mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-12 15:46:06 +00:00
814cda3fb4
Bump xtls/xray-core to 50231eaf (v26.7.11) and the three binary pins (DockerInit.sh, release.yml x2) in lockstep. Adapt the panel to the upstream changes: - Shadowsocks "none"/"plain" and VMess "none"/"zero" were removed from the core. A migration rewrites stored none/plain SS methods to a supported cipher and none/zero VMess security to "auto" (on both the clients column and inbound settings JSON); the SS build-time heal does the same so a row injected after boot cannot brick startup. The removed values are dropped from every frontend option list, schema and adapter, and coerced to "auto" at the Go link/sub/Clash emit sites and both link importers. Fix the CipherType_NONE sentinel that no longer compiles. - Unencrypted vless/trojan outbounds to a public address are now refused by the core. Validate outbounds through the vendored config loader when saving the xray template and when storing/merging outbound subscriptions, so one such outbound cannot keep the core from starting. - New TCP finalmask type "xmc" (Minecraft mimicry): add it to the sub link allowlist, the frontend enum and the FinalMask form (hostname, usernames, required password), and document it. - streamSettings gained a "method" alias for "network"; canonicalize it to "network" at inbound save time and in the form adapters/schema so a method-keyed config keeps its transport. - New root "env" config key is passed through xray.Config, compared in Equals, and forces a restart in the hot diff. - REALITY now defaults minClientVer to 26.3.27; update the form placeholder.
43 lines
1.7 KiB
Go
43 lines
1.7 KiB
Go
package xray
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
// TestValidateOutboundConfig_RejectsUnencryptedPublicVless covers xray-core
|
|
// v26.7.11's refusal to build an unencrypted vless outbound to a public
|
|
// address — the check now runs in-process, so the panel can surface it before
|
|
// a config reaches the core and bricks startup. A private-address outbound and
|
|
// a TLS outbound stay valid.
|
|
func TestValidateOutboundConfig_RejectsUnencryptedPublicVless(t *testing.T) {
|
|
publicPlaintext := `{
|
|
"protocol": "vless",
|
|
"settings": {"address": "1.2.3.4", "port": 443, "id": "b831381d-6324-4d53-ad4f-8cda48b30811", "encryption": "none"},
|
|
"streamSettings": {"network": "tcp", "security": "none"}
|
|
}`
|
|
if err := ValidateOutboundConfig([]byte(publicPlaintext)); err == nil {
|
|
t.Fatal("expected a public unencrypted vless outbound to be rejected")
|
|
} else if !strings.Contains(err.Error(), "prohibited") {
|
|
t.Fatalf("expected a prohibition error, got: %v", err)
|
|
}
|
|
|
|
privatePlaintext := `{
|
|
"protocol": "vless",
|
|
"settings": {"address": "10.0.0.1", "port": 443, "id": "b831381d-6324-4d53-ad4f-8cda48b30811", "encryption": "none"},
|
|
"streamSettings": {"network": "tcp", "security": "none"}
|
|
}`
|
|
if err := ValidateOutboundConfig([]byte(privatePlaintext)); err != nil {
|
|
t.Fatalf("a private-address plaintext vless outbound must stay valid, got: %v", err)
|
|
}
|
|
|
|
publicTLS := `{
|
|
"protocol": "vless",
|
|
"settings": {"address": "1.2.3.4", "port": 443, "id": "b831381d-6324-4d53-ad4f-8cda48b30811", "encryption": "none"},
|
|
"streamSettings": {"network": "tcp", "security": "tls", "tlsSettings": {"serverName": "example.com"}}
|
|
}`
|
|
if err := ValidateOutboundConfig([]byte(publicTLS)); err != nil {
|
|
t.Fatalf("a TLS-secured public vless outbound must stay valid, got: %v", err)
|
|
}
|
|
}
|