mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-06-28 00:24:19 +00:00
MHSanaei
718b7e16e1
- Move Routing out of the Xray Configs submenu; add Routing and Outbounds as top-level sidebar items below Hosts - Give them their own clean routes (/routing, /outbound) instead of /xray#routing and /xray#outbound, registered in the React router and the Go SPA shell so direct links and refresh work - XrayPage derives the active section from the pathname for those routes - Add menu.routing and menu.outbounds translation keys across all locales
71 lines
2.4 KiB
Go
71 lines
2.4 KiB
Go
package controller
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/mhsanaei/3x-ui/v3/internal/web/entity"
|
|
"github.com/mhsanaei/3x-ui/v3/internal/web/middleware"
|
|
"github.com/mhsanaei/3x-ui/v3/internal/web/session"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// XUIController is the main controller for the X-UI panel, serving the SPA shell.
|
|
type XUIController struct {
|
|
BaseController
|
|
}
|
|
|
|
// NewXUIController creates a new XUIController and initializes its routes.
|
|
func NewXUIController(g *gin.RouterGroup) *XUIController {
|
|
a := &XUIController{}
|
|
a.initRouter(g)
|
|
return a
|
|
}
|
|
|
|
// initRouter sets up the main panel routes and initializes sub-controllers.
|
|
//
|
|
// The HTML routes all hand the same single-page-app shell (index.html) to the
|
|
// browser; React Router takes over and renders the correct page from the URL.
|
|
// The /panel/api, /panel/setting, /panel/xray sub-routers register POST/JSON
|
|
// endpoints on different paths and stay untouched by the shell handler.
|
|
func (a *XUIController) initRouter(g *gin.RouterGroup) {
|
|
g = g.Group("/panel")
|
|
g.Use(a.checkLogin)
|
|
g.Use(middleware.CSRFMiddleware())
|
|
|
|
g.GET("/", a.panelSPA)
|
|
g.GET("/inbounds", a.panelSPA)
|
|
g.GET("/clients", a.panelSPA)
|
|
g.GET("/groups", a.panelSPA)
|
|
g.GET("/nodes", a.panelSPA)
|
|
g.GET("/settings", a.panelSPA)
|
|
g.GET("/xray", a.panelSPA)
|
|
g.GET("/outbound", a.panelSPA)
|
|
g.GET("/routing", a.panelSPA)
|
|
g.GET("/api-docs", a.panelSPA)
|
|
|
|
// SPA pages built by Vite don't have a server-rendered <meta name="csrf-token">,
|
|
// so they fetch the session token via this endpoint at startup and replay it
|
|
// on subsequent unsafe requests through axios.
|
|
g.GET("/csrf-token", a.csrfToken)
|
|
}
|
|
|
|
// panelSPA serves the React SPA shell. Every GET under /panel/ that isn't an
|
|
// API endpoint returns the same index.html — React Router reads the URL and
|
|
// mounts the matching page on the client.
|
|
func (a *XUIController) panelSPA(c *gin.Context) {
|
|
serveDistPage(c, "index.html")
|
|
}
|
|
|
|
// csrfToken returns the session CSRF token to authenticated SPA clients.
|
|
// The endpoint is GET (a safe method) so it bypasses CSRFMiddleware itself,
|
|
// but checkLogin still gates the response — anonymous callers get 401/redirect.
|
|
func (a *XUIController) csrfToken(c *gin.Context) {
|
|
token, err := session.EnsureCSRFToken(c)
|
|
if err != nil {
|
|
c.JSON(http.StatusInternalServerError, entity.Msg{Success: false, Msg: err.Error()})
|
|
return
|
|
}
|
|
c.JSON(http.StatusOK, entity.Msg{Success: true, Obj: token})
|
|
}
|