longer compiles. - Unencrypted vless/trojan outbounds to a public address are now refused by the core. Validate outbounds through the vendored config loader when saving the xray template and when storing/merging outbound subscriptions, so one such outbound cannot keep the core from starting. - New TCP finalmask type "xmc" (Minecraft mimicry): add it to the sub link allowlist, the frontend enum and the FinalMask form (hostname, usernames, required password), and document it. - streamSettings gained a "method" alias for "network"; canonicalize it to "network" at inbound save time and in the form adapters/schema so a method-keyed config keeps its transport. - New root "env" config key is passed through xray.Config, compared in Equals, and forces a restart in the hot diff. - REALITY now defaults minClientVer to 26.3.27; update the form placeholder.
This commit is contained in:
@@ -236,11 +236,7 @@ func (s *SubClashService) buildProxy(subReq *SubService, inbound *model.Inbound,
|
||||
proxy["type"] = "vmess"
|
||||
proxy["uuid"] = client.ID
|
||||
proxy["alterId"] = 0
|
||||
cipher := client.Security
|
||||
if cipher == "" {
|
||||
cipher = "auto"
|
||||
}
|
||||
proxy["cipher"] = cipher
|
||||
proxy["cipher"] = normalizeVmessSecurity(client.Security)
|
||||
case model.VLESS:
|
||||
proxy["type"] = "vless"
|
||||
proxy["uuid"] = applyVlessRoute(client.ID, hostVlessRoute(ep))
|
||||
|
||||
@@ -384,10 +384,7 @@ func (s *SubJsonService) genVnext(inbound *model.Inbound, streamSettings json_ut
|
||||
}
|
||||
outbound.StreamSettings = streamSettings
|
||||
|
||||
security := client.Security
|
||||
if security == "" {
|
||||
security = "auto"
|
||||
}
|
||||
security := normalizeVmessSecurity(client.Security)
|
||||
outbound.Settings = map[string]any{
|
||||
"address": inbound.Listen,
|
||||
"port": inbound.Port,
|
||||
|
||||
+14
-1
@@ -714,7 +714,7 @@ func (s *SubService) genVmessLink(inbound *model.Inbound, email string) string {
|
||||
return ""
|
||||
}
|
||||
obj["id"] = client.ID
|
||||
obj["scy"] = client.Security
|
||||
obj["scy"] = normalizeVmessSecurity(client.Security)
|
||||
|
||||
externalProxies, _ := stream["externalProxy"].([]any)
|
||||
|
||||
@@ -726,6 +726,18 @@ func (s *SubService) genVmessLink(inbound *model.Inbound, email string) string {
|
||||
return buildVmessLink(obj)
|
||||
}
|
||||
|
||||
// normalizeVmessSecurity maps the vmess security values xray-core v26.7.11
|
||||
// removed ("none"/"zero"), plus the legacy empty string, to "auto" so links
|
||||
// and subscriptions stop advertising values the upgraded server rejects on
|
||||
// the wire.
|
||||
func normalizeVmessSecurity(security string) string {
|
||||
switch security {
|
||||
case "", "none", "zero":
|
||||
return "auto"
|
||||
}
|
||||
return security
|
||||
}
|
||||
|
||||
// vlessEncryptionEnabled reports whether the VLESS inbound settings enable
|
||||
// VLESS-level encryption (vlessenc / ML-KEM). When on, the encryption/decryption
|
||||
// fields hold a generated dotted string (e.g. "mlkem768x25519plus.native.0rtt.<key>");
|
||||
@@ -2131,6 +2143,7 @@ var validFinalMaskTCPTypes = map[string]struct{}{
|
||||
"header-custom": {},
|
||||
"fragment": {},
|
||||
"sudoku": {},
|
||||
"xmc": {},
|
||||
}
|
||||
|
||||
// applyKcpShareParams reconstructs legacy KCP share-link fields from either
|
||||
|
||||
@@ -1016,6 +1016,21 @@ func TestMarshalFinalMask_UnknownTypeIsDropped(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestMarshalFinalMask_KeepsXmcTcpMask(t *testing.T) {
|
||||
fm := map[string]any{
|
||||
"tcp": []any{
|
||||
map[string]any{"type": "xmc", "settings": map[string]any{"password": "p"}},
|
||||
},
|
||||
}
|
||||
out, ok := marshalFinalMask(fm)
|
||||
if !ok {
|
||||
t.Fatal("expected ok=true for an xmc tcp mask")
|
||||
}
|
||||
if !strings.Contains(out, "xmc") {
|
||||
t.Fatalf("marshaled finalmask dropped the xmc mask: %s", out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHasFinalMaskContent(t *testing.T) {
|
||||
if hasFinalMaskContent(nil) {
|
||||
t.Fatal("nil should not count as content")
|
||||
|
||||
Reference in New Issue
Block a user