Added curl dependency to Dockerfile for improved functionality (#3617 )

Co-authored-by: lolka1333 <test123@gmail.com>
fix
2026-03-19 17:15:49 +00:00 · 2026-01-03 17:18:28 +01:00 · 2026-01-03 07:27:39 +01:00 · 2026-01-03 06:44:39 +01:00 · 2026-01-03 06:41:40 +01:00 · 2026-01-03 05:56:35 +01:00
96 changed files with 5649 additions and 1365 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,4 @@
 XUI_DEBUG=true
 XUI_DB_FOLDER=x-ui
 XUI_LOG_FOLDER=x-ui
 XUI_BIN_FOLDER=x-ui
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -1,7 +1,9 @@
 name: Release 3X-UI for Docker
 permissions:
  contents: read
  packages: write
 on:
  workflow_dispatch:
  push:
@@ -13,48 +15,48 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v5
+      - uses: actions/checkout@v5
-      with:
+        with:
-        submodules: true
+          submodules: true
    - name: Docker meta
      id: meta
      uses: docker/metadata-action@v5
      with:
        images: |
          hsanaeii/3x-ui
          ghcr.io/mhsanaei/3x-ui
        tags: |
          type=ref,event=branch
          type=ref,event=tag
          type=pep440,pattern={{version}}
-    - name: Set up QEMU
+      - name: Docker meta
-      uses: docker/setup-qemu-action@v3
+        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            hsanaeii/3x-ui
            ghcr.io/mhsanaei/3x-ui
          tags: |
            type=ref,event=branch
            type=ref,event=tag
            type=semver,pattern={{version}}
-    - name: Set up Docker Buildx
+      - name: Set up QEMU
-      uses: docker/setup-buildx-action@v3
+        uses: docker/setup-qemu-action@v3
      with:
        install: true
-    - name: Login to Docker Hub
+      - name: Set up Docker Buildx
-      uses: docker/login-action@v3
+        uses: docker/setup-buildx-action@v3
-      with:
+        with:
-        username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          install: true
        password: ${{ secrets.DOCKER_HUB_TOKEN }}
-    - name: Login to GHCR
+      - name: Login to Docker Hub
-      uses: docker/login-action@v3
+        uses: docker/login-action@v3
-      with:
+        with:
-        registry: ghcr.io
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-        username: ${{ github.repository_owner }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
        password: ${{ secrets.GITHUB_TOKEN }}
-    - name: Build and push Docker image
+      - name: Login to GHCR
-      uses: docker/build-push-action@v6
+        uses: docker/login-action@v3
-      with:
+        with:
-        context: .
+          registry: ghcr.io
-        push: true
+          username: ${{ github.actor }}
-        platforms: linux/amd64, linux/arm64/v8, linux/arm/v7, linux/arm/v6, linux/386
+          password: ${{ secrets.GITHUB_TOKEN }}
-        tags: ${{ steps.meta.outputs.tags }}
+
-        labels: ${{ steps.meta.outputs.labels }}
+      - name: Build and push Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          platforms: linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,7 +17,8 @@ on:
      - '**.go'
      - 'go.mod'
      - 'go.sum'
-      - 'x-ui.service'
+      - 'x-ui.service.debian'
      - 'x-ui.service.rhel'
 jobs:
  build:
@@ -78,14 +79,15 @@ jobs:
          mkdir x-ui
          cp xui-release x-ui/
-          cp x-ui.service x-ui/
+          cp x-ui.service.debian x-ui/
          cp x-ui.service.rhel x-ui/
          cp x-ui.sh x-ui/
          mv x-ui/xui-release x-ui/x-ui
          mkdir x-ui/bin
          cd x-ui/bin
          # Download dependencies
-          Xray_URL="https://github.com/XTLS/Xray-core/releases/download/v25.9.11/"
+          Xray_URL="https://github.com/XTLS/Xray-core/releases/download/v25.12.8/"
          if [ "${{ matrix.platform }}" == "amd64" ]; then
            wget -q ${Xray_URL}Xray-linux-64.zip
            unzip Xray-linux-64.zip
@@ -183,7 +185,7 @@ jobs:
          cd x-ui\bin
          # Download Xray for Windows
-          $Xray_URL = "https://github.com/XTLS/Xray-core/releases/download/v25.9.11/"
+          $Xray_URL = "https://github.com/XTLS/Xray-core/releases/download/v25.12.8/"
          Invoke-WebRequest -Uri "${Xray_URL}Xray-windows-64.zip" -OutFile "Xray-windows-64.zip"
          Expand-Archive -Path "Xray-windows-64.zip" -DestinationPath .
          Remove-Item "Xray-windows-64.zip"
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -5,36 +5,71 @@
      "label": "go: build",
      "type": "shell",
      "command": "go",
-      "args": ["build", "-o", "bin/3x-ui.exe", "./main.go"],
+      "args": [
        "build",
        "-o",
        "bin/3x-ui.exe",
        "./main.go"
      ],
      "options": {
        "cwd": "${workspaceFolder}"
      },
-      "problemMatcher": ["$go"],
+      "problemMatcher": [
-      "group": { "kind": "build", "isDefault": true }
+        "$go"
      ],
      "group": {
        "kind": "build",
        "isDefault": true
      }
    },
    {
      "label": "go: run",
      "type": "shell",
      "command": "go",
-      "args": ["run", "./main.go"],
+      "args": [
        "run",
        "./main.go"
      ],
      "options": {
        "cwd": "${workspaceFolder}",
        "env": {
          "XUI_DEBUG": "true"
        }
      },
-      "problemMatcher": ["$go"]
+      "problemMatcher": [
        "$go"
      ]
    },
    {
      "label": "go: test",
      "type": "shell",
      "command": "go",
-      "args": ["test", "./..."],
+      "args": [
        "test",
        "./..."
      ],
      "options": {
        "cwd": "${workspaceFolder}"
      },
-      "problemMatcher": ["$go"],
+      "problemMatcher": [
        "$go"
      ],
      "group": "test"
    },
    {
      "label": "go: vet",
      "type": "shell",
      "command": "go",
      "args": [
        "vet",
        "./..."
      ],
      "options": {
        "cwd": "${workspaceFolder}"
      },
      "problemMatcher": [
        "$go"
      ]
    }
  ]
-}
+}
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,5 @@
 ## Local Development Setup
 - Create a directory named `x-ui` in the project root 
 - Rename `.env.example` to `.env `
 - Run `main.go`
--- a/DockerInit.sh
+++ b/DockerInit.sh
@@ -27,14 +27,14 @@ case $1 in
 esac
 mkdir -p build/bin
 cd build/bin
-wget -q "https://github.com/XTLS/Xray-core/releases/download/v25.9.11/Xray-linux-${ARCH}.zip"
+curl -sfLRO "https://github.com/XTLS/Xray-core/releases/download/v25.12.8/Xray-linux-${ARCH}.zip"
 unzip "Xray-linux-${ARCH}.zip"
 rm -f "Xray-linux-${ARCH}.zip" geoip.dat geosite.dat
 mv xray "xray-linux-${FNAME}"
-wget -q https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
+curl -sfLRO https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
-wget -q https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
+curl -sfLRO https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
-wget -q -O geoip_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geoip.dat
+curl -sfLRo geoip_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geoip.dat
-wget -q -O geosite_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geosite.dat
+curl -sfLRo geosite_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geosite.dat
-wget -q -O geoip_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geoip.dat
+curl -sfLRo geoip_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geoip.dat
-wget -q -O geosite_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geosite.dat
+curl -sfLRo geosite_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geosite.dat
 cd ../../
--- a/2
+++ b/2
@@ -8,7 +8,7 @@ ARG TARGETARCH
 RUN apk --no-cache --update add \
  build-base \
  gcc \
-  wget \
+  curl \
  unzip
 COPY . .
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@
 **3X-UI** — advanced, open-source web-based control panel designed for managing Xray-core server. It offers a user-friendly interface for configuring and monitoring various VPN and proxy protocols.
 > [!IMPORTANT]
-> This project is only for personal using, please do not use it for illegal purposes, please do not use it in a production environment.
+> This project is only for personal usage, please do not use it for illegal purposes, and please do not use it in a production environment.
 As an enhanced fork of the original X-UI project, 3X-UI provides improved stability, broader protocol support, and additional features.
--- a/config/config.go
+++ b/config/config.go
@@ -109,7 +109,7 @@ func GetLogFolder() string {
 	if runtime.GOOS == "windows" {
 		return filepath.Join(".", "log")
 	}
-	return "/var/log"
+	return "/var/log/x-ui"
 }
 func copyFile(src, dst string) error {
--- a/config/version
+++ b/config/version
@@ -1 +1 @@
-2.8.3
+2.8.6
--- a/database/db.go
+++ b/database/db.go
@@ -4,6 +4,7 @@ package database
 import (
 	"bytes"
 	"errors"
 	"io"
 	"io/fs"
 	"log"
@@ -199,3 +200,29 @@ func Checkpoint() error {
 	}
 	return nil
 }
 // ValidateSQLiteDB opens the provided sqlite DB path with a throw-away connection
 // and runs a PRAGMA integrity_check to ensure the file is structurally sound.
 // It does not mutate global state or run migrations.
 func ValidateSQLiteDB(dbPath string) error {
 	if _, err := os.Stat(dbPath); err != nil { // file must exist
 		return err
 	}
 	gdb, err := gorm.Open(sqlite.Open(dbPath), &gorm.Config{Logger: logger.Discard})
 	if err != nil {
 		return err
 	}
 	sqlDB, err := gdb.DB()
 	if err != nil {
 		return err
 	}
 	defer sqlDB.Close()
 	var res string
 	if err := gdb.Raw("PRAGMA integrity_check;").Scan(&res).Error; err != nil {
 		return err
 	}
 	if res != "ok" {
 		return errors.New("sqlite integrity check failed: " + res)
 	}
 	return nil
 }
--- a/go.mod
+++ b/go.mod
@@ -1,102 +1,103 @@
 module github.com/mhsanaei/3x-ui/v2
-go 1.25.1
+go 1.25.5
 require (
-	github.com/gin-contrib/gzip v1.2.3
+	github.com/gin-contrib/gzip v1.2.5
 	github.com/gin-contrib/sessions v1.0.4
 	github.com/gin-gonic/gin v1.11.0
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/goccy/go-json v0.10.5
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/websocket v1.5.3
 	github.com/joho/godotenv v1.5.1
-	github.com/mymmrac/telego v1.3.0
+	github.com/mymmrac/telego v1.4.0
-	github.com/nicksnyder/go-i18n/v2 v2.6.0
+	github.com/nicksnyder/go-i18n/v2 v2.6.1
 	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
 	github.com/pelletier/go-toml/v2 v2.2.4
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/shirou/gopsutil/v4 v4.25.8
+	github.com/shirou/gopsutil/v4 v4.25.12
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
-	github.com/valyala/fasthttp v1.66.0
+	github.com/valyala/fasthttp v1.68.0
 	github.com/xlzd/gotp v0.1.0
-	github.com/xtls/xray-core v1.250911.0
+	github.com/xtls/xray-core v1.251208.0
 	go.uber.org/atomic v1.11.0
-	golang.org/x/crypto v0.42.0
+	golang.org/x/crypto v0.46.0
-	golang.org/x/sys v0.36.0
+	golang.org/x/sys v0.39.0
-	golang.org/x/text v0.29.0
+	golang.org/x/text v0.32.0
-	google.golang.org/grpc v1.75.1
+	google.golang.org/grpc v1.78.0
 	gorm.io/driver/sqlite v1.6.0
-	gorm.io/gorm v1.31.0
+	gorm.io/gorm v1.31.1
 )
 require (
 	github.com/Azure/go-ntlmssp v0.1.0 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
 	github.com/bytedance/gopkg v0.1.3 // indirect
-	github.com/bytedance/sonic v1.14.1 // indirect
+	github.com/bytedance/sonic v1.14.2 // indirect
-	github.com/bytedance/sonic/loader v0.3.0 // indirect
+	github.com/bytedance/sonic/loader v0.4.0 // indirect
-	github.com/cloudflare/circl v1.6.1 // indirect
+	github.com/cloudflare/circl v1.6.2 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/dgryski/go-metro v0.0.0-20250106013310-edb8663e5e33 // indirect
-	github.com/ebitengine/purego v0.9.0 // indirect
+	github.com/ebitengine/purego v0.9.1 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.27.0 // indirect
+	github.com/go-playground/validator/v10 v10.30.1 // indirect
-	github.com/goccy/go-yaml v1.18.0 // indirect
+	github.com/goccy/go-yaml v1.19.1 // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/sessions v1.4.0 // indirect
 	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/grbit/go-json v0.11.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/juju/ratelimit v1.0.2 // indirect
-	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/klauspost/compress v1.18.2 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/lufia/plan9stats v0.0.0-20250827001030-24949be3fa54 // indirect
+	github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-sqlite3 v1.14.32 // indirect
+	github.com/mattn/go-sqlite3 v1.14.33 // indirect
-	github.com/miekg/dns v1.1.68 // indirect
+	github.com/miekg/dns v1.1.69 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pires/go-proxyproto v0.8.1 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
-	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
-	github.com/quic-go/quic-go v0.54.0 // indirect
+	github.com/quic-go/quic-go v0.58.0 // indirect
-	github.com/refraction-networking/utls v1.8.0 // indirect
+	github.com/refraction-networking/utls v1.8.1 // indirect
 	github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect
 	github.com/rogpeppe/go-internal v1.14.1 // indirect
-	github.com/sagernet/sing v0.7.10 // indirect
+	github.com/sagernet/sing v0.7.14 // indirect
 	github.com/sagernet/sing-shadowsocks v0.2.9 // indirect
 	github.com/seiflotfy/cuckoofilter v0.0.0-20240715131351-a2f2c23f1771 // indirect
-	github.com/tklauser/go-sysconf v0.3.15 // indirect
+	github.com/tklauser/go-sysconf v0.3.16 // indirect
-	github.com/tklauser/numcpus v0.10.0 // indirect
+	github.com/tklauser/numcpus v0.11.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.3.0 // indirect
+	github.com/ugorji/go/codec v1.3.1 // indirect
 	github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	github.com/valyala/fastjson v1.6.4 // indirect
+	github.com/valyala/fastjson v1.6.7 // indirect
 	github.com/vishvananda/netlink v1.3.1 // indirect
 	github.com/vishvananda/netns v0.0.5 // indirect
-	github.com/xtls/reality v0.0.0-20250904214705-431b6ff8c67c // indirect
+	github.com/xtls/reality v0.0.0-20251116175510-cd53f7d50237 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	go.uber.org/mock v0.6.0 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
-	golang.org/x/arch v0.21.0 // indirect
+	golang.org/x/arch v0.23.0 // indirect
-	golang.org/x/mod v0.28.0 // indirect
+	golang.org/x/mod v0.31.0 // indirect
-	golang.org/x/net v0.44.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
-	golang.org/x/sync v0.17.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
-	golang.org/x/time v0.13.0 // indirect
+	golang.org/x/time v0.14.0 // indirect
-	golang.org/x/tools v0.37.0 // indirect
+	golang.org/x/tools v0.40.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
-	google.golang.org/protobuf v1.36.9 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
 	gvisor.dev/gvisor v0.0.0-20250503011706-39ed1f5ac29c // indirect
 	lukechampine.com/blake3 v1.4.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,38 +1,45 @@
-github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
+github.com/Azure/go-ntlmssp v0.1.0 h1:DjFo6YtWzNqNvQdrwEyr/e4nhU3vRiwenz5QX7sFz+A=
-github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/Azure/go-ntlmssp v0.1.0/go.mod h1:NYqdhxd/8aAct/s4qSYZEerdPuH1liG2/X9DiVTbhpk=
 github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk=
 github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI=
 github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
 github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
 github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
 github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
-github.com/bytedance/sonic v1.14.1 h1:FBMC0zVz5XUmE4z9wF4Jey0An5FueFvOsTKKKtwIl7w=
+github.com/bytedance/sonic v1.14.2 h1:k1twIoe97C1DtYUo+fZQy865IuHia4PR5RPiuGPPIIE=
-github.com/bytedance/sonic v1.14.1/go.mod h1:gi6uhQLMbTdeP0muCnrjHLeCUPyb70ujhnNlhOylAFc=
+github.com/bytedance/sonic v1.14.2/go.mod h1:T80iDELeHiHKSc0C9tubFygiuXoGzrkjKzX2quAx980=
-github.com/bytedance/sonic/loader v0.3.0 h1:dskwH8edlzNMctoruo8FPTJDF3vLtDT0sXZwvZJyqeA=
+github.com/bytedance/sonic/loader v0.4.0 h1:olZ7lEqcxtZygCK9EKYKADnpQoYkRQxaeY2NYzevs+o=
-github.com/bytedance/sonic/loader v0.3.0/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/bytedance/sonic/loader v0.4.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
-github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
+github.com/cloudflare/circl v1.6.2 h1:hL7VBpHHKzrV5WTfHCaBsgx/HGbBYlgrwvNXEVDYYsQ=
-github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
+github.com/cloudflare/circl v1.6.2/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=
 github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
 github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgryski/go-metro v0.0.0-20200812162917-85c65e2d0165/go.mod h1:c9O8+fpSOX1DM8cPNSkX/qsBWdkD4yd2dpciOWQjpBw=
 github.com/dgryski/go-metro v0.0.0-20250106013310-edb8663e5e33 h1:ucRHb6/lvW/+mTEIGbvhcYU3S8+uSNkuMjx/qZFfhtM=
 github.com/dgryski/go-metro v0.0.0-20250106013310-edb8663e5e33/go.mod h1:c9O8+fpSOX1DM8cPNSkX/qsBWdkD4yd2dpciOWQjpBw=
-github.com/ebitengine/purego v0.9.0 h1:mh0zpKBIXDceC63hpvPuGLiJ8ZAa3DfrFTudmfi8A4k=
+github.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A=
-github.com/ebitengine/purego v0.9.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
+github.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
-github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
+github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
-github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 h1:Arcl6UOIS/kgO2nW3A65HN+7CMjSDP/gofXL4CZt1V4=
 github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I=
-github.com/gin-contrib/gzip v1.2.3 h1:dAhT722RuEG330ce2agAs75z7yB+NKvX/ZM1r8w0u2U=
+github.com/gin-contrib/gzip v1.2.5 h1:fIZs0S+l17pIu1P5XRJOo/YNqfIuPCrZZ3TWB7pjckI=
-github.com/gin-contrib/gzip v1.2.3/go.mod h1:ad72i4Bzmaypk8M762gNXa2wkxxjbz0icRNnuLJ9a/c=
+github.com/gin-contrib/gzip v1.2.5/go.mod h1:aomRgR7ftdZV3uWY0gW/m8rChfxau0n8YVvwlOHONzw=
 github.com/gin-contrib/sessions v1.0.4 h1:ha6CNdpYiTOK/hTp05miJLbpTSNfOnFg5Jm2kbcqy8U=
 github.com/gin-contrib/sessions v1.0.4/go.mod h1:ccmkrb2z6iU2osiAHZG3x3J4suJK+OU27oqzlWOqQgs=
 github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
 github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
 github.com/go-ldap/ldap/v3 v3.4.12/go.mod h1:+SPAGcTtOfmGsCb3h1RFiq4xpp4N636G75OEace8lNo=
 github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
@@ -46,12 +53,12 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.27.0 h1:w8+XrWVMhGkxOaaowyKH35gFydVHOvC0/uWoy2Fzwn4=
+github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w=
-github.com/go-playground/validator/v10 v10.27.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
+github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
+github.com/goccy/go-yaml v1.19.1 h1:3rG3+v8pkhRqoQ/88NYNMHYVGYztCOCIZ7UQhu7H+NE=
-github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/goccy/go-yaml v1.19.1/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/golang/mock v1.7.0-rc.1 h1:YojYx61/OLFsiv6Rw1Z96LpldJIy31o+UHmwAUMJ6/U=
 github.com/golang/mock v1.7.0-rc.1/go.mod h1:s42URUywIqd+OcERslBJvOjepvNymP31m3q8d/GkuRs=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
@@ -75,6 +82,20 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grbit/go-json v0.11.0 h1:bAbyMdYrYl/OjYsSqLH99N2DyQ291mHy726Mx+sYrnc=
 github.com/grbit/go-json v0.11.0/go.mod h1:IYpHsdybQ386+6g3VE6AXQ3uTGa5mquBme5/ZWmtzek=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
 github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
 github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo=
 github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM=
 github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg=
 github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo=
 github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o=
 github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg=
 github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8=
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
@@ -85,8 +106,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/juju/ratelimit v1.0.2 h1:sRxmtRiajbvrcLQT7S+JbqU0ntsb9W2yhSdNN8tWfaI=
 github.com/juju/ratelimit v1.0.2/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk=
-github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
-github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -95,23 +116,23 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/lufia/plan9stats v0.0.0-20250827001030-24949be3fa54 h1:mFWunSatvkQQDhpdyuFAYwyAan3hzCuma+Pz8sqvOfg=
+github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 h1:PwQumkgq4/acIiZhtifTV5OUqqiP82UAl0h87xj/l9k=
-github.com/lufia/plan9stats v0.0.0-20250827001030-24949be3fa54/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
+github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs=
+github.com/mattn/go-sqlite3 v1.14.33 h1:A5blZ5ulQo2AtayQ9/limgHEkFreKj1Dv226a1K73s0=
-github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.33/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
-github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA=
+github.com/miekg/dns v1.1.69 h1:Kb7Y/1Jo+SG+a2GtfoFUfDkG//csdRPwRLkCsxDG9Sc=
-github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
+github.com/miekg/dns v1.1.69/go.mod h1:7OyjD9nEba5OkqQ/hB4fy3PIoxafSZJtducccIelz3g=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/mymmrac/telego v1.3.0 h1:y2bDDCioLgkcs+5luUaPgTNHKel1Qh30iUxFcMUrowg=
+github.com/mymmrac/telego v1.4.0 h1:z74W5lfOTgLplQXuZPjDsRvvvI0iQatO2gp/XZz7s3I=
-github.com/mymmrac/telego v1.3.0/go.mod h1:0D2l/IA/gUFn4oqsi1O4/tSnlezw5jNV/ReFRDUEKk8=
+github.com/mymmrac/telego v1.4.0/go.mod h1:u9fKXZSOCOdMj6K0U69fQqeAvDE+2RGkHKkDksijp3o=
-github.com/nicksnyder/go-i18n/v2 v2.6.0 h1:C/m2NNWNiTB6SK4Ao8df5EWm3JETSTIGNXBpMJTxzxQ=
+github.com/nicksnyder/go-i18n/v2 v2.6.1 h1:JDEJraFsQE17Dut9HFDHzCoAWGEQJom5s0TRd17NIEQ=
-github.com/nicksnyder/go-i18n/v2 v2.6.0/go.mod h1:88sRqr0C6OPyJn0/KRNaEz1uWorjxIKP7rUUcvycecE=
+github.com/nicksnyder/go-i18n/v2 v2.6.1/go.mod h1:Vee0/9RD3Quc/NmwEjzzD7VTZ+Ir7QbXocrkhOzmUKA=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
@@ -124,122 +145,126 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
-github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
-github.com/quic-go/quic-go v0.54.0 h1:6s1YB9QotYI6Ospeiguknbp2Znb/jZYjZLRXn9kMQBg=
+github.com/quic-go/quic-go v0.58.0 h1:ggY2pvZaVdB9EyojxL1p+5mptkuHyX5MOSv4dgWF4Ug=
-github.com/quic-go/quic-go v0.54.0/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY=
+github.com/quic-go/quic-go v0.58.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
-github.com/refraction-networking/utls v1.8.0 h1:L38krhiTAyj9EeiQQa2sg+hYb4qwLCqdMcpZrRfbONE=
+github.com/refraction-networking/utls v1.8.1 h1:yNY1kapmQU8JeM1sSw2H2asfTIwWxIkrMJI0pRUOCAo=
-github.com/refraction-networking/utls v1.8.0/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
+github.com/refraction-networking/utls v1.8.1/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
-github.com/sagernet/sing v0.7.10 h1:2yPhZFx+EkyHPH8hXNezgyRSHyGY12CboId7CtwLROw=
+github.com/sagernet/sing v0.7.14 h1:5QQRDCUvYNOMyVp3LuK/hYEBAIv0VsbD3x/l9zH467s=
-github.com/sagernet/sing v0.7.10/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing v0.7.14/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/sagernet/sing-shadowsocks v0.2.9 h1:Paep5zCszRKsEn8587O0MnhFWKJwDW1Y4zOYYlIxMkM=
 github.com/sagernet/sing-shadowsocks v0.2.9/go.mod h1:TE/Z6401Pi8tgr0nBZcM/xawAI6u3F6TTbz4nH/qw+8=
 github.com/seiflotfy/cuckoofilter v0.0.0-20240715131351-a2f2c23f1771 h1:emzAzMZ1L9iaKCTxdy3Em8Wv4ChIAGnfiz18Cda70g4=
 github.com/seiflotfy/cuckoofilter v0.0.0-20240715131351-a2f2c23f1771/go.mod h1:bR6DqgcAl1zTcOX8/pE2Qkj9XO00eCNqmKb7lXP8EAg=
-github.com/shirou/gopsutil/v4 v4.25.8 h1:NnAsw9lN7587WHxjJA9ryDnqhJpFH6A+wagYWTOH970=
+github.com/shirou/gopsutil/v4 v4.25.12 h1:e7PvW/0RmJ8p8vPGJH4jvNkOyLmbkXgXW4m6ZPic6CY=
-github.com/shirou/gopsutil/v4 v4.25.8/go.mod h1:q9QdMmfAOVIw7a+eF86P7ISEU6ka+NLgkUxlopV4RwI=
+github.com/shirou/gopsutil/v4 v4.25.12/go.mod h1:EivAfP5x2EhLp2ovdpKSozecVXn1TmuG7SMzs/Wh4PU=
 github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
 github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4=
+github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA=
-github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4=
+github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI=
-github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso=
+github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw=
-github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ=
+github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go/codec v1.3.0 h1:Qd2W2sQawAfG8XSvzwhBeoGq71zXOC/Q1E9y/wUcsUA=
+github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
-github.com/ugorji/go/codec v1.3.0/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
+github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF8gHIiADmOVOV5LS43gt3ONnlEl3xkwI=
 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.66.0 h1:M87A0Z7EayeyNaV6pfO3tUTUiYO0dZfEJnRGXTVNuyU=
+github.com/valyala/fasthttp v1.68.0 h1:v12Nx16iepr8r9ySOwqI+5RBJ/DqTxhOy1HrHoDFnok=
-github.com/valyala/fasthttp v1.66.0/go.mod h1:Y4eC+zwoocmXSVCB1JmhNbYtS7tZPRI2ztPB72EVObs=
+github.com/valyala/fasthttp v1.68.0/go.mod h1:5EXiRfYQAoiO/khu4oU9VISC/eVY6JqmSpPJoHCKsz4=
-github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ=
+github.com/valyala/fastjson v1.6.7 h1:ZE4tRy0CIkh+qDc5McjatheGX2czdn8slQjomexVpBM=
-github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
+github.com/valyala/fastjson v1.6.7/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW6bV0=
 github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4=
 github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
 github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/xlzd/gotp v0.1.0 h1:37blvlKCh38s+fkem+fFh7sMnceltoIEBYTVXyoa5Po=
 github.com/xlzd/gotp v0.1.0/go.mod h1:ndLJ3JKzi3xLmUProq4LLxCuECL93dG9WASNLpHz8qg=
-github.com/xtls/reality v0.0.0-20250904214705-431b6ff8c67c h1:LHLhQY3mKXSpTcQAkjFR4/6ar3rXjQryNeM7khK3AHU=
+github.com/xtls/reality v0.0.0-20251116175510-cd53f7d50237 h1:UXjrmniKlY+ZbIqpN91lejB3pszQQQRVu1vqH/p/aGM=
-github.com/xtls/reality v0.0.0-20250904214705-431b6ff8c67c/go.mod h1:XxvnCCgBee4WWE0bc4E+a7wbk8gkJ/rS0vNVNtC5qp0=
+github.com/xtls/reality v0.0.0-20251116175510-cd53f7d50237/go.mod h1:vbHCV/3VWUvy1oKvTxxWJRPEWSeR1sYgQHIh6u/JiZQ=
-github.com/xtls/xray-core v1.250911.0 h1:KMN8zVurAjHFixiUoFV/jwmzYohf27dQRntjV+8LQno=
+github.com/xtls/xray-core v1.251208.0 h1:9jIXi+9KXnfmT5esSYNf9VAQlQkaAP8bG413B0eyAes=
-github.com/xtls/xray-core v1.250911.0/go.mod h1:LkqA/BFVtPS2e5fRzg/bkYas9nQu4Uztlx+/fjlLM9k=
+github.com/xtls/xray-core v1.251208.0/go.mod h1:kclzboEF0g6VBrp9/NXm8C0Aj64SDBt52OfthH1LSr4=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
-go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
-go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
+go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
-go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
+go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
-go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
+go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
-go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
+go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
-go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI=
+go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
-go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg=
+go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
-go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc=
+go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
-go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps=
+go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
-go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
+go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
-go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
+go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
 go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
-golang.org/x/arch v0.21.0 h1:iTC9o7+wP6cPWpDWkivCvQFGAHDQ59SrSxsLPcnkArw=
+golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg=
-golang.org/x/arch v0.21.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
-golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
-golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
-golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
-golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
-golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
-golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
-golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
-golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
-golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
-golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
-golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
+golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
-golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
+golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
-golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
-golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
 golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb h1:whnFRlWMcXI9d+ZbWg+4sHnLp52d5yiIPUxMBSt4X9A=
 golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb/go.mod h1:rpwXGsirqLqN2L0JDJQlwOboGHmptD5ZD6T2VmcqhTw=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090 h1:/OQuEa4YWtDt7uQWHd3q3sUMb+QOLQUg1xa8CEsRv5w=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b h1:Mv8VFug0MP9e5vUxfBcE3vUkV6CImK3cMNMIDFjmzxU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090/go.mod h1:GmFNa4BdJZ2a8G+wCe9Bg3wwThLrJun751XstdJt5Og=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
-google.golang.org/grpc v1.75.1 h1:/ODCNEuf9VghjgO3rqLcfg8fiOP0nSluljWFlDxELLI=
+google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
-google.golang.org/grpc v1.75.1/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ=
+google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
-google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
+google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
-google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
+google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -251,8 +276,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gorm.io/driver/sqlite v1.6.0 h1:WHRRrIiulaPiPFmDcod6prc4l2VGVWHz80KspNsxSfQ=
 gorm.io/driver/sqlite v1.6.0/go.mod h1:AO9V1qIQddBESngQUKWL9yoH93HIeA1X6V633rBwyT8=
-gorm.io/gorm v1.31.0 h1:0VlycGreVhK7RF/Bwt51Fk8v0xLiiiFdbGDPIZQ7mJY=
+gorm.io/gorm v1.31.1 h1:7CA8FTFz/gRfgqgpeKIBcervUn3xSyPUmr6B2WXJ7kg=
-gorm.io/gorm v1.31.0/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
+gorm.io/gorm v1.31.1/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
 gvisor.dev/gvisor v0.0.0-20250503011706-39ed1f5ac29c h1:m/r7OM+Y2Ty1sgBQ7Qb27VgIMBW8ZZhT4gLnUyDIhzI=
 gvisor.dev/gvisor v0.0.0-20250503011706-39ed1f5ac29c/go.mod h1:3r5CMtNQMKIvBlrmM9xWUNamjKBYPOWyXOjmg5Kts3g=
 lukechampine.com/blake3 v1.4.1 h1:I3Smz7gso8w4/TunLKec6K2fn+kyKtDxr/xcQEN84Wg=
--- a/install.sh
+++ b/install.sh
@@ -8,6 +8,9 @@ plain='\033[0m'
 cur_dir=$(pwd)
 xui_folder="${XUI_MAIN_FOLDER:=/usr/local/x-ui}"
 xui_service="${XUI_SERVICE:=/etc/systemd/system}"
 # check root
 [[ $EUID -ne 0 ]] && echo -e "${red}Fatal error: ${plain} Please run this script with root privilege \n " && exit 1
@@ -15,7 +18,7 @@ cur_dir=$(pwd)
 if [[ -f /etc/os-release ]]; then
    source /etc/os-release
    release=$ID
-elif [[ -f /usr/lib/os-release ]]; then
+    elif [[ -f /usr/lib/os-release ]]; then
    source /usr/lib/os-release
    release=$ID
 else
@@ -26,38 +29,59 @@ echo "The OS release is: $release"
 arch() {
    case "$(uname -m)" in
-    x86_64 | x64 | amd64) echo 'amd64' ;;
+        x86_64 | x64 | amd64) echo 'amd64' ;;
-    i*86 | x86) echo '386' ;;
+        i*86 | x86) echo '386' ;;
-    armv8* | armv8 | arm64 | aarch64) echo 'arm64' ;;
+        armv8* | armv8 | arm64 | aarch64) echo 'arm64' ;;
-    armv7* | armv7 | arm) echo 'armv7' ;;
+        armv7* | armv7 | arm) echo 'armv7' ;;
-    armv6* | armv6) echo 'armv6' ;;
+        armv6* | armv6) echo 'armv6' ;;
-    armv5* | armv5) echo 'armv5' ;;
+        armv5* | armv5) echo 'armv5' ;;
-    s390x) echo 's390x' ;;
+        s390x) echo 's390x' ;;
-    *) echo -e "${green}Unsupported CPU architecture! ${plain}" && rm -f install.sh && exit 1 ;;
+        *) echo -e "${green}Unsupported CPU architecture! ${plain}" && rm -f install.sh && exit 1 ;;
    esac
 }
 echo "Arch: $(arch)"
 # Simple helpers
 is_ipv4() {
    [[ "$1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]] && return 0 || return 1
 }
 is_ipv6() {
    [[ "$1" =~ : ]] && return 0 || return 1
 }
 is_ip() {
    is_ipv4 "$1" || is_ipv6 "$1"
 }
 is_domain() {
    [[ "$1" =~ ^([A-Za-z0-9](-*[A-Za-z0-9])*\.)+[A-Za-z]{2,}$ ]] && return 0 || return 1
 }
 install_base() {
    case "${release}" in
-    ubuntu | debian | armbian)
+        ubuntu | debian | armbian)
-        apt-get update && apt-get install -y -q wget curl tar tzdata
+            apt-get update && apt-get install -y -q curl tar tzdata openssl socat
        ;;
-    centos | rhel | almalinux | rocky | ol)
+        fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol)
-        yum -y update && yum install -y -q wget curl tar tzdata
+            dnf -y update && dnf install -y -q curl tar tzdata openssl socat
        ;;
-    fedora | amzn | virtuozzo)
+        centos)
-        dnf -y update && dnf install -y -q wget curl tar tzdata
+            if [[ "${VERSION_ID}" =~ ^7 ]]; then
                yum -y update && yum install -y curl tar tzdata openssl socat
            else
                dnf -y update && dnf install -y -q curl tar tzdata openssl socat
            fi
        ;;
-    arch | manjaro | parch)
+        arch | manjaro | parch)
-        pacman -Syu && pacman -Syu --noconfirm wget curl tar tzdata
+            pacman -Syu && pacman -Syu --noconfirm curl tar tzdata openssl socat
        ;;
-    opensuse-tumbleweed)
+        opensuse-tumbleweed | opensuse-leap)
-        zypper refresh && zypper -q install -y wget curl tar timezone
+            zypper refresh && zypper -q install -y curl tar timezone openssl socat
        ;;
-    *)
+        alpine)
-        apt-get update && apt-get install -y -q wget curl tar tzdata
+            apk update && apk add curl tar tzdata openssl socat
        ;;
        *)
            apt-get update && apt-get install -y -q curl tar tzdata openssl socat
        ;;
    esac
 }
@@ -68,17 +92,380 @@ gen_random_string() {
    echo "$random_string"
 }
 install_acme() {
    echo -e "${green}Installing acme.sh for SSL certificate management...${plain}"
    cd ~ || return 1
    curl -s https://get.acme.sh | sh >/dev/null 2>&1
    if [ $? -ne 0 ]; then
        echo -e "${red}Failed to install acme.sh${plain}"
        return 1
    else
        echo -e "${green}acme.sh installed successfully${plain}"
    fi
    return 0
 }
 setup_ssl_certificate() {
    local domain="$1"
    local server_ip="$2"
    local existing_port="$3"
    local existing_webBasePath="$4"
    echo -e "${green}Setting up SSL certificate...${plain}"
    # Check if acme.sh is installed
    if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
        install_acme
        if [ $? -ne 0 ]; then
            echo -e "${yellow}Failed to install acme.sh, skipping SSL setup${plain}"
            return 1
        fi
    fi
    # Create certificate directory
    local certPath="/root/cert/${domain}"
    mkdir -p "$certPath"
    # Issue certificate
    echo -e "${green}Issuing SSL certificate for ${domain}...${plain}"
    echo -e "${yellow}Note: Port 80 must be open and accessible from the internet${plain}"
    ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt >/dev/null 2>&1
    ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport 80 --force
    if [ $? -ne 0 ]; then
        echo -e "${yellow}Failed to issue certificate for ${domain}${plain}"
        echo -e "${yellow}Please ensure port 80 is open and try again later with: x-ui${plain}"
        rm -rf ~/.acme.sh/${domain} 2>/dev/null
        rm -rf "$certPath" 2>/dev/null
        return 1
    fi
    # Install certificate
    ~/.acme.sh/acme.sh --installcert -d ${domain} \
        --key-file /root/cert/${domain}/privkey.pem \
        --fullchain-file /root/cert/${domain}/fullchain.pem \
        --reloadcmd "systemctl restart x-ui" >/dev/null 2>&1
    if [ $? -ne 0 ]; then
        echo -e "${yellow}Failed to install certificate${plain}"
        return 1
    fi
    # Enable auto-renew
    ~/.acme.sh/acme.sh --upgrade --auto-upgrade >/dev/null 2>&1
    chmod 755 $certPath/* 2>/dev/null
    # Set certificate for panel
    local webCertFile="/root/cert/${domain}/fullchain.pem"
    local webKeyFile="/root/cert/${domain}/privkey.pem"
    if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
        ${xui_folder}/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile" >/dev/null 2>&1
        echo -e "${green}SSL certificate installed and configured successfully!${plain}"
        return 0
    else
        echo -e "${yellow}Certificate files not found${plain}"
        return 1
    fi
 }
 # Fallback: generate a self-signed certificate (not publicly trusted)
 setup_self_signed_certificate() {
    local name="$1"   # domain or IP to place in SAN
    local certDir="/root/cert/selfsigned"
    echo -e "${yellow}Generating a self-signed certificate (not publicly trusted)...${plain}"
    mkdir -p "$certDir"
    local sanExt=""
    if is_ip "$name"; then
        sanExt="IP:${name}"
    else
        sanExt="DNS:${name}"
    fi
    # Use -addext if supported; fallback to config file if needed
    openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
        -keyout "${certDir}/privkey.pem" \
        -out "${certDir}/fullchain.pem" \
        -subj "/CN=${name}" \
        -addext "subjectAltName=${sanExt}" >/dev/null 2>&1
    if [[ $? -ne 0 ]]; then
        # Fallback via temporary config file (for older OpenSSL versions)
        local tmpCfg="${certDir}/openssl.cnf"
        cat > "$tmpCfg" <<EOF
 [req]
 distinguished_name=req_distinguished_name
 req_extensions=v3_req
 [req_distinguished_name]
 [v3_req]
 subjectAltName=${sanExt}
 EOF
        openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
            -keyout "${certDir}/privkey.pem" \
            -out "${certDir}/fullchain.pem" \
            -subj "/CN=${name}" \
            -config "$tmpCfg" -extensions v3_req >/dev/null 2>&1
        rm -f "$tmpCfg"
    fi
    if [[ ! -f "${certDir}/fullchain.pem" || ! -f "${certDir}/privkey.pem" ]]; then
        echo -e "${red}Failed to generate self-signed certificate${plain}"
        return 1
    fi
    chmod 755 ${certDir}/* 2>/dev/null
    ${xui_folder}/x-ui cert -webCert "${certDir}/fullchain.pem" -webCertKey "${certDir}/privkey.pem" >/dev/null 2>&1
    echo -e "${yellow}Self-signed certificate configured. Browsers will show a warning.${plain}"
    return 0
 }
 # Comprehensive manual SSL certificate issuance via acme.sh
 ssl_cert_issue() {
    local existing_webBasePath=$(${xui_folder}/x-ui setting -show true | grep 'webBasePath:' | awk -F': ' '{print $2}' | tr -d '[:space:]' | sed 's#^/##')
    local existing_port=$(${xui_folder}/x-ui setting -show true | grep 'port:' | awk -F': ' '{print $2}' | tr -d '[:space:]')
    # check for acme.sh first
    if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
        echo "acme.sh could not be found. Installing now..."
        cd ~ || return 1
        curl -s https://get.acme.sh | sh
        if [ $? -ne 0 ]; then
            echo -e "${red}Failed to install acme.sh${plain}"
            return 1
        else
            echo -e "${green}acme.sh installed successfully${plain}"
        fi
    fi
    # get the domain here, and we need to verify it
    local domain=""
    while true; do
        read -rp "Please enter your domain name: " domain
        domain="${domain// /}"  # Trim whitespace
        if [[ -z "$domain" ]]; then
            echo -e "${red}Domain name cannot be empty. Please try again.${plain}"
            continue
        fi
        if ! is_domain "$domain"; then
            echo -e "${red}Invalid domain format: ${domain}. Please enter a valid domain name.${plain}"
            continue
        fi
        break
    done
    echo -e "${green}Your domain is: ${domain}, checking it...${plain}"
    # check if there already exists a certificate
    local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
    if [ "${currentCert}" == "${domain}" ]; then
        local certInfo=$(~/.acme.sh/acme.sh --list)
        echo -e "${red}System already has certificates for this domain. Cannot issue again.${plain}"
        echo -e "${yellow}Current certificate details:${plain}"
        echo "$certInfo"
        return 1
    else
        echo -e "${green}Your domain is ready for issuing certificates now...${plain}"
    fi
    # create a directory for the certificate
    certPath="/root/cert/${domain}"
    if [ ! -d "$certPath" ]; then
        mkdir -p "$certPath"
    else
        rm -rf "$certPath"
        mkdir -p "$certPath"
    fi
    # get the port number for the standalone server
    local WebPort=80
    read -rp "Please choose which port to use (default is 80): " WebPort
    if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
        echo -e "${yellow}Your input ${WebPort} is invalid, will use default port 80.${plain}"
        WebPort=80
    fi
    echo -e "${green}Will use port: ${WebPort} to issue certificates. Please make sure this port is open.${plain}"
    # Stop panel temporarily
    echo -e "${yellow}Stopping panel temporarily...${plain}"
    systemctl stop x-ui 2>/dev/null || rc-service x-ui stop 2>/dev/null
    # issue the certificate
    ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
    ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force
    if [ $? -ne 0 ]; then
        echo -e "${red}Issuing certificate failed, please check logs.${plain}"
        rm -rf ~/.acme.sh/${domain}
        systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
        return 1
    else
        echo -e "${green}Issuing certificate succeeded, installing certificates...${plain}"
    fi
    # Setup reload command
    reloadCmd="systemctl restart x-ui || rc-service x-ui restart"
    echo -e "${green}Default --reloadcmd for ACME is: ${yellow}systemctl restart x-ui || rc-service x-ui restart${plain}"
    echo -e "${green}This command will run on every certificate issue and renew.${plain}"
    read -rp "Would you like to modify --reloadcmd for ACME? (y/n): " setReloadcmd
    if [[ "$setReloadcmd" == "y" || "$setReloadcmd" == "Y" ]]; then
        echo -e "\n${green}\t1.${plain} Preset: systemctl reload nginx ; systemctl restart x-ui"
        echo -e "${green}\t2.${plain} Input your own command"
        echo -e "${green}\t0.${plain} Keep default reloadcmd"
        read -rp "Choose an option: " choice
        case "$choice" in
        1)
            echo -e "${green}Reloadcmd is: systemctl reload nginx ; systemctl restart x-ui${plain}"
            reloadCmd="systemctl reload nginx ; systemctl restart x-ui"
            ;;
        2)
            echo -e "${yellow}It's recommended to put x-ui restart at the end${plain}"
            read -rp "Please enter your custom reloadcmd: " reloadCmd
            echo -e "${green}Reloadcmd is: ${reloadCmd}${plain}"
            ;;
        *)
            echo -e "${green}Keeping default reloadcmd${plain}"
            ;;
        esac
    fi
    # install the certificate
    ~/.acme.sh/acme.sh --installcert -d ${domain} \
        --key-file /root/cert/${domain}/privkey.pem \
        --fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}"
    if [ $? -ne 0 ]; then
        echo -e "${red}Installing certificate failed, exiting.${plain}"
        rm -rf ~/.acme.sh/${domain}
        systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
        return 1
    else
        echo -e "${green}Installing certificate succeeded, enabling auto renew...${plain}"
    fi
    # enable auto-renew
    ~/.acme.sh/acme.sh --upgrade --auto-upgrade
    if [ $? -ne 0 ]; then
        echo -e "${yellow}Auto renew setup had issues, certificate details:${plain}"
        ls -lah /root/cert/${domain}/
        chmod 755 $certPath/*
    else
        echo -e "${green}Auto renew succeeded, certificate details:${plain}"
        ls -lah /root/cert/${domain}/
        chmod 755 $certPath/*
    fi
    # Restart panel
    systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
    # Prompt user to set panel paths after successful certificate installation
    read -rp "Would you like to set this certificate for the panel? (y/n): " setPanel
    if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then
        local webCertFile="/root/cert/${domain}/fullchain.pem"
        local webKeyFile="/root/cert/${domain}/privkey.pem"
        if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
            ${xui_folder}/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
            echo -e "${green}Certificate paths set for the panel${plain}"
            echo -e "${green}Certificate File: $webCertFile${plain}"
            echo -e "${green}Private Key File: $webKeyFile${plain}"
            echo ""
            echo -e "${green}Access URL: https://${domain}:${existing_port}/${existing_webBasePath}${plain}"
            echo -e "${yellow}Panel will restart to apply SSL certificate...${plain}"
            systemctl restart x-ui 2>/dev/null || rc-service x-ui restart 2>/dev/null
        else
            echo -e "${red}Error: Certificate or private key file not found for domain: $domain.${plain}"
        fi
    else
        echo -e "${yellow}Skipping panel path setting.${plain}"
    fi
    return 0
 }
 # Reusable interactive SSL setup (domain or self-signed)
 # Sets global `SSL_HOST` to the chosen domain/IP for Access URL usage
 prompt_and_setup_ssl() {
    local panel_port="$1"
    local web_base_path="$2"   # expected without leading slash
    local server_ip="$3"
    local ssl_choice=""
    echo -e "${yellow}Choose SSL certificate setup method:${plain}"
    echo -e "${green}1.${plain} Let's Encrypt (domain required, recommended)"
    echo -e "${green}2.${plain} Self-signed certificate (not publicly trusted)"
    read -rp "Choose an option (default 2): " ssl_choice
    ssl_choice="${ssl_choice// /}"  # Trim whitespace
    # Default to 2 (self-signed) if not 1
    if [[ "$ssl_choice" != "1" ]]; then
        ssl_choice="2"
    fi
    case "$ssl_choice" in
    1)
        # User chose Let's Encrypt domain option
        echo -e "${green}Using ssl_cert_issue() for comprehensive domain setup...${plain}"
        ssl_cert_issue
        # Extract the domain that was used from the certificate
        local cert_domain=$(~/.acme.sh/acme.sh --list 2>/dev/null | tail -1 | awk '{print $1}')
        if [[ -n "${cert_domain}" ]]; then
            SSL_HOST="${cert_domain}"
            echo -e "${green}✓ SSL certificate configured successfully with domain: ${cert_domain}${plain}"
        else
            echo -e "${yellow}SSL setup may have completed, but domain extraction failed${plain}"
            SSL_HOST="${server_ip}"
        fi
        ;;
    2)
        # User chose self-signed option
        # Stop panel if running
        if [[ $release == "alpine" ]]; then
            rc-service x-ui stop >/dev/null 2>&1
        else
            systemctl stop x-ui >/dev/null 2>&1
        fi
        echo -e "${yellow}Using server IP for self-signed certificate: ${server_ip}${plain}"
        setup_self_signed_certificate "${server_ip}"
        if [ $? -eq 0 ]; then
            SSL_HOST="${server_ip}"
            echo -e "${green}✓ Self-signed SSL configured successfully${plain}"
        else
            echo -e "${red}✗ Self-signed SSL setup failed${plain}"
            SSL_HOST="${server_ip}"
        fi
        # Start panel after SSL is configured
        if [[ $release == "alpine" ]]; then
            rc-service x-ui start >/dev/null 2>&1
        else
            systemctl start x-ui >/dev/null 2>&1
        fi
        ;;
    *)
        echo -e "${red}Invalid option. Skipping SSL setup.${plain}"
        SSL_HOST="${server_ip}"
        ;;
    esac
 }
 config_after_install() {
-    local existing_hasDefaultCredential=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'hasDefaultCredential: .+' | awk '{print $2}')
+    local existing_hasDefaultCredential=$(${xui_folder}/x-ui setting -show true | grep -Eo 'hasDefaultCredential: .+' | awk '{print $2}')
-    local existing_webBasePath=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}')
+    local existing_webBasePath=$(${xui_folder}/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}' | sed 's#^/##')
-    local existing_port=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}')
+    local existing_port=$(${xui_folder}/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}')
    # Properly detect empty cert by checking if cert: line exists and has content after it
    local existing_cert=$(${xui_folder}/x-ui setting -getCert true | grep 'cert:' | awk -F': ' '{print $2}' | tr -d '[:space:]')
    local URL_lists=(
        "https://api4.ipify.org"
-		"https://ipv4.icanhazip.com"
+        "https://ipv4.icanhazip.com"
-		"https://v4.api.ipinfo.io/ip"
+        "https://v4.api.ipinfo.io/ip"
-		"https://ipv4.myexternalip.com/raw"
+        "https://ipv4.myexternalip.com/raw"
-		"https://4.ident.me"
+        "https://4.ident.me"
-		"https://check-host.net/ip"
+        "https://check-host.net/ip"
    )
    local server_ip=""
    for ip_address in "${URL_lists[@]}"; do
@@ -87,13 +474,13 @@ config_after_install() {
            break
        fi
    done
-
+    
    if [[ ${#existing_webBasePath} -lt 4 ]]; then
        if [[ "$existing_hasDefaultCredential" == "true" ]]; then
            local config_webBasePath=$(gen_random_string 18)
            local config_username=$(gen_random_string 10)
            local config_password=$(gen_random_string 10)
-
+            
            read -rp "Would you like to customize the Panel Port settings? (If not, a random port will be applied) [y/n]: " config_confirm
            if [[ "${config_confirm}" == "y" || "${config_confirm}" == "Y" ]]; then
                read -rp "Please set up the panel port: " config_port
@@ -102,55 +489,105 @@ config_after_install() {
                local config_port=$(shuf -i 1024-62000 -n 1)
                echo -e "${yellow}Generated random port: ${config_port}${plain}"
            fi
            ${xui_folder}/x-ui setting -username "${config_username}" -password "${config_password}" -port "${config_port}" -webBasePath "${config_webBasePath}"
            echo ""
            echo -e "${green}═══════════════════════════════════════════${plain}"
            echo -e "${green}     SSL Certificate Setup (MANDATORY)     ${plain}"
            echo -e "${green}═══════════════════════════════════════════${plain}"
            echo -e "${yellow}For security, SSL certificate is required for all panels.${plain}"
            echo -e "${yellow}Let's Encrypt requires a domain name (IP certificates are not issued).${plain}"
            echo ""
-            /usr/local/x-ui/x-ui setting -username "${config_username}" -password "${config_password}" -port "${config_port}" -webBasePath "${config_webBasePath}"
+            prompt_and_setup_ssl "${config_port}" "${config_webBasePath}" "${server_ip}"
-            echo -e "This is a fresh installation, generating random login info for security concerns:"
+            
-            echo -e "###############################################"
+            # Display final credentials and access information
-            echo -e "${green}Username: ${config_username}${plain}"
+            echo ""
-            echo -e "${green}Password: ${config_password}${plain}"
+            echo -e "${green}═══════════════════════════════════════════${plain}"
-            echo -e "${green}Port: ${config_port}${plain}"
+            echo -e "${green}     Panel Installation Complete!         ${plain}"
            echo -e "${green}═══════════════════════════════════════════${plain}"
            echo -e "${green}Username:    ${config_username}${plain}"
            echo -e "${green}Password:    ${config_password}${plain}"
            echo -e "${green}Port:        ${config_port}${plain}"
            echo -e "${green}WebBasePath: ${config_webBasePath}${plain}"
-            echo -e "${green}Access URL: http://${server_ip}:${config_port}/${config_webBasePath}${plain}"
+            echo -e "${green}Access URL:  https://${SSL_HOST}:${config_port}/${config_webBasePath}${plain}"
-            echo -e "###############################################"
+            echo -e "${green}═══════════════════════════════════════════${plain}"
            echo -e "${yellow}⚠ IMPORTANT: Save these credentials securely!${plain}"
            echo -e "${yellow}⚠ SSL Certificate: Enabled and configured${plain}"
        else
            local config_webBasePath=$(gen_random_string 18)
            echo -e "${yellow}WebBasePath is missing or too short. Generating a new one...${plain}"
-            /usr/local/x-ui/x-ui setting -webBasePath "${config_webBasePath}"
+            ${xui_folder}/x-ui setting -webBasePath "${config_webBasePath}"
            echo -e "${green}New WebBasePath: ${config_webBasePath}${plain}"
-            echo -e "${green}Access URL: http://${server_ip}:${existing_port}/${config_webBasePath}${plain}"
+
            # If the panel is already installed but no certificate is configured, prompt for SSL now
            if [[ -z "${existing_cert}" ]]; then
                echo ""
                echo -e "${green}═══════════════════════════════════════════${plain}"
                echo -e "${green}     SSL Certificate Setup (RECOMMENDED)   ${plain}"
                echo -e "${green}═══════════════════════════════════════════${plain}"
                echo -e "${yellow}Let's Encrypt requires a domain name (IP certificates are not issued).${plain}"
                echo ""
                prompt_and_setup_ssl "${existing_port}" "${config_webBasePath}" "${server_ip}"
                echo -e "${green}Access URL:  https://${SSL_HOST}:${existing_port}/${config_webBasePath}${plain}"
            else
                # If a cert already exists, just show the access URL
                echo -e "${green}Access URL: https://${server_ip}:${existing_port}/${config_webBasePath}${plain}"
            fi
        fi
    else
        if [[ "$existing_hasDefaultCredential" == "true" ]]; then
            local config_username=$(gen_random_string 10)
            local config_password=$(gen_random_string 10)
-
+            
            echo -e "${yellow}Default credentials detected. Security update required...${plain}"
-            /usr/local/x-ui/x-ui setting -username "${config_username}" -password "${config_password}"
+            ${xui_folder}/x-ui setting -username "${config_username}" -password "${config_password}"
            echo -e "Generated new random login credentials:"
            echo -e "###############################################"
            echo -e "${green}Username: ${config_username}${plain}"
            echo -e "${green}Password: ${config_password}${plain}"
            echo -e "###############################################"
        else
-            echo -e "${green}Username, Password, and WebBasePath are properly set. Exiting...${plain}"
+            echo -e "${green}Username, Password, and WebBasePath are properly set.${plain}"
        fi
        # Existing install: if no cert configured, prompt user to set domain or self-signed
        # Properly detect empty cert by checking if cert: line exists and has content after it
        existing_cert=$(${xui_folder}/x-ui setting -getCert true | grep 'cert:' | awk -F': ' '{print $2}' | tr -d '[:space:]')
        if [[ -z "$existing_cert" ]]; then
            echo ""
            echo -e "${green}═══════════════════════════════════════════${plain}"
            echo -e "${green}     SSL Certificate Setup (RECOMMENDED)   ${plain}"
            echo -e "${green}═══════════════════════════════════════════${plain}"
            echo -e "${yellow}Let's Encrypt requires a domain name (IP certificates are not issued).${plain}"
            echo ""
            prompt_and_setup_ssl "${existing_port}" "${existing_webBasePath}" "${server_ip}"
            echo -e "${green}Access URL:  https://${SSL_HOST}:${existing_port}/${existing_webBasePath}${plain}"
        else
            echo -e "${green}SSL certificate already configured. No action needed.${plain}"
        fi
    fi
-
+    
-    /usr/local/x-ui/x-ui migrate
+    ${xui_folder}/x-ui migrate
 }
 install_x-ui() {
-    cd /usr/local/
+    cd ${xui_folder%/x-ui}/
-
+    
    # Download resources
    if [ $# == 0 ]; then
        tag_version=$(curl -Ls "https://api.github.com/repos/MHSanaei/3x-ui/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
        if [[ ! -n "$tag_version" ]]; then
-            echo -e "${red}Failed to fetch x-ui version, it may be due to GitHub API restrictions, please try it later${plain}"
+            echo -e "${yellow}Trying to fetch version with IPv4...${plain}"
-            exit 1
+            tag_version=$(curl -4 -Ls "https://api.github.com/repos/MHSanaei/3x-ui/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
            if [[ ! -n "$tag_version" ]]; then
                echo -e "${red}Failed to fetch x-ui version, it may be due to GitHub API restrictions, please try it later${plain}"
                exit 1
            fi
        fi
        echo -e "Got x-ui latest version: ${tag_version}, beginning the installation..."
-        wget -N -O /usr/local/x-ui-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz
+        curl -4fLRo ${xui_folder}-linux-$(arch).tar.gz -z ${xui_folder}-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz
        if [[ $? -ne 0 ]]; then
            echo -e "${red}Downloading x-ui failed, please be sure that your server can access GitHub ${plain}"
            exit 1
@@ -159,28 +596,36 @@ install_x-ui() {
        tag_version=$1
        tag_version_numeric=${tag_version#v}
        min_version="2.3.5"
-
+        
        if [[ "$(printf '%s\n' "$min_version" "$tag_version_numeric" | sort -V | head -n1)" != "$min_version" ]]; then
            echo -e "${red}Please use a newer version (at least v2.3.5). Exiting installation.${plain}"
            exit 1
        fi
-
+        
        url="https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz"
        echo -e "Beginning to install x-ui $1"
-        wget -N -O /usr/local/x-ui-linux-$(arch).tar.gz ${url}
+        curl -4fLRo ${xui_folder}-linux-$(arch).tar.gz -z ${xui_folder}-linux-$(arch).tar.gz ${url}
        if [[ $? -ne 0 ]]; then
            echo -e "${red}Download x-ui $1 failed, please check if the version exists ${plain}"
            exit 1
        fi
    fi
-    wget -O /usr/bin/x-ui-temp https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.sh
+    curl -4fLRo /usr/bin/x-ui-temp https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.sh
-
+    if [[ $? -ne 0 ]]; then
-    # Stop x-ui service and remove old resources
+        echo -e "${red}Failed to download x-ui.sh${plain}"
-    if [[ -e /usr/local/x-ui/ ]]; then
+        exit 1
        systemctl stop x-ui
        rm /usr/local/x-ui/ -rf
    fi
-
+    
    # Stop x-ui service and remove old resources
    if [[ -e ${xui_folder}/ ]]; then
        if [[ $release == "alpine" ]]; then
            rc-service x-ui stop
        else
            systemctl stop x-ui
        fi
        rm ${xui_folder}/ -rf
    fi
    # Extract resources and set permissions
    tar zxvf x-ui-linux-$(arch).tar.gz
    rm x-ui-linux-$(arch).tar.gz -f
@@ -188,23 +633,110 @@ install_x-ui() {
    cd x-ui
    chmod +x x-ui
    chmod +x x-ui.sh
-
+    
    # Check the system's architecture and rename the file accordingly
    if [[ $(arch) == "armv5" || $(arch) == "armv6" || $(arch) == "armv7" ]]; then
        mv bin/xray-linux-$(arch) bin/xray-linux-arm
        chmod +x bin/xray-linux-arm
    fi
    chmod +x x-ui bin/xray-linux-$(arch)
-
+    
    # Update x-ui cli and se set permission
    mv -f /usr/bin/x-ui-temp /usr/bin/x-ui
    chmod +x /usr/bin/x-ui
    mkdir -p /var/log/x-ui
    config_after_install
-    cp -f x-ui.service /etc/systemd/system/
+    # Etckeeper compatibility
-    systemctl daemon-reload
+    if [ -d "/etc/.git" ]; then
-    systemctl enable x-ui
+        if [ -f "/etc/.gitignore" ]; then
-    systemctl start x-ui
+            if ! grep -q "x-ui/x-ui.db" "/etc/.gitignore"; then
                echo "" >> "/etc/.gitignore"
                echo "x-ui/x-ui.db" >> "/etc/.gitignore"
                echo -e "${green}Added x-ui.db to /etc/.gitignore for etckeeper${plain}"
            fi
        else
            echo "x-ui/x-ui.db" > "/etc/.gitignore"
            echo -e "${green}Created /etc/.gitignore and added x-ui.db for etckeeper${plain}"
        fi
    fi
    if [[ $release == "alpine" ]]; then
        curl -4fLRo /etc/init.d/x-ui https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.rc
        if [[ $? -ne 0 ]]; then
            echo -e "${red}Failed to download x-ui.rc${plain}"
            exit 1
        fi
        chmod +x /etc/init.d/x-ui
        rc-update add x-ui
        rc-service x-ui start
    else
        # Install systemd service file
        service_installed=false
        if [ -f "x-ui.service" ]; then
            echo -e "${green}Found x-ui.service in extracted files, installing...${plain}"
            cp -f x-ui.service ${xui_service}/ >/dev/null 2>&1
            if [[ $? -eq 0 ]]; then
                service_installed=true
            fi
        fi
        if [ "$service_installed" = false ]; then
            case "${release}" in
                ubuntu | debian | armbian)
                    if [ -f "x-ui.service.debian" ]; then
                        echo -e "${green}Found x-ui.service.debian in extracted files, installing...${plain}"
                        cp -f x-ui.service.debian ${xui_service}/x-ui.service >/dev/null 2>&1
                        if [[ $? -eq 0 ]]; then
                            service_installed=true
                        fi
                    fi
                ;;
                *)
                    if [ -f "x-ui.service.rhel" ]; then
                        echo -e "${green}Found x-ui.service.rhel in extracted files, installing...${plain}"
                        cp -f x-ui.service.rhel ${xui_service}/x-ui.service >/dev/null 2>&1
                        if [[ $? -eq 0 ]]; then
                            service_installed=true
                        fi
                    fi
                ;;
            esac
        fi
        # If service file not found in tar.gz, download from GitHub
        if [ "$service_installed" = false ]; then
            echo -e "${yellow}Service files not found in tar.gz, downloading from GitHub...${plain}"
            case "${release}" in
                ubuntu | debian | armbian)
                    curl -4fLRo ${xui_service}/x-ui.service https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.service.debian >/dev/null 2>&1
                ;;
                *)
                    curl -4fLRo ${xui_service}/x-ui.service https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.service.rhel >/dev/null 2>&1
                ;;
            esac
            if [[ $? -ne 0 ]]; then
                echo -e "${red}Failed to install x-ui.service from GitHub${plain}"
                exit 1
            fi
            service_installed=true
        fi
        if [ "$service_installed" = true ]; then
            echo -e "${green}Setting up systemd unit...${plain}"
            chown root:root ${xui_service}/x-ui.service >/dev/null 2>&1
            chmod 644 ${xui_service}/x-ui.service >/dev/null 2>&1
            systemctl daemon-reload
            systemctl enable x-ui
            systemctl start x-ui
        else
            echo -e "${red}Failed to install x-ui.service file${plain}"
            exit 1
        fi
    fi
    echo -e "${green}x-ui ${tag_version}${plain} installation finished, it is running now..."
    echo -e ""
    echo -e "┌───────────────────────────────────────────────────────┐
@@ -221,7 +753,7 @@ install_x-ui() {
 │  ${blue}x-ui log${plain}          - Check logs                       │
 │  ${blue}x-ui banlog${plain}       - Check Fail2ban ban logs          │
 │  ${blue}x-ui update${plain}       - Update                           │
-│  ${blue}x-ui legacy${plain}       - legacy version                   │
+│  ${blue}x-ui legacy${plain}       - Legacy version                   │
 │  ${blue}x-ui install${plain}      - Install                          │
 │  ${blue}x-ui uninstall${plain}    - Uninstall                        │
 └───────────────────────────────────────────────────────┘"
--- a/logger/logger.go
+++ b/logger/logger.go
@@ -1,21 +1,29 @@
 // Package logger provides logging functionality for the 3x-ui panel with
-// buffered log storage and multiple log levels.
+// dual-backend logging (console/syslog and file) and buffered log storage for web UI.
 package logger
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"runtime"
 	"time"
 	"github.com/mhsanaei/3x-ui/v2/config"
 	"github.com/op/go-logging"
 )
-var (
+const (
-	logger *logging.Logger
+	maxLogBufferSize = 10240                 // Maximum log entries kept in memory
 	logFileName      = "3xui.log"            // Log file name
 	timeFormat       = "2006/01/02 15:04:05" // Log timestamp format
 )
-	// addToBuffer appends a log entry into the in-memory ring buffer used for
+var (
-	// retrieving recent logs via the web UI. It keeps the buffer bounded to avoid
+	logger  *logging.Logger
-	// uncontrolled growth.
+	logFile *os.File
 	// logBuffer maintains recent log entries in memory for web UI retrieval
 	logBuffer []struct {
 		time  string
 		level logging.Level
@@ -23,37 +31,100 @@ var (
 	}
 )
-func init() {
+// InitLogger initializes dual logging backends: console/syslog and file.
-	InitLogger(logging.INFO)
+// Console logging uses the specified level, file logging always uses DEBUG level.
 }
 // InitLogger initializes the logger with the specified logging level.
 func InitLogger(level logging.Level) {
 	newLogger := logging.MustGetLogger("x-ui")
-	var err error
+	backends := make([]logging.Backend, 0, 2)
 	var backend logging.Backend
 	var format logging.Formatter
 	ppid := os.Getppid()
-	backend, err = logging.NewSyslogBackend("")
+	// Console/syslog backend with configurable level
-	if err != nil {
+	if consoleBackend := initDefaultBackend(); consoleBackend != nil {
-		println(err)
+		leveledBackend := logging.AddModuleLevel(consoleBackend)
-		backend = logging.NewLogBackend(os.Stderr, "", 0)
+		leveledBackend.SetLevel(level, "x-ui")
-	}
+		backends = append(backends, leveledBackend)
 	if ppid > 0 && err != nil {
 		format = logging.MustStringFormatter(`%{time:2006/01/02 15:04:05} %{level} - %{message}`)
 	} else {
 		format = logging.MustStringFormatter(`%{level} - %{message}`)
 	}
-	backendFormatter := logging.NewBackendFormatter(backend, format)
+	// File backend with DEBUG level for comprehensive logging
-	backendLeveled := logging.AddModuleLevel(backendFormatter)
+	if fileBackend := initFileBackend(); fileBackend != nil {
-	backendLeveled.SetLevel(level, "x-ui")
+		leveledBackend := logging.AddModuleLevel(fileBackend)
-	newLogger.SetBackend(backendLeveled)
+		leveledBackend.SetLevel(logging.DEBUG, "x-ui")
 		backends = append(backends, leveledBackend)
 	}
 	multiBackend := logging.MultiLogger(backends...)
 	newLogger.SetBackend(multiBackend)
 	logger = newLogger
 }
 // initDefaultBackend creates the console/syslog logging backend.
 // Windows: Uses stderr directly (no syslog support)
 // Unix-like: Attempts syslog, falls back to stderr
 func initDefaultBackend() logging.Backend {
 	var backend logging.Backend
 	includeTime := false
 	if runtime.GOOS == "windows" {
 		// Windows: Use stderr directly (no syslog support)
 		backend = logging.NewLogBackend(os.Stderr, "", 0)
 		includeTime = true
 	} else {
 		// Unix-like: Try syslog, fallback to stderr
 		if syslogBackend, err := logging.NewSyslogBackend(""); err != nil {
 			fmt.Fprintf(os.Stderr, "syslog backend disabled: %v\n", err)
 			backend = logging.NewLogBackend(os.Stderr, "", 0)
 			includeTime = os.Getppid() > 0
 		} else {
 			backend = syslogBackend
 		}
 	}
 	return logging.NewBackendFormatter(backend, newFormatter(includeTime))
 }
 // initFileBackend creates the file logging backend.
 // Creates log directory and truncates log file on startup for fresh logs.
 func initFileBackend() logging.Backend {
 	logDir := config.GetLogFolder()
 	if err := os.MkdirAll(logDir, 0o750); err != nil {
 		fmt.Fprintf(os.Stderr, "failed to create log folder %s: %v\n", logDir, err)
 		return nil
 	}
 	logPath := filepath.Join(logDir, logFileName)
 	file, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o660)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "failed to open log file %s: %v\n", logPath, err)
 		return nil
 	}
 	// Close previous log file if exists
 	if logFile != nil {
 		_ = logFile.Close()
 	}
 	logFile = file
 	backend := logging.NewLogBackend(file, "", 0)
 	return logging.NewBackendFormatter(backend, newFormatter(true))
 }
 // newFormatter creates a log formatter with optional timestamp.
 func newFormatter(withTime bool) logging.Formatter {
 	format := `%{level} - %{message}`
 	if withTime {
 		format = `%{time:` + timeFormat + `} %{level} - %{message}`
 	}
 	return logging.MustStringFormatter(format)
 }
 // CloseLogger closes the log file and cleans up resources.
 // Should be called during application shutdown.
 func CloseLogger() {
 	if logFile != nil {
 		_ = logFile.Close()
 		logFile = nil
 	}
 }
 // Debug logs a debug message and adds it to the log buffer.
 func Debug(args ...any) {
 	logger.Debug(args...)
@@ -114,9 +185,10 @@ func Errorf(format string, args ...any) {
 	addToBuffer("ERROR", fmt.Sprintf(format, args...))
 }
 // addToBuffer adds a log entry to the in-memory ring buffer for web UI retrieval.
 func addToBuffer(level string, newLog string) {
 	t := time.Now()
-	if len(logBuffer) >= 10240 {
+	if len(logBuffer) >= maxLogBufferSize {
 		logBuffer = logBuffer[1:]
 	}
@@ -126,7 +198,7 @@ func addToBuffer(level string, newLog string) {
 		level logging.Level
 		log   string
 	}{
-		time:  t.Format("2006/01/02 15:04:05"),
+		time:  t.Format(timeFormat),
 		level: logLevel,
 		log:   newLog,
 	})
--- a/main.go
+++ b/main.go
@@ -78,6 +78,10 @@ func runWebServer() {
 		case syscall.SIGHUP:
 			logger.Info("Received SIGHUP signal. Restarting servers...")
 			// --- FIX FOR TELEGRAM BOT CONFLICT (409): Stop bot before restart ---
 			service.StopBot()
 			// --			
 			err := server.Stop()
 			if err != nil {
 				logger.Debug("Error stopping web server:", err)
@@ -106,6 +110,10 @@ func runWebServer() {
 			log.Println("Sub server restarted successfully.")
 		default:
 			// --- FIX FOR TELEGRAM BOT CONFLICT (409) on full shutdown ---
 			service.StopBot()
 			// ------------------------------------------------------------
 			server.Stop()
 			subServer.Stop()
 			log.Println("Shutting down servers.")
@@ -321,6 +329,20 @@ func updateCert(publicKey string, privateKey string) {
 		} else {
 			fmt.Println("set certificate private key success")
 		}
 		err = settingService.SetSubCertFile(publicKey)
 		if err != nil {
 			fmt.Println("set certificate for subscription public key failed:", err)
 		} else {
 			fmt.Println("set certificate for subscription public key success")
 		}
 		err = settingService.SetSubKeyFile(privateKey)
 		if err != nil {
 			fmt.Println("set certificate for subscription private key failed:", err)
 		} else {
 			fmt.Println("set certificate for subscription private key success")
 		}
 	} else {
 		fmt.Println("both public and private key should be entered.")
 	}
--- a/sub/sub.go
+++ b/sub/sub.go
@@ -98,8 +98,14 @@ func (s *Server) initRouter() (*gin.Engine, error) {
 	}
 	// Set base_path based on LinksPath for template rendering
 	// Ensure LinksPath ends with "/" for proper asset URL generation
 	basePath := LinksPath
 	if basePath != "/" && !strings.HasSuffix(basePath, "/") {
 		basePath += "/"
 	}
 	// logger.Debug("sub: Setting base_path to:", basePath)
 	engine.Use(func(c *gin.Context) {
-		c.Set("base_path", LinksPath)
+		c.Set("base_path", basePath)
 	})
 	Encrypt, err := s.settingService.GetSubEncrypt()
@@ -179,22 +185,48 @@ func (s *Server) initRouter() (*gin.Engine, error) {
 		linksPathForAssets = strings.TrimRight(LinksPath, "/") + "/assets"
 	}
 	// Mount assets in multiple paths to handle different URL patterns
 	var assetsFS http.FileSystem
 	if _, err := os.Stat("web/assets"); err == nil {
-		engine.StaticFS("/assets", http.FS(os.DirFS("web/assets")))
+		assetsFS = http.FS(os.DirFS("web/assets"))
 		if linksPathForAssets != "/assets" {
 			engine.StaticFS(linksPathForAssets, http.FS(os.DirFS("web/assets")))
 		}
 	} else {
 		if subFS, err := fs.Sub(webpkg.EmbeddedAssets(), "assets"); err == nil {
-			engine.StaticFS("/assets", http.FS(subFS))
+			assetsFS = http.FS(subFS)
 			if linksPathForAssets != "/assets" {
 				engine.StaticFS(linksPathForAssets, http.FS(subFS))
 			}
 		} else {
 			logger.Error("sub: failed to mount embedded assets:", err)
 		}
 	}
 	if assetsFS != nil {
 		engine.StaticFS("/assets", assetsFS)
 		if linksPathForAssets != "/assets" {
 			engine.StaticFS(linksPathForAssets, assetsFS)
 		}
 		// Add middleware to handle dynamic asset paths with subid
 		if LinksPath != "/" {
 			engine.Use(func(c *gin.Context) {
 				path := c.Request.URL.Path
 				// Check if this is an asset request with subid pattern: /sub/path/{subid}/assets/...
 				pathPrefix := strings.TrimRight(LinksPath, "/") + "/"
 				if strings.HasPrefix(path, pathPrefix) && strings.Contains(path, "/assets/") {
 					// Extract the asset path after /assets/
 					assetsIndex := strings.Index(path, "/assets/")
 					if assetsIndex != -1 {
 						assetPath := path[assetsIndex+8:] // +8 to skip "/assets/"
 						if assetPath != "" {
 							// Serve the asset file
 							c.FileFromFS(assetPath, assetsFS)
 							c.Abort()
 							return
 						}
 					}
 				}
 				c.Next()
 			})
 		}
 	}
 	g := engine.Group("/")
 	s.sub = NewSUBController(
--- a/sub/subController.go
+++ b/sub/subController.go
@@ -87,7 +87,20 @@ func (a *SUBController) subs(c *gin.Context) {
 			if !a.jsonEnabled {
 				subJsonURL = ""
 			}
-			page := a.subService.BuildPageData(subId, hostHeader, traffic, lastOnline, subs, subURL, subJsonURL)
+			// Get base_path from context (set by middleware)
 			basePath, exists := c.Get("base_path")
 			if !exists {
 				basePath = "/"
 			}
 			// Add subId to base_path for asset URLs
 			basePathStr := basePath.(string)
 			if basePathStr == "/" {
 				basePathStr = "/" + subId + "/"
 			} else {
 				// Remove trailing slash if exists, add subId, then add trailing slash
 				basePathStr = strings.TrimRight(basePathStr, "/") + "/" + subId + "/"
 			}
 			page := a.subService.BuildPageData(subId, hostHeader, traffic, lastOnline, subs, subURL, subJsonURL, basePathStr)
 			c.HTML(200, "subpage.html", gin.H{
 				"title":        "subscription.title",
 				"cur_ver":      config.GetVersion(),
--- a/sub/subService.go
+++ b/sub/subService.go
@@ -179,9 +179,15 @@ func (s *SubService) genVmessLink(inbound *model.Inbound, email string) string {
 	if inbound.Protocol != model.VMESS {
 		return ""
 	}
 	var address string
 	if inbound.Listen == "" || inbound.Listen == "0.0.0.0" || inbound.Listen == "::" || inbound.Listen == "::0" {
 		address = s.address
 	} else {
 		address = inbound.Listen
 	}
 	obj := map[string]any{
 		"v":    "2",
-		"add":  s.address,
+		"add":  address,
 		"port": inbound.Port,
 		"type": "none",
 	}
@@ -317,7 +323,13 @@ func (s *SubService) genVmessLink(inbound *model.Inbound, email string) string {
 }
 func (s *SubService) genVlessLink(inbound *model.Inbound, email string) string {
-	address := s.address
+	var address string
 	if inbound.Listen == "" || inbound.Listen == "0.0.0.0" || inbound.Listen == "::" || inbound.Listen == "::0" {
 		address = s.address
 	} else {
 		address = inbound.Listen
 	}
 	if inbound.Protocol != model.VLESS {
 		return ""
 	}
@@ -523,7 +535,12 @@ func (s *SubService) genVlessLink(inbound *model.Inbound, email string) string {
 }
 func (s *SubService) genTrojanLink(inbound *model.Inbound, email string) string {
-	address := s.address
+	var address string
 	if inbound.Listen == "" || inbound.Listen == "0.0.0.0" || inbound.Listen == "::" || inbound.Listen == "::0" {
 		address = s.address
 	} else {
 		address = inbound.Listen
 	}
 	if inbound.Protocol != model.Trojan {
 		return ""
 	}
@@ -719,7 +736,12 @@ func (s *SubService) genTrojanLink(inbound *model.Inbound, email string) string
 }
 func (s *SubService) genShadowsocksLink(inbound *model.Inbound, email string) string {
-	address := s.address
+	var address string
 	if inbound.Listen == "" || inbound.Listen == "0.0.0.0" || inbound.Listen == "::" || inbound.Listen == "::0" {
 		address = s.address
 	} else {
 		address = inbound.Listen
 	}
 	if inbound.Protocol != model.Shadowsocks {
 		return ""
 	}
@@ -1148,7 +1170,7 @@ func (s *SubService) joinPathWithID(basePath, subId string) string {
 // BuildPageData parses header and prepares the template view model.
 // BuildPageData constructs page data for rendering the subscription information page.
-func (s *SubService) BuildPageData(subId string, hostHeader string, traffic xray.ClientTraffic, lastOnline int64, subs []string, subURL, subJsonURL string) PageData {
+func (s *SubService) BuildPageData(subId string, hostHeader string, traffic xray.ClientTraffic, lastOnline int64, subs []string, subURL, subJsonURL string, basePath string) PageData {
 	download := common.FormatTraffic(traffic.Down)
 	upload := common.FormatTraffic(traffic.Up)
 	total := "∞"
@@ -1167,7 +1189,7 @@ func (s *SubService) BuildPageData(subId string, hostHeader string, traffic xray
 	return PageData{
 		Host:         hostHeader,
-		BasePath:     "/", // kept as "/"; templates now use context base_path injected from router
+		BasePath:     basePath,
 		SId:          subId,
 		Download:     download,
 		Upload:       upload,
--- a/update.sh
+++ b/update.sh
@@ -0,0 +1,760 @@
 #!/bin/bash
 red='\033[0;31m'
 green='\033[0;32m'
 blue='\033[0;34m'
 yellow='\033[0;33m'
 plain='\033[0m'
 xui_folder="${XUI_MAIN_FOLDER:=/usr/local/x-ui}"
 xui_service="${XUI_SERVICE:=/etc/systemd/system}"
 # Don't edit this config
 b_source="${BASH_SOURCE[0]}"
 while [ -h "$b_source" ]; do
    b_dir="$(cd -P "$(dirname "$b_source")" >/dev/null 2>&1 && pwd || pwd -P)"
    b_source="$(readlink "$b_source")"
    [[ $b_source != /* ]] && b_source="$b_dir/$b_source"
 done
 cur_dir="$(cd -P "$(dirname "$b_source")" >/dev/null 2>&1 && pwd || pwd -P)"
 script_name=$(basename "$0")
 # Check command exist function
 _command_exists() {
    type "$1" &>/dev/null
 }
 # Fail, log and exit script function
 _fail() {
    local msg=${1}
    echo -e "${red}${msg}${plain}"
    exit 2
 }
 # check root
 [[ $EUID -ne 0 ]] && _fail "FATAL ERROR: Please run this script with root privilege."
 if _command_exists curl; then
    curl_bin=$(which curl)
 else
    _fail "ERROR: Command 'curl' not found."
 fi
 # Check OS and set release variable
 if [[ -f /etc/os-release ]]; then
    source /etc/os-release
    release=$ID
    elif [[ -f /usr/lib/os-release ]]; then
    source /usr/lib/os-release
    release=$ID
 else
    _fail "Failed to check the system OS, please contact the author!"
 fi
 echo "The OS release is: $release"
 arch() {
    case "$(uname -m)" in
        x86_64 | x64 | amd64) echo 'amd64' ;;
        i*86 | x86) echo '386' ;;
        armv8* | armv8 | arm64 | aarch64) echo 'arm64' ;;
        armv7* | armv7 | arm) echo 'armv7' ;;
        armv6* | armv6) echo 'armv6' ;;
        armv5* | armv5) echo 'armv5' ;;
        s390x) echo 's390x' ;;
        *) echo -e "${red}Unsupported CPU architecture!${plain}" && rm -f "${cur_dir}/${script_name}" >/dev/null 2>&1 && exit 2;;
    esac
 }
 echo "Arch: $(arch)"
 # Simple helpers
 is_ipv4() {
    [[ "$1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]] && return 0 || return 1
 }
 is_ipv6() {
    [[ "$1" =~ : ]] && return 0 || return 1
 }
 is_ip() {
    is_ipv4 "$1" || is_ipv6 "$1"
 }
 is_domain() {
    [[ "$1" =~ ^([A-Za-z0-9](-*[A-Za-z0-9])*\.)+[A-Za-z]{2,}$ ]] && return 0 || return 1
 }
 gen_random_string() {
    local length="$1"
    local random_string=$(LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w "$length" | head -n 1)
    echo "$random_string"
 }
 install_base() {
    echo -e "${green}Updating and install dependency packages...${plain}"
    case "${release}" in
        ubuntu | debian | armbian)
            apt-get update >/dev/null 2>&1 && apt-get install -y -q curl tar tzdata openssl socat >/dev/null 2>&1
        ;;
        fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol)
            dnf -y update >/dev/null 2>&1 && dnf install -y -q curl tar tzdata openssl socat >/dev/null 2>&1
        ;;
        centos)
            if [[ "${VERSION_ID}" =~ ^7 ]]; then
                yum -y update >/dev/null 2>&1 && yum install -y -q curl tar tzdata openssl socat >/dev/null 2>&1
            else
                dnf -y update >/dev/null 2>&1 && dnf install -y -q curl tar tzdata openssl socat >/dev/null 2>&1
            fi
        ;;
        arch | manjaro | parch)
            pacman -Syu >/dev/null 2>&1 && pacman -Syu --noconfirm curl tar tzdata openssl socat >/dev/null 2>&1
        ;;
        opensuse-tumbleweed | opensuse-leap)
            zypper refresh >/dev/null 2>&1 && zypper -q install -y curl tar timezone openssl socat >/dev/null 2>&1
        ;;
        alpine)
            apk update >/dev/null 2>&1 && apk add curl tar tzdata openssl socat >/dev/null 2>&1
        ;;
        *)
            apt-get update >/dev/null 2>&1 && apt install -y -q curl tar tzdata openssl socat >/dev/null 2>&1
        ;;
    esac
 }
 install_acme() {
    echo -e "${green}Installing acme.sh for SSL certificate management...${plain}"
    cd ~ || return 1
    curl -s https://get.acme.sh | sh >/dev/null 2>&1
    if [ $? -ne 0 ]; then
        echo -e "${red}Failed to install acme.sh${plain}"
        return 1
    else
        echo -e "${green}acme.sh installed successfully${plain}"
    fi
    return 0
 }
 setup_ssl_certificate() {
    local domain="$1"
    local server_ip="$2"
    local existing_port="$3"
    local existing_webBasePath="$4"
    echo -e "${green}Setting up SSL certificate...${plain}"
    # Check if acme.sh is installed
    if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
        install_acme
        if [ $? -ne 0 ]; then
            echo -e "${yellow}Failed to install acme.sh, skipping SSL setup${plain}"
            return 1
        fi
    fi
    # Create certificate directory
    local certPath="/root/cert/${domain}"
    mkdir -p "$certPath"
    # Issue certificate
    echo -e "${green}Issuing SSL certificate for ${domain}...${plain}"
    echo -e "${yellow}Note: Port 80 must be open and accessible from the internet${plain}"
    ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt >/dev/null 2>&1
    ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport 80 --force
    if [ $? -ne 0 ]; then
        echo -e "${yellow}Failed to issue certificate for ${domain}${plain}"
        echo -e "${yellow}Please ensure port 80 is open and try again later with: x-ui${plain}"
        rm -rf ~/.acme.sh/${domain} 2>/dev/null
        rm -rf "$certPath" 2>/dev/null
        return 1
    fi
    # Install certificate
    ~/.acme.sh/acme.sh --installcert -d ${domain} \
        --key-file /root/cert/${domain}/privkey.pem \
        --fullchain-file /root/cert/${domain}/fullchain.pem \
        --reloadcmd "systemctl restart x-ui" >/dev/null 2>&1
    if [ $? -ne 0 ]; then
        echo -e "${yellow}Failed to install certificate${plain}"
        return 1
    fi
    # Enable auto-renew
    ~/.acme.sh/acme.sh --upgrade --auto-upgrade >/dev/null 2>&1
    chmod 755 $certPath/* 2>/dev/null
    # Set certificate for panel
    local webCertFile="/root/cert/${domain}/fullchain.pem"
    local webKeyFile="/root/cert/${domain}/privkey.pem"
    if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
        ${xui_folder}/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile" >/dev/null 2>&1
        echo -e "${green}SSL certificate installed and configured successfully!${plain}"
        return 0
    else
        echo -e "${yellow}Certificate files not found${plain}"
        return 1
    fi
 }
 # Fallback: generate a self-signed certificate (not publicly trusted)
 setup_self_signed_certificate() {
    local name="$1"   # domain or IP to place in SAN
    local certDir="/root/cert/selfsigned"
    echo -e "${yellow}Generating a self-signed certificate (not publicly trusted)...${plain}"
    mkdir -p "$certDir"
    local sanExt=""
    if is_ip "$name"; then
        sanExt="IP:${name}"
    else
        sanExt="DNS:${name}"
    fi
    # Try -addext; fallback to config if not supported
    openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
        -keyout "${certDir}/privkey.pem" \
        -out "${certDir}/fullchain.pem" \
        -subj "/CN=${name}" \
        -addext "subjectAltName=${sanExt}" >/dev/null 2>&1
    if [[ $? -ne 0 ]]; then
        local tmpCfg="${certDir}/openssl.cnf"
        cat > "$tmpCfg" <<EOF
 [req]
 distinguished_name=req_distinguished_name
 req_extensions=v3_req
 [req_distinguished_name]
 [v3_req]
 subjectAltName=${sanExt}
 EOF
        openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
            -keyout "${certDir}/privkey.pem" \
            -out "${certDir}/fullchain.pem" \
            -subj "/CN=${name}" \
            -config "$tmpCfg" -extensions v3_req >/dev/null 2>&1
        rm -f "$tmpCfg"
    fi
    if [[ ! -f "${certDir}/fullchain.pem" || ! -f "${certDir}/privkey.pem" ]]; then
        echo -e "${red}Failed to generate self-signed certificate${plain}"
        return 1
    fi
    chmod 755 ${certDir}/* 2>/dev/null
    ${xui_folder}/x-ui cert -webCert "${certDir}/fullchain.pem" -webCertKey "${certDir}/privkey.pem" >/dev/null 2>&1
    echo -e "${yellow}Self-signed certificate configured. Browsers will show a warning.${plain}"
    return 0
 }
 # Comprehensive manual SSL certificate issuance via acme.sh
 ssl_cert_issue() {
    local existing_webBasePath=$(${xui_folder}/x-ui setting -show true | grep 'webBasePath:' | awk -F': ' '{print $2}' | tr -d '[:space:]' | sed 's#^/##')
    local existing_port=$(${xui_folder}/x-ui setting -show true | grep 'port:' | awk -F': ' '{print $2}' | tr -d '[:space:]')
    # check for acme.sh first
    if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
        echo "acme.sh could not be found. Installing now..."
        cd ~ || return 1
        curl -s https://get.acme.sh | sh
        if [ $? -ne 0 ]; then
            echo -e "${red}Failed to install acme.sh${plain}"
            return 1
        else
            echo -e "${green}acme.sh installed successfully${plain}"
        fi
    fi
    # get the domain here, and we need to verify it
    local domain=""
    while true; do
        read -rp "Please enter your domain name: " domain
        domain="${domain// /}"  # Trim whitespace
        if [[ -z "$domain" ]]; then
            echo -e "${red}Domain name cannot be empty. Please try again.${plain}"
            continue
        fi
        if ! is_domain "$domain"; then
            echo -e "${red}Invalid domain format: ${domain}. Please enter a valid domain name.${plain}"
            continue
        fi
        break
    done
    echo -e "${green}Your domain is: ${domain}, checking it...${plain}"
    # check if there already exists a certificate
    local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
    if [ "${currentCert}" == "${domain}" ]; then
        local certInfo=$(~/.acme.sh/acme.sh --list)
        echo -e "${red}System already has certificates for this domain. Cannot issue again.${plain}"
        echo -e "${yellow}Current certificate details:${plain}"
        echo "$certInfo"
        return 1
    else
        echo -e "${green}Your domain is ready for issuing certificates now...${plain}"
    fi
    # create a directory for the certificate
    certPath="/root/cert/${domain}"
    if [ ! -d "$certPath" ]; then
        mkdir -p "$certPath"
    else
        rm -rf "$certPath"
        mkdir -p "$certPath"
    fi
    # get the port number for the standalone server
    local WebPort=80
    read -rp "Please choose which port to use (default is 80): " WebPort
    if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
        echo -e "${yellow}Your input ${WebPort} is invalid, will use default port 80.${plain}"
        WebPort=80
    fi
    echo -e "${green}Will use port: ${WebPort} to issue certificates. Please make sure this port is open.${plain}"
    # Stop panel temporarily
    echo -e "${yellow}Stopping panel temporarily...${plain}"
    systemctl stop x-ui 2>/dev/null || rc-service x-ui stop 2>/dev/null
    # issue the certificate
    ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
    ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force
    if [ $? -ne 0 ]; then
        echo -e "${red}Issuing certificate failed, please check logs.${plain}"
        rm -rf ~/.acme.sh/${domain}
        systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
        return 1
    else
        echo -e "${green}Issuing certificate succeeded, installing certificates...${plain}"
    fi
    # Setup reload command
    reloadCmd="systemctl restart x-ui || rc-service x-ui restart"
    echo -e "${green}Default --reloadcmd for ACME is: ${yellow}systemctl restart x-ui || rc-service x-ui restart${plain}"
    echo -e "${green}This command will run on every certificate issue and renew.${plain}"
    read -rp "Would you like to modify --reloadcmd for ACME? (y/n): " setReloadcmd
    if [[ "$setReloadcmd" == "y" || "$setReloadcmd" == "Y" ]]; then
        echo -e "\n${green}\t1.${plain} Preset: systemctl reload nginx ; systemctl restart x-ui"
        echo -e "${green}\t2.${plain} Input your own command"
        echo -e "${green}\t0.${plain} Keep default reloadcmd"
        read -rp "Choose an option: " choice
        case "$choice" in
        1)
            echo -e "${green}Reloadcmd is: systemctl reload nginx ; systemctl restart x-ui${plain}"
            reloadCmd="systemctl reload nginx ; systemctl restart x-ui"
            ;;
        2)
            echo -e "${yellow}It's recommended to put x-ui restart at the end${plain}"
            read -rp "Please enter your custom reloadcmd: " reloadCmd
            echo -e "${green}Reloadcmd is: ${reloadCmd}${plain}"
            ;;
        *)
            echo -e "${green}Keeping default reloadcmd${plain}"
            ;;
        esac
    fi
    # install the certificate
    ~/.acme.sh/acme.sh --installcert -d ${domain} \
        --key-file /root/cert/${domain}/privkey.pem \
        --fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}"
    if [ $? -ne 0 ]; then
        echo -e "${red}Installing certificate failed, exiting.${plain}"
        rm -rf ~/.acme.sh/${domain}
        systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
        return 1
    else
        echo -e "${green}Installing certificate succeeded, enabling auto renew...${plain}"
    fi
    # enable auto-renew
    ~/.acme.sh/acme.sh --upgrade --auto-upgrade
    if [ $? -ne 0 ]; then
        echo -e "${yellow}Auto renew setup had issues, certificate details:${plain}"
        ls -lah /root/cert/${domain}/
        chmod 755 $certPath/*
    else
        echo -e "${green}Auto renew succeeded, certificate details:${plain}"
        ls -lah /root/cert/${domain}/
        chmod 755 $certPath/*
    fi
    # Restart panel
    systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
    # Prompt user to set panel paths after successful certificate installation
    read -rp "Would you like to set this certificate for the panel? (y/n): " setPanel
    if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then
        local webCertFile="/root/cert/${domain}/fullchain.pem"
        local webKeyFile="/root/cert/${domain}/privkey.pem"
        if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
            ${xui_folder}/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
            echo -e "${green}Certificate paths set for the panel${plain}"
            echo -e "${green}Certificate File: $webCertFile${plain}"
            echo -e "${green}Private Key File: $webKeyFile${plain}"
            echo ""
            echo -e "${green}Access URL: https://${domain}:${existing_port}/${existing_webBasePath}${plain}"
            echo -e "${yellow}Panel will restart to apply SSL certificate...${plain}"
            systemctl restart x-ui 2>/dev/null || rc-service x-ui restart 2>/dev/null
        else
            echo -e "${red}Error: Certificate or private key file not found for domain: $domain.${plain}"
        fi
    else
        echo -e "${yellow}Skipping panel path setting.${plain}"
    fi
    return 0
 }
 # Unified interactive SSL setup (domain or self-signed)
 # Sets global `SSL_HOST` to the chosen domain/IP
 prompt_and_setup_ssl() {
    local panel_port="$1"
    local web_base_path="$2"   # expected without leading slash
    local server_ip="$3"
    local ssl_choice=""
    echo -e "${yellow}Choose SSL certificate setup method:${plain}"
    echo -e "${green}1.${plain} Let's Encrypt (domain required, recommended)"
    echo -e "${green}2.${plain} Self-signed certificate (for testing/local use)"
    read -rp "Choose an option (default 2): " ssl_choice
    ssl_choice="${ssl_choice// /}"  # Trim whitespace
    # Default to 2 (self-signed) if not 1
    if [[ "$ssl_choice" != "1" ]]; then
        ssl_choice="2"
    fi
    case "$ssl_choice" in
    1)
        # User chose Let's Encrypt domain option
        echo -e "${green}Using ssl_cert_issue() for comprehensive domain setup...${plain}"
        ssl_cert_issue
        # Extract the domain that was used from the certificate
        local cert_domain=$(~/.acme.sh/acme.sh --list 2>/dev/null | tail -1 | awk '{print $1}')
        if [[ -n "${cert_domain}" ]]; then
            SSL_HOST="${cert_domain}"
            echo -e "${green}✓ SSL certificate configured successfully with domain: ${cert_domain}${plain}"
        else
            echo -e "${yellow}SSL setup may have completed, but domain extraction failed${plain}"
            SSL_HOST="${server_ip}"
        fi
        ;;
    2)
        # User chose self-signed option
        # Stop panel if running
        if [[ $release == "alpine" ]]; then
            rc-service x-ui stop >/dev/null 2>&1
        else
            systemctl stop x-ui >/dev/null 2>&1
        fi
        echo -e "${yellow}Using server IP for self-signed certificate: ${server_ip}${plain}"
        setup_self_signed_certificate "${server_ip}"
        if [ $? -eq 0 ]; then
            SSL_HOST="${server_ip}"
            echo -e "${green}✓ Self-signed SSL configured successfully${plain}"
        else
            echo -e "${red}✗ Self-signed SSL setup failed${plain}"
            SSL_HOST="${server_ip}"
        fi
        # Start panel after SSL is configured
        if [[ $release == "alpine" ]]; then
            rc-service x-ui start >/dev/null 2>&1
        else
            systemctl start x-ui >/dev/null 2>&1
        fi
        ;;
    0)
        echo -e "${yellow}Skipping SSL setup${plain}"
        SSL_HOST="${server_ip}"
        ;;
    *)
        echo -e "${red}Invalid option. Skipping SSL setup.${plain}"
        SSL_HOST="${server_ip}"
        ;;
    esac
 }
 config_after_update() {
    echo -e "${yellow}x-ui settings:${plain}"
    ${xui_folder}/x-ui setting -show true
    ${xui_folder}/x-ui migrate
    # Properly detect empty cert by checking if cert: line exists and has content after it
    local existing_cert=$(${xui_folder}/x-ui setting -getCert true 2>/dev/null | grep 'cert:' | awk -F': ' '{print $2}' | tr -d '[:space:]')
    local existing_port=$(${xui_folder}/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}')
    local existing_webBasePath=$(${xui_folder}/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}' | sed 's#^/##')
    # Get server IP
    local URL_lists=(
        "https://api4.ipify.org"
        "https://ipv4.icanhazip.com"
        "https://v4.api.ipinfo.io/ip"
        "https://ipv4.myexternalip.com/raw"
        "https://4.ident.me"
        "https://check-host.net/ip"
    )
    local server_ip=""
    for ip_address in "${URL_lists[@]}"; do
        server_ip=$(${curl_bin} -s --max-time 3 "${ip_address}" 2>/dev/null | tr -d '[:space:]')
        if [[ -n "${server_ip}" ]]; then
            break
        fi
    done
    # Handle missing/short webBasePath
    if [[ ${#existing_webBasePath} -lt 4 ]]; then
        echo -e "${yellow}WebBasePath is missing or too short. Generating a new one...${plain}"
        local config_webBasePath=$(gen_random_string 18)
        ${xui_folder}/x-ui setting -webBasePath "${config_webBasePath}"
        existing_webBasePath="${config_webBasePath}"
        echo -e "${green}New WebBasePath: ${config_webBasePath}${plain}"
    fi
    # Check and prompt for SSL if missing
    if [[ -z "$existing_cert" ]]; then
        echo ""
        echo -e "${red}═══════════════════════════════════════════${plain}"
        echo -e "${red}      ⚠ NO SSL CERTIFICATE DETECTED ⚠     ${plain}"
        echo -e "${red}═══════════════════════════════════════════${plain}"
        echo -e "${yellow}For security, SSL certificate is MANDATORY for all panels.${plain}"
        echo -e "${yellow}Let's Encrypt requires a domain name; IP certs are not issued. Use self-signed for IP.${plain}"
        echo ""
        if [[ -z "${server_ip}" ]]; then
            echo -e "${red}Failed to detect server IP${plain}"
            echo -e "${yellow}Please configure SSL manually using: x-ui${plain}"
            return
        fi
        # Prompt and setup SSL (domain or self-signed)
        prompt_and_setup_ssl "${existing_port}" "${existing_webBasePath}" "${server_ip}"
        echo ""
        echo -e "${green}═══════════════════════════════════════════${plain}"
        echo -e "${green}     Panel Access Information              ${plain}"
        echo -e "${green}═══════════════════════════════════════════${plain}"
        echo -e "${green}Access URL: https://${SSL_HOST}:${existing_port}/${existing_webBasePath}${plain}"
        echo -e "${green}═══════════════════════════════════════════${plain}"
        echo -e "${yellow}⚠ SSL Certificate: Enabled and configured${plain}"
    else
        echo -e "${green}SSL certificate is already configured${plain}"
        # Show access URL with existing certificate
        local cert_domain=$(basename "$(dirname "$existing_cert")")
        echo ""
        echo -e "${green}═══════════════════════════════════════════${plain}"
        echo -e "${green}     Panel Access Information              ${plain}"
        echo -e "${green}═══════════════════════════════════════════${plain}"
        echo -e "${green}Access URL: https://${cert_domain}:${existing_port}/${existing_webBasePath}${plain}"
        echo -e "${green}═══════════════════════════════════════════${plain}"
    fi
 }
 update_x-ui() {
    cd ${xui_folder%/x-ui}/
    if [ -f "${xui_folder}/x-ui" ]; then
        current_xui_version=$(${xui_folder}/x-ui -v)
        echo -e "${green}Current x-ui version: ${current_xui_version}${plain}"
    else
        _fail "ERROR: Current x-ui version: unknown"
    fi
    echo -e "${green}Downloading new x-ui version...${plain}"
    tag_version=$(${curl_bin} -Ls "https://api.github.com/repos/MHSanaei/3x-ui/releases/latest" 2>/dev/null | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
    if [[ ! -n "$tag_version" ]]; then
        echo -e "${yellow}Trying to fetch version with IPv4...${plain}"
        tag_version=$(${curl_bin} -4 -Ls "https://api.github.com/repos/MHSanaei/3x-ui/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
        if [[ ! -n "$tag_version" ]]; then
            _fail "ERROR: Failed to fetch x-ui version, it may be due to GitHub API restrictions, please try it later"
        fi
    fi
    echo -e "Got x-ui latest version: ${tag_version}, beginning the installation..."
    ${curl_bin} -fLRo ${xui_folder}-linux-$(arch).tar.gz -z ${xui_folder}-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz 2>/dev/null
    if [[ $? -ne 0 ]]; then
        echo -e "${yellow}Trying to fetch version with IPv4...${plain}"
        ${curl_bin} -4fLRo ${xui_folder}-linux-$(arch).tar.gz -z ${xui_folder}-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz 2>/dev/null
        if [[ $? -ne 0 ]]; then
            _fail "ERROR: Failed to download x-ui, please be sure that your server can access GitHub"
        fi
    fi
    if [[ -e ${xui_folder}/ ]]; then
        echo -e "${green}Stopping x-ui...${plain}"
        if [[ $release == "alpine" ]]; then
            if [ -f "/etc/init.d/x-ui" ]; then
                rc-service x-ui stop >/dev/null 2>&1
                rc-update del x-ui >/dev/null 2>&1
                echo -e "${green}Removing old service unit version...${plain}"
                rm -f /etc/init.d/x-ui >/dev/null 2>&1
            else
                rm x-ui-linux-$(arch).tar.gz -f >/dev/null 2>&1
                _fail "ERROR: x-ui service unit not installed."
            fi
        else
            if [ -f "${xui_service}/x-ui.service" ]; then
                systemctl stop x-ui >/dev/null 2>&1
                systemctl disable x-ui >/dev/null 2>&1
                echo -e "${green}Removing old systemd unit version...${plain}"
                rm ${xui_service}/x-ui.service -f >/dev/null 2>&1
                systemctl daemon-reload >/dev/null 2>&1
            else
                rm x-ui-linux-$(arch).tar.gz -f >/dev/null 2>&1
                _fail "ERROR: x-ui systemd unit not installed."
            fi
        fi
        echo -e "${green}Removing old x-ui version...${plain}"
        rm ${xui_folder} -f >/dev/null 2>&1
        rm ${xui_folder}/x-ui.service -f >/dev/null 2>&1
        rm ${xui_folder}/x-ui.service.debian -f >/dev/null 2>&1
        rm ${xui_folder}/x-ui.service.rhel -f >/dev/null 2>&1
        rm ${xui_folder}/x-ui -f >/dev/null 2>&1
        rm ${xui_folder}/x-ui.sh -f >/dev/null 2>&1
        echo -e "${green}Removing old xray version...${plain}"
        rm ${xui_folder}/bin/xray-linux-amd64 -f >/dev/null 2>&1
        echo -e "${green}Removing old README and LICENSE file...${plain}"
        rm ${xui_folder}/bin/README.md -f >/dev/null 2>&1
        rm ${xui_folder}/bin/LICENSE -f >/dev/null 2>&1
    else
        rm x-ui-linux-$(arch).tar.gz -f >/dev/null 2>&1
        _fail "ERROR: x-ui not installed."
    fi
    echo -e "${green}Installing new x-ui version...${plain}"
    tar zxvf x-ui-linux-$(arch).tar.gz >/dev/null 2>&1
    rm x-ui-linux-$(arch).tar.gz -f >/dev/null 2>&1
    cd x-ui >/dev/null 2>&1
    chmod +x x-ui >/dev/null 2>&1
    # Check the system's architecture and rename the file accordingly
    if [[ $(arch) == "armv5" || $(arch) == "armv6" || $(arch) == "armv7" ]]; then
        mv bin/xray-linux-$(arch) bin/xray-linux-arm >/dev/null 2>&1
        chmod +x bin/xray-linux-arm >/dev/null 2>&1
    fi
    chmod +x x-ui bin/xray-linux-$(arch) >/dev/null 2>&1
    echo -e "${green}Downloading and installing x-ui.sh script...${plain}"
    ${curl_bin} -fLRo /usr/bin/x-ui https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.sh >/dev/null 2>&1
    if [[ $? -ne 0 ]]; then
        echo -e "${yellow}Trying to fetch x-ui with IPv4...${plain}"
        ${curl_bin} -4fLRo /usr/bin/x-ui https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.sh >/dev/null 2>&1
        if [[ $? -ne 0 ]]; then
            _fail "ERROR: Failed to download x-ui.sh script, please be sure that your server can access GitHub"
        fi
    fi
    chmod +x ${xui_folder}/x-ui.sh >/dev/null 2>&1
    chmod +x /usr/bin/x-ui >/dev/null 2>&1
    mkdir -p /var/log/x-ui >/dev/null 2>&1
    echo -e "${green}Changing owner...${plain}"
    chown -R root:root ${xui_folder} >/dev/null 2>&1
    if [ -f "${xui_folder}/bin/config.json" ]; then
        echo -e "${green}Changing on config file permissions...${plain}"
        chmod 640 ${xui_folder}/bin/config.json >/dev/null 2>&1
    fi
    if [[ $release == "alpine" ]]; then
        echo -e "${green}Downloading and installing startup unit x-ui.rc...${plain}"
        ${curl_bin} -fLRo /etc/init.d/x-ui https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.rc >/dev/null 2>&1
        if [[ $? -ne 0 ]]; then
            ${curl_bin} -4fLRo /etc/init.d/x-ui https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.rc >/dev/null 2>&1
            if [[ $? -ne 0 ]]; then
                _fail "ERROR: Failed to download startup unit x-ui.rc, please be sure that your server can access GitHub"
            fi
        fi
        chmod +x /etc/init.d/x-ui >/dev/null 2>&1
        chown root:root /etc/init.d/x-ui >/dev/null 2>&1
        rc-update add x-ui >/dev/null 2>&1
        rc-service x-ui start >/dev/null 2>&1
    else
        if [ -f "x-ui.service" ]; then
            echo -e "${green}Installing systemd unit...${plain}"
            cp -f x-ui.service ${xui_service}/ >/dev/null 2>&1
            if [[ $? -ne 0 ]]; then
                echo -e "${red}Failed to copy x-ui.service${plain}"
                exit 1
            fi
        else
            service_installed=false
            case "${release}" in
                ubuntu | debian | armbian)
                    if [ -f "x-ui.service.debian" ]; then
                        echo -e "${green}Installing debian-like systemd unit...${plain}"
                        cp -f x-ui.service.debian ${xui_service}/x-ui.service >/dev/null 2>&1
                        if [[ $? -eq 0 ]]; then
                            service_installed=true
                        fi
                    fi
                ;;
                *)
                    if [ -f "x-ui.service.rhel" ]; then
                        echo -e "${green}Installing rhel-like systemd unit...${plain}"
                        cp -f x-ui.service.rhel ${xui_service}/x-ui.service >/dev/null 2>&1
                        if [[ $? -eq 0 ]]; then
                            service_installed=true
                        fi
                    fi
                ;;
            esac
            # If service file not found in tar.gz, download from GitHub
            if [ "$service_installed" = false ]; then
                echo -e "${yellow}Service files not found in tar.gz, downloading from GitHub...${plain}"
                case "${release}" in
                    ubuntu | debian | armbian)
                        ${curl_bin} -4fLRo ${xui_service}/x-ui.service https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.service.debian >/dev/null 2>&1
                    ;;
                    *)
                        ${curl_bin} -4fLRo ${xui_service}/x-ui.service https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.service.rhel >/dev/null 2>&1
                    ;;
                esac
                if [[ $? -ne 0 ]]; then
                    echo -e "${red}Failed to install x-ui.service from GitHub${plain}"
                    exit 1
                fi
            fi
        fi
        chown root:root ${xui_service}/x-ui.service >/dev/null 2>&1
        chmod 644 ${xui_service}/x-ui.service >/dev/null 2>&1
        systemctl daemon-reload >/dev/null 2>&1
        systemctl enable x-ui >/dev/null 2>&1
        systemctl start x-ui >/dev/null 2>&1
    fi
    config_after_update
    echo -e "${green}x-ui ${tag_version}${plain} updating finished, it is running now..."
    echo -e ""
    echo -e "┌───────────────────────────────────────────────────────┐
 │  ${blue}x-ui control menu usages (subcommands):${plain}              │
 │                                                       │
 │  ${blue}x-ui${plain}              - Admin Management Script          │
 │  ${blue}x-ui start${plain}        - Start                            │
 │  ${blue}x-ui stop${plain}         - Stop                             │
 │  ${blue}x-ui restart${plain}      - Restart                          │
 │  ${blue}x-ui status${plain}       - Current Status                   │
 │  ${blue}x-ui settings${plain}     - Current Settings                 │
 │  ${blue}x-ui enable${plain}       - Enable Autostart on OS Startup   │
 │  ${blue}x-ui disable${plain}      - Disable Autostart on OS Startup  │
 │  ${blue}x-ui log${plain}          - Check logs                       │
 │  ${blue}x-ui banlog${plain}       - Check Fail2ban ban logs          │
 │  ${blue}x-ui update${plain}       - Update                           │
 │  ${blue}x-ui legacy${plain}       - Legacy version                   │
 │  ${blue}x-ui install${plain}      - Install                          │
 │  ${blue}x-ui uninstall${plain}    - Uninstall                        │
 └───────────────────────────────────────────────────────┘"
 }
 echo -e "${green}Running...${plain}"
 install_base
 update_x-ui $1
--- a/util/ldap/ldap.go
+++ b/util/ldap/ldap.go
@@ -0,0 +1,142 @@
 package ldaputil
 import (
 	"crypto/tls"
 	"fmt"
 	"github.com/go-ldap/ldap/v3"
 )
 type Config struct {
 	Host       string
 	Port       int
 	UseTLS     bool
 	BindDN     string
 	Password   string
 	BaseDN     string
 	UserFilter string
 	UserAttr   string
 	FlagField  string
 	TruthyVals []string
 	Invert     bool
 }
 // FetchVlessFlags returns map[email]enabled
 func FetchVlessFlags(cfg Config) (map[string]bool, error) {
 	addr := fmt.Sprintf("%s:%d", cfg.Host, cfg.Port)
 	var conn *ldap.Conn
 	var err error
 	if cfg.UseTLS {
 		conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: false})
 	} else {
 		conn, err = ldap.Dial("tcp", addr)
 	}
 	if err != nil {
 		return nil, err
 	}
 	defer conn.Close()
 	if cfg.BindDN != "" {
 		if err := conn.Bind(cfg.BindDN, cfg.Password); err != nil {
 			return nil, err
 		}
 	}
 	if cfg.UserFilter == "" {
 		cfg.UserFilter = "(objectClass=person)"
 	}
 	if cfg.UserAttr == "" {
 		cfg.UserAttr = "mail"
 	}
 	// if field not set we fallback to legacy vless_enabled
 	if cfg.FlagField == "" {
 		cfg.FlagField = "vless_enabled"
 	}
 	req := ldap.NewSearchRequest(
 		cfg.BaseDN,
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 		cfg.UserFilter,
 		[]string{cfg.UserAttr, cfg.FlagField},
 		nil,
 	)
 	res, err := conn.Search(req)
 	if err != nil {
 		return nil, err
 	}
 	result := make(map[string]bool, len(res.Entries))
 	for _, e := range res.Entries {
 		user := e.GetAttributeValue(cfg.UserAttr)
 		if user == "" {
 			continue
 		}
 		val := e.GetAttributeValue(cfg.FlagField)
 		enabled := false
 		for _, t := range cfg.TruthyVals {
 			if val == t {
 				enabled = true
 				break
 			}
 		}
 		if cfg.Invert {
 			enabled = !enabled
 		}
 		result[user] = enabled
 	}
 	return result, nil
 }
 // AuthenticateUser searches user by cfg.UserAttr and attempts to bind with provided password.
 func AuthenticateUser(cfg Config, username, password string) (bool, error) {
 	addr := fmt.Sprintf("%s:%d", cfg.Host, cfg.Port)
 	var conn *ldap.Conn
 	var err error
 	if cfg.UseTLS {
 		conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: false})
 	} else {
 		conn, err = ldap.Dial("tcp", addr)
 	}
 	if err != nil {
 		return false, err
 	}
 	defer conn.Close()
 	// Optional initial bind for search
 	if cfg.BindDN != "" {
 		if err := conn.Bind(cfg.BindDN, cfg.Password); err != nil {
 			return false, err
 		}
 	}
 	if cfg.UserFilter == "" {
 		cfg.UserFilter = "(objectClass=person)"
 	}
 	if cfg.UserAttr == "" {
 		cfg.UserAttr = "uid"
 	}
 	// Build filter to find specific user
 	filter := fmt.Sprintf("(&%s(%s=%s))", cfg.UserFilter, cfg.UserAttr, ldap.EscapeFilter(username))
 	req := ldap.NewSearchRequest(
 		cfg.BaseDN,
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 1, 0, false,
 		filter,
 		[]string{"dn"},
 		nil,
 	)
 	res, err := conn.Search(req)
 	if err != nil {
 		return false, err
 	}
 	if len(res.Entries) == 0 {
 		return false, nil
 	}
 	userDN := res.Entries[0].DN
 	// Try to bind as the user
 	if err := conn.Bind(userDN, password); err != nil {
 		return false, nil
 	}
 	return true, nil
 }
--- a/web/assets/ant-design-vue/antd.min.js.map
+++ b/web/assets/ant-design-vue/antd.min.js.map
--- a/web/assets/axios/axios.min.js
+++ b/web/assets/axios/axios.min.js
--- a/web/assets/axios/axios.min.js.map
+++ b/web/assets/axios/axios.min.js.map
--- a/web/assets/css/custom.min.css
+++ b/web/assets/css/custom.min.css
--- a/web/assets/js/model/inbound.js
+++ b/web/assets/js/model/inbound.js
@@ -729,8 +729,8 @@ class RealityStreamSettings extends XrayCommonClass {
    constructor(
        show = false,
        xver = 0,
-        target = 'google.com:443',
+        target = '',
-        serverNames = 'google.com,www.google.com',
+        serverNames = '',
        privateKey = '',
        minClientVer = '',
        maxClientVer = '',
@@ -740,6 +740,14 @@ class RealityStreamSettings extends XrayCommonClass {
        settings = new RealityStreamSettings.Settings()
    ) {
        super();
        // If target/serverNames are not provided, use random values
        if (!target && !serverNames) {
            const randomTarget = typeof getRandomRealityTarget !== 'undefined'
                ? getRandomRealityTarget()
                : { target: 'www.apple.com:443', sni: 'www.apple.com,apple.com' };
            target = randomTarget.target;
            serverNames = randomTarget.sni;
        }
        this.show = show;
        this.xver = xver;
        this.target = target;
@@ -849,6 +857,7 @@ class SockoptStreamSettings extends XrayCommonClass {
        V6Only = false,
        tcpWindowClamp = 600,
        interfaceName = "",
        trustedXForwardedFor = [],
    ) {
        super();
        this.acceptProxyProtocol = acceptProxyProtocol;
@@ -867,6 +876,7 @@ class SockoptStreamSettings extends XrayCommonClass {
        this.V6Only = V6Only;
        this.tcpWindowClamp = tcpWindowClamp;
        this.interfaceName = interfaceName;
        this.trustedXForwardedFor = trustedXForwardedFor;
    }
    static fromJson(json = {}) {
@@ -888,11 +898,12 @@ class SockoptStreamSettings extends XrayCommonClass {
            json.V6Only,
            json.tcpWindowClamp,
            json.interface,
            json.trustedXForwardedFor || [],
        );
    }
    toJson() {
-        return {
+        const result = {
            acceptProxyProtocol: this.acceptProxyProtocol,
            tcpFastOpen: this.tcpFastOpen,
            mark: this.mark,
@@ -910,6 +921,10 @@ class SockoptStreamSettings extends XrayCommonClass {
            tcpWindowClamp: this.tcpWindowClamp,
            interface: this.interfaceName,
        };
        if (this.trustedXForwardedFor && this.trustedXForwardedFor.length > 0) {
            result.trustedXForwardedFor = this.trustedXForwardedFor;
        }
        return result;
    }
 }
@@ -1206,6 +1221,14 @@ class Inbound extends XrayCommonClass {
        return false;
    }
    // Vision seed applies only when vision flow is selected
    canEnableVisionSeed() {
        if (!this.canEnableTlsFlow()) return false;
        const clients = this.settings?.vlesses;
        if (!Array.isArray(clients)) return false;
        return clients.some(c => c?.flow === TLS_FLOW_CONTROL.VISION || c?.flow === TLS_FLOW_CONTROL.VISION_UDP443);
    }
    canEnableReality() {
        if (![Protocols.VLESS, Protocols.TROJAN].includes(this.protocol)) return false;
        return ["tcp", "http", "grpc", "xhttp"].includes(this.network);
@@ -1862,6 +1885,7 @@ Inbound.VLESSSettings = class extends Inbound.Settings {
        encryption = "none",
        fallbacks = [],
        selectedAuth = undefined,
        testseed = [900, 500, 900, 256],
    ) {
        super(protocol);
        this.vlesses = vlesses;
@@ -1869,6 +1893,7 @@ Inbound.VLESSSettings = class extends Inbound.Settings {
        this.encryption = encryption;
        this.fallbacks = fallbacks;
        this.selectedAuth = selectedAuth;
        this.testseed = testseed;
    }
    addFallback() {
@@ -1880,13 +1905,20 @@ Inbound.VLESSSettings = class extends Inbound.Settings {
    }
    static fromJson(json = {}) {
        // Ensure testseed is always initialized as an array
        let testseed = [900, 500, 900, 256];
        if (json.testseed && Array.isArray(json.testseed) && json.testseed.length >= 4) {
            testseed = json.testseed;
        }
        const obj = new Inbound.VLESSSettings(
            Protocols.VLESS,
            (json.clients || []).map(client => Inbound.VLESSSettings.VLESS.fromJson(client)),
            json.decryption,
            json.encryption,
            Inbound.VLESSSettings.Fallback.fromJson(json.fallbacks || []),
-            json.selectedAuth
+            json.selectedAuth,
            testseed
        );
        return obj;
    }
@@ -1912,6 +1944,10 @@ Inbound.VLESSSettings = class extends Inbound.Settings {
            json.selectedAuth = this.selectedAuth;
        }
        if (this.testseed && this.testseed.length >= 4) {
            json.testseed = this.testseed;
        }
        return json;
    }
--- a/web/assets/js/model/outbound.js
+++ b/web/assets/js/model/outbound.js
@@ -432,6 +432,7 @@ class SockoptStreamSettings extends CommonClass {
        tcpMptcp = false,
        penetrate = false,
        addressPortStrategy = Address_Port_Strategy.NONE,
        trustedXForwardedFor = [],
    ) {
        super();
        this.dialerProxy = dialerProxy;
@@ -440,6 +441,7 @@ class SockoptStreamSettings extends CommonClass {
        this.tcpMptcp = tcpMptcp;
        this.penetrate = penetrate;
        this.addressPortStrategy = addressPortStrategy;
        this.trustedXForwardedFor = trustedXForwardedFor;
    }
    static fromJson(json = {}) {
@@ -450,12 +452,13 @@ class SockoptStreamSettings extends CommonClass {
            json.tcpKeepAliveInterval,
            json.tcpMptcp,
            json.penetrate,
-            json.addressPortStrategy
+            json.addressPortStrategy,
            json.trustedXForwardedFor || []
        );
    }
    toJson() {
-        return {
+        const result = {
            dialerProxy: this.dialerProxy,
            tcpFastOpen: this.tcpFastOpen,
            tcpKeepAliveInterval: this.tcpKeepAliveInterval,
@@ -463,6 +466,10 @@ class SockoptStreamSettings extends CommonClass {
            penetrate: this.penetrate,
            addressPortStrategy: this.addressPortStrategy
        };
        if (this.trustedXForwardedFor && this.trustedXForwardedFor.length > 0) {
            result.trustedXForwardedFor = this.trustedXForwardedFor;
        }
        return result;
    }
 }
@@ -614,6 +621,13 @@ class Outbound extends CommonClass {
        return false;
    }
    // Vision seed applies only when vision flow is selected
    canEnableVisionSeed() {
        if (!this.canEnableTlsFlow()) return false;
        const flow = this.settings?.flow;
        return flow === TLS_FLOW_CONTROL.VISION || flow === TLS_FLOW_CONTROL.VISION_UDP443;
    }
    canEnableReality() {
        if (![Protocols.VLESS, Protocols.Trojan].includes(this.protocol)) return false;
        return ["tcp", "http", "grpc", "xhttp"].includes(this.stream.network);
@@ -1050,13 +1064,15 @@ Outbound.VmessSettings = class extends CommonClass {
    }
 };
 Outbound.VLESSSettings = class extends CommonClass {
-    constructor(address, port, id, flow, encryption) {
+    constructor(address, port, id, flow, encryption, testpre = 0, testseed = [900, 500, 900, 256]) {
        super();
        this.address = address;
        this.port = port;
        this.id = id;
        this.flow = flow;
        this.encryption = encryption;
        this.testpre = testpre;
        this.testseed = testseed;
    }
    static fromJson(json = {}) {
@@ -1066,18 +1082,27 @@ Outbound.VLESSSettings = class extends CommonClass {
            json.port,
            json.id,
            json.flow,
-            json.encryption
+            json.encryption,
            json.testpre || 0,
            json.testseed && json.testseed.length >= 4 ? json.testseed : [900, 500, 900, 256]
        );
    }
    toJson() {
-        return {
+        const result = {
            address: this.address,
            port: this.port,
            id: this.id,
            flow: this.flow,
            encryption: this.encryption,
        };
        if (this.testpre > 0) {
            result.testpre = this.testpre;
        }
        if (this.testseed && this.testseed.length >= 4) {
            result.testseed = this.testseed;
        }
        return result;
    }
 };
 Outbound.TrojanSettings = class extends CommonClass {
--- a/web/assets/js/model/reality_targets.js
+++ b/web/assets/js/model/reality_targets.js
@@ -0,0 +1,31 @@
 // List of popular services for VLESS Reality Target/SNI randomization
 const REALITY_TARGETS = [
    { target: 'www.icloud.com:443', sni: 'www.icloud.com,icloud.com' },
    { target: 'www.apple.com:443', sni: 'www.apple.com,apple.com' },
    { target: 'www.tesla.com:443', sni: 'www.tesla.com,tesla.com' },
    { target: 'www.sony.com:443', sni: 'www.sony.com,sony.com' },
    { target: 'www.nvidia.com:443', sni: 'www.nvidia.com,nvidia.com' },
    { target: 'www.amd.com:443', sni: 'www.amd.com,amd.com' },
    { target: 'azure.microsoft.com:443', sni: 'azure.microsoft.com,www.azure.com' },
    { target: 'aws.amazon.com:443', sni: 'aws.amazon.com,amazon.com' },
    { target: 'www.bing.com:443', sni: 'www.bing.com,bing.com' },
    { target: 'www.oracle.com:443', sni: 'www.oracle.com,oracle.com' },
    { target: 'www.intel.com:443', sni: 'www.intel.com,intel.com' },
    { target: 'www.microsoft.com:443', sni: 'www.microsoft.com,microsoft.com' },
    { target: 'www.amazon.com:443', sni: 'www.amazon.com,amazon.com' }
 ];
 /**
 * Returns a random Reality target configuration from the predefined list
 * @returns {Object} Object with target and sni properties
 */
 function getRandomRealityTarget() {
    const randomIndex = Math.floor(Math.random() * REALITY_TARGETS.length);
    const selected = REALITY_TARGETS[randomIndex];
    // Return a copy to avoid reference issues
    return {
        target: selected.target,
        sni: selected.sni
    };
 }
--- a/web/assets/js/model/setting.js
+++ b/web/assets/js/model/setting.js
@@ -50,6 +50,28 @@ class AllSetting {
        this.timeLocation = "Local";
        // LDAP settings
        this.ldapEnable = false;
        this.ldapHost = "";
        this.ldapPort = 389;
        this.ldapUseTLS = false;
        this.ldapBindDN = "";
        this.ldapPassword = "";
        this.ldapBaseDN = "";
        this.ldapUserFilter = "(objectClass=person)";
        this.ldapUserAttr = "mail";
        this.ldapVlessField = "vless_enabled";
        this.ldapSyncCron = "@every 1m";
        this.ldapFlagField = "";
        this.ldapTruthyValues = "true,1,yes,on";
        this.ldapInvertFlag = false;
        this.ldapInboundTags = "";
        this.ldapAutoCreate = false;
        this.ldapAutoDelete = false;
        this.ldapDefaultTotalGB = 0;
        this.ldapDefaultExpiryDays = 0;
        this.ldapDefaultLimitIP = 0;
        if (data == null) {
            return
        }
--- a/web/assets/js/subscription.js
+++ b/web/assets/js/subscription.js
@@ -142,7 +142,10 @@
      },
      npvtunUrl() {
        return this.app.subUrl; 
-      }
+      },
 	  happUrl() {
 		return `happ://add/${encodeURIComponent(this.app.subUrl)}`;
 	  }
    },
    methods: {
      renderLink,
--- a/web/assets/js/util/date-util.js
+++ b/web/assets/js/util/date-util.js
@@ -1,151 +0,0 @@
 const oneMinute = 1000 * 60;  // MilliseConds in a Minute
 const oneHour = oneMinute * 60;  // The milliseconds of one hour
 const oneDay = oneHour * 24; // The Number of MilliseConds A Day
 const oneWeek = oneDay * 7; // The milliseconds per week
 const oneMonth = oneDay * 30; // The milliseconds of a month
 /**
 * Decrease according to the number of days
 *
 * @param days to reduce the number of days to be reduced
 */
 Date.prototype.minusDays = function (days) {
    return this.minusMillis(oneDay * days);
 };
 /**
 * Increase according to the number of days
 *
 * @param days The number of days to be increased
 */
 Date.prototype.plusDays = function (days) {
    return this.plusMillis(oneDay * days);
 };
 /**
 * A few
 *
 * @param hours to be reduced
 */
 Date.prototype.minusHours = function (hours) {
    return this.minusMillis(oneHour * hours);
 };
 /**
 * Increase hourly
 *
 * @param hours to increase the number of hours
 */
 Date.prototype.plusHours = function (hours) {
    return this.plusMillis(oneHour * hours);
 };
 /**
 * Make reduction in minutes
 *
 * @param minutes to reduce the number of minutes
 */
 Date.prototype.minusMinutes = function (minutes) {
    return this.minusMillis(oneMinute * minutes);
 };
 /**
 * Add in minutes
 *
 * @param minutes to increase the number of minutes
 */
 Date.prototype.plusMinutes = function (minutes) {
    return this.plusMillis(oneMinute * minutes);
 };
 /**
 * Decrease in milliseconds
 *
 * @param millis to reduce the milliseconds
 */
 Date.prototype.minusMillis = function(millis) {
    let time = this.getTime() - millis;
    let newDate = new Date();
    newDate.setTime(time);
    return newDate;
 };
 /**
 * Add in milliseconds to increase
 *
 * @param millis to increase the milliseconds to increase
 */
 Date.prototype.plusMillis = function(millis) {
    let time = this.getTime() + millis;
    let newDate = new Date();
    newDate.setTime(time);
    return newDate;
 };
 /**
 * Setting time is 00: 00: 00.000 on the day
 */
 Date.prototype.setMinTime = function () {
    this.setHours(0);
    this.setMinutes(0);
    this.setSeconds(0);
    this.setMilliseconds(0);
    return this;
 };
 /**
 * Setting time is 23: 59: 59.999 on the same day
 */
 Date.prototype.setMaxTime = function () {
    this.setHours(23);
    this.setMinutes(59);
    this.setSeconds(59);
    this.setMilliseconds(999);
    return this;
 };
 /**
 * Formatting date
 */
 Date.prototype.formatDate = function () {
    return this.getFullYear() + "-" + NumberFormatter.addZero(this.getMonth() + 1) + "-" + NumberFormatter.addZero(this.getDate());
 };
 /**
 * Format time
 */
 Date.prototype.formatTime = function () {
    return NumberFormatter.addZero(this.getHours()) + ":" + NumberFormatter.addZero(this.getMinutes()) + ":" + NumberFormatter.addZero(this.getSeconds());
 };
 /**
 * Formatting date plus time
 *
 * @param split Date and time separation symbols, default is a space
 */
 Date.prototype.formatDateTime = function (split = ' ') {
    return this.formatDate() + split + this.formatTime();
 };
 class DateUtil {
    // String to date object
    static parseDate(str) {
        return new Date(str.replace(/-/g, '/'));
    }
    static formatMillis(millis) {
        return moment(millis).format('YYYY-M-D HH:mm:ss');
    }
    static firstDayOfMonth() {
        const date = new Date();
        date.setDate(1);
        date.setMinTime();
        return date;
    }
    static convertToJalalian(date) {
        return date && moment.isMoment(date) ? date.format('jYYYY/jMM/jDD HH:mm:ss') : null;
    }
 }
--- a/web/assets/js/util/index.js
+++ b/web/assets/js/util/index.js
@@ -316,23 +316,13 @@ class ObjectUtil {
    }
    static equals(a, b) {
-        for (const key in a) {
+        // shallow, symmetric comparison so newly added fields also affect equality
-            if (!a.hasOwnProperty(key)) {
+        const aKeys = Object.keys(a);
-                continue;
+        const bKeys = Object.keys(b);
-            }
+        if (aKeys.length !== bKeys.length) return false;
-            if (!b.hasOwnProperty(key)) {
+        for (const key of aKeys) {
-                return false;
+            if (!Object.prototype.hasOwnProperty.call(b, key)) return false;
-            } else if (a[key] !== b[key]) {
+            if (a[key] !== b[key]) return false;
                return false;
            }
        }
        for (const key in b) {
            if (!b.hasOwnProperty(key)) {
                continue;
            }
            if (!a.hasOwnProperty(key)) {
                return false;
            }
        }
        return true;
    }
@@ -892,4 +882,35 @@ class FileManager {
        link.remove();
    }
 }
 class IntlUtil {
    static formatDate(date) {
        const language = LanguageManager.getLanguage()
        let intlOptions = {
            year: "numeric",
            month: "numeric",
            day: "numeric",
            hour: "numeric",
            minute: "numeric",
            second: "numeric"
        }
        const intl = new Intl.DateTimeFormat(
            language,
            intlOptions
        )
        return intl.format(new Date(date))
    }
    static formatRelativeTime(date) {
        const language = LanguageManager.getLanguage()
        const now = new Date()
        const diff = Math.round((date - now) / (1000 * 60 * 60 * 24))
        const formatter = new Intl.RelativeTimeFormat(language, { numeric: 'auto' })
        return formatter.format(diff, 'day');
    }
 }
--- a/web/assets/js/websocket.js
+++ b/web/assets/js/websocket.js
@@ -0,0 +1,145 @@
 /**
 * WebSocket client for real-time updates
 */
 class WebSocketClient {
  constructor(basePath = '') {
    this.basePath = basePath;
    this.ws = null;
    this.reconnectAttempts = 0;
    this.maxReconnectAttempts = 10;
    this.reconnectDelay = 1000;
    this.listeners = new Map();
    this.isConnected = false;
    this.shouldReconnect = true;
  }
  connect() {
    if (this.ws && this.ws.readyState === WebSocket.OPEN) {
      return;
    }
    const protocol = window.location.protocol === 'https:' ? 'wss:' : 'ws:';
    // Ensure basePath ends with '/' for proper URL construction
    let basePath = this.basePath || '';
    if (basePath && !basePath.endsWith('/')) {
      basePath += '/';
    }
    const wsUrl = `${protocol}//${window.location.host}${basePath}ws`;
    console.log('WebSocket connecting to:', wsUrl, 'basePath:', this.basePath);
    try {
      this.ws = new WebSocket(wsUrl);
      this.ws.onopen = () => {
        console.log('WebSocket connected');
        this.isConnected = true;
        this.reconnectAttempts = 0;
        this.emit('connected');
      };
      this.ws.onmessage = (event) => {
        try {
          // Validate message size (prevent memory issues)
          const maxMessageSize = 10 * 1024 * 1024; // 10MB
          if (event.data && event.data.length > maxMessageSize) {
            console.error('WebSocket message too large:', event.data.length, 'bytes');
            this.ws.close();
            return;
          }
          const message = JSON.parse(event.data);
          if (!message || typeof message !== 'object') {
            console.error('Invalid WebSocket message format');
            return;
          }
          this.handleMessage(message);
        } catch (e) {
          console.error('Failed to parse WebSocket message:', e);
        }
      };
      this.ws.onerror = (error) => {
        console.error('WebSocket error:', error);
        this.emit('error', error);
      };
      this.ws.onclose = () => {
        console.log('WebSocket disconnected');
        this.isConnected = false;
        this.emit('disconnected');
        if (this.shouldReconnect && this.reconnectAttempts < this.maxReconnectAttempts) {
          this.reconnectAttempts++;
          const delay = this.reconnectDelay * Math.pow(2, this.reconnectAttempts - 1);
          console.log(`Reconnecting in ${delay}ms (attempt ${this.reconnectAttempts}/${this.maxReconnectAttempts})`);
          setTimeout(() => this.connect(), delay);
        }
      };
    } catch (e) {
      console.error('Failed to create WebSocket connection:', e);
      this.emit('error', e);
    }
  }
  handleMessage(message) {
    const { type, payload, time } = message;
    // Emit to specific type listeners
    this.emit(type, payload, time);
    // Emit to all listeners
    this.emit('message', { type, payload, time });
  }
  on(event, callback) {
    if (!this.listeners.has(event)) {
      this.listeners.set(event, []);
    }
    this.listeners.get(event).push(callback);
  }
  off(event, callback) {
    if (!this.listeners.has(event)) {
      return;
    }
    const callbacks = this.listeners.get(event);
    const index = callbacks.indexOf(callback);
    if (index > -1) {
      callbacks.splice(index, 1);
    }
  }
  emit(event, ...args) {
    if (this.listeners.has(event)) {
      this.listeners.get(event).forEach(callback => {
        try {
          callback(...args);
        } catch (e) {
          console.error('Error in WebSocket event handler:', e);
        }
      });
    }
  }
  disconnect() {
    this.shouldReconnect = false;
    if (this.ws) {
      this.ws.close();
      this.ws = null;
    }
  }
  send(data) {
    if (this.ws && this.ws.readyState === WebSocket.OPEN) {
      this.ws.send(JSON.stringify(data));
    } else {
      console.warn('WebSocket is not connected');
    }
  }
 }
 // Create global WebSocket client instance
 // Safely get basePath from global scope (defined in page.html)
 window.wsClient = new WebSocketClient(typeof basePath !== 'undefined' ? basePath : '');
--- a/web/assets/moment/moment.min.js.map
+++ b/web/assets/moment/moment.min.js.map
--- a/web/assets/otpauth/otpauth.umd.min.js
+++ b/web/assets/otpauth/otpauth.umd.min.js
@@ -1,19 +1,19 @@
-//! otpauth 9.4.0 | (c) Héctor Molinero Fernández | MIT | https://github.com/hectorm/otpauth
+//! otpauth 9.4.1 | (c) Héctor Molinero Fernández | MIT | https://github.com/hectorm/otpauth
-//! noble-hashes 1.7.1 | (c) Paul Miller | MIT | https://github.com/paulmillr/noble-hashes
+//! noble-hashes 1.8.0 | (c) Paul Miller | MIT | https://github.com/paulmillr/noble-hashes
 /// <reference types="./otpauth.d.ts" />
 // @ts-nocheck
-!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).OTPAuth={})}(this,(function(t){"use strict";function e(t){if(!Number.isSafeInteger(t)||t<0)throw new Error("positive integer expected, got "+t)}function s(t,...e){if(!((s=t)instanceof Uint8Array||ArrayBuffer.isView(s)&&"Uint8Array"===s.constructor.name))throw new Error("Uint8Array expected");var s;if(e.length>0&&!e.includes(t.length))throw new Error("Uint8Array expected of length "+e+", got length="+t.length)}function i(t,e=!0){if(t.destroyed)throw new Error("Hash instance has been destroyed");if(e&&t.finished)throw new Error("Hash#digest() has already been called")}function r(t,e){s(t);const i=e.outputLen;if(t.length<i)throw new Error("digestInto() expects output buffer of length at least "+i)}function n(t){return new DataView(t.buffer,t.byteOffset,t.byteLength)}function o(t,e){return t<<32-e|t>>>e}function h(t,e){return t<<e|t>>>32-e>>>0}const a=(()=>68===new Uint8Array(new Uint32Array([287454020]).buffer)[0])();function l(t){for(let s=0;s<t.length;s++)t[s]=(e=t[s])<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;var e}function c(t){return"string"==typeof t&&(t=function(t){if("string"!=typeof t)throw new Error("utf8ToBytes expected string, got "+typeof t);return new Uint8Array((new TextEncoder).encode(t))}(t)),s(t),t}class u{clone(){return this._cloneInto()}}function d(t){const e=e=>t().update(c(e)).digest(),s=t();return e.outputLen=s.outputLen,e.blockLen=s.blockLen,e.create=()=>t(),e}class f extends u{update(t){return i(this),this.iHash.update(t),this}digestInto(t){i(this),s(t,this.outputLen),this.finished=!0,this.iHash.digestInto(t),this.oHash.update(t),this.oHash.digestInto(t),this.destroy()}digest(){const t=new Uint8Array(this.oHash.outputLen);return this.digestInto(t),t}_cloneInto(t){t||(t=Object.create(Object.getPrototypeOf(this),{}));const{oHash:e,iHash:s,finished:i,destroyed:r,blockLen:n,outputLen:o}=this
+!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).OTPAuth={})}(this,function(t){"use strict";function e(t){if(!Number.isSafeInteger(t)||t<0)throw new Error("positive integer expected, got "+t)}function s(t,...e){if(!((s=t)instanceof Uint8Array||ArrayBuffer.isView(s)&&"Uint8Array"===s.constructor.name))throw new Error("Uint8Array expected");var s;if(e.length>0&&!e.includes(t.length))throw new Error("Uint8Array expected of length "+e+", got length="+t.length)}function i(t,e=!0){if(t.destroyed)throw new Error("Hash instance has been destroyed");if(e&&t.finished)throw new Error("Hash#digest() has already been called")}function r(t,e){s(t);const i=e.outputLen;if(t.length<i)throw new Error("digestInto() expects output buffer of length at least "+i)}function n(...t){for(let e=0;e<t.length;e++)t[e].fill(0)}function o(t){return new DataView(t.buffer,t.byteOffset,t.byteLength)}function h(t,e){return t<<32-e|t>>>e}function a(t,e){return t<<e|t>>>32-e>>>0}function c(t){return t<<24&4278190080|t<<8&16711680|t>>>8&65280|t>>>24&255}const l=(()=>68===new Uint8Array(new Uint32Array([287454020]).buffer)[0])()?t=>t:function(t){for(let e=0;e<t.length;e++)t[e]=c(t[e]);return t};function u(t){return"string"==typeof t&&(t=function(t){if("string"!=typeof t)throw new Error("string expected");return new Uint8Array((new TextEncoder).encode(t))}(t)),s(t),t}class f{}function d(t){const e=e=>t().update(u(e)).digest(),s=t();return e.outputLen=s.outputLen,e.blockLen=s.blockLen,e.create=()=>t(),e}class b extends f{update(t){return i(this),this.iHash.update(t),this}digestInto(t){i(this),s(t,this.outputLen),this.finished=!0,this.iHash.digestInto(t),this.oHash.update(t),this.oHash.digestInto(t),this.destroy()}digest(){const t=new Uint8Array(this.oHash.outputLen);return this.digestInto(t),t}_cloneInto(t){t||(t=Object.create(Object.getPrototypeOf(this),{}))
-;return t.finished=i,t.destroyed=r,t.blockLen=n,t.outputLen=o,t.oHash=e._cloneInto(t.oHash),t.iHash=s._cloneInto(t.iHash),t}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}constructor(t,s){super(),this.finished=!1,this.destroyed=!1,function(t){if("function"!=typeof t||"function"!=typeof t.create)throw new Error("Hash should be wrapped by utils.wrapConstructor");e(t.outputLen),e(t.blockLen)}(t);const i=c(s);if(this.iHash=t.create(),"function"!=typeof this.iHash.update)throw new Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;const r=this.blockLen,n=new Uint8Array(r);n.set(i.length>r?t.create().update(i).digest():i);for(let t=0;t<n.length;t++)n[t]^=54;this.iHash.update(n),this.oHash=t.create();for(let t=0;t<n.length;t++)n[t]^=106;this.oHash.update(n),n.fill(0)}}const b=(t,e,s)=>new f(t,e).update(s).digest();function g(t,e,s){return t&e^~t&s}function p(t,e,s){return t&e^t&s^e&s}b.create=(t,e)=>new f(t,e);class w extends u{update(t){i(this);const{view:e,buffer:s,blockLen:r}=this,o=(t=c(t)).length;for(let i=0;i<o;){const h=Math.min(r-this.pos,o-i);if(h!==r)s.set(t.subarray(i,i+h),this.pos),this.pos+=h,i+=h,this.pos===r&&(this.process(e,0),this.pos=0);else{const e=n(t);for(;r<=o-i;i+=r)this.process(e,i)}}return this.length+=t.length,this.roundClean(),this}digestInto(t){i(this),r(t,this),this.finished=!0;const{buffer:e,view:s,blockLen:o,isLE:h}=this;let{pos:a}=this;e[a++]=128,this.buffer.subarray(a).fill(0),this.padOffset>o-a&&(this.process(s,0),a=0);for(let t=a;t<o;t++)e[t]=0;!function(t,e,s,i){if("function"==typeof t.setBigUint64)return t.setBigUint64(e,s,i);const r=BigInt(32),n=BigInt(4294967295),o=Number(s>>r&n),h=Number(s&n),a=i?4:0,l=i?0:4;t.setUint32(e+a,o,i),t.setUint32(e+l,h,i)}(s,o-8,BigInt(8*this.length),h),this.process(s,0);const l=n(t),c=this.outputLen;if(c%4)throw new Error("_sha2: outputLen should be aligned to 32bit");const u=c/4,d=this.get()
+;const{oHash:e,iHash:s,finished:i,destroyed:r,blockLen:n,outputLen:o}=this;return t.finished=i,t.destroyed=r,t.blockLen=n,t.outputLen=o,t.oHash=e._cloneInto(t.oHash),t.iHash=s._cloneInto(t.iHash),t}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}constructor(t,s){super(),this.finished=!1,this.destroyed=!1,function(t){if("function"!=typeof t||"function"!=typeof t.create)throw new Error("Hash should be wrapped by utils.createHasher");e(t.outputLen),e(t.blockLen)}(t);const i=u(s);if(this.iHash=t.create(),"function"!=typeof this.iHash.update)throw new Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;const r=this.blockLen,o=new Uint8Array(r);o.set(i.length>r?t.create().update(i).digest():i);for(let t=0;t<o.length;t++)o[t]^=54;this.iHash.update(o),this.oHash=t.create();for(let t=0;t<o.length;t++)o[t]^=106;this.oHash.update(o),n(o)}}const g=(t,e,s)=>new b(t,e).update(s).digest();function p(t,e,s){return t&e^~t&s}function w(t,e,s){return t&e^t&s^e&s}g.create=(t,e)=>new b(t,e);class y extends f{update(t){i(this),s(t=u(t));const{view:e,buffer:r,blockLen:n}=this,h=t.length;for(let s=0;s<h;){const i=Math.min(n-this.pos,h-s);if(i===n){const e=o(t);for(;n<=h-s;s+=n)this.process(e,s);continue}r.set(t.subarray(s,s+i),this.pos),this.pos+=i,s+=i,this.pos===n&&(this.process(e,0),this.pos=0)}return this.length+=t.length,this.roundClean(),this}digestInto(t){i(this),r(t,this),this.finished=!0;const{buffer:e,view:s,blockLen:h,isLE:a}=this;let{pos:c}=this;e[c++]=128,n(this.buffer.subarray(c)),this.padOffset>h-c&&(this.process(s,0),c=0);for(let t=c;t<h;t++)e[t]=0;!function(t,e,s,i){if("function"==typeof t.setBigUint64)return t.setBigUint64(e,s,i);const r=BigInt(32),n=BigInt(4294967295),o=Number(s>>r&n),h=Number(s&n),a=i?4:0,c=i?0:4;t.setUint32(e+a,o,i),t.setUint32(e+c,h,i)}(s,h-8,BigInt(8*this.length),a),this.process(s,0);const l=o(t),u=this.outputLen
-;if(u>d.length)throw new Error("_sha2: outputLen bigger than state");for(let t=0;t<u;t++)l.setUint32(4*t,d[t],h)}digest(){const{buffer:t,outputLen:e}=this;this.digestInto(t);const s=t.slice(0,e);return this.destroy(),s}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());const{blockLen:e,buffer:s,length:i,finished:r,destroyed:n,pos:o}=this;return t.length=i,t.pos=o,t.finished=r,t.destroyed=n,i%e&&t.buffer.set(s),t}constructor(t,e,s,i){super(),this.blockLen=t,this.outputLen=e,this.padOffset=s,this.isLE=i,this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.buffer=new Uint8Array(t),this.view=n(this.buffer)}}const y=new Uint32Array([1732584193,4023233417,2562383102,271733878,3285377520]),x=new Uint32Array(80);class A extends w{get(){const{A:t,B:e,C:s,D:i,E:r}=this;return[t,e,s,i,r]}set(t,e,s,i,r){this.A=0|t,this.B=0|e,this.C=0|s,this.D=0|i,this.E=0|r}process(t,e){for(let s=0;s<16;s++,e+=4)x[s]=t.getUint32(e,!1);for(let t=16;t<80;t++)x[t]=h(x[t-3]^x[t-8]^x[t-14]^x[t-16],1);let{A:s,B:i,C:r,D:n,E:o}=this;for(let t=0;t<80;t++){let e,a;t<20?(e=g(i,r,n),a=1518500249):t<40?(e=i^r^n,a=1859775393):t<60?(e=p(i,r,n),a=2400959708):(e=i^r^n,a=3395469782);const l=h(s,5)+e+o+a+x[t]|0;o=n,n=r,r=h(i,30),i=s,s=l}s=s+this.A|0,i=i+this.B|0,r=r+this.C|0,n=n+this.D|0,o=o+this.E|0,this.set(s,i,r,n,o)}roundClean(){x.fill(0)}destroy(){this.set(0,0,0,0,0),this.buffer.fill(0)}constructor(){super(64,20,8,!1),this.A=0|y[0],this.B=0|y[1],this.C=0|y[2],this.D=0|y[3],this.E=0|y[4]}}
+;if(u%4)throw new Error("_sha2: outputLen should be aligned to 32bit");const f=u/4,d=this.get();if(f>d.length)throw new Error("_sha2: outputLen bigger than state");for(let t=0;t<f;t++)l.setUint32(4*t,d[t],a)}digest(){const{buffer:t,outputLen:e}=this;this.digestInto(t);const s=t.slice(0,e);return this.destroy(),s}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());const{blockLen:e,buffer:s,length:i,finished:r,destroyed:n,pos:o}=this;return t.destroyed=n,t.finished=r,t.length=i,t.pos=o,i%e&&t.buffer.set(s),t}clone(){return this._cloneInto()}constructor(t,e,s,i){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=t,this.outputLen=e,this.padOffset=s,this.isLE=i,this.buffer=new Uint8Array(t),this.view=o(this.buffer)}}const x=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),m=Uint32Array.from([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]),A=Uint32Array.from([3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]),H=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209]),I=Uint32Array.from([1732584193,4023233417,2562383102,271733878,3285377520]),L=new Uint32Array(80);class E extends y{get(){const{A:t,B:e,C:s,D:i,E:r}=this;return[t,e,s,i,r]}set(t,e,s,i,r){this.A=0|t,this.B=0|e,this.C=0|s,this.D=0|i,this.E=0|r}process(t,e){for(let s=0;s<16;s++,e+=4)L[s]=t.getUint32(e,!1);for(let t=16;t<80;t++)L[t]=a(L[t-3]^L[t-8]^L[t-14]^L[t-16],1);let{A:s,B:i,C:r,D:n,E:o}=this;for(let t=0;t<80;t++){let e,h;t<20?(e=p(i,r,n),h=1518500249):t<40?(e=i^r^n,h=1859775393):t<60?(e=w(i,r,n),h=2400959708):(e=i^r^n,h=3395469782);const c=a(s,5)+e+o+h+L[t]|0;o=n,n=r,r=a(i,30),i=s,s=c}s=s+this.A|0,i=i+this.B|0,r=r+this.C|0,n=n+this.D|0,o=o+this.E|0,
-const m=d((()=>new A)),H=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),L=new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),I=new Uint32Array(64);class S extends w{get(){const{A:t,B:e,C:s,D:i,E:r,F:n,G:o,H:h}=this;return[t,e,s,i,r,n,o,h]}set(t,e,s,i,r,n,o,h){this.A=0|t,this.B=0|e,this.C=0|s,this.D=0|i,this.E=0|r,this.F=0|n,this.G=0|o,this.H=0|h}process(t,e){for(let s=0;s<16;s++,e+=4)I[s]=t.getUint32(e,!1);for(let t=16;t<64;t++){const e=I[t-15],s=I[t-2],i=o(e,7)^o(e,18)^e>>>3,r=o(s,17)^o(s,19)^s>>>10;I[t]=r+I[t-7]+i+I[t-16]|0}let{A:s,B:i,C:r,D:n,E:h,F:a,G:l,H:c}=this;for(let t=0;t<64;t++){const e=c+(o(h,6)^o(h,11)^o(h,25))+g(h,a,l)+H[t]+I[t]|0,u=(o(s,2)^o(s,13)^o(s,22))+p(s,i,r)|0;c=l,l=a,a=h,h=n+e|0,n=r,r=i,i=s,s=e+u|0}s=s+this.A|0,i=i+this.B|0,r=r+this.C|0,n=n+this.D|0,h=h+this.E|0,a=a+this.F|0,l=l+this.G|0,c=c+this.H|0,this.set(s,i,r,n,h,a,l,c)}roundClean(){I.fill(0)}destroy(){this.set(0,0,0,0,0,0,0,0),this.buffer.fill(0)}constructor(){super(64,32,8,!1),this.A=0|L[0],this.B=0|L[1],this.C=0|L[2],this.D=0|L[3],this.E=0|L[4],this.F=0|L[5],this.G=0|L[6],this.H=0|L[7]}}class B extends S{constructor(){super(),this.A=-1056596264,this.B=914150663,this.C=812702999,this.D=-150054599,this.E=-4191439,this.F=1750603025,this.G=1694076839,this.H=-1090891868,this.outputLen=28}}
+this.set(s,i,r,n,o)}roundClean(){n(L)}destroy(){this.set(0,0,0,0,0),n(this.buffer)}constructor(){super(64,20,8,!1),this.A=0|I[0],this.B=0|I[1],this.C=0|I[2],this.D=0|I[3],this.E=0|I[4]}}const U=d(()=>new E),B=BigInt(2**32-1),S=BigInt(32);function O(t,e=!1){return e?{h:Number(t&B),l:Number(t>>S&B)}:{h:0|Number(t>>S&B),l:0|Number(t&B)}}function C(t,e=!1){const s=t.length;let i=new Uint32Array(s),r=new Uint32Array(s);for(let n=0;n<s;n++){const{h:s,l:o}=O(t[n],e);[i[n],r[n]]=[s,o]}return[i,r]}const v=(t,e,s)=>t>>>s,k=(t,e,s)=>t<<32-s|e>>>s,$=(t,e,s)=>t>>>s|e<<32-s,T=(t,e,s)=>t<<32-s|e>>>s,D=(t,e,s)=>t<<64-s|e>>>s-32,_=(t,e,s)=>t>>>s-32|e<<64-s;function F(t,e,s,i){const r=(e>>>0)+(i>>>0);return{h:t+s+(r/2**32|0)|0,l:0|r}}const G=(t,e,s)=>(t>>>0)+(e>>>0)+(s>>>0),P=(t,e,s,i)=>e+s+i+(t/2**32|0)|0,j=(t,e,s,i)=>(t>>>0)+(e>>>0)+(s>>>0)+(i>>>0),M=(t,e,s,i,r)=>e+s+i+r+(t/2**32|0)|0,R=(t,e,s,i,r)=>(t>>>0)+(e>>>0)+(s>>>0)+(i>>>0)+(r>>>0),N=(t,e,s,i,r,n)=>e+s+i+r+n+(t/2**32|0)|0,X=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),V=new Uint32Array(64);class Z extends y{get(){const{A:t,B:e,C:s,D:i,E:r,F:n,G:o,H:h}=this;return[t,e,s,i,r,n,o,h]}set(t,e,s,i,r,n,o,h){this.A=0|t,this.B=0|e,this.C=0|s,this.D=0|i,this.E=0|r,this.F=0|n,this.G=0|o,this.H=0|h}process(t,e){for(let s=0;s<16;s++,e+=4)V[s]=t.getUint32(e,!1);for(let t=16;t<64;t++){
-const E=d((()=>new S)),U=d((()=>new B)),C=BigInt(2**32-1),O=BigInt(32);function v(t,e=!1){return e?{h:Number(t&C),l:Number(t>>O&C)}:{h:0|Number(t>>O&C),l:0|Number(t&C)}}function k(t,e=!1){let s=new Uint32Array(t.length),i=new Uint32Array(t.length);for(let r=0;r<t.length;r++){const{h:n,l:o}=v(t[r],e);[s[r],i[r]]=[n,o]}return[s,i]}const T=(t,e,s)=>t<<s|e>>>32-s,$=(t,e,s)=>e<<s|t>>>32-s,D=(t,e,s)=>e<<s-32|t>>>64-s,_=(t,e,s)=>t<<s-32|e>>>64-s,F={fromBig:v,split:k,toBig:(t,e)=>BigInt(t>>>0)<<O|BigInt(e>>>0),shrSH:(t,e,s)=>t>>>s,shrSL:(t,e,s)=>t<<32-s|e>>>s,rotrSH:(t,e,s)=>t>>>s|e<<32-s,rotrSL:(t,e,s)=>t<<32-s|e>>>s,rotrBH:(t,e,s)=>t<<64-s|e>>>s-32,rotrBL:(t,e,s)=>t>>>s-32|e<<64-s,rotr32H:(t,e)=>e,rotr32L:(t,e)=>t,rotlSH:T,rotlSL:$,rotlBH:D,rotlBL:_,add:function(t,e,s,i){const r=(e>>>0)+(i>>>0);return{h:t+s+(r/2**32|0)|0,l:0|r}},add3L:(t,e,s)=>(t>>>0)+(e>>>0)+(s>>>0),add3H:(t,e,s,i)=>e+s+i+(t/2**32|0)|0,add4L:(t,e,s,i)=>(t>>>0)+(e>>>0)+(s>>>0)+(i>>>0),add4H:(t,e,s,i,r)=>e+s+i+r+(t/2**32|0)|0,add5H:(t,e,s,i,r,n)=>e+s+i+r+n+(t/2**32|0)|0,add5L:(t,e,s,i,r)=>(t>>>0)+(e>>>0)+(s>>>0)+(i>>>0)+(r>>>0)
+const e=V[t-15],s=V[t-2],i=h(e,7)^h(e,18)^e>>>3,r=h(s,17)^h(s,19)^s>>>10;V[t]=r+V[t-7]+i+V[t-16]|0}let{A:s,B:i,C:r,D:n,E:o,F:a,G:c,H:l}=this;for(let t=0;t<64;t++){const e=l+(h(o,6)^h(o,11)^h(o,25))+p(o,a,c)+X[t]+V[t]|0,u=(h(s,2)^h(s,13)^h(s,22))+w(s,i,r)|0;l=c,c=a,a=o,o=n+e|0,n=r,r=i,i=s,s=e+u|0}s=s+this.A|0,i=i+this.B|0,r=r+this.C|0,n=n+this.D|0,o=o+this.E|0,a=a+this.F|0,c=c+this.G|0,l=l+this.H|0,this.set(s,i,r,n,o,a,c,l)}roundClean(){n(V)}destroy(){this.set(0,0,0,0,0,0,0,0),n(this.buffer)}constructor(t=32){super(64,t,8,!1),this.A=0|x[0],this.B=0|x[1],this.C=0|x[2],this.D=0|x[3],this.E=0|x[4],this.F=0|x[5],this.G=0|x[6],this.H=0|x[7]}}class z extends Z{constructor(){super(28),this.A=0|m[0],this.B=0|m[1],this.C=0|m[2],this.D=0|m[3],this.E=0|m[4],this.F=0|m[5],this.G=0|m[6],this.H=0|m[7]}}
-},[G,P]=(()=>F.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map((t=>BigInt(t)))))(),j=new Uint32Array(80),M=new Uint32Array(80);class R extends w{get(){const{Ah:t,Al:e,Bh:s,Bl:i,Ch:r,Cl:n,Dh:o,Dl:h,Eh:a,El:l,Fh:c,Fl:u,Gh:d,Gl:f,Hh:b,Hl:g}=this;return[t,e,s,i,r,n,o,h,a,l,c,u,d,f,b,g]}set(t,e,s,i,r,n,o,h,a,l,c,u,d,f,b,g){this.Ah=0|t,this.Al=0|e,this.Bh=0|s,this.Bl=0|i,this.Ch=0|r,this.Cl=0|n,this.Dh=0|o,
+const J=(()=>C(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(t=>BigInt(t))))(),K=(()=>J[0])(),Q=(()=>J[1])(),W=new Uint32Array(80),Y=new Uint32Array(80);class q extends y{get(){const{Ah:t,Al:e,Bh:s,Bl:i,Ch:r,Cl:n,Dh:o,Dl:h,Eh:a,El:c,Fh:l,Fl:u,Gh:f,Gl:d,Hh:b,Hl:g}=this;return[t,e,s,i,r,n,o,h,a,c,l,u,f,d,b,g]}set(t,e,s,i,r,n,o,h,a,c,l,u,f,d,b,g){this.Ah=0|t,this.Al=0|e,this.Bh=0|s,this.Bl=0|i,this.Ch=0|r,
-this.Dl=0|h,this.Eh=0|a,this.El=0|l,this.Fh=0|c,this.Fl=0|u,this.Gh=0|d,this.Gl=0|f,this.Hh=0|b,this.Hl=0|g}process(t,e){for(let s=0;s<16;s++,e+=4)j[s]=t.getUint32(e),M[s]=t.getUint32(e+=4);for(let t=16;t<80;t++){const e=0|j[t-15],s=0|M[t-15],i=F.rotrSH(e,s,1)^F.rotrSH(e,s,8)^F.shrSH(e,s,7),r=F.rotrSL(e,s,1)^F.rotrSL(e,s,8)^F.shrSL(e,s,7),n=0|j[t-2],o=0|M[t-2],h=F.rotrSH(n,o,19)^F.rotrBH(n,o,61)^F.shrSH(n,o,6),a=F.rotrSL(n,o,19)^F.rotrBL(n,o,61)^F.shrSL(n,o,6),l=F.add4L(r,a,M[t-7],M[t-16]),c=F.add4H(l,i,h,j[t-7],j[t-16]);j[t]=0|c,M[t]=0|l}let{Ah:s,Al:i,Bh:r,Bl:n,Ch:o,Cl:h,Dh:a,Dl:l,Eh:c,El:u,Fh:d,Fl:f,Gh:b,Gl:g,Hh:p,Hl:w}=this;for(let t=0;t<80;t++){const e=F.rotrSH(c,u,14)^F.rotrSH(c,u,18)^F.rotrBH(c,u,41),y=F.rotrSL(c,u,14)^F.rotrSL(c,u,18)^F.rotrBL(c,u,41),x=c&d^~c&b,A=u&f^~u&g,m=F.add5L(w,y,A,P[t],M[t]),H=F.add5H(m,p,e,x,G[t],j[t]),L=0|m,I=F.rotrSH(s,i,28)^F.rotrBH(s,i,34)^F.rotrBH(s,i,39),S=F.rotrSL(s,i,28)^F.rotrBL(s,i,34)^F.rotrBL(s,i,39),B=s&r^s&o^r&o,E=i&n^i&h^n&h;p=0|b,w=0|g,b=0|d,g=0|f,d=0|c,f=0|u,({h:c,l:u}=F.add(0|a,0|l,0|H,0|L)),a=0|o,l=0|h,o=0|r,h=0|n,r=0|s,n=0|i;const U=F.add3L(L,S,E);s=F.add3H(U,H,I,B),i=0|U}({h:s,l:i}=F.add(0|this.Ah,0|this.Al,0|s,0|i)),({h:r,l:n}=F.add(0|this.Bh,0|this.Bl,0|r,0|n)),({h:o,l:h}=F.add(0|this.Ch,0|this.Cl,0|o,0|h)),({h:a,l}=F.add(0|this.Dh,0|this.Dl,0|a,0|l)),({h:c,l:u}=F.add(0|this.Eh,0|this.El,0|c,0|u)),({h:d,l:f}=F.add(0|this.Fh,0|this.Fl,0|d,0|f)),({h:b,l:g}=F.add(0|this.Gh,0|this.Gl,0|b,0|g)),({h:p,l:w}=F.add(0|this.Hh,0|this.Hl,0|p,0|w)),this.set(s,i,r,n,o,h,a,l,c,u,d,f,b,g,p,w)}roundClean(){j.fill(0),M.fill(0)}destroy(){this.buffer.fill(0),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}constructor(){super(128,64,16,!1),this.Ah=1779033703,this.Al=-205731576,this.Bh=-1150833019,this.Bl=-2067093701,this.Ch=1013904242,this.Cl=-23791573,this.Dh=-1521486534,this.Dl=1595750129,this.Eh=1359893119,this.El=-1377402159,this.Fh=-1694144372,this.Fl=725511199,this.Gh=528734635,this.Gl=-79577749,this.Hh=1541459225,this.Hl=327033209}}class N extends R{constructor(){super(),
+this.Cl=0|n,this.Dh=0|o,this.Dl=0|h,this.Eh=0|a,this.El=0|c,this.Fh=0|l,this.Fl=0|u,this.Gh=0|f,this.Gl=0|d,this.Hh=0|b,this.Hl=0|g}process(t,e){for(let s=0;s<16;s++,e+=4)W[s]=t.getUint32(e),Y[s]=t.getUint32(e+=4);for(let t=16;t<80;t++){const e=0|W[t-15],s=0|Y[t-15],i=$(e,s,1)^$(e,s,8)^v(e,0,7),r=T(e,s,1)^T(e,s,8)^k(e,s,7),n=0|W[t-2],o=0|Y[t-2],h=$(n,o,19)^D(n,o,61)^v(n,0,6),a=T(n,o,19)^_(n,o,61)^k(n,o,6),c=j(r,a,Y[t-7],Y[t-16]),l=M(c,i,h,W[t-7],W[t-16]);W[t]=0|l,Y[t]=0|c}let{Ah:s,Al:i,Bh:r,Bl:n,Ch:o,Cl:h,Dh:a,Dl:c,Eh:l,El:u,Fh:f,Fl:d,Gh:b,Gl:g,Hh:p,Hl:w}=this;for(let t=0;t<80;t++){const e=$(l,u,14)^$(l,u,18)^D(l,u,41),y=T(l,u,14)^T(l,u,18)^_(l,u,41),x=l&f^~l&b,m=R(w,y,u&d^~u&g,Q[t],Y[t]),A=N(m,p,e,x,K[t],W[t]),H=0|m,I=$(s,i,28)^D(s,i,34)^D(s,i,39),L=T(s,i,28)^_(s,i,34)^_(s,i,39),E=s&r^s&o^r&o,U=i&n^i&h^n&h;p=0|b,w=0|g,b=0|f,g=0|d,f=0|l,d=0|u,({h:l,l:u}=F(0|a,0|c,0|A,0|H)),a=0|o,c=0|h,o=0|r,h=0|n,r=0|s,n=0|i;const B=G(H,L,U);s=P(B,A,I,E),i=0|B}({h:s,l:i}=F(0|this.Ah,0|this.Al,0|s,0|i)),({h:r,l:n}=F(0|this.Bh,0|this.Bl,0|r,0|n)),({h:o,l:h}=F(0|this.Ch,0|this.Cl,0|o,0|h)),({h:a,l:c}=F(0|this.Dh,0|this.Dl,0|a,0|c)),({h:l,l:u}=F(0|this.Eh,0|this.El,0|l,0|u)),({h:f,l:d}=F(0|this.Fh,0|this.Fl,0|f,0|d)),({h:b,l:g}=F(0|this.Gh,0|this.Gl,0|b,0|g)),({h:p,l:w}=F(0|this.Hh,0|this.Hl,0|p,0|w)),this.set(s,i,r,n,o,h,a,c,l,u,f,d,b,g,p,w)}roundClean(){n(W,Y)}destroy(){n(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}constructor(t=64){super(128,t,16,!1),this.Ah=0|H[0],this.Al=0|H[1],this.Bh=0|H[2],this.Bl=0|H[3],this.Ch=0|H[4],this.Cl=0|H[5],this.Dh=0|H[6],this.Dl=0|H[7],this.Eh=0|H[8],this.El=0|H[9],this.Fh=0|H[10],this.Fl=0|H[11],this.Gh=0|H[12],this.Gl=0|H[13],this.Hh=0|H[14],this.Hl=0|H[15]}}class tt extends q{constructor(){super(48),this.Ah=0|A[0],this.Al=0|A[1],this.Bh=0|A[2],this.Bl=0|A[3],this.Ch=0|A[4],this.Cl=0|A[5],this.Dh=0|A[6],this.Dl=0|A[7],this.Eh=0|A[8],this.El=0|A[9],this.Fh=0|A[10],this.Fl=0|A[11],this.Gh=0|A[12],this.Gl=0|A[13],this.Hh=0|A[14],this.Hl=0|A[15]}}
-this.Ah=-876896931,this.Al=-1056596264,this.Bh=1654270250,this.Bl=914150663,this.Ch=-1856437926,this.Cl=812702999,this.Dh=355462360,this.Dl=-150054599,this.Eh=1731405415,this.El=-4191439,this.Fh=-1900787065,this.Fl=1750603025,this.Gh=-619958771,this.Gl=1694076839,this.Hh=1203062813,this.Hl=-1090891868,this.outputLen=48}}const X=d((()=>new R)),V=d((()=>new N)),Z=[],z=[],J=[],K=BigInt(0),Q=BigInt(1),W=BigInt(2),Y=BigInt(7),q=BigInt(256),tt=BigInt(113);for(let t=0,e=Q,s=1,i=0;t<24;t++){[s,i]=[i,(2*s+3*i)%5],Z.push(2*(5*i+s)),z.push((t+1)*(t+2)/2%64);let r=K;for(let t=0;t<7;t++)e=(e<<Q^(e>>Y)*tt)%q,e&W&&(r^=Q<<(Q<<BigInt(t))-Q);J.push(r)}const[et,st]=k(J,!0),it=(t,e,s)=>s>32?D(t,e,s):T(t,e,s),rt=(t,e,s)=>s>32?_(t,e,s):$(t,e,s);class nt extends u{keccak(){a||l(this.state32),function(t,e=24){const s=new Uint32Array(10);for(let i=24-e;i<24;i++){for(let e=0;e<10;e++)s[e]=t[e]^t[e+10]^t[e+20]^t[e+30]^t[e+40];for(let e=0;e<10;e+=2){const i=(e+8)%10,r=(e+2)%10,n=s[r],o=s[r+1],h=it(n,o,1)^s[i],a=rt(n,o,1)^s[i+1];for(let s=0;s<50;s+=10)t[e+s]^=h,t[e+s+1]^=a}let e=t[2],r=t[3];for(let s=0;s<24;s++){const i=z[s],n=it(e,r,i),o=rt(e,r,i),h=Z[s];e=t[h],r=t[h+1],t[h]=n,t[h+1]=o}for(let e=0;e<50;e+=10){for(let i=0;i<10;i++)s[i]=t[e+i];for(let i=0;i<10;i++)t[e+i]^=~s[(i+2)%10]&s[(i+4)%10]}t[0]^=et[i],t[1]^=st[i]}s.fill(0)}(this.state32,this.rounds),a||l(this.state32),this.posOut=0,this.pos=0}update(t){i(this);const{blockLen:e,state:s}=this,r=(t=c(t)).length;for(let i=0;i<r;){const n=Math.min(e-this.pos,r-i);for(let e=0;e<n;e++)s[this.pos++]^=t[i++];this.pos===e&&this.keccak()}return this}finish(){if(this.finished)return;this.finished=!0;const{state:t,suffix:e,pos:s,blockLen:i}=this;t[s]^=e,128&e&&s===i-1&&this.keccak(),t[i-1]^=128,this.keccak()}writeInto(t){i(this,!1),s(t),this.finish();const e=this.state,{blockLen:r}=this;for(let s=0,i=t.length;s<i;){this.posOut>=r&&this.keccak();const n=Math.min(r-this.posOut,i-s);t.set(e.subarray(this.posOut,this.posOut+n),s),this.posOut+=n,s+=n}return t}xofInto(t){
+const et=d(()=>new Z),st=d(()=>new z),it=d(()=>new q),rt=d(()=>new tt),nt=BigInt(0),ot=BigInt(1),ht=BigInt(2),at=BigInt(7),ct=BigInt(256),lt=BigInt(113),ut=[],ft=[],dt=[];for(let t=0,e=ot,s=1,i=0;t<24;t++){[s,i]=[i,(2*s+3*i)%5],ut.push(2*(5*i+s)),ft.push((t+1)*(t+2)/2%64);let r=nt;for(let t=0;t<7;t++)e=(e<<ot^(e>>at)*lt)%ct,e&ht&&(r^=ot<<(ot<<BigInt(t))-ot);dt.push(r)}const bt=C(dt,!0),gt=bt[0],pt=bt[1],wt=(t,e,s)=>s>32?((t,e,s)=>e<<s-32|t>>>64-s)(t,e,s):((t,e,s)=>t<<s|e>>>32-s)(t,e,s),yt=(t,e,s)=>s>32?((t,e,s)=>t<<s-32|e>>>64-s)(t,e,s):((t,e,s)=>e<<s|t>>>32-s)(t,e,s);class xt extends f{clone(){return this._cloneInto()}keccak(){l(this.state32),function(t,e=24){const s=new Uint32Array(10);for(let i=24-e;i<24;i++){for(let e=0;e<10;e++)s[e]=t[e]^t[e+10]^t[e+20]^t[e+30]^t[e+40];for(let e=0;e<10;e+=2){const i=(e+8)%10,r=(e+2)%10,n=s[r],o=s[r+1],h=wt(n,o,1)^s[i],a=yt(n,o,1)^s[i+1];for(let s=0;s<50;s+=10)t[e+s]^=h,t[e+s+1]^=a}let e=t[2],r=t[3];for(let s=0;s<24;s++){const i=ft[s],n=wt(e,r,i),o=yt(e,r,i),h=ut[s];e=t[h],r=t[h+1],t[h]=n,t[h+1]=o}for(let e=0;e<50;e+=10){for(let i=0;i<10;i++)s[i]=t[e+i];for(let i=0;i<10;i++)t[e+i]^=~s[(i+2)%10]&s[(i+4)%10]}t[0]^=gt[i],t[1]^=pt[i]}n(s)}(this.state32,this.rounds),l(this.state32),this.posOut=0,this.pos=0}update(t){i(this),s(t=u(t));const{blockLen:e,state:r}=this,n=t.length;for(let s=0;s<n;){const i=Math.min(e-this.pos,n-s);for(let e=0;e<i;e++)r[this.pos++]^=t[s++];this.pos===e&&this.keccak()}return this}finish(){if(this.finished)return;this.finished=!0;const{state:t,suffix:e,pos:s,blockLen:i}=this;t[s]^=e,128&e&&s===i-1&&this.keccak(),t[i-1]^=128,this.keccak()}writeInto(t){i(this,!1),s(t),this.finish();const e=this.state,{blockLen:r}=this;for(let s=0,i=t.length;s<i;){this.posOut>=r&&this.keccak();const n=Math.min(r-this.posOut,i-s);t.set(e.subarray(this.posOut,this.posOut+n),s),this.posOut+=n,s+=n}return t}xofInto(t){if(!this.enableXOF)throw new Error("XOF is not possible for this instance");return this.writeInto(t)}xof(t){return e(t),this.xofInto(new Uint8Array(t))}
-if(!this.enableXOF)throw new Error("XOF is not possible for this instance");return this.writeInto(t)}xof(t){return e(t),this.xofInto(new Uint8Array(t))}digestInto(t){if(r(t,this),this.finished)throw new Error("digest() was already called");return this.writeInto(t),this.destroy(),t}digest(){return this.digestInto(new Uint8Array(this.outputLen))}destroy(){this.destroyed=!0,this.state.fill(0)}_cloneInto(t){const{blockLen:e,suffix:s,outputLen:i,rounds:r,enableXOF:n}=this;return t||(t=new nt(e,s,i,n,r)),t.state32.set(this.state32),t.pos=this.pos,t.posOut=this.posOut,t.finished=this.finished,t.rounds=r,t.suffix=s,t.outputLen=i,t.enableXOF=n,t.destroyed=this.destroyed,t}constructor(t,s,i,r=!1,n=24){if(super(),this.blockLen=t,this.suffix=s,this.outputLen=i,this.enableXOF=r,this.rounds=n,this.pos=0,this.posOut=0,this.finished=!1,this.destroyed=!1,e(i),0>=this.blockLen||this.blockLen>=200)throw new Error("Sha3 supports only keccak-f1600 function");var o;this.state=new Uint8Array(200),this.state32=(o=this.state,new Uint32Array(o.buffer,o.byteOffset,Math.floor(o.byteLength/4)))}}const ot=(t,e,s)=>d((()=>new nt(e,t,s))),ht=ot(6,144,28),at=ot(6,136,32),lt=ot(6,104,48),ct=ot(6,72,64),ut=(()=>{if("object"==typeof globalThis)return globalThis;Object.defineProperty(Object.prototype,"__GLOBALTHIS__",{get(){return this},configurable:!0});try{if("undefined"!=typeof __GLOBALTHIS__)return __GLOBALTHIS__}finally{delete Object.prototype.__GLOBALTHIS__}return"undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:void 0})(),dt={SHA1:m,SHA224:U,SHA256:E,SHA384:V,SHA512:X,"SHA3-224":ht,"SHA3-256":at,"SHA3-384":lt,"SHA3-512":ct},ft=t=>{switch(!0){case/^(?:SHA-?1|SSL3-SHA1)$/i.test(t):return"SHA1";case/^SHA(?:2?-)?224$/i.test(t):return"SHA224";case/^SHA(?:2?-)?256$/i.test(t):return"SHA256";case/^SHA(?:2?-)?384$/i.test(t):return"SHA384";case/^SHA(?:2?-)?512$/i.test(t):return"SHA512";case/^SHA3-224$/i.test(t):return"SHA3-224";case/^SHA3-256$/i.test(t):return"SHA3-256";case/^SHA3-384$/i.test(t):
+digestInto(t){if(r(t,this),this.finished)throw new Error("digest() was already called");return this.writeInto(t),this.destroy(),t}digest(){return this.digestInto(new Uint8Array(this.outputLen))}destroy(){this.destroyed=!0,n(this.state)}_cloneInto(t){const{blockLen:e,suffix:s,outputLen:i,rounds:r,enableXOF:n}=this;return t||(t=new xt(e,s,i,n,r)),t.state32.set(this.state32),t.pos=this.pos,t.posOut=this.posOut,t.finished=this.finished,t.rounds=r,t.suffix=s,t.outputLen=i,t.enableXOF=n,t.destroyed=this.destroyed,t}constructor(t,s,i,r=!1,n=24){if(super(),this.pos=0,this.posOut=0,this.finished=!1,this.destroyed=!1,this.enableXOF=!1,this.blockLen=t,this.suffix=s,this.outputLen=i,this.enableXOF=r,this.rounds=n,e(i),!(0<t&&t<200))throw new Error("only keccak-f1600 function is supported");var o;this.state=new Uint8Array(200),this.state32=(o=this.state,new Uint32Array(o.buffer,o.byteOffset,Math.floor(o.byteLength/4)))}}const mt=(t,e,s)=>d(()=>new xt(e,t,s)),At=(()=>mt(6,144,28))(),Ht=(()=>mt(6,136,32))(),It=(()=>mt(6,104,48))(),Lt=(()=>mt(6,72,64))(),Et=(()=>{if("object"==typeof globalThis)return globalThis;Object.defineProperty(Object.prototype,"__GLOBALTHIS__",{get(){return this},configurable:!0});try{if("undefined"!=typeof __GLOBALTHIS__)return __GLOBALTHIS__}finally{delete Object.prototype.__GLOBALTHIS__}return"undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:void 0})(),Ut={SHA1:U,SHA224:st,SHA256:et,SHA384:rt,SHA512:it,"SHA3-224":At,"SHA3-256":Ht,"SHA3-384":It,"SHA3-512":Lt},Bt=t=>{switch(!0){case/^(?:SHA-?1|SSL3-SHA1)$/i.test(t):return"SHA1";case/^SHA(?:2?-)?224$/i.test(t):return"SHA224";case/^SHA(?:2?-)?256$/i.test(t):return"SHA256";case/^SHA(?:2?-)?384$/i.test(t):return"SHA384";case/^SHA(?:2?-)?512$/i.test(t):return"SHA512";case/^SHA3-224$/i.test(t):return"SHA3-224";case/^SHA3-256$/i.test(t):return"SHA3-256";case/^SHA3-384$/i.test(t):return"SHA3-384";case/^SHA3-512$/i.test(t):return"SHA3-512";default:throw new TypeError(`Unknown hash algorithm: ${t}`)}
-return"SHA3-384";case/^SHA3-512$/i.test(t):return"SHA3-512";default:throw new TypeError(`Unknown hash algorithm: ${t}`)}},bt="ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",gt=t=>{let e=(t=t.replace(/ /g,"")).length;for(;"="===t[e-1];)--e;t=(e<t.length?t.substring(0,e):t).toUpperCase();const s=new ArrayBuffer(5*t.length/8|0),i=new Uint8Array(s);let r=0,n=0,o=0;for(let e=0;e<t.length;e++){const s=bt.indexOf(t[e]);if(-1===s)throw new TypeError(`Invalid character found: ${t[e]}`);n=n<<5|s,r+=5,r>=8&&(r-=8,i[o++]=n>>>r)}return i},pt=t=>{let e=0,s=0,i="";for(let r=0;r<t.length;r++)for(s=s<<8|t[r],e+=8;e>=5;)i+=bt[s>>>e-5&31],e-=5;return e>0&&(i+=bt[s<<5-e&31]),i},wt=t=>{t=t.replace(/ /g,"");const e=new ArrayBuffer(t.length/2),s=new Uint8Array(e);for(let e=0;e<t.length;e+=2)s[e/2]=parseInt(t.substring(e,e+2),16);return s},yt=t=>{let e="";for(let s=0;s<t.length;s++){const i=t[s].toString(16);1===i.length&&(e+="0"),e+=i}return e.toUpperCase()},xt=t=>{const e=new ArrayBuffer(t.length),s=new Uint8Array(e);for(let e=0;e<t.length;e++)s[e]=255&t.charCodeAt(e);return s},At=t=>{let e="";for(let s=0;s<t.length;s++)e+=String.fromCharCode(t[s]);return e},mt=ut.TextEncoder?new ut.TextEncoder:null,Ht=ut.TextDecoder?new ut.TextDecoder:null,Lt=t=>{if(!mt)throw new Error("Encoding API not available");return mt.encode(t)},It=t=>{if(!Ht)throw new Error("Encoding API not available");return Ht.decode(t)};class St{static fromLatin1(t){return new St({buffer:xt(t).buffer})}static fromUTF8(t){return new St({buffer:Lt(t).buffer})}static fromBase32(t){return new St({buffer:gt(t).buffer})}static fromHex(t){return new St({buffer:wt(t).buffer})}get buffer(){return this.bytes.buffer}get latin1(){return Object.defineProperty(this,"latin1",{enumerable:!0,writable:!1,configurable:!1,value:At(this.bytes)}),this.latin1}get utf8(){return Object.defineProperty(this,"utf8",{enumerable:!0,writable:!1,configurable:!1,value:It(this.bytes)}),this.utf8}get base32(){return Object.defineProperty(this,"base32",{enumerable:!0,writable:!1,configurable:!1,value:pt(this.bytes)}),
+},St="ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",Ot=t=>{let e=(t=t.replace(/ /g,"")).length;for(;"="===t[e-1];)--e;t=(e<t.length?t.substring(0,e):t).toUpperCase();const s=new ArrayBuffer(5*t.length/8|0),i=new Uint8Array(s);let r=0,n=0,o=0;for(let e=0;e<t.length;e++){const s=St.indexOf(t[e]);if(-1===s)throw new TypeError(`Invalid character found: ${t[e]}`);n=n<<5|s,r+=5,r>=8&&(r-=8,i[o++]=n>>>r)}return i},Ct=t=>{let e=0,s=0,i="";for(let r=0;r<t.length;r++)for(s=s<<8|t[r],e+=8;e>=5;)i+=St[s>>>e-5&31],e-=5;return e>0&&(i+=St[s<<5-e&31]),i},vt=t=>{t=t.replace(/ /g,"");const e=new ArrayBuffer(t.length/2),s=new Uint8Array(e);for(let e=0;e<t.length;e+=2)s[e/2]=parseInt(t.substring(e,e+2),16);return s},kt=t=>{let e="";for(let s=0;s<t.length;s++){const i=t[s].toString(16);1===i.length&&(e+="0"),e+=i}return e.toUpperCase()},$t=t=>{const e=new ArrayBuffer(t.length),s=new Uint8Array(e);for(let e=0;e<t.length;e++)s[e]=255&t.charCodeAt(e);return s},Tt=t=>{let e="";for(let s=0;s<t.length;s++)e+=String.fromCharCode(t[s]);return e},Dt=Et.TextEncoder?new Et.TextEncoder:null,_t=Et.TextDecoder?new Et.TextDecoder:null,Ft=t=>{if(!Dt)throw new Error("Encoding API not available");return Dt.encode(t)},Gt=t=>{if(!_t)throw new Error("Encoding API not available");return _t.decode(t)};class Pt{static fromLatin1(t){return new Pt({buffer:$t(t).buffer})}static fromUTF8(t){return new Pt({buffer:Ft(t).buffer})}static fromBase32(t){return new Pt({buffer:Ot(t).buffer})}static fromHex(t){return new Pt({buffer:vt(t).buffer})}get buffer(){return this.bytes.buffer}get latin1(){return Object.defineProperty(this,"latin1",{enumerable:!0,writable:!1,configurable:!1,value:Tt(this.bytes)}),this.latin1}get utf8(){return Object.defineProperty(this,"utf8",{enumerable:!0,writable:!1,configurable:!1,value:Gt(this.bytes)}),this.utf8}get base32(){return Object.defineProperty(this,"base32",{enumerable:!0,writable:!1,configurable:!1,value:Ct(this.bytes)}),this.base32}get hex(){return Object.defineProperty(this,"hex",{enumerable:!0,writable:!1,configurable:!1,
-this.base32}get hex(){return Object.defineProperty(this,"hex",{enumerable:!0,writable:!1,configurable:!1,value:yt(this.bytes)}),this.hex}constructor({buffer:t,size:e=20}={}){this.bytes=void 0===t?(t=>{if(ut.crypto?.getRandomValues)return ut.crypto.getRandomValues(new Uint8Array(t));throw new Error("Cryptography API not available")})(e):new Uint8Array(t),Object.defineProperty(this,"bytes",{enumerable:!0,writable:!1,configurable:!1,value:this.bytes})}}class Bt{static get defaults(){return{issuer:"",label:"OTPAuth",issuerInLabel:!0,algorithm:"SHA1",digits:6,counter:0,window:1}}static generate({secret:t,algorithm:e=Bt.defaults.algorithm,digits:s=Bt.defaults.digits,counter:i=Bt.defaults.counter}){const r=((t,e,s)=>{if(b){const i=dt[t]??dt[ft(t)];return b(i,e,s)}throw new Error("Missing HMAC function")})(e,t.bytes,(t=>{const e=new ArrayBuffer(8),s=new Uint8Array(e);let i=t;for(let t=7;t>=0&&0!==i;t--)s[t]=255&i,i-=s[t],i/=256;return s})(i)),n=15&r[r.byteLength-1];return(((127&r[n])<<24|(255&r[n+1])<<16|(255&r[n+2])<<8|255&r[n+3])%10**s).toString().padStart(s,"0")}generate({counter:t=this.counter++}={}){return Bt.generate({secret:this.secret,algorithm:this.algorithm,digits:this.digits,counter:t})}static validate({token:t,secret:e,algorithm:s,digits:i=Bt.defaults.digits,counter:r=Bt.defaults.counter,window:n=Bt.defaults.window}){if(t.length!==i)return null;let o=null;const h=n=>{const h=Bt.generate({secret:e,algorithm:s,digits:i,counter:n});((t,e)=>{{if(t.length!==e.length)throw new TypeError("Input strings must have the same length");let s=-1,i=0;for(;++s<t.length;)i|=t.charCodeAt(s)^e.charCodeAt(s);return 0===i}})(t,h)&&(o=n-r)};h(r);for(let t=1;t<=n&&null===o&&(h(r-t),null===o)&&(h(r+t),null===o);++t);return o}validate({token:t,counter:e=this.counter,window:s}){return Bt.validate({token:t,secret:this.secret,algorithm:this.algorithm,digits:this.digits,counter:e,window:s})}toString(){const t=encodeURIComponent
+value:kt(this.bytes)}),this.hex}constructor({buffer:t,size:e=20}={}){this.bytes=void 0===t?(t=>{if(Et.crypto?.getRandomValues)return Et.crypto.getRandomValues(new Uint8Array(t));throw new Error("Cryptography API not available")})(e):new Uint8Array(t),Object.defineProperty(this,"bytes",{enumerable:!0,writable:!1,configurable:!1,value:this.bytes})}}class jt{static get defaults(){return{issuer:"",label:"OTPAuth",issuerInLabel:!0,algorithm:"SHA1",digits:6,counter:0,window:1}}static generate({secret:t,algorithm:e=jt.defaults.algorithm,digits:s=jt.defaults.digits,counter:i=jt.defaults.counter}){const r=((t,e,s)=>{if(g){const i=Ut[t]??Ut[Bt(t)];return g(i,e,s)}throw new Error("Missing HMAC function")})(e,t.bytes,(t=>{const e=new ArrayBuffer(8),s=new Uint8Array(e);let i=t;for(let t=7;t>=0&&0!==i;t--)s[t]=255&i,i-=s[t],i/=256;return s})(i)),n=15&r[r.byteLength-1];return(((127&r[n])<<24|(255&r[n+1])<<16|(255&r[n+2])<<8|255&r[n+3])%10**s).toString().padStart(s,"0")}generate({counter:t=this.counter++}={}){return jt.generate({secret:this.secret,algorithm:this.algorithm,digits:this.digits,counter:t})}static validate({token:t,secret:e,algorithm:s,digits:i=jt.defaults.digits,counter:r=jt.defaults.counter,window:n=jt.defaults.window}){if(t.length!==i)return null;let o=null;const h=n=>{const h=jt.generate({secret:e,algorithm:s,digits:i,counter:n});((t,e)=>{{if(t.length!==e.length)throw new TypeError("Input strings must have the same length");let s=-1,i=0;for(;++s<t.length;)i|=t.charCodeAt(s)^e.charCodeAt(s);return 0===i}})(t,h)&&(o=n-r)};h(r);for(let t=1;t<=n&&null===o&&(h(r-t),null===o)&&(h(r+t),null===o);++t);return o}validate({token:t,counter:e=this.counter,window:s}){return jt.validate({token:t,secret:this.secret,algorithm:this.algorithm,digits:this.digits,counter:e,window:s})}toString(){const t=encodeURIComponent
-;return"otpauth://hotp/"+(this.issuer.length>0?this.issuerInLabel?`${t(this.issuer)}:${t(this.label)}?issuer=${t(this.issuer)}&`:`${t(this.label)}?issuer=${t(this.issuer)}&`:`${t(this.label)}?`)+`secret=${t(this.secret.base32)}&`+`algorithm=${t(this.algorithm)}&`+`digits=${t(this.digits)}&`+`counter=${t(this.counter)}`}constructor({issuer:t=Bt.defaults.issuer,label:e=Bt.defaults.label,issuerInLabel:s=Bt.defaults.issuerInLabel,secret:i=new St,algorithm:r=Bt.defaults.algorithm,digits:n=Bt.defaults.digits,counter:o=Bt.defaults.counter}={}){this.issuer=t,this.label=e,this.issuerInLabel=s,this.secret="string"==typeof i?St.fromBase32(i):i,this.algorithm=ft(r),this.digits=n,this.counter=o}}class Et{static get defaults(){return{issuer:"",label:"OTPAuth",issuerInLabel:!0,algorithm:"SHA1",digits:6,period:30,window:1}}static counter({period:t=Et.defaults.period,timestamp:e=Date.now()}={}){return Math.floor(e/1e3/t)}counter({timestamp:t=Date.now()}={}){return Et.counter({period:this.period,timestamp:t})}static remaining({period:t=Et.defaults.period,timestamp:e=Date.now()}={}){return 1e3*t-e%(1e3*t)}remaining({timestamp:t=Date.now()}={}){return Et.remaining({period:this.period,timestamp:t})}static generate({secret:t,algorithm:e,digits:s,period:i=Et.defaults.period,timestamp:r=Date.now()}){return Bt.generate({secret:t,algorithm:e,digits:s,counter:Et.counter({period:i,timestamp:r})})}generate({timestamp:t=Date.now()}={}){return Et.generate({secret:this.secret,algorithm:this.algorithm,digits:this.digits,period:this.period,timestamp:t})}static validate({token:t,secret:e,algorithm:s,digits:i,period:r=Et.defaults.period,timestamp:n=Date.now(),window:o}){return Bt.validate({token:t,secret:e,algorithm:s,digits:i,counter:Et.counter({period:r,timestamp:n}),window:o})}validate({token:t,timestamp:e,window:s}){return Et.validate({token:t,secret:this.secret,algorithm:this.algorithm,digits:this.digits,period:this.period,timestamp:e,window:s})}toString(){const t=encodeURIComponent
+;return"otpauth://hotp/"+(this.issuer.length>0?this.issuerInLabel?`${t(this.issuer)}:${t(this.label)}?issuer=${t(this.issuer)}&`:`${t(this.label)}?issuer=${t(this.issuer)}&`:`${t(this.label)}?`)+`secret=${t(this.secret.base32)}&`+`algorithm=${t(this.algorithm)}&`+`digits=${t(this.digits)}&`+`counter=${t(this.counter)}`}constructor({issuer:t=jt.defaults.issuer,label:e=jt.defaults.label,issuerInLabel:s=jt.defaults.issuerInLabel,secret:i=new Pt,algorithm:r=jt.defaults.algorithm,digits:n=jt.defaults.digits,counter:o=jt.defaults.counter}={}){this.issuer=t,this.label=e,this.issuerInLabel=s,this.secret="string"==typeof i?Pt.fromBase32(i):i,this.algorithm=Bt(r),this.digits=n,this.counter=o}}class Mt{static get defaults(){return{issuer:"",label:"OTPAuth",issuerInLabel:!0,algorithm:"SHA1",digits:6,period:30,window:1}}static counter({period:t=Mt.defaults.period,timestamp:e=Date.now()}={}){return Math.floor(e/1e3/t)}counter({timestamp:t=Date.now()}={}){return Mt.counter({period:this.period,timestamp:t})}static remaining({period:t=Mt.defaults.period,timestamp:e=Date.now()}={}){return 1e3*t-e%(1e3*t)}remaining({timestamp:t=Date.now()}={}){return Mt.remaining({period:this.period,timestamp:t})}static generate({secret:t,algorithm:e,digits:s,period:i=Mt.defaults.period,timestamp:r=Date.now()}){return jt.generate({secret:t,algorithm:e,digits:s,counter:Mt.counter({period:i,timestamp:r})})}generate({timestamp:t=Date.now()}={}){return Mt.generate({secret:this.secret,algorithm:this.algorithm,digits:this.digits,period:this.period,timestamp:t})}static validate({token:t,secret:e,algorithm:s,digits:i,period:r=Mt.defaults.period,timestamp:n=Date.now(),window:o}){return jt.validate({token:t,secret:e,algorithm:s,digits:i,counter:Mt.counter({period:r,timestamp:n}),window:o})}validate({token:t,timestamp:e,window:s}){return Mt.validate({token:t,secret:this.secret,algorithm:this.algorithm,digits:this.digits,period:this.period,timestamp:e,window:s})}toString(){const t=encodeURIComponent
-;return"otpauth://totp/"+(this.issuer.length>0?this.issuerInLabel?`${t(this.issuer)}:${t(this.label)}?issuer=${t(this.issuer)}&`:`${t(this.label)}?issuer=${t(this.issuer)}&`:`${t(this.label)}?`)+`secret=${t(this.secret.base32)}&`+`algorithm=${t(this.algorithm)}&`+`digits=${t(this.digits)}&`+`period=${t(this.period)}`}constructor({issuer:t=Et.defaults.issuer,label:e=Et.defaults.label,issuerInLabel:s=Et.defaults.issuerInLabel,secret:i=new St,algorithm:r=Et.defaults.algorithm,digits:n=Et.defaults.digits,period:o=Et.defaults.period}={}){this.issuer=t,this.label=e,this.issuerInLabel=s,this.secret="string"==typeof i?St.fromBase32(i):i,this.algorithm=ft(r),this.digits=n,this.period=o}}const Ut=/^otpauth:\/\/([ht]otp)\/(.+)\?([A-Z0-9.~_-]+=[^?&]*(?:&[A-Z0-9.~_-]+=[^?&]*)*)$/i,Ct=/^[2-7A-Z]+=*$/i,Ot=/^SHA(?:1|224|256|384|512|3-224|3-256|3-384|3-512)$/i,vt=/^[+-]?\d+$/,kt=/^\+?[1-9]\d*$/;t.HOTP=Bt,t.Secret=St,t.TOTP=Et,t.URI=class{static parse(t){let e;try{e=t.match(Ut)}catch(t){}if(!Array.isArray(e))throw new URIError("Invalid URI format");const s=e[1].toLowerCase(),i=e[2].split(/(?::|%3A) *(.+)/i,2).map(decodeURIComponent),r=e[3].split("&").reduce(((t,e)=>{const s=e.split(/=(.*)/,2).map(decodeURIComponent),i=s[0].toLowerCase(),r=s[1],n=t;return n[i]=r,n}),{});let n;const o={};if("hotp"===s){if(n=Bt,void 0===r.counter||!vt.test(r.counter))throw new TypeError("Missing or invalid 'counter' parameter");o.counter=parseInt(r.counter,10)}else{if("totp"!==s)throw new TypeError("Unknown OTP type");if(n=Et,void 0!==r.period){if(!kt.test(r.period))throw new TypeError("Invalid 'period' parameter");o.period=parseInt(r.period,10)}}if(void 0!==r.issuer&&(o.issuer=r.issuer),2===i.length?(o.label=i[1],void 0===o.issuer||""===o.issuer?o.issuer=i[0]:""===i[0]&&(o.issuerInLabel=!1)):(o.label=i[0],void 0!==o.issuer&&""!==o.issuer&&(o.issuerInLabel=!1)),void 0===r.secret||!Ct.test(r.secret))throw new TypeError("Missing or invalid 'secret' parameter");if(o.secret=r.secret,void 0!==r.algorithm){
+;return"otpauth://totp/"+(this.issuer.length>0?this.issuerInLabel?`${t(this.issuer)}:${t(this.label)}?issuer=${t(this.issuer)}&`:`${t(this.label)}?issuer=${t(this.issuer)}&`:`${t(this.label)}?`)+`secret=${t(this.secret.base32)}&`+`algorithm=${t(this.algorithm)}&`+`digits=${t(this.digits)}&`+`period=${t(this.period)}`}constructor({issuer:t=Mt.defaults.issuer,label:e=Mt.defaults.label,issuerInLabel:s=Mt.defaults.issuerInLabel,secret:i=new Pt,algorithm:r=Mt.defaults.algorithm,digits:n=Mt.defaults.digits,period:o=Mt.defaults.period}={}){this.issuer=t,this.label=e,this.issuerInLabel=s,this.secret="string"==typeof i?Pt.fromBase32(i):i,this.algorithm=Bt(r),this.digits=n,this.period=o}}const Rt=/^otpauth:\/\/([ht]otp)\/(.+)\?([A-Z0-9.~_-]+=[^?&]*(?:&[A-Z0-9.~_-]+=[^?&]*)*)$/i,Nt=/^[2-7A-Z]+=*$/i,Xt=/^SHA(?:1|224|256|384|512|3-224|3-256|3-384|3-512)$/i,Vt=/^[+-]?\d+$/,Zt=/^\+?[1-9]\d*$/;t.HOTP=jt,t.Secret=Pt,t.TOTP=Mt,t.URI=class{static parse(t){let e;try{e=t.match(Rt)}catch(t){}if(!Array.isArray(e))throw new URIError("Invalid URI format");const s=e[1].toLowerCase(),i=e[2].split(/(?::|%3A) *(.+)/i,2).map(decodeURIComponent),r=e[3].split("&").reduce((t,e)=>{const s=e.split(/=(.*)/,2).map(decodeURIComponent),i=s[0].toLowerCase(),r=s[1],n=t;return n[i]=r,n},{});let n;const o={};if("hotp"===s){if(n=jt,void 0===r.counter||!Vt.test(r.counter))throw new TypeError("Missing or invalid 'counter' parameter");o.counter=parseInt(r.counter,10)}else{if("totp"!==s)throw new TypeError("Unknown OTP type");if(n=Mt,void 0!==r.period){if(!Zt.test(r.period))throw new TypeError("Invalid 'period' parameter");o.period=parseInt(r.period,10)}}if(void 0!==r.issuer&&(o.issuer=r.issuer),2===i.length?(o.label=i[1],void 0===o.issuer||""===o.issuer?o.issuer=i[0]:""===i[0]&&(o.issuerInLabel=!1)):(o.label=i[0],void 0!==o.issuer&&""!==o.issuer&&(o.issuerInLabel=!1)),void 0===r.secret||!Nt.test(r.secret))throw new TypeError("Missing or invalid 'secret' parameter");if(o.secret=r.secret,void 0!==r.algorithm){
-if(!Ot.test(r.algorithm))throw new TypeError("Invalid 'algorithm' parameter");o.algorithm=r.algorithm}if(void 0!==r.digits){if(!kt.test(r.digits))throw new TypeError("Invalid 'digits' parameter");o.digits=parseInt(r.digits,10)}return new n(o)}static stringify(t){if(t instanceof Bt||t instanceof Et)return t.toString();throw new TypeError("Invalid 'HOTP/TOTP' object")}},t.version="9.4.0"}));
+if(!Xt.test(r.algorithm))throw new TypeError("Invalid 'algorithm' parameter");o.algorithm=r.algorithm}if(void 0!==r.digits){if(!Zt.test(r.digits))throw new TypeError("Invalid 'digits' parameter");o.digits=parseInt(r.digits,10)}return new n(o)}static stringify(t){if(t instanceof jt||t instanceof Mt)return t.toString();throw new TypeError("Invalid 'HOTP/TOTP' object")}},t.version="9.4.1"});
-//# sourceMappingURL=otpauth.umd.min.js.map
+//# sourceMappingURL=otpauth.umd.min.js.map
--- a/web/assets/otpauth/otpauth.umd.min.js.map
+++ b/web/assets/otpauth/otpauth.umd.min.js.map
--- a/web/controller/api.go
+++ b/web/controller/api.go
@@ -1,7 +1,10 @@
 package controller
 import (
 	"net/http"
 	"github.com/mhsanaei/3x-ui/v2/web/service"
 	"github.com/mhsanaei/3x-ui/v2/web/session"
 	"github.com/gin-gonic/gin"
 )
@@ -21,11 +24,21 @@ func NewAPIController(g *gin.RouterGroup) *APIController {
 	return a
 }
 // checkAPIAuth is a middleware that returns 404 for unauthenticated API requests
 // to hide the existence of API endpoints from unauthorized users
 func (a *APIController) checkAPIAuth(c *gin.Context) {
 	if !session.IsLogin(c) {
 		c.AbortWithStatus(http.StatusNotFound)
 		return
 	}
 	c.Next()
 }
 // initRouter sets up the API routes for inbounds, server, and other endpoints.
 func (a *APIController) initRouter(g *gin.RouterGroup) {
 	// Main API group
 	api := g.Group("/panel/api")
-	api.Use(a.checkLogin)
+	api.Use(a.checkAPIAuth)
 	// Inbounds API
 	inbounds := api.Group("/inbounds")
--- a/web/controller/inbound.go
+++ b/web/controller/inbound.go
@@ -8,6 +8,7 @@ import (
 	"github.com/mhsanaei/3x-ui/v2/database/model"
 	"github.com/mhsanaei/3x-ui/v2/web/service"
 	"github.com/mhsanaei/3x-ui/v2/web/session"
 	"github.com/mhsanaei/3x-ui/v2/web/websocket"
 	"github.com/gin-gonic/gin"
 )
@@ -125,6 +126,9 @@ func (a *InboundController) addInbound(c *gin.Context) {
 	if needRestart {
 		a.xrayService.SetToNeedRestart()
 	}
 	// Broadcast inbounds update via WebSocket
 	inbounds, _ := a.inboundService.GetInbounds(user.Id)
 	websocket.BroadcastInbounds(inbounds)
 }
 // delInbound deletes an inbound configuration by its ID.
@@ -143,6 +147,10 @@ func (a *InboundController) delInbound(c *gin.Context) {
 	if needRestart {
 		a.xrayService.SetToNeedRestart()
 	}
 	// Broadcast inbounds update via WebSocket
 	user := session.GetLoginUser(c)
 	inbounds, _ := a.inboundService.GetInbounds(user.Id)
 	websocket.BroadcastInbounds(inbounds)
 }
 // updateInbound updates an existing inbound configuration.
@@ -169,6 +177,10 @@ func (a *InboundController) updateInbound(c *gin.Context) {
 	if needRestart {
 		a.xrayService.SetToNeedRestart()
 	}
 	// Broadcast inbounds update via WebSocket
 	user := session.GetLoginUser(c)
 	inbounds, _ := a.inboundService.GetInbounds(user.Id)
 	websocket.BroadcastInbounds(inbounds)
 }
 // getClientIps retrieves the IP addresses associated with a client by email.
--- a/web/controller/index.go
+++ b/web/controller/index.go
@@ -39,8 +39,9 @@ func NewIndexController(g *gin.RouterGroup) *IndexController {
 // initRouter sets up the routes for index, login, logout, and two-factor authentication.
 func (a *IndexController) initRouter(g *gin.RouterGroup) {
 	g.GET("/", a.index)
 	g.POST("/login", a.login)
 	g.GET("/logout", a.logout)
 	g.POST("/login", a.login)
 	g.POST("/getTwoFactorEnable", a.getTwoFactorEnable)
 }
--- a/web/controller/server.go
+++ b/web/controller/server.go
@@ -9,6 +9,7 @@ import (
 	"github.com/mhsanaei/3x-ui/v2/web/global"
 	"github.com/mhsanaei/3x-ui/v2/web/service"
 	"github.com/mhsanaei/3x-ui/v2/web/websocket"
 	"github.com/gin-gonic/gin"
 )
@@ -67,6 +68,8 @@ func (a *ServerController) refreshStatus() {
 	// collect cpu history when status is fresh
 	if a.lastStatus != nil {
 		a.serverService.AppendCpuSample(time.Now(), a.lastStatus.Cpu)
 		// Broadcast status update via WebSocket
 		websocket.BroadcastStatus(a.lastStatus)
 	}
 }
@@ -155,9 +158,16 @@ func (a *ServerController) stopXrayService(c *gin.Context) {
 	err := a.serverService.StopXrayService()
 	if err != nil {
 		jsonMsg(c, I18nWeb(c, "pages.xray.stopError"), err)
 		websocket.BroadcastXrayState("error", err.Error())
 		return
 	}
 	jsonMsg(c, I18nWeb(c, "pages.xray.stopSuccess"), err)
 	websocket.BroadcastXrayState("stop", "")
 	websocket.BroadcastNotification(
 		I18nWeb(c, "pages.xray.stopSuccess"),
 		"Xray service has been stopped",
 		"warning",
 	)
 }
 // restartXrayService restarts the Xray service.
@@ -165,9 +175,16 @@ func (a *ServerController) restartXrayService(c *gin.Context) {
 	err := a.serverService.RestartXrayService()
 	if err != nil {
 		jsonMsg(c, I18nWeb(c, "pages.xray.restartError"), err)
 		websocket.BroadcastXrayState("error", err.Error())
 		return
 	}
 	jsonMsg(c, I18nWeb(c, "pages.xray.restartSuccess"), err)
 	websocket.BroadcastXrayState("running", "")
 	websocket.BroadcastNotification(
 		I18nWeb(c, "pages.xray.restartSuccess"),
 		"Xray service has been restarted successfully",
 		"success",
 	)
 }
 // getLogs retrieves the application logs based on count, level, and syslog filters.
--- a/web/controller/websocket.go
+++ b/web/controller/websocket.go
@@ -0,0 +1,189 @@
 package controller
 import (
 	"net/http"
 	"strings"
 	"time"
 	"github.com/google/uuid"
 	"github.com/mhsanaei/3x-ui/v2/logger"
 	"github.com/mhsanaei/3x-ui/v2/util/common"
 	"github.com/mhsanaei/3x-ui/v2/web/session"
 	"github.com/mhsanaei/3x-ui/v2/web/websocket"
 	"github.com/gin-gonic/gin"
 	ws "github.com/gorilla/websocket"
 )
 const (
 	// Time allowed to write a message to the peer
 	writeWait = 10 * time.Second
 	// Time allowed to read the next pong message from the peer
 	pongWait = 60 * time.Second
 	// Send pings to peer with this period (must be less than pongWait)
 	pingPeriod = (pongWait * 9) / 10
 	// Maximum message size allowed from peer
 	maxMessageSize = 512
 )
 var upgrader = ws.Upgrader{
 	ReadBufferSize:  4096, // Increased from 1024 for better performance
 	WriteBufferSize: 4096, // Increased from 1024 for better performance
 	CheckOrigin: func(r *http.Request) bool {
 		// Check origin for security
 		origin := r.Header.Get("Origin")
 		if origin == "" {
 			// Allow connections without Origin header (same-origin requests)
 			return true
 		}
 		// Get the host from the request
 		host := r.Host
 		// Extract scheme and host from origin
 		originURL := origin
 		// Simple check: origin should match the request host
 		// This prevents cross-origin WebSocket hijacking
 		if strings.HasPrefix(originURL, "http://") || strings.HasPrefix(originURL, "https://") {
 			// Extract host from origin
 			originHost := strings.TrimPrefix(strings.TrimPrefix(originURL, "http://"), "https://")
 			if idx := strings.Index(originHost, "/"); idx != -1 {
 				originHost = originHost[:idx]
 			}
 			if idx := strings.Index(originHost, ":"); idx != -1 {
 				originHost = originHost[:idx]
 			}
 			// Compare hosts (without port)
 			requestHost := host
 			if idx := strings.Index(requestHost, ":"); idx != -1 {
 				requestHost = requestHost[:idx]
 			}
 			return originHost == requestHost || originHost == "" || requestHost == ""
 		}
 		return false
 	},
 }
 // WebSocketController handles WebSocket connections for real-time updates
 type WebSocketController struct {
 	BaseController
 	hub *websocket.Hub
 }
 // NewWebSocketController creates a new WebSocket controller
 func NewWebSocketController(hub *websocket.Hub) *WebSocketController {
 	return &WebSocketController{
 		hub: hub,
 	}
 }
 // HandleWebSocket handles WebSocket connections
 func (w *WebSocketController) HandleWebSocket(c *gin.Context) {
 	// Check authentication
 	if !session.IsLogin(c) {
 		logger.Warningf("Unauthorized WebSocket connection attempt from %s", getRemoteIp(c))
 		c.AbortWithStatus(http.StatusUnauthorized)
 		return
 	}
 	// Upgrade connection to WebSocket
 	conn, err := upgrader.Upgrade(c.Writer, c.Request, nil)
 	if err != nil {
 		logger.Error("Failed to upgrade WebSocket connection:", err)
 		return
 	}
 	// Create client
 	clientID := uuid.New().String()
 	client := &websocket.Client{
 		ID:     clientID,
 		Hub:    w.hub,
 		Send:   make(chan []byte, 512), // Increased from 256 to 512 to prevent overflow
 		Topics: make(map[websocket.MessageType]bool),
 	}
 	// Register client
 	w.hub.Register(client)
 	logger.Debugf("WebSocket client %s registered from %s", clientID, getRemoteIp(c))
 	// Start goroutines for reading and writing
 	go w.writePump(client, conn)
 	go w.readPump(client, conn)
 }
 // readPump pumps messages from the WebSocket connection to the hub
 func (w *WebSocketController) readPump(client *websocket.Client, conn *ws.Conn) {
 	defer func() {
 		if r := common.Recover("WebSocket readPump panic"); r != nil {
 			logger.Error("WebSocket readPump panic recovered:", r)
 		}
 		w.hub.Unregister(client)
 		conn.Close()
 	}()
 	conn.SetReadDeadline(time.Now().Add(pongWait))
 	conn.SetPongHandler(func(string) error {
 		conn.SetReadDeadline(time.Now().Add(pongWait))
 		return nil
 	})
 	conn.SetReadLimit(maxMessageSize)
 	for {
 		_, message, err := conn.ReadMessage()
 		if err != nil {
 			if ws.IsUnexpectedCloseError(err, ws.CloseGoingAway, ws.CloseAbnormalClosure) {
 				logger.Debugf("WebSocket read error for client %s: %v", client.ID, err)
 			}
 			break
 		}
 		// Validate message size
 		if len(message) > maxMessageSize {
 			logger.Warningf("WebSocket message from client %s exceeds max size: %d bytes", client.ID, len(message))
 			continue
 		}
 		// Handle incoming messages (e.g., subscription requests)
 		// For now, we'll just log them
 		logger.Debugf("Received WebSocket message from client %s: %s", client.ID, string(message))
 	}
 }
 // writePump pumps messages from the hub to the WebSocket connection
 func (w *WebSocketController) writePump(client *websocket.Client, conn *ws.Conn) {
 	ticker := time.NewTicker(pingPeriod)
 	defer func() {
 		if r := common.Recover("WebSocket writePump panic"); r != nil {
 			logger.Error("WebSocket writePump panic recovered:", r)
 		}
 		ticker.Stop()
 		conn.Close()
 	}()
 	for {
 		select {
 		case message, ok := <-client.Send:
 			conn.SetWriteDeadline(time.Now().Add(writeWait))
 			if !ok {
 				// Hub closed the channel
 				conn.WriteMessage(ws.CloseMessage, []byte{})
 				return
 			}
 			// Send each message individually (no batching)
 			// This ensures each JSON message is sent separately and can be parsed correctly
 			if err := conn.WriteMessage(ws.TextMessage, message); err != nil {
 				logger.Debugf("WebSocket write error for client %s: %v", client.ID, err)
 				return
 			}
 		case <-ticker.C:
 			conn.SetWriteDeadline(time.Now().Add(writeWait))
 			if err := conn.WriteMessage(ws.PingMessage, nil); err != nil {
 				logger.Debugf("WebSocket ping error for client %s: %v", client.ID, err)
 				return
 			}
 		}
 	}
 }
--- a/web/controller/xui.go
+++ b/web/controller/xui.go
@@ -8,8 +8,6 @@ import (
 type XUIController struct {
 	BaseController
 	inboundController     *InboundController
 	serverController      *ServerController
 	settingController     *SettingController
 	xraySettingController *XraySettingController
 }
@@ -31,8 +29,6 @@ func (a *XUIController) initRouter(g *gin.RouterGroup) {
 	g.GET("/settings", a.settings)
 	g.GET("/xray", a.xraySettings)
 	a.inboundController = NewInboundController(g)
 	a.serverController = NewServerController(g)
 	a.settingController = NewSettingController(g)
 	a.xraySettingController = NewXraySettingController(g)
 }
--- a/web/entity/entity.go
+++ b/web/entity/entity.go
@@ -74,7 +74,31 @@ type AllSetting struct {
 	SubJsonFragment             string `json:"subJsonFragment" form:"subJsonFragment"`                         // JSON subscription fragment configuration
 	SubJsonNoises               string `json:"subJsonNoises" form:"subJsonNoises"`                             // JSON subscription noise configuration
 	SubJsonMux                  string `json:"subJsonMux" form:"subJsonMux"`                                   // JSON subscription mux configuration
-	SubJsonRules                string `json:"subJsonRules" form:"subJsonRules"`                               // JSON subscription routing rules
+	SubJsonRules                string `json:"subJsonRules" form:"subJsonRules"`
 	// LDAP settings
 	LdapEnable     bool   `json:"ldapEnable" form:"ldapEnable"`
 	LdapHost       string `json:"ldapHost" form:"ldapHost"`
 	LdapPort       int    `json:"ldapPort" form:"ldapPort"`
 	LdapUseTLS     bool   `json:"ldapUseTLS" form:"ldapUseTLS"`
 	LdapBindDN     string `json:"ldapBindDN" form:"ldapBindDN"`
 	LdapPassword   string `json:"ldapPassword" form:"ldapPassword"`
 	LdapBaseDN     string `json:"ldapBaseDN" form:"ldapBaseDN"`
 	LdapUserFilter string `json:"ldapUserFilter" form:"ldapUserFilter"`
 	LdapUserAttr   string `json:"ldapUserAttr" form:"ldapUserAttr"` // e.g., mail or uid
 	LdapVlessField string `json:"ldapVlessField" form:"ldapVlessField"`
 	LdapSyncCron   string `json:"ldapSyncCron" form:"ldapSyncCron"`
 	// Generic flag configuration
 	LdapFlagField         string `json:"ldapFlagField" form:"ldapFlagField"`
 	LdapTruthyValues      string `json:"ldapTruthyValues" form:"ldapTruthyValues"`
 	LdapInvertFlag        bool   `json:"ldapInvertFlag" form:"ldapInvertFlag"`
 	LdapInboundTags       string `json:"ldapInboundTags" form:"ldapInboundTags"`
 	LdapAutoCreate        bool   `json:"ldapAutoCreate" form:"ldapAutoCreate"`
 	LdapAutoDelete        bool   `json:"ldapAutoDelete" form:"ldapAutoDelete"`
 	LdapDefaultTotalGB    int    `json:"ldapDefaultTotalGB" form:"ldapDefaultTotalGB"`
 	LdapDefaultExpiryDays int    `json:"ldapDefaultExpiryDays" form:"ldapDefaultExpiryDays"`
 	LdapDefaultLimitIP    int    `json:"ldapDefaultLimitIP" form:"ldapDefaultLimitIP"`
 	// JSON subscription routing rules
 }
 // CheckValid validates all settings in the AllSetting struct, checking IP addresses, ports, SSL certificates, and other configuration values.
--- a/web/global/global.go
+++ b/web/global/global.go
@@ -17,6 +17,7 @@ var (
 type WebServer interface {
 	GetCron() *cron.Cron     // Get the cron scheduler
 	GetCtx() context.Context // Get the server context
 	GetWSHub() interface{}   // Get the WebSocket hub (using interface{} to avoid circular dependency)
 }
 // SubServer interface defines methods for accessing the subscription server instance.
--- a/web/html/common/page.html
+++ b/web/html/common/page.html
@@ -44,12 +44,12 @@
 <script src="{{ .base_path }}assets/axios/axios.min.js?{{ .cur_ver }}"></script>
 <script src="{{ .base_path }}assets/qs/qs.min.js"></script>
 <script src="{{ .base_path }}assets/js/axios-init.js?{{ .cur_ver }}"></script>
 <script src="{{ .base_path }}assets/js/util/date-util.js?{{ .cur_ver }}"></script>
 <script src="{{ .base_path }}assets/js/util/index.js?{{ .cur_ver }}"></script>
 <script>
  const basePath = '{{ .base_path }}';
  axios.defaults.baseURL = basePath;
 </script>
 <script src="{{ .base_path }}assets/js/websocket.js?{{ .cur_ver }}"></script>
 {{ end }}
 {{ define "page/body_end" }}
--- a/web/html/component/aClientTable.html
+++ b/web/html/component/aClientTable.html
@@ -111,20 +111,12 @@
  <template v-if="client.expiryTime !=0 && client.reset >0">
    <a-popover :overlay-class-name="themeSwitcher.currentTheme">
      <template slot="content">
-        <span v-if="client.expiryTime < 0">{{ i18n "pages.client.delayedStart" }}
+        <span v-if="client.expiryTime < 0">{{ i18n "pages.client.delayedStart" }}</span>
-        </span>
+        <span v-else>[[ IntlUtil.formatDate(client.expiryTime) ]]</span>
        <span v-else>
          <template v-if="app.datepicker === 'gregorian'">
            [[ DateUtil.formatMillis(client._expiryTime) ]]
          </template>
          <template v-else>
            [[ DateUtil.convertToJalalian(moment(client._expiryTime)) ]]
          </template>
        </span>
      </template>
      <table>
        <tr class="tr-table-box">
-          <td class="tr-table-rt"> [[ remainedDays(client.expiryTime) ]] </td>
+          <td class="tr-table-rt"> [[ IntlUtil.formatRelativeTime(client.expiryTime) ]] </td>
          <td class="infinite-bar tr-table-bar">
            <a-progress :show-info="false" :status="isClientDepleted(record, client.email)? 'exception' : ''" :percent="expireProgress(client.expiryTime, client.reset)" />
          </td>
@@ -136,18 +128,10 @@
  <template v-else>
    <a-popover v-if="client.expiryTime != 0" :overlay-class-name="themeSwitcher.currentTheme">
      <template slot="content">
-        <span v-if="client.expiryTime < 0">{{ i18n "pages.client.delayedStart" }}
+        <span v-if="client.expiryTime < 0">{{ i18n "pages.client.delayedStart" }}</span>
-        </span>
+        <span v-else>[[ IntlUtil.formatDate(client.expiryTime) ]]</span>
        <span v-else>
          <template v-if="app.datepicker === 'gregorian'">
            [[ DateUtil.formatMillis(client._expiryTime) ]]
          </template>
          <template v-else>
            [[ DateUtil.convertToJalalian(moment(client._expiryTime)) ]]
          </template>
        </span>
      </template>
-      <a-tag :style="{ minWidth: '50px', border: 'none' }" :color="ColorUtils.userExpiryColor(app.expireDiff, client, themeSwitcher.isDarkTheme)"> [[ remainedDays(client.expiryTime) ]] </a-tag>
+      <a-tag :style="{ minWidth: '50px', border: 'none' }" :color="ColorUtils.userExpiryColor(app.expireDiff, client, themeSwitcher.isDarkTheme)"> [[ IntlUtil.formatRelativeTime(client.expiryTime) ]] </a-tag>
    </a-popover>
    <a-tag v-else :color="ColorUtils.userExpiryColor(app.expireDiff, client, themeSwitcher.isDarkTheme)" :style="{ border: 'none' }" class="infinite-tag">
      <svg height="10px" width="14px" viewBox="0 0 640 512" fill="currentColor">
@@ -232,20 +216,12 @@
        </tr>
        <tr>
          <template v-if="client.expiryTime !=0 && client.reset >0">
-            <td width="80px" :style="{ margin: '0', textAlign: 'right', fontSize: '1em' }"> [[ remainedDays(client.expiryTime) ]] </td>
+            <td width="80px" :style="{ margin: '0', textAlign: 'right', fontSize: '1em' }"> [[ IntlUtil.formatRelativeTime(client.expiryTime) ]] </td>
            <td width="120px" class="infinite-bar">
              <a-popover :overlay-class-name="themeSwitcher.currentTheme">
                <template slot="content">
-                  <span v-if="client.expiryTime < 0">{{ i18n "pages.client.delayedStart" }}
+                  <span v-if="client.expiryTime < 0">{{ i18n "pages.client.delayedStart" }}</span>
-                  </span>
+                  <span v-else>[[ IntlUtil.formatDate(client.expiryTime) ]]</span>
                  <span v-else>
                    <template v-if="app.datepicker === 'gregorian'">
                      [[ DateUtil.formatMillis(client._expiryTime) ]]
                    </template>
                    <template v-else>
                      [[ DateUtil.convertToJalalian(moment(client._expiryTime)) ]]
                    </template>
                  </span>
                </template>
                <a-progress :show-info="false" :status="isClientDepleted(record, client.email)? 'exception' : ''" :percent="expireProgress(client.expiryTime, client.reset)" />
              </a-popover>
@@ -256,18 +232,10 @@
            <td colspan="3" :style="{ textAlign: 'center' }">
              <a-popover v-if="client.expiryTime != 0" :overlay-class-name="themeSwitcher.currentTheme">
                <template slot="content">
-                  <span v-if="client.expiryTime < 0">{{ i18n "pages.client.delayedStart" }}
+                  <span v-if="client.expiryTime < 0">{{ i18n "pages.client.delayedStart" }}</span>
-                  </span>
+                  <span v-else>[[ IntlUtil.formatDate(client.expiryTime) ]]</span>
                  <span v-else>
                    <template v-if="app.datepicker === 'gregorian'">
                      [[ DateUtil.formatMillis(client._expiryTime) ]]
                    </template>
                    <template v-else>
                      [[ DateUtil.convertToJalalian(moment(client._expiryTime)) ]]
                    </template>
                  </span>
                </template>
-                <a-tag :style="{ minWidth: '50px', border: 'none' }" :color="ColorUtils.userExpiryColor(app.expireDiff, client, themeSwitcher.isDarkTheme)"> [[ remainedDays(client.expiryTime) ]] </a-tag>
+                <a-tag :style="{ minWidth: '50px', border: 'none' }" :color="ColorUtils.userExpiryColor(app.expireDiff, client, themeSwitcher.isDarkTheme)"> [[ IntlUtil.formatRelativeTime(client.expiryTime) ]] </a-tag>
              </a-popover>
              <a-tag v-else :color="client.enable ? 'purple' : themeSwitcher.isDarkTheme ? '#2c3950' : '#bcbcbc'" class="infinite-tag">
                <svg height="10px" width="14px" viewBox="0 0 640 512" fill="currentColor">
@@ -289,12 +257,7 @@
 </template>
 <template slot="createdAt" slot-scope="text, client, index">
  <template v-if="client.created_at">
-    <template v-if="app.datepicker === 'gregorian'">
+    [[ IntlUtil.formatDate(client.created_at) ]]
      [[ DateUtil.formatMillis(client.created_at) ]]
    </template>
    <template v-else>
      [[ DateUtil.convertToJalalian(moment(client.created_at)) ]]
    </template>
  </template>
  <template v-else>
    -
@@ -302,12 +265,7 @@
 </template>
 <template slot="updatedAt" slot-scope="text, client, index">
  <template v-if="client.updated_at">
-    <template v-if="app.datepicker === 'gregorian'">
+    [[ IntlUtil.formatDate(client.updated_at) ]]
      [[ DateUtil.formatMillis(client.updated_at) ]]
    </template>
    <template v-else>
      [[ DateUtil.convertToJalalian(moment(client.updated_at)) ]]
    </template>
  </template>
  <template v-else>
    -
--- a/web/html/form/inbound.html
+++ b/web/html/form/inbound.html
@@ -28,7 +28,7 @@
    </a-form-item>
    <a-form-item label='{{ i18n "pages.inbounds.port" }}'>
-        <a-input-number v-model.number="inbound.port" :min="1" :max="65531"></a-input-number>
+        <a-input-number v-model.number="inbound.port" :min="1" :max="65535"></a-input-number>
    </a-form-item>
    <a-form-item>
@@ -51,9 +51,8 @@
                    <span>{{ i18n "pages.inbounds.periodicTrafficResetDesc" }}</span>
                    <br v-if="dbInbound.lastTrafficResetTime && dbInbound.lastTrafficResetTime > 0">
                    <span v-if="dbInbound.lastTrafficResetTime && dbInbound.lastTrafficResetTime > 0">
-                        <strong>{{ i18n "pages.inbounds.lastReset" }}:</strong> 
+                        <strong>{{ i18n "pages.inbounds.lastReset" }}:</strong>
-                        <span v-if="datepicker == 'gregorian'">[[ moment(dbInbound.lastTrafficResetTime).format('YYYY-MM-DD HH:mm:ss') ]]</span>
+                        <span>[[ IntlUtil.formatDate(dbInbound.lastTrafficResetTime) ]]</span>
                        <span v-else>[[ DateUtil.convertToJalalian(moment(dbInbound.lastTrafficResetTime)) ]]</span>
                    </span>
                </template>
                {{ i18n "pages.inbounds.periodicTrafficResetTitle" }}
@@ -145,4 +144,4 @@
    </a-collapse-panel>
 </a-collapse>
-{{end}}
+{{end}}
--- a/web/html/form/outbound.html
+++ b/web/html/form/outbound.html
@@ -1,6 +1,7 @@
 {{define "form/outbound"}}
 <!-- base -->
-<a-tabs :active-key="outModal.activeKey" :style="{ padding: '0', backgroundColor: 'transparent' }" @change="(activeKey) => {outModal.toggleJson(activeKey == '2'); }">
+<a-tabs :active-key="outModal.activeKey" :style="{ padding: '0', backgroundColor: 'transparent' }"
  @change="(activeKey) => {outModal.toggleJson(activeKey == '2'); }">
  <a-tab-pane key="1" tab="Form">
    <a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
      <a-form-item label='{{ i18n "protocol" }}'>
@@ -8,8 +9,10 @@
          <a-select-option v-for="x,y in Protocols" :value="x">[[ y ]]</a-select-option>
        </a-select>
      </a-form-item>
-      <a-form-item label='{{ i18n "pages.xray.outbound.tag" }}' has-feedback :validate-status="outModal.duplicateTag? 'warning' : 'success'">
+      <a-form-item label='{{ i18n "pages.xray.outbound.tag" }}' has-feedback
-        <a-input v-model.trim="outbound.tag" @change="outModal.check()" placeholder='{{ i18n "pages.xray.outbound.tagDesc" }}'></a-input>
+        :validate-status="outModal.duplicateTag? 'warning' : 'success'">
        <a-input v-model.trim="outbound.tag" @change="outModal.check()"
          placeholder='{{ i18n "pages.xray.outbound.tagDesc" }}'></a-input>
      </a-form-item>
      <a-form-item label='{{ i18n "pages.xray.outbound.sendThrough" }}'>
        <a-input v-model="outbound.sendThrough"></a-input>
@@ -59,12 +62,13 @@
          <a-form-item label="Noises">
            <a-button icon="plus" type="primary" size="small" @click="outbound.settings.addNoise()"></a-button>
          </a-form-item>
-        
+
-        <!-- Noise Configurations -->
+          <!-- Noise Configurations -->
-          <a-form v-for="(noise, index) in outbound.settings.noises" :key="index" :colon="false" :label-col="{ md: {span:8} }"
+          <a-form v-for="(noise, index) in outbound.settings.noises" :key="index" :colon="false"
-            :wrapper-col="{ md: {span:14} }">
+            :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
            <a-divider :style="{ margin: '0' }"> Noise [[ index + 1 ]]
-              <a-icon v-if="outbound.settings.noises.length > 1" type="delete" @click="() => outbound.settings.delNoise(index)"
+              <a-icon v-if="outbound.settings.noises.length > 1" type="delete"
                @click="() => outbound.settings.delNoise(index)"
                :style="{ color: 'rgb(255, 77, 79)', cursor: 'pointer' }"></a-icon>
            </a-divider>
            <a-form-item label='Type'>
@@ -108,7 +112,7 @@
            <a-select-option v-for="s in ['reject','drop','skip']" :value="s">[[ s ]]</a-select-option>
          </a-select>
        </a-form-item>
-        <a-form-item v-if="outbound.settings.nonIPQuery === 'skip'" label='Block Types' >
+        <a-form-item v-if="outbound.settings.nonIPQuery === 'skip'" label='Block Types'>
          <a-input v-model.number="outbound.settings.blockTypes"></a-input>
        </a-form-item>
      </template>
@@ -129,21 +133,21 @@
        </a-form-item>
        <a-form-item>
          <template slot="label">
-              <a-tooltip>
+            <a-tooltip>
-                  <template slot="title">
+              <template slot="title">
-                      <span>{{ i18n "reset" }}</span>
+                <span>{{ i18n "reset" }}</span>
-                  </template>
+              </template>
-                  {{ i18n "pages.xray.wireguard.secretKey" }}
+              {{ i18n "pages.xray.wireguard.secretKey" }}
-                  <a-icon type="sync"
+              <a-icon type="sync"
-                      @click="[outbound.settings.pubKey, outbound.settings.secretKey] = Object.values(Wireguard.generateKeypair())">
+                @click="[outbound.settings.pubKey, outbound.settings.secretKey] = Object.values(Wireguard.generateKeypair())">
-                  </a-icon>
+              </a-icon>
-              </a-tooltip>
+            </a-tooltip>
          </template>
          <a-input v-model.trim="outbound.settings.secretKey"></a-input>
-      </a-form-item>
+        </a-form-item>
-      <a-form-item label='{{ i18n "pages.xray.wireguard.publicKey" }}'>
+        <a-form-item label='{{ i18n "pages.xray.wireguard.publicKey" }}'>
          <a-input disabled v-model="outbound.settings.pubKey"></a-input>
-      </a-form-item>
+        </a-form-item>
        <a-form-item label='{{ i18n "pages.xray.wireguard.domainStrategy" }}'>
          <a-select v-model="outbound.settings.domainStrategy" :dropdown-class-name="themeSwitcher.currentTheme">
            <a-select-option v-for="wds in ['', ...WireguardDomainStrategy]" :value="wds">[[ wds ]]</a-select-option>
@@ -171,8 +175,11 @@
        <a-form-item label="Peers">
          <a-button icon="plus" type="primary" size="small" @click="outbound.settings.addPeer()"></a-button>
        </a-form-item>
-        <a-form v-for="(peer, index) in outbound.settings.peers" :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
+        <a-form v-for="(peer, index) in outbound.settings.peers" :colon="false" :label-col="{ md: {span:8} }"
-          <a-divider :style="{ margin: '0' }"> Peer [[ index + 1 ]] <a-icon v-if="outbound.settings.peers.length>1" type="delete" @click="() => outbound.settings.delPeer(index)" :style="{ color: 'rgb(255, 77, 79)', cursor: 'pointer' }"></a-icon>
+          :wrapper-col="{ md: {span:14} }">
          <a-divider :style="{ margin: '0' }"> Peer [[ index + 1 ]] <a-icon v-if="outbound.settings.peers.length>1"
              type="delete" @click="() => outbound.settings.delPeer(index)"
              :style="{ color: 'rgb(255, 77, 79)', cursor: 'pointer' }"></a-icon>
          </a-divider>
          <a-form-item label='{{ i18n "pages.xray.wireguard.endpoint" }}'>
            <a-input v-model.trim="peer.endpoint"></a-input>
@@ -190,7 +197,8 @@
            </template>
            <template v-for="(aip, index) in peer.allowedIPs" :style="{ marginBottom: '10px' }">
              <a-input v-model.trim="peer.allowedIPs[index]">
-                <a-button icon="minus" v-if="peer.allowedIPs.length>1" slot="addonAfter" size="small" @click="peer.allowedIPs.splice(index, 1)"></a-button>
+                <a-button icon="minus" v-if="peer.allowedIPs.length>1" slot="addonAfter" size="small"
                  @click="peer.allowedIPs.splice(index, 1)"></a-button>
              </a-input>
            </template>
          </a-form-item>
@@ -210,7 +218,7 @@
        </a-form-item>
      </template>
-  <!-- VLESS/VMess user settings -->
+      <!-- VLESS/VMess user settings -->
      <template v-if="[Protocols.VMess, Protocols.VLESS].includes(outbound.protocol)">
        <a-form-item label='ID'>
          <a-input v-model.trim="outbound.settings.id"></a-input>
@@ -239,6 +247,33 @@
            </a-select>
          </a-form-item>
        </template>
        <!-- XTLS Vision Advanced Settings -->
        <template v-if="outbound.canEnableVisionSeed()">
          <a-form-item label="Vision Pre-Connect">
            <a-input-number v-model.number="outbound.settings.testpre" :min="0" :max="10" :style="{ width: '100%' }"
              placeholder="0"></a-input-number>
          </a-form-item>
          <a-form-item label="Vision Seed">
            <a-row :gutter="8">
              <a-col :span="6">
                <a-input-number v-model.number="outbound.settings.testseed[0]" :min="0" :max="9999"
                  :style="{ width: '100%' }" placeholder="900" addon-before="[0]"></a-input-number>
              </a-col>
              <a-col :span="6">
                <a-input-number v-model.number="outbound.settings.testseed[1]" :min="0" :max="9999"
                  :style="{ width: '100%' }" placeholder="500" addon-before="[1]"></a-input-number>
              </a-col>
              <a-col :span="6">
                <a-input-number v-model.number="outbound.settings.testseed[2]" :min="0" :max="9999"
                  :style="{ width: '100%' }" placeholder="900" addon-before="[2]"></a-input-number>
              </a-col>
              <a-col :span="6">
                <a-input-number v-model.number="outbound.settings.testseed[3]" :min="0" :max="9999"
                  :style="{ width: '100%' }" placeholder="256" addon-before="[3]"></a-input-number>
              </a-col>
            </a-row>
          </a-form-item>
        </template>
      </template>
      <!-- Servers (trojan/shadowsocks/socks/http) settings -->
@@ -264,7 +299,8 @@
        <template v-if="outbound.protocol === Protocols.Shadowsocks">
          <a-form-item label='{{ i18n "encryption" }}'>
            <a-select v-model="outbound.settings.method" :dropdown-class-name="themeSwitcher.currentTheme">
-              <a-select-option v-for="(method, method_name) in SSMethods" :value="method">[[ method_name ]]</a-select-option>
+              <a-select-option v-for="(method, method_name) in SSMethods" :value="method">[[ method_name
                ]]</a-select-option>
            </a-select>
          </a-form-item>
          <a-form-item label='UDP over TCP'>
@@ -279,7 +315,8 @@
      <!-- stream settings -->
      <template v-if="outbound.canEnableStream()">
        <a-form-item label='{{ i18n "transmission" }}'>
-          <a-select v-model="outbound.stream.network" @change="streamNetworkChange" :dropdown-class-name="themeSwitcher.currentTheme">
+          <a-select v-model="outbound.stream.network" @change="streamNetworkChange"
            :dropdown-class-name="themeSwitcher.currentTheme">
            <a-select-option value="tcp">TCP (RAW)</a-select-option>
            <a-select-option value="kcp">mKCP</a-select-option>
            <a-select-option value="ws">WebSocket</a-select-option>
@@ -290,7 +327,8 @@
        </a-form-item>
        <template v-if="outbound.stream.network === 'tcp'">
          <a-form-item label='HTTP {{ i18n "camouflage" }}'>
-            <a-switch :checked="outbound.stream.tcp.type === 'http'" @change="checked => outbound.stream.tcp.type = checked ? 'http' : 'none'"></a-switch>
+            <a-switch :checked="outbound.stream.tcp.type === 'http'"
              @change="checked => outbound.stream.tcp.type = checked ? 'http' : 'none'"></a-switch>
          </a-form-item>
          <template v-if="outbound.stream.tcp.type == 'http'">
            <a-form-item label='{{ i18n "host" }}'>
@@ -353,7 +391,7 @@
            <a-input-number v-model.number="outbound.stream.ws.heartbeatPeriod" :min="0"></a-input-number>
          </a-form-item>
        </template>
-        
+
        <!-- grpc -->
        <template v-if="outbound.stream.network === 'grpc'">
          <a-form-item label='Service Name'>
@@ -390,7 +428,8 @@
              <a-select-option v-for="key in MODE_OPTION" :value="key">[[ key ]]</a-select-option>
            </a-select>
          </a-form-item>
-          <a-form-item label="No gRPC Header" v-if="outbound.stream.xhttp.mode === 'stream-up' || outbound.stream.xhttp.mode === 'stream-one'">
+          <a-form-item label="No gRPC Header"
            v-if="outbound.stream.xhttp.mode === 'stream-up' || outbound.stream.xhttp.mode === 'stream-one'">
            <a-switch v-model="outbound.stream.xhttp.noGRPCHeader"></a-switch>
          </a-form-item>
          <a-form-item label="Min Upload Interval (Ms)" v-if="outbound.stream.xhttp.mode === 'packet-up'">
@@ -437,7 +476,8 @@
            </a-select>
          </a-form-item>
          <a-form-item label="ALPN">
-            <a-select mode="multiple" :dropdown-class-name="themeSwitcher.currentTheme" v-model="outbound.stream.tls.alpn">
+            <a-select mode="multiple" :dropdown-class-name="themeSwitcher.currentTheme"
              v-model="outbound.stream.tls.alpn">
              <a-select-option v-for="alpn in ALPN_OPTION" :value="alpn">[[ alpn ]]</a-select-option>
            </a-select>
          </a-form-item>
@@ -485,7 +525,8 @@
          </a-select>
        </a-form-item>
        <a-form-item label='Address Port Strategy'>
-          <a-select v-model="outbound.stream.sockopt.addressPortStrategy" :dropdown-class-name="themeSwitcher.currentTheme">
+          <a-select v-model="outbound.stream.sockopt.addressPortStrategy"
            :dropdown-class-name="themeSwitcher.currentTheme">
            <a-select-option v-for="key in Address_Port_Strategy" :value="key">[[ key ]]</a-select-option>
          </a-select>
        </a-form-item>
@@ -501,6 +542,15 @@
        <a-form-item label="Penetrate">
          <a-switch v-model="outbound.stream.sockopt.penetrate"></a-switch>
        </a-form-item>
        <a-form-item label="Trusted X-Forwarded-For">
          <a-select mode="tags" v-model="outbound.stream.sockopt.trustedXForwardedFor" :style="{ width: '100%' }"
            :dropdown-class-name="themeSwitcher.currentTheme">
            <a-select-option value="CF-Connecting-IP">CF-Connecting-IP</a-select-option>
            <a-select-option value="X-Real-IP">X-Real-IP</a-select-option>
            <a-select-option value="True-Client-IP">True-Client-IP</a-select-option>
            <a-select-option value="X-Client-IP">X-Client-IP</a-select-option>
          </a-select>
        </a-form-item>
      </template>
      <!-- mux settings -->
@@ -526,11 +576,12 @@
  </a-tab-pane>
  <a-tab-pane key="2" tab="JSON" force-render="true">
    <a-space direction="vertical" :size="10" :style="{ marginTop: '10px' }">
-      <a-input addon-before='{{ i18n "pages.xray.outbound.link" }}' v-model.trim="outModal.link" placeholder="vmess:// vless:// trojan:// ss://">
+      <a-input addon-before='{{ i18n "pages.xray.outbound.link" }}' v-model.trim="outModal.link"
        placeholder="vmess:// vless:// trojan:// ss://">
        <a-icon slot="addonAfter" type="form" @click="convertLink"></a-icon>
      </a-input>
      <textarea :style="{ position: 'absolute', left: '-800px' }" id="outboundJson"></textarea>
    </a-space>
  </a-tab-pane>
 </a-tabs>
-{{end}}
+{{end}}
--- a/web/html/form/protocol/vless.html
+++ b/web/html/form/protocol/vless.html
@@ -1,29 +1,36 @@
 {{define "form/vless"}}
-<a-collapse activeKey="0" v-for="(client, index) in inbound.settings.vlesses.slice(0,1)" v-if="!isEdit">
+<a-collapse activeKey="0"
  v-for="(client, index) in inbound.settings.vlesses.slice(0,1)" v-if="!isEdit">
  <a-collapse-panel header='{{ i18n "pages.inbounds.client" }}'>
    {{template "form/client"}}
  </a-collapse-panel>
 </a-collapse>
 <a-collapse v-else>
-  <a-collapse-panel :header="'{{ i18n "pages.client.clientCount"}} : ' + inbound.settings.vlesses.length">
+  <a-collapse-panel :header="'{{ i18n "pages.client.clientCount"}} : ' +
    inbound.settings.vlesses.length">
    <table width="100%">
      <tr class="client-table-header">
        <th>{{ i18n "pages.inbounds.email" }}</th>
        <th>ID</th>
      </tr>
-      <tr v-for="(client, index) in inbound.settings.vlesses" :class="index % 2 == 1 ? 'client-table-odd-row' : ''">
+      <tr v-for="(client, index) in inbound.settings.vlesses"
        :class="index % 2 == 1 ? ' client-table-odd-row' : ''">
        <td>[[ client.email ]]</td>
        <td>[[ client.id ]]</td>
      </tr>
    </table>
  </a-collapse-panel>
 </a-collapse>
-<template v-if="!inbound.stream.isTLS || !inbound.stream.isReality">
+<template v-if=" !inbound.stream.isTLS || !inbound.stream.isReality">
-  <a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
+  <a-form :colon="false" :label-col="{ md: {span:8} }"
    :wrapper-col="{ md: {span:14} }">
    <a-form-item label="Authentication">
-      <a-select v-model="inbound.settings.selectedAuth" @change="getNewVlessEnc" :dropdown-class-name="themeSwitcher.currentTheme">
+      <a-select v-model="inbound.settings.selectedAuth" @change="getNewVlessEnc"
-        <a-select-option value="X25519, not Post-Quantum">X25519 (not Post-Quantum)</a-select-option>
+        :dropdown-class-name="themeSwitcher.currentTheme">
-        <a-select-option value="ML-KEM-768, Post-Quantum">ML-KEM-768 (Post-Quantum)</a-select-option>
+        <a-select-option value="X25519, not Post-Quantum">X25519 (not
          Post-Quantum)</a-select-option>
        <a-select-option value="ML-KEM-768, Post-Quantum">ML-KEM-768
          (Post-Quantum)</a-select-option>
      </a-select>
    </a-form-item>
    <a-form-item label="decryption">
@@ -34,22 +41,32 @@
    </a-form-item>
    <a-form-item label=" ">
      <a-space>
-        <a-button type="primary" icon="import" @click="getNewVlessEnc">Get New keys</a-button>
+        <a-button type="primary" icon="import" @click="getNewVlessEnc">Get New
          keys</a-button>
        <a-button danger @click="clearVlessEnc">Clear</a-button>
      </a-space>
    </a-form-item>
  </a-form>
  <a-divider v-if="inbound.settings.selectedAuth"
    :style="{ margin: '5px 0' }"></a-divider>
 </template>
 <template v-if="inbound.isTcp && !inbound.settings.selectedAuth">
-  <a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
+  <a-form :colon="false" :label-col="{ md: {span:8} }"
    :wrapper-col="{ md: {span:14} }">
    <a-form-item label="Fallbacks">
-      <a-button icon="plus" type="primary" size="small" @click="inbound.settings.addFallback()"></a-button>
+      <a-button icon="plus" type="primary" size="small"
        @click="inbound.settings.addFallback()"></a-button>
    </a-form-item>
  </a-form>
  <!-- vless fallbacks -->
-  <a-form v-for="(fallback, index) in inbound.settings.fallbacks" :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
+  <a-form v-for="(fallback, index) in inbound.settings.fallbacks" :colon="false"
-    <a-divider :style="{ margin: '0' }"> Fallback [[ index + 1 ]] <a-icon type="delete" @click="() => inbound.settings.delFallback(index)" :style="{ color: 'rgb(255, 77, 79)', cursor: 'pointer' }"></a-icon>
+    :label-col="{ md: {span:8} }"
    :wrapper-col="{ md: {span:14} }">
    <a-divider :style="{ margin: '0' }"> Fallback [[ index + 1 ]] <a-icon
        type="delete"
        @click="() => inbound.settings.delFallback(index)"
        :style="{ color: 'rgb(255, 77, 79)', cursor: 'pointer' }"></a-icon>
    </a-divider>
    <a-form-item label='SNI'>
      <a-input v-model="fallback.name"></a-input>
@@ -64,9 +81,56 @@
      <a-input v-model="fallback.dest"></a-input>
    </a-form-item>
    <a-form-item label='xVer'>
-      <a-input-number v-model.number="fallback.xver" :min="0" :max="2"></a-input-number>
+      <a-input-number v-model.number="fallback.xver" :min="0"
        :max="2"></a-input-number>
    </a-form-item>
  </a-form>
  <a-divider :style="{ margin: '5px 0' }"></a-divider>
 </template>
-{{end}}
+<template v-if="inbound.canEnableVisionSeed()">
  <a-form :colon="false" :label-col="{ md: {span:8} }"
    :wrapper-col="{ md: {span:14} }">
    <a-form-item label="Vision Seed">
      <a-row :gutter="8">
        <a-col :span="6">
          <a-input-number
            :value="(inbound.settings.testseed && inbound.settings.testseed[0] !== undefined) ? inbound.settings.testseed[0] : 900"
            @change="(val) => updateTestseed(0, val)" :min="0" :max="9999"
            :style="{ width: '100%' }"
            placeholder="900" addon-before="[0]"></a-input-number>
        </a-col>
        <a-col :span="6">
          <a-input-number
            :value="(inbound.settings.testseed && inbound.settings.testseed[1] !== undefined) ? inbound.settings.testseed[1] : 500"
            @change="(val) => updateTestseed(1, val)" :min="0" :max="9999"
            :style="{ width: '100%' }"
            placeholder="500" addon-before="[1]"></a-input-number>
        </a-col>
        <a-col :span="6">
          <a-input-number
            :value="(inbound.settings.testseed && inbound.settings.testseed[2] !== undefined) ? inbound.settings.testseed[2] : 900"
            @change="(val) => updateTestseed(2, val)" :min="0" :max="9999"
            :style="{ width: '100%' }"
            placeholder="900" addon-before="[2]"></a-input-number>
        </a-col>
        <a-col :span="6">
          <a-input-number
            :value="(inbound.settings.testseed && inbound.settings.testseed[3] !== undefined) ? inbound.settings.testseed[3] : 256"
            @change="(val) => updateTestseed(3, val)" :min="0" :max="9999"
            :style="{ width: '100%' }"
            placeholder="256" addon-before="[3]"></a-input-number>
        </a-col>
      </a-row>
      <a-space :size="8" :style="{ marginTop: '8px' }">
        <a-button type="primary" @click="setRandomTestseed">
          Rand
        </a-button>
        <a-button @click="resetTestseed">
          Reset
        </a-button>
      </a-space>
    </a-form-item>
  </a-form>
  <a-divider :style="{ margin: '5px 0' }"></a-divider>
 </template>
 {{end}}
--- a/web/html/form/reality_settings.html
+++ b/web/html/form/reality_settings.html
@@ -12,10 +12,26 @@
            <a-select-option v-for="key in UTLS_FINGERPRINT" :value="key">[[ key ]]</a-select-option>
        </a-select>
    </a-form-item>
-    <a-form-item label='Target'>
+    <a-form-item>
        <template slot="label">
            <a-tooltip>
                <template slot="title">
                    <span>{{ i18n "reset" }}</span>
                </template> Target <a-icon @click="randomizeRealityTarget()"
                    type="sync"></a-icon>
            </a-tooltip>
        </template>
        <a-input v-model.trim="inbound.stream.reality.target"></a-input>
    </a-form-item>
-    <a-form-item label='SNI'>
+    <a-form-item>
        <template slot="label">
            <a-tooltip>
                <template slot="title">
                    <span>{{ i18n "reset" }}</span>
                </template> SNI <a-icon @click="randomizeRealityTarget()"
                    type="sync"></a-icon>
            </a-tooltip>
        </template>
        <a-input v-model.trim="inbound.stream.reality.serverNames"></a-input>
    </a-form-item>
    <a-form-item label='Max Time Diff (ms)'>
--- a/web/html/form/stream/external_proxy.html
+++ b/web/html/form/stream/external_proxy.html
@@ -3,12 +3,14 @@
  <a-divider :style="{ margin: '5px 0 0' }"></a-divider>
  <a-form-item label="External Proxy">
    <a-switch v-model="externalProxy"></a-switch>
-    <a-button icon="plus" v-if="externalProxy" type="primary" :style="{ marginLeft: '10px' }" size="small" @click="inbound.stream.externalProxy.push({forceTls: 'same', dest: '', port: 443, remark: ''})"></a-button>
+    <a-button icon="plus" v-if="externalProxy" type="primary" :style="{ marginLeft: '10px' }" size="small"
      @click="inbound.stream.externalProxy.push({forceTls: 'same', dest: '', port: 443, remark: ''})"></a-button>
  </a-form-item>
  <a-input-group :style="{ margin: '8px 0' }" compact v-for="(row, index) in inbound.stream.externalProxy">
    <template>
      <a-tooltip title="Force TLS">
-        <a-select v-model="row.forceTls" :style="{ width: '20%', margin: '0px' }" :dropdown-class-name="themeSwitcher.currentTheme">
+        <a-select v-model="row.forceTls" :style="{ width: '20%', margin: '0px' }"
          :dropdown-class-name="themeSwitcher.currentTheme">
          <a-select-option value="same">{{ i18n "pages.inbounds.same" }}</a-select-option>
          <a-select-option value="none">{{ i18n "none" }}</a-select-option>
          <a-select-option value="tls">TLS</a-select-option>
@@ -17,7 +19,7 @@
    </template>
    <a-input :style="{ width: '30%' }" v-model.trim="row.dest" placeholder='{{ i18n "host" }}'></a-input>
    <a-tooltip title='{{ i18n "pages.inbounds.port" }}'>
-      <a-input-number :style="{ width: '15%' }" v-model.number="row.port" min="1" max="65531"></a-input-number>
+      <a-input-number :style="{ width: '15%' }" v-model.number="row.port" min="1" max="65535"></a-input-number>
    </a-tooltip>
    <a-input :style="{ width: '30%', top: '0' }" v-model.trim="row.remark" placeholder='{{ i18n "remark" }}'>
      <template slot="addonAfter">
@@ -26,4 +28,4 @@
    </a-input>
  </a-input-group>
 </a-form>
-{{end}}
+{{end}}
--- a/web/html/form/stream/stream_sockopt.html
+++ b/web/html/form/stream/stream_sockopt.html
@@ -61,6 +61,15 @@
        <a-form-item label="Interface Name">
            <a-input v-model="inbound.stream.sockopt.interfaceName"></a-input>
        </a-form-item>
        <a-form-item label="Trusted X-Forwarded-For">
            <a-select mode="tags" v-model="inbound.stream.sockopt.trustedXForwardedFor" :style="{ width: '100%' }"
                :dropdown-class-name="themeSwitcher.currentTheme">
                <a-select-option value="CF-Connecting-IP">CF-Connecting-IP</a-select-option>
                <a-select-option value="X-Real-IP">X-Real-IP</a-select-option>
                <a-select-option value="True-Client-IP">True-Client-IP</a-select-option>
                <a-select-option value="X-Client-IP">X-Client-IP</a-select-option>
            </a-select>
        </a-form-item>
    </template>
 </a-form>
 {{end}}
--- a/web/html/form/tls_settings.html
+++ b/web/html/form/tls_settings.html
@@ -60,16 +60,20 @@
    <a-form-item label="VerifyPeerCertInNames">
      <a-input v-model.trim="inbound.stream.tls.verifyPeerCertInNames"></a-input>
    </a-form-item>
    <a-divider :style="{ margin: '3px 0' }"></a-divider>
    <template v-for="cert,index in inbound.stream.tls.certs">
      <a-form-item label='{{ i18n "certificate" }}'>
-        <a-radio-group v-model="cert.useFile" button-style="solid">
+        <a-radio-group v-model="cert.useFile" button-style="solid" :style="{ display: 'inline-flex', whiteSpace: 'nowrap', maxWidth: '100%' }">
-          <a-radio-button :value="true">{{ i18n "pages.inbounds.certificatePath" }}</a-radio-button>
+          <a-radio-button :value="true" :style="{ overflow: 'hidden', textOverflow: 'ellipsis', whiteSpace: 'nowrap' }">{{ i18n "pages.inbounds.certificatePath" }}</a-radio-button>
-          <a-radio-button :value="false">{{ i18n "pages.inbounds.certificateContent" }}</a-radio-button>
+          <a-radio-button :value="false" :style="{ overflow: 'hidden', textOverflow: 'ellipsis', whiteSpace: 'nowrap' }">{{ i18n "pages.inbounds.certificateContent" }}</a-radio-button>
        </a-radio-group>
-        <a-button icon="plus" v-if="index === 0" type="primary" size="small" @click="inbound.stream.tls.addCert()"
+      </a-form-item>
-          :style="{ marginLeft: '10px' }"></a-button>
+      <a-form-item label=" ">
-        <a-button icon="minus" v-if="inbound.stream.tls.certs.length>1" type="primary" size="small"
+        <a-space>
-          @click="inbound.stream.tls.removeCert(index)" :style="{ marginLeft: '10px' }"></a-button>
+          <a-button icon="plus" v-if="index === 0" type="primary" size="small" @click="inbound.stream.tls.addCert()"></a-button>
          <a-button icon="minus" v-if="inbound.stream.tls.certs.length>1" type="primary" size="small"
            @click="inbound.stream.tls.removeCert(index)"></a-button>
        </a-space>
      </a-form-item>
      <template v-if="cert.useFile">
        <a-form-item label='{{ i18n "pages.inbounds.publicKey" }}'>
--- a/web/html/inbounds.html
+++ b/web/html/inbounds.html
@@ -384,15 +384,12 @@
                    </template>
                    <template slot="expiryTime" slot-scope="text, dbInbound">
                      <a-popover v-if="dbInbound.expiryTime > 0" :overlay-class-name="themeSwitcher.currentTheme">
-                        <template slot="content" v-if="app.datepicker === 'gregorian'">
+                        <template slot="content">
-                          [[ DateUtil.formatMillis(dbInbound.expiryTime) ]]
+                          [[ IntlUtil.formatDate(dbInbound.expiryTime) ]]
                        </template>
                        <template v-else slot="content">
                          [[ DateUtil.convertToJalalian(moment(dbInbound.expiryTime)) ]]
                        </template>
                        <a-tag :style="{ minWidth: '50px' }"
                          :color="ColorUtils.usageColor(new Date().getTime(), app.expireDiff, dbInbound._expiryTime)">
-                          [[ remainedDays(dbInbound._expiryTime) ]]
+                          [[ IntlUtil.formatRelativeTime(dbInbound.expiryTime) ]]
                        </a-tag>
                      </a-popover>
                      <a-tag v-else color="purple" class="infinite-tag">
@@ -549,12 +546,7 @@
                              <td>
                                <a-tag :style="{ minWidth: '50px', textAlign: 'center' }"
                                  v-if="dbInbound.expiryTime > 0" :color="dbInbound.isExpiry? 'red': 'blue'">
-                                  <template v-if="app.datepicker === 'gregorian'">
+                                  [[ IntlUtil.formatDate(dbInbound.expiryTime) ]]
                                    [[ DateUtil.formatMillis(dbInbound.expiryTime) ]]
                                  </template>
                                  <template v-else>
                                    [[ DateUtil.convertToJalalian(moment(dbInbound.expiryTime)) ]]
                                  </template>
                                </a-tag>
                                <a-tag v-else :style="{ textAlign: 'center' }" color="purple" class="infinite-tag">
                                  <svg height="10px" width="14px" viewBox="0 0 640 512" fill="currentColor">
@@ -602,6 +594,7 @@
 {{template "page/body_scripts" .}}
 <script src="{{ .base_path }}assets/qrcode/qrious2.min.js?{{ .cur_ver }}"></script>
 <script src="{{ .base_path }}assets/uri/URI.min.js?{{ .cur_ver }}"></script>
 <script src="{{ .base_path }}assets/js/model/reality_targets.js?{{ .cur_ver }}"></script>
 <script src="{{ .base_path }}assets/js/model/inbound.js?{{ .cur_ver }}"></script>
 <script src="{{ .base_path }}assets/js/model/dbinbound.js?{{ .cur_ver }}"></script>
 {{template "component/aSidebar" .}}
@@ -1135,8 +1128,11 @@
      },
      openEditClient(dbInboundId, client) {
        dbInbound = this.dbInbounds.find(row => row.id === dbInboundId);
        if (!dbInbound) return;
        clients = this.getInboundClients(dbInbound);
        if (!clients || !Array.isArray(clients)) return;
        index = this.findIndexOfClient(dbInbound.protocol, clients, client);
        if (index < 0) return;
        clientModal.show({
          title: '{{ i18n "pages.client.edit"}}',
          okText: '{{ i18n "pages.client.submitEdit"}}',
@@ -1151,11 +1147,14 @@
        });
      },
      findIndexOfClient(protocol, clients, client) {
        if (!clients || !Array.isArray(clients) || !client) {
          return -1;
        }
        switch (protocol) {
          case Protocols.TROJAN:
          case Protocols.SHADOWSOCKS:
-            return clients.findIndex(item => item.password === client.password && item.email === client.email);
+            return clients.findIndex(item => item && item.password === client.password && item.email === client.email);
-          default: return clients.findIndex(item => item.id === client.id && item.email === client.email);
+          default: return clients.findIndex(item => item && item.id === client.id && item.email === client.email);
        }
      },
      async addClient(clients, dbInboundId, modal) {
@@ -1278,11 +1277,15 @@
      },
      showInfo(dbInboundId, client) {
        dbInbound = this.dbInbounds.find(row => row.id === dbInboundId);
        if (!dbInbound) return;
        index = 0;
        if (dbInbound.isMultiUser()) {
          inbound = dbInbound.toInbound();
-          clients = inbound.clients;
+          clients = inbound && inbound.clients ? inbound.clients : null;
-          index = this.findIndexOfClient(dbInbound.protocol, clients, client);
+          if (clients && Array.isArray(clients)) {
            index = this.findIndexOfClient(dbInbound.protocol, clients, client);
            if (index < 0) index = 0;
          }
        }
        newDbInbound = this.checkFallback(dbInbound);
        infoModal.show(newDbInbound, index);
@@ -1295,9 +1298,12 @@
      async switchEnableClient(dbInboundId, client) {
        this.loading()
        dbInbound = this.dbInbounds.find(row => row.id === dbInboundId);
        if (!dbInbound) return;
        inbound = dbInbound.toInbound();
-        clients = inbound.clients;
+        clients = inbound && inbound.clients ? inbound.clients : null;
        if (!clients || !Array.isArray(clients)) return;
        index = this.findIndexOfClient(dbInbound.protocol, clients, client);
        if (index < 0 || !clients[index]) return;
        clients[index].enable = !clients[index].enable;
        clientId = this.getClientId(dbInbound.protocol, clients[index]);
        await this.updateClient(clients[index], dbInboundId, clientId);
@@ -1310,7 +1316,9 @@
        }
      },
      getInboundClients(dbInbound) {
-        return dbInbound.toInbound().clients;
+        if (!dbInbound) return null;
        const inbound = dbInbound.toInbound();
        return inbound && inbound.clients ? inbound.clients : null;
      },
      resetClientTraffic(client, dbInboundId, confirmation = true) {
        if (confirmation) {
@@ -1406,13 +1414,6 @@
        if (remainedSeconds >= resetSeconds) return 0;
        return 100 * (1 - (remainedSeconds / resetSeconds));
      },
      remainedDays(expTime) {
        if (expTime == 0) return null;
        if (expTime < 0) return TimeFormatter.formatSecond(expTime / -1000);
        now = new Date().getTime();
        if (expTime < now) return '{{ i18n "depleted" }}';
        return TimeFormatter.formatSecond((expTime - now) / 1000);
      },
      statsExpColor(dbInbound, email) {
        if (email.length == 0) return '#7a316f';
        clientStats = dbInbound.clientStats.find(stats => stats.email === email);
@@ -1457,10 +1458,12 @@
      formatLastOnline(email) {
        const ts = this.getLastOnline(email)
        if (!ts) return '-'
-        if (this.datepicker === 'gregorian') {
+        // Check if IntlUtil is available (may not be loaded yet)
-          return DateUtil.formatMillis(ts)
+        if (typeof IntlUtil !== 'undefined' && IntlUtil.formatDate) {
          return IntlUtil.formatDate(ts)
        }
-        return DateUtil.convertToJalalian(moment(ts))
+        // Fallback to simple date formatting if IntlUtil is not available
        return new Date(ts).toLocaleString()
      },
      isRemovable(dbInboundId) {
        return this.getInboundClients(this.dbInbounds.find(row => row.id === dbInboundId)).length > 1;
@@ -1584,13 +1587,88 @@
      }
      this.loading();
      this.getDefaultSettings();
-      if (this.isRefreshEnabled) {
+      
-        this.startDataRefreshLoop();
+      // Initial data fetch
      this.getDBInbounds().then(() => {
        this.loading(false);
      });
      // Setup WebSocket for real-time updates
      if (window.wsClient) {
        window.wsClient.connect();
        // Listen for inbounds updates
        window.wsClient.on('inbounds', (payload) => {
          if (payload && Array.isArray(payload)) {
            // Use setInbounds to properly convert to DBInbound objects with methods
            this.setInbounds(payload);
            this.searchInbounds(this.searchKey);
          }
        });
        // Listen for traffic updates
        window.wsClient.on('traffic', (payload) => {
          if (payload && payload.clientTraffics && Array.isArray(payload.clientTraffics)) {
            // Update client traffic statistics
            payload.clientTraffics.forEach(clientTraffic => {
              const dbInbound = this.dbInbounds.find(ib => {
                if (!ib) return false;
                const clients = this.getInboundClients(ib);
                return clients && Array.isArray(clients) && clients.some(c => c && c.email === clientTraffic.email);
              });
              if (dbInbound && dbInbound.clientStats && Array.isArray(dbInbound.clientStats)) {
                const stats = dbInbound.clientStats.find(s => s && s.email === clientTraffic.email);
                if (stats) {
                  stats.up = clientTraffic.up || stats.up;
                  stats.down = clientTraffic.down || stats.down;
                  stats.total = clientTraffic.total || stats.total;
                }
              }
            });
          }
          // Update online clients list in real-time
          if (payload && Array.isArray(payload.onlineClients)) {
            this.onlineClients = payload.onlineClients;
            // Recalculate client counts to update online status
            this.dbInbounds.forEach(dbInbound => {
              const inbound = this.inbounds.find(ib => ib.id === dbInbound.id);
              if (inbound && this.clientCount[dbInbound.id]) {
                this.clientCount[dbInbound.id] = this.getClientCounts(dbInbound, inbound);
              }
            });
          }
          // Update last online map in real-time
          if (payload && payload.lastOnlineMap && typeof payload.lastOnlineMap === 'object') {
            this.lastOnlineMap = { ...this.lastOnlineMap, ...payload.lastOnlineMap };
          }
        });
        // Notifications disabled - white notifications are not needed
        // Fallback to polling if WebSocket fails
        window.wsClient.on('error', () => {
          console.warn('WebSocket connection failed, falling back to polling');
          if (this.isRefreshEnabled) {
            this.startDataRefreshLoop();
          }
        });
        window.wsClient.on('disconnected', () => {
          if (window.wsClient.reconnectAttempts >= window.wsClient.maxReconnectAttempts) {
            console.warn('WebSocket reconnection failed, falling back to polling');
            if (this.isRefreshEnabled) {
              this.startDataRefreshLoop();
            }
          }
        });
      } else {
        // Fallback to polling if WebSocket is not available
        if (this.isRefreshEnabled) {
          this.startDataRefreshLoop();
        }
      }
      else {
        this.getDBInbounds();
      }
      this.loading(false);
    },
    computed: {
      total() {
--- a/web/html/index.html
+++ b/web/html/index.html
@@ -846,7 +846,7 @@
          formattedLogs += `
 <tr ${outboundColor}>
-    <td><b>${new Date(log.DateTime).toLocaleString()}</b></td>
+    <td><b>${IntlUtil.formatDate(log.DateTime)}</b></td>
    <td>${log.FromAddress}</td>
    <td>${log.ToAddress}</td>
    <td>${log.Inbound}</td>
@@ -1102,6 +1102,20 @@
        });
        fileInput.click();
      },
      startPolling() {
        // Fallback polling mechanism
        const pollInterval = setInterval(async () => {
          if (window.wsClient && window.wsClient.isConnected) {
            clearInterval(pollInterval);
            return;
          }
          try {
            await this.getStatus();
          } catch (e) {
            console.error(e);
          }
        }, 2000);
      },
    },
    async mounted() {
      if (window.location.protocol !== "https:") {
@@ -1113,13 +1127,57 @@
        this.ipLimitEnable = msg.obj.ipLimitEnable;
      }
-      while (true) {
+      // Initial status fetch
-        try {
+      await this.getStatus();
-          await this.getStatus();
+
-        } catch (e) {
+      // Setup WebSocket for real-time updates
-          console.error(e);
+      if (window.wsClient) {
-        }
+        window.wsClient.connect();
-        await PromiseUtil.sleep(2000);
+        
        // Listen for status updates
        window.wsClient.on('status', (payload) => {
          this.setStatus(payload);
        });
        // Listen for Xray state changes
        window.wsClient.on('xray_state', (payload) => {
          if (this.status && this.status.xray) {
            this.status.xray.state = payload.state;
            this.status.xray.errorMsg = payload.errorMsg || '';
            switch (payload.state) {
              case 'running':
                this.status.xray.color = "green";
                this.status.xray.stateMsg = '{{ i18n "pages.index.xrayStatusRunning" }}';
                break;
              case 'stop':
                this.status.xray.color = "orange";
                this.status.xray.stateMsg = '{{ i18n "pages.index.xrayStatusStop" }}';
                break;
              case 'error':
                this.status.xray.color = "red";
                this.status.xray.stateMsg = '{{ i18n "pages.index.xrayStatusError" }}';
                break;
            }
          }
        });
        // Notifications disabled - white notifications are not needed
        // Fallback to polling if WebSocket fails
        window.wsClient.on('error', () => {
          console.warn('WebSocket connection failed, falling back to polling');
          this.startPolling();
        });
        window.wsClient.on('disconnected', () => {
          if (window.wsClient.reconnectAttempts >= window.wsClient.maxReconnectAttempts) {
            console.warn('WebSocket reconnection failed, falling back to polling');
            this.startPolling();
          }
        });
      } else {
        // Fallback to polling if WebSocket is not available
        this.startPolling();
      }
    },
  });
--- a/web/html/login.html
+++ b/web/html/login.html
@@ -4,7 +4,7 @@
 {{ template "page/body_start" .}}
 <a-layout id="app" v-cloak :class="themeSwitcher.currentTheme + ' login-app'">
  <transition name="list" appear>
-  <a-layout-content class="under min-h-0">
+    <a-layout-content class="under min-h-0">
      <div class="waves-header">
        <div class="waves-inner-header"></div>
        <svg class="waves" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
@@ -20,7 +20,7 @@
          </g>
        </svg>
      </div>
-  <a-row type="flex" justify="center" align="middle" class="h-100 overflow-y-auto overflow-x-hidden">
+      <a-row type="flex" justify="center" align="middle" class="h-100 overflow-y-auto overflow-x-hidden">
        <a-col :xs="22" :sm="12" :md="10" :lg="8" :xl="6" :xxl="5" id="login" class="my-3rem">
          <template v-if="!loadingStates.fetched">
            <div class="text-center">
@@ -35,8 +35,8 @@
                  <a-space direction="vertical" :size="10">
                    <a-theme-switch-login></a-theme-switch-login>
                    <span>{{ i18n "pages.settings.language" }}</span>
-                    <a-select ref="selectLang" class="w-100" v-model="lang"
+                    <a-select ref="selectLang" class="w-100" v-model="lang" @change="LanguageManager.setLanguage(lang)"
-                      @change="LanguageManager.setLanguage(lang)" :dropdown-class-name="themeSwitcher.currentTheme">
+                      :dropdown-class-name="themeSwitcher.currentTheme">
                      <a-select-option :value="l.value" label="English" v-for="l in LanguageManager.supportedLanguages">
                        <span role="img" aria-label="l.name" v-text="l.icon"></span>
                        &nbsp;&nbsp;<span v-text="l.name"></span>
@@ -68,7 +68,7 @@
                      </a-input>
                    </a-form-item>
                    <a-form-item>
-                      <a-input-password autocomplete="password" name="password" v-model.trim="user.password"
+                      <a-input-password autocomplete="current-password" name="password" v-model.trim="user.password"
                        placeholder='{{ i18n "password" }}' required>
                        <a-icon slot="prefix" type="lock" class="fs-1rem"></a-icon>
                      </a-input-password>
@@ -81,7 +81,8 @@
                    </a-form-item>
                    <a-form-item>
                      <a-row justify="center" class="centered">
-                        <div class="wave-btn-bg wave-btn-bg-cl h-50px mt-1rem" :style="loadingStates.spinning ? 'width: 52px' : 'display: inline-block'">
+                        <div class="wave-btn-bg wave-btn-bg-cl h-50px mt-1rem"
                          :style="loadingStates.spinning ? 'width: 52px' : 'display: inline-block'">
                          <a-button class="ant-btn-primary-login" type="primary" :loading="loadingStates.spinning"
                            :icon="loadingStates.spinning ? 'poweroff' : undefined" html-type="submit">
                            [[ loadingStates.spinning ? '' : '{{ i18n "login" }}' ]]
@@ -107,17 +108,11 @@
    el: '#app',
    data: {
      themeSwitcher,
-      loadingStates: {
+      loadingStates: { fetched: false, spinning: false },
-        fetched: false,
+      user: { username: "", password: "", twoFactorCode: "" },
        spinning: false
      },
      user: {
        username: "",
        password: "",
        twoFactorCode: ""
      },
      twoFactorEnable: false,
-      lang: ""
+      lang: "",
      animationStarted: false
    },
    async mounted() {
      this.lang = LanguageManager.getLanguage();
@@ -126,65 +121,52 @@
    methods: {
      async login() {
        this.loadingStates.spinning = true;
        const msg = await HttpUtil.post('/login', this.user);
        if (msg.success) {
          location.href = basePath + 'panel/';
        }
        this.loadingStates.spinning = false;
      },
      async getTwoFactorEnable() {
        const msg = await HttpUtil.post('/getTwoFactorEnable');
        if (msg.success) {
          this.twoFactorEnable = msg.obj;
          this.loadingStates.fetched = true;
-
+          this.$nextTick(() => {
            if (!this.animationStarted) {
              this.animationStarted = true;
              this.initHeadline();
            }
          });
          return msg.obj;
        }
      },
      initHeadline() {
        const animationDelay = 2000;
        const headlines = this.$el.querySelectorAll('.headline');
        headlines.forEach((headline) => {
          const first = headline.querySelector('.is-visible');
          if (!first) return;
          setTimeout(() => this.hideWord(first, animationDelay), animationDelay);
        });
      },
      hideWord(word, delay) {
        const nextWord = this.takeNext(word);
        this.switchWord(word, nextWord);
        setTimeout(() => this.hideWord(nextWord, delay), delay);
      },
      takeNext(word) {
        return word.nextElementSibling || word.parentElement.firstElementChild;
      },
      switchWord(oldWord, newWord) {
        oldWord.classList.remove('is-visible');
        oldWord.classList.add('is-hidden');
        newWord.classList.remove('is-hidden');
        newWord.classList.add('is-visible');
      }
    },
  });
  document.addEventListener("DOMContentLoaded", function () {
    var animationDelay = 2000;
    initHeadline();
    function initHeadline() {
      animateHeadline(document.querySelectorAll('.headline'));
    }
    function animateHeadline(headlines) {
      var duration = animationDelay;
      headlines.forEach(function (headline) {
        setTimeout(function () {
          hideWord(headline.querySelector('.is-visible'));
        }, duration);
      });
    }
    function hideWord(word) {
      var nextWord = takeNext(word);
      switchWord(word, nextWord);
      setTimeout(function () {
        hideWord(nextWord);
      }, animationDelay);
    }
    function takeNext(word) {
      return word.nextElementSibling ? word.nextElementSibling : word.parentElement.firstElementChild;
    }
    function switchWord(oldWord, newWord) {
      oldWord.classList.remove('is-visible');
      oldWord.classList.add('is-hidden');
      newWord.classList.remove('is-hidden');
      newWord.classList.add('is-visible');
    }
  });
  const pm_input_selector = 'input.ant-input, textarea.ant-input';
  const pm_strip_props = [
    'background',
@@ -260,4 +242,4 @@
    pm_init();
  }
 </script>
-{{ template "page/body_end" .}}
+{{ template "page/body_end" .}}
--- a/web/html/modals/inbound_info_modal.html
+++ b/web/html/modals/inbound_info_modal.html
@@ -199,12 +199,7 @@
          <td>{{ i18n "pages.inbounds.createdAt" }}</td>
          <td>
            <template v-if="infoModal.clientSettings && infoModal.clientSettings.created_at">
-              <template v-if="app.datepicker === 'gregorian'">
+              <a-tag>[[ IntlUtil.formatDate(infoModal.clientSettings.created_at) ]]</a-tag>
                <a-tag>[[ DateUtil.formatMillis(infoModal.clientSettings.created_at) ]]</a-tag>
              </template>
              <template v-else>
                <a-tag>[[ DateUtil.convertToJalalian(moment(infoModal.clientSettings.created_at)) ]]</a-tag>
              </template>
            </template>
            <template v-else>
              <a-tag>-</a-tag>
@@ -215,12 +210,7 @@
          <td>{{ i18n "pages.inbounds.updatedAt" }}</td>
          <td>
            <template v-if="infoModal.clientSettings && infoModal.clientSettings.updated_at">
-              <template v-if="app.datepicker === 'gregorian'">
+              <a-tag>[[ IntlUtil.formatDate(infoModal.clientSettings.updated_at) ]]</a-tag>
                <a-tag>[[ DateUtil.formatMillis(infoModal.clientSettings.updated_at) ]]</a-tag>
              </template>
              <template v-else>
                <a-tag>[[ DateUtil.convertToJalalian(moment(infoModal.clientSettings.updated_at)) ]]</a-tag>
              </template>
            </template>
            <template v-else>
              <a-tag>-</a-tag>
@@ -282,12 +272,7 @@
          <td>
            <template v-if="infoModal.clientSettings.expiryTime > 0">
              <a-tag :color="ColorUtils.usageColor(new Date().getTime(), app.expireDiff, infoModal.clientSettings.expiryTime)"> 
-                <template v-if="app.datepicker === 'gregorian'">
+                [[ IntlUtil.formatDate(infoModal.clientSettings.expiryTime) ]]
                  [[ DateUtil.formatMillis(infoModal.clientSettings.expiryTime) ]]
                </template>
                <template v-else>
                  [[ DateUtil.convertToJalalian(moment(infoModal.clientSettings.expiryTime)) ]]
                </template>
              </a-tag>
            </template>
            <a-tag v-else-if="infoModal.clientSettings.expiryTime < 0" color="green">[[ infoModal.clientSettings.expiryTime / -86400000 ]] {{ i18n "pages.client.days" }}
--- a/web/html/modals/inbound_modal.html
+++ b/web/html/modals/inbound_modal.html
@@ -6,7 +6,8 @@
 </a-modal>
 <script>
-    const inModal = {
+    // Make inModal globally available to ensure it works with any base path
    const inModal = window.inModal = {
        title: '',
        visible: false,
        confirmLoading: false,
@@ -26,6 +27,14 @@
            } else {
                this.inbound = new Inbound();
            }
            // Always ensure testseed is initialized for VLESS protocol (even if vision flow is not set yet)
            // This ensures Vue reactivity works properly
            if (this.inbound.protocol === Protocols.VLESS && this.inbound.settings) {
                if (!this.inbound.settings.testseed || !Array.isArray(this.inbound.settings.testseed) || this.inbound.settings.testseed.length < 4) {
                    // Create a new array to ensure Vue reactivity
                    this.inbound.settings.testseed = [900, 500, 900, 256].slice();
                }
            }
            if (dbInbound) {
                this.dbInbound = new DBInbound(dbInbound);
            } else {
@@ -42,9 +51,43 @@
        loading(loading = true) {
            inModal.confirmLoading = loading;
        },
        // Vision Seed methods - always available regardless of Vue context
        updateTestseed(index, value) {
            // Use inModal.inbound explicitly to ensure correct context
            if (!inModal.inbound || !inModal.inbound.settings) return;
            // Ensure testseed is initialized
            if (!inModal.inbound.settings.testseed || !Array.isArray(inModal.inbound.settings.testseed)) {
                inModal.inbound.settings.testseed = [900, 500, 900, 256];
            }
            // Ensure array has enough elements
            while (inModal.inbound.settings.testseed.length <= index) {
                inModal.inbound.settings.testseed.push(0);
            }
            // Update value
            inModal.inbound.settings.testseed[index] = value;
        },
        setRandomTestseed() {
            // Use inModal.inbound explicitly to ensure correct context
            if (!inModal.inbound || !inModal.inbound.settings) return;
            // Ensure testseed is initialized
            if (!inModal.inbound.settings.testseed || !Array.isArray(inModal.inbound.settings.testseed) || inModal.inbound.settings.testseed.length < 4) {
                inModal.inbound.settings.testseed = [900, 500, 900, 256].slice();
            }
            // Create new array with random values
            inModal.inbound.settings.testseed = [Math.floor(Math.random()*1000), Math.floor(Math.random()*1000), Math.floor(Math.random()*1000), Math.floor(Math.random()*1000)];
        },
        resetTestseed() {
            // Use inModal.inbound explicitly to ensure correct context
            if (!inModal.inbound || !inModal.inbound.settings) return;
            // Reset testseed to default values
            inModal.inbound.settings.testseed = [900, 500, 900, 256].slice();
        }
    };
-    new Vue({
+    // Store Vue instance globally to ensure methods are always accessible
    let inboundModalVueInstance = null;
    inboundModalVueInstance = new Vue({
        delimiters: ['[[', ']]'],
        el: '#inbound-modal',
        data: {
@@ -60,7 +103,7 @@
                return inModal.isEdit;
            },
            get client() {
-                return inModal.inbound.clients[0];
+                return inModal.inbound && inModal.inbound.clients && inModal.inbound.clients.length > 0 ? inModal.inbound.clients[0] : null;
            },
            get datepicker() {
                return app.datepicker;
@@ -87,6 +130,28 @@
                }
            }
        },
        watch: {
            'inModal.inbound.stream.security'(newVal, oldVal) {
                // Clear flow when security changes from reality/tls to none
                if (inModal.inbound.protocol == Protocols.VLESS && !inModal.inbound.canEnableTlsFlow()) {
                    inModal.inbound.settings.vlesses.forEach(client => {
                        client.flow = "";
                    });
                }
            },
            // Ensure testseed is always initialized when vision flow is enabled
            'inModal.inbound.settings.vlesses': {
                handler() {
                    if (inModal.inbound.protocol === Protocols.VLESS && inModal.inbound.settings && inModal.inbound.settings.vlesses) {
                        const hasVisionFlow = inModal.inbound.settings.vlesses.some(c => c.flow === 'xtls-rprx-vision' || c.flow === 'xtls-rprx-vision-udp443');
                        if (hasVisionFlow && (!inModal.inbound.settings.testseed || !Array.isArray(inModal.inbound.settings.testseed) || inModal.inbound.settings.testseed.length < 4)) {
                            inModal.inbound.settings.testseed = [900, 500, 900, 256];
                        }
                    }
                },
                deep: true
            }
        },
        methods: {
            streamNetworkChange() {
                if (!inModal.inbound.canEnableTls()) {
@@ -158,6 +223,13 @@
                this.inbound.stream.reality.mldsa65Seed = '';
                this.inbound.stream.reality.settings.mldsa65Verify = '';
            },
            randomizeRealityTarget() {
                if (typeof getRandomRealityTarget !== 'undefined') {
                    const randomTarget = getRandomRealityTarget();
                    this.inbound.stream.reality.target = randomTarget.target;
                    this.inbound.stream.reality.serverNames = randomTarget.sni;
                }
            },
            async getNewEchCert() {
                inModal.loading(true);
                const msg = await HttpUtil.post('/panel/api/server/getNewEchCert', { sni: inModal.inbound.stream.tls.sni });
@@ -197,8 +269,29 @@
                this.inbound.settings.decryption = 'none';
                this.inbound.settings.encryption = 'none';
                this.inbound.settings.selectedAuth = undefined;
            },
            // Vision Seed methods - must be in Vue methods for proper binding
            updateTestseed(index, value) {
                // Ensure testseed is initialized
                if (!this.inbound.settings.testseed || !Array.isArray(this.inbound.settings.testseed)) {
                    this.$set(this.inbound.settings, 'testseed', [900, 500, 900, 256]);
                }
                // Ensure array has enough elements
                while (this.inbound.settings.testseed.length <= index) {
                    this.inbound.settings.testseed.push(0);
                }
                // Update value using Vue.set for reactivity
                this.$set(this.inbound.settings.testseed, index, value);
            },
            setRandomTestseed() {
                // Create new array with random values and use Vue.set for reactivity
                const newSeed = [Math.floor(Math.random()*1000), Math.floor(Math.random()*1000), Math.floor(Math.random()*1000), Math.floor(Math.random()*1000)];
                this.$set(this.inbound.settings, 'testseed', newSeed);
            },
            resetTestseed() {
                // Reset testseed to default values using Vue.set for reactivity
                this.$set(this.inbound.settings, 'testseed', [900, 500, 900, 256]);
            }
        },
    });
--- a/web/html/modals/xray_dns_modal.html
+++ b/web/html/modals/xray_dns_modal.html
@@ -7,12 +7,13 @@
      <a-input v-model.trim="dnsModal.dnsServer.address"></a-input>
    </a-form-item>
    <a-form-item label='{{ i18n "pages.inbounds.port" }}'>
-      <a-input-number v-model.number="dnsModal.dnsServer.port" :min="1" :max="65531"></a-input-number>
+      <a-input-number v-model.number="dnsModal.dnsServer.port" :min="1" :max="65535"></a-input-number>
    </a-form-item>
    <a-form-item label='{{ i18n "pages.xray.dns.strategy" }}'>
      <a-select v-model="dnsModal.dnsServer.queryStrategy" :style="{ width: '100%' }"
        :dropdown-class-name="themeSwitcher.currentTheme">
-        <a-select-option :value="l" :label="l" v-for="l in ['UseSystem', 'UseIP', 'UseIPv4', 'UseIPv6']"> [[ l ]] </a-select-option>
+        <a-select-option :value="l" :label="l" v-for="l in ['UseSystem', 'UseIP', 'UseIPv4', 'UseIPv6']"> [[ l ]]
        </a-select-option>
      </a-select>
    </a-form-item>
    <a-divider :style="{ margin: '5px 0' }"></a-divider>
@@ -75,7 +76,7 @@
    isEdit: false,
    confirm: null,
    dnsServer: { ...defaultDnsObject },
-    ok() {      
+    ok() {
      ObjectUtil.execute(dnsModal.confirm, { ...dnsModal.dnsServer });
    },
    show({
@@ -106,7 +107,7 @@
        }
      } else {
        this.dnsServer = { ...defaultDnsObject };
-      
+
        this.dnsServer.domains = [];
        this.dnsServer.expectIPs = [];
        this.dnsServer.unexpectedIPs = [];
--- a/web/html/settings.html
+++ b/web/html/settings.html
@@ -9,19 +9,20 @@
      <a-spin :spinning="loadingStates.spinning" :delay="500" tip='{{ i18n "loading"}}'>
        <transition name="list" appear>
          <a-alert type="error" v-if="confAlerts.length>0 && loadingStates.fetched" :style="{ marginBottom: '10px' }"
-              message='{{ i18n "secAlertTitle" }}'
+            message='{{ i18n "secAlertTitle" }}' color="red" show-icon closable>
              color="red"
              show-icon closable>
            <template slot="description">
              <b>{{ i18n "secAlertConf" }}</b>
-              <ul><li v-for="a in confAlerts">[[ a ]]</li></ul>
+              <ul>
                <li v-for="a in confAlerts">[[ a ]]</li>
              </ul>
            </template>
          </a-alert>
        </transition>
        <transition name="list" appear>
          <template>
            <a-row v-if="!loadingStates.fetched">
-              <a-card :style="{ textAlign: 'center', padding: '30px 0', marginTop: '10px', background: 'transparent', border: 'none' }">
+              <a-card
                :style="{ textAlign: 'center', padding: '30px 0', marginTop: '10px', background: 'transparent', border: 'none' }">
                <a-spin tip='{{ i18n "loading" }}'></a-spin>
              </a-card>
            </a-row>
@@ -31,17 +32,19 @@
                  <a-row :style="{ display: 'flex', flexWrap: 'wrap', alignItems: 'center' }">
                    <a-col :xs="24" :sm="10" :style="{ padding: '4px' }">
                      <a-space direction="horizontal">
-                        <a-button type="primary" :disabled="saveBtnDisable" @click="updateAllSetting">{{ i18n "pages.settings.save" }}</a-button>
+                        <a-button type="primary" :disabled="saveBtnDisable" @click="updateAllSetting">{{ i18n
-                        <a-button type="danger" :disabled="!saveBtnDisable" @click="restartPanel">{{ i18n "pages.settings.restartPanel" }}</a-button>
+                          "pages.settings.save" }}</a-button>
                        <a-button type="danger" :disabled="!saveBtnDisable" @click="restartPanel">{{ i18n
                          "pages.settings.restartPanel" }}</a-button>
                      </a-space>
                    </a-col>
                    <a-col :xs="24" :sm="14">
                      <template>
                        <div>
-                          <a-back-top :target="() => document.getElementById('content-layout')" visibility-height="200"></a-back-top>
+                          <a-back-top :target="() => document.getElementById('content-layout')"
                            visibility-height="200"></a-back-top>
                          <a-alert type="warning" :style="{ float: 'right', width: 'fit-content' }"
-                            message='{{ i18n "pages.settings.infoDesc" }}'
+                            message='{{ i18n "pages.settings.infoDesc" }}' show-icon>
                            show-icon>
                          </a-alert>
                        </div>
                      </template>
@@ -117,8 +120,13 @@
      oldAllSetting: new AllSetting(),
      allSetting: new AllSetting(),
      saveBtnDisable: true,
      entryHost: null,
      entryPort: null,
      entryProtocol: null,
      entryIsIP: false,
      user: {},
      lang: LanguageManager.getLanguage(),
      inboundOptions: [],
      remarkModels: { i: 'Inbound', e: 'Email', o: 'Other' },
      remarkSeparators: [' ', '-', '_', '@', ':', '~', '|', ',', '.', '/'],
      datepickerList: [{ name: 'Gregorian (Standard)', value: 'gregorian' }, { name: 'Jalalian (شمسی)', value: 'jalalian' }],
@@ -131,7 +139,8 @@
          fragment: {
            packets: "tlshello",
            length: "100-200",
-            interval: "10-20"
+            interval: "10-20",
            maxSplit: "300-400"
          }
        },
        streamSettings: {
@@ -228,6 +237,31 @@
      loading(spinning = true) {
        this.loadingStates.spinning = spinning;
      },
      _isIp(h) {
        if (typeof h !== "string") return false;
        // IPv4: four dot-separated octets 0-255
        const v4 = h.split(".");
        if (
          v4.length === 4 &&
          v4.every(p => /^\d{1,3}$/.test(p) && Number(p) <= 255)
        ) return true;
        // IPv6: hex groups, optional single :: compression
        if (!h.includes(":") || h.includes(":::")) return false;
        const parts = h.split("::");
        if (parts.length > 2) return false;
        const splitGroups = s => (s ? s.split(":").filter(Boolean) : []);
        const head = splitGroups(parts[0]);
        const tail = splitGroups(parts[1]);
        const validGroup = seg => /^[0-9a-fA-F]{1,4}$/.test(seg);
        if (![...head, ...tail].every(validGroup)) return false;
        const groups = head.length + tail.length;
        return parts.length === 2 ? groups < 8 : groups === 8;
      },
      async getAllSetting() {
        const msg = await HttpUtil.post("/panel/setting/all");
@@ -242,6 +276,17 @@
          this.saveBtnDisable = true;
        }
      },
      async loadInboundTags() {
        const msg = await HttpUtil.get("/panel/api/inbounds/list");
        if (msg && msg.success && Array.isArray(msg.obj)) {
          this.inboundOptions = msg.obj.map(ib => ({
            label: `${ib.tag} (${ib.protocol}@${ib.port})`,
            value: ib.tag,
          }));
        } else {
          this.inboundOptions = [];
        }
      },
      async updateAllSetting() {
        this.loading(true);
        const msg = await HttpUtil.post("/panel/setting/update", this.allSetting);
@@ -291,16 +336,41 @@
        this.loading(true);
        const msg = await HttpUtil.post("/panel/setting/restartPanel");
        this.loading(false);
-        if (msg.success) {
+        if (!msg.success) return;
-          this.loading(true);
+
-          await PromiseUtil.sleep(5000);
+        this.loading(true);
-          var { webCertFile, webKeyFile, webDomain: host, webPort: port, webBasePath: base } = this.allSetting;
+        await PromiseUtil.sleep(5000);
-          if (host == this.oldAllSetting.webDomain) host = null;
+
-          if (port == this.oldAllSetting.webPort) port = null;
+        const { webDomain, webPort, webBasePath, webCertFile, webKeyFile } = this.allSetting;
-          const isTLS = webCertFile !== "" || webKeyFile !== "";
+        const newProtocol = (webCertFile || webKeyFile) ? "https:" : "http:";
-          const url = URLBuilder.buildURL({ host, port, isTLS, base, path: "panel/settings" });
+
-          window.location.replace(url);
+        let base = webBasePath ? webBasePath.replace(/^\//, "") : "";
        if (base && !base.endsWith("/")) base += "/";
        if (!this.entryIsIP) {
          const url = new URL(window.location.href);
          url.pathname = `/${base}panel/settings`;
          url.protocol = newProtocol;
          window.location.replace(url.toString());
          return;
        }
        let finalHost = this.entryHost;
        let finalPort = this.entryPort || "";
        if (webDomain && this._isIp(webDomain)) {
          finalHost = webDomain;
        }
        if (webPort && Number(webPort) !== Number(this.entryPort)) {
          finalPort = String(webPort);
        }
        const url = new URL(`${newProtocol}//${finalHost}`);
        if (finalPort) url.port = finalPort;
        url.pathname = `/${base}panel/settings`;
        window.location.replace(url.toString());
      },
      toggleTwoFactor(newValue) {
        if (newValue) {
@@ -368,6 +438,15 @@
      },
    },
    computed: {
      ldapInboundTagList: {
        get: function () {
          const csv = this.allSetting.ldapInboundTags || "";
          return csv.length ? csv.split(',').map(s => s.trim()).filter(Boolean) : [];
        },
        set: function (list) {
          this.allSetting.ldapInboundTags = Array.isArray(list) ? list.join(',') : '';
        }
      },
      fragment: {
        get: function () { return this.allSetting?.subJsonFragment != ""; },
        set: function (v) {
@@ -404,6 +483,16 @@
          }
        }
      },
      fragmentMaxSplit: {
        get: function () { return this.fragment ? JSON.parse(this.allSetting.subJsonFragment).settings.fragment.maxSplit : ""; },
        set: function (v) {
          if (v != "") {
            newFragment = JSON.parse(this.allSetting.subJsonFragment);
            newFragment.settings.fragment.maxSplit = v;
            this.allSetting.subJsonFragment = JSON.stringify(newFragment);
          }
        }
      },
      noises: {
        get() {
          return this.allSetting?.subJsonNoises != "";
@@ -533,8 +622,12 @@
      }
    },
    async mounted() {
      this.entryHost = window.location.hostname;
      this.entryPort = window.location.port;
      this.entryProtocol = window.location.protocol;
      this.entryIsIP = this._isIp(this.entryHost);
      await this.getAllSetting();
-
+      await this.loadInboundTags();
      while (true) {
        await PromiseUtil.sleep(1000);
        this.saveBtnDisable = this.oldAllSetting.equals(this.allSetting);
--- a/web/html/settings/panel/general.html
+++ b/web/html/settings/panel/general.html
@@ -39,7 +39,7 @@
            <template #title>{{ i18n "pages.settings.panelPort"}}</template>
            <template #description>{{ i18n "pages.settings.panelPortDesc"}}</template>
            <template #control>
-                <a-input-number :min="1" :min="65531" v-model="allSetting.webPort" :style="{ width: '100%' }"></a-input>
+                <a-input-number :min="1" :min="65535" v-model="allSetting.webPort" :style="{ width: '100%' }"></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
@@ -137,7 +137,8 @@
            <template #title>{{ i18n "pages.settings.datepicker"}}</template>
            <template #description>{{ i18n "pages.settings.datepickerDescription"}}</template>
            <template #control>
-                <a-select :style="{ width: '100%' }" :dropdown-class-name="themeSwitcher.currentTheme" v-model="datepicker">
+                <a-select :style="{ width: '100%' }" :dropdown-class-name="themeSwitcher.currentTheme"
                    v-model="datepicker">
                    <a-select-option v-for="item in datepickerList" :value="item.value">
                        <span v-text="item.name"></span>
                    </a-select-option>
@@ -145,5 +146,135 @@
            </template>
        </a-setting-list-item>
    </a-collapse-panel>
    <a-collapse-panel key="6" header='LDAP'>
        <a-setting-list-item paddings="small">
            <template #title>Enable LDAP sync</template>
            <template #control>
                <a-switch v-model="allSetting.ldapEnable"></a-switch>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>LDAP Host</template>
            <template #control>
                <a-input type="text" v-model="allSetting.ldapHost"></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>LDAP Port</template>
            <template #control>
                <a-input-number :min="1" :max="65535" v-model="allSetting.ldapPort" :style="{ width: '100%' }"></a-input-number>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Use TLS (LDAPS)</template>
            <template #control>
                <a-switch v-model="allSetting.ldapUseTLS"></a-switch>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Bind DN</template>
            <template #control>
                <a-input type="text" v-model="allSetting.ldapBindDN"></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Password</template>
            <template #control>
                <a-input type="password" v-model="allSetting.ldapPassword"></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Base DN</template>
            <template #control>
                <a-input type="text" v-model="allSetting.ldapBaseDN"></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>User filter</template>
            <template #control>
                <a-input type="text" v-model="allSetting.ldapUserFilter"></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>User attribute (username/email)</template>
            <template #control>
                <a-input type="text" v-model="allSetting.ldapUserAttr"></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>VLESS flag attribute</template>
            <template #control>
                <a-input type="text" v-model="allSetting.ldapVlessField"></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Generic flag attribute (optional)</template>
            <template #description>If set, overrides VLESS flag; e.g. shadowInactive</template>
            <template #control>
                <a-input type="text" v-model="allSetting.ldapFlagField"></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Truthy values</template>
            <template #description>Comma-separated; default: true,1,yes,on</template>
            <template #control>
                <a-input type="text" v-model="allSetting.ldapTruthyValues"></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Invert flag</template>
            <template #description>Enable when attribute means disabled (e.g., shadowInactive)</template>
            <template #control>
                <a-switch v-model="allSetting.ldapInvertFlag"></a-switch>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Sync schedule</template>
            <template #description>cron-like string, e.g. @every 1m</template>
            <template #control>
                <a-input type="text" v-model="allSetting.ldapSyncCron"></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Inbound tags</template>
            <template #description>Select inbounds to manage (auto create/delete)</template>
            <template #control>
                <a-select mode="multiple" :dropdown-class-name="themeSwitcher.currentTheme" :style="{ width: '100%' }" v-model="ldapInboundTagList">
                    <a-select-option v-for="opt in inboundOptions" :key="opt.value" :value="opt.value">[[ opt.label ]]</a-select-option>
                </a-select>
                <div v-if="inboundOptions.length==0" style="margin-top:6px;color:#999">No inbounds found. Please create one in Inbounds.</div>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Auto create clients</template>
            <template #control>
                <a-switch v-model="allSetting.ldapAutoCreate"></a-switch>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Auto delete clients</template>
            <template #control>
                <a-switch v-model="allSetting.ldapAutoDelete"></a-switch>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Default total (GB)</template>
            <template #control>
                <a-input-number :min="0" v-model="allSetting.ldapDefaultTotalGB" :style="{ width: '100%' }"></a-input-number>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Default expiry (days)</template>
            <template #control>
                <a-input-number :min="0" v-model="allSetting.ldapDefaultExpiryDays" :style="{ width: '100%' }"></a-input-number>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
            <template #title>Default Limit IP</template>
            <template #control>
                <a-input-number :min="0" v-model="allSetting.ldapDefaultLimitIP" :style="{ width: '100%' }"></a-input-number>
            </template>
        </a-setting-list-item>
    </a-collapse-panel>
 </a-collapse>
 {{end}}
--- a/web/html/settings/panel/subscription/general.html
+++ b/web/html/settings/panel/subscription/general.html
@@ -40,7 +40,7 @@
            <template #title>{{ i18n "pages.settings.subPort"}}</template>
            <template #description>{{ i18n "pages.settings.subPortDesc"}}</template>
            <template #control>
-                <a-input-number v-model="allSetting.subPort" :min="1" :min="65531"
+                <a-input-number v-model="allSetting.subPort" :min="1" :min="65535"
                    :style="{ width: '100%' }"></a-input-number>
            </template>
        </a-setting-list-item>
@@ -48,13 +48,10 @@
            <template #title>{{ i18n "pages.settings.subPath"}}</template>
            <template #description>{{ i18n "pages.settings.subPathDesc"}}</template>
            <template #control>
-                <a-input
+                <a-input type="text" v-model="allSetting.subPath"
                    type="text"
                    v-model="allSetting.subPath"
                    @input="allSetting.subPath = ((typeof $event === 'string' ? $event : ($event && $event.target ? $event.target.value : '')) || '').replace(/[:*]/g, '')"
                    @blur="allSetting.subPath = (p => { p = p || '/'; if (!p.startsWith('/')) p='/' + p; if (!p.endsWith('/')) p += '/'; return p.replace(/\/+/g,'/'); })(allSetting.subPath)"
-                    placeholder="/sub/"
+                    placeholder="/sub/"></a-input>
                ></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
@@ -108,4 +105,4 @@
        </a-setting-list-item>
    </a-collapse-panel>
 </a-collapse>
-{{end}}
+{{end}}
--- a/web/html/settings/panel/subscription/json.html
+++ b/web/html/settings/panel/subscription/json.html
@@ -5,13 +5,10 @@
            <template #title>{{ i18n "pages.settings.subPath"}}</template>
            <template #description>{{ i18n "pages.settings.subPathDesc"}}</template>
            <template #control>
-                <a-input
+                <a-input type="text" v-model="allSetting.subJsonPath"
                    type="text"
                    v-model="allSetting.subJsonPath"
                    @input="allSetting.subJsonPath = ((typeof $event === 'string' ? $event : ($event && $event.target ? $event.target.value : '')) || '').replace(/[:*]/g, '')"
                    @blur="allSetting.subJsonPath = (p => { p = p || '/'; if (!p.startsWith('/')) p='/' + p; if (!p.endsWith('/')) p += '/'; return p.replace(/\/+/g,'/'); })(allSetting.subJsonPath)"
-                    placeholder="/json/"
+                    placeholder="/json/"></a-input>
                ></a-input>
            </template>
        </a-setting-list-item>
        <a-setting-list-item paddings="small">
@@ -53,6 +50,12 @@
                            <a-input type="text" v-model="fragmentInterval" placeholder="10-20"></a-input>
                        </template>
                    </a-setting-list-item>
                    <a-setting-list-item paddings="small">
                        <template #title>MaxSplit</template>
                        <template #control>
                            <a-input type="text" v-model="fragmentMaxSplit" placeholder="300-400"></a-input>
                        </template>
                    </a-setting-list-item>
                </a-collapse-panel>
            </a-collapse>
        </a-list-item>
@@ -74,7 +77,8 @@
                            <a-select :value="noise.type" :style="{ width: '100%' }"
                                :dropdown-class-name="themeSwitcher.currentTheme"
                                @change="(value) => updateNoiseType(index, value)">
-                                <a-select-option :value="p" :label="p" v-for="p in ['rand', 'base64', 'str', 'hex']" :key="p">
+                                <a-select-option :value="p" :label="p" v-for="p in ['rand', 'base64', 'str', 'hex']"
                                    :key="p">
                                    <span>[[ p ]]</span>
                                </a-select-option>
                            </a-select>
--- a/web/html/settings/panel/subscription/subpage.html
+++ b/web/html/settings/panel/subscription/subpage.html
@@ -4,7 +4,6 @@
 <script src="{{ .base_path }}assets/vue/vue.min.js?{{ .cur_ver }}"></script>
 <script src="{{ .base_path }}assets/ant-design-vue/antd.min.js"></script>
 <script src="{{ .base_path }}assets/js/util/index.js?{{ .cur_ver }}"></script>
 <script src="{{ .base_path }}assets/js/util/date-util.js?{{ .cur_ver }}"></script>
 <script src="{{ .base_path }}assets/qrcode/qrious2.min.js?{{ .cur_ver }}"></script>
 {{ template "page/head_end" .}}
@@ -141,17 +140,7 @@
                                <a-descriptions-item
                                    label='{{ i18n "lastOnline" }}'>
                                    <template v-if="app.lastOnlineMs > 0">
-                                        <template
+                                        [[ IntlUtil.formatDate(app.lastOnlineMs) ]]
                                            v-if="app.datepicker === 'gregorian'">
                                            [[
                                            DateUtil.formatMillis(app.lastOnlineMs)
                                            ]]
                                        </template>
                                        <template v-else>
                                            [[
                                            DateUtil.convertToJalalian(moment(app.lastOnlineMs))
                                            ]]
                                        </template>
                                    </template>
                                    <template v-else>
                                        <span>-</span>
@@ -163,17 +152,7 @@
                                        {{ i18n "subscription.noExpiry" }}
                                    </template>
                                    <template v-else>
-                                        <template
+                                        [[ IntlUtil.formatDate(app.expireMs) ]]
                                            v-if="app.datepicker === 'gregorian'">
                                            [[
                                            DateUtil.formatMillis(app.expireMs)
                                            ]]
                                        </template>
                                        <template v-else>
                                            [[
                                            DateUtil.convertToJalalian(moment(app.expireMs))
                                            ]]
                                        </template>
                                    </template>
                                </a-descriptions-item>
                            </a-descriptions>
@@ -218,6 +197,8 @@
                                            <a-menu-item key="android-npvtunnel"
                                                @click="copy(app.subUrl)">NPV
                                                Tunnel</a-menu-item>
 											<a-menu-item key="android-happ"
                                                @click="open('happ://add/' + encodeURIComponent(app.subUrl))">Happ</a-menu-item>	
                                        </a-menu>
                                    </a-dropdown>
                                </a-col>
@@ -244,6 +225,8 @@
                                                @click="copy(npvtunUrl)">NPV
                                                Tunnel
                                            </a-menu-item>
 											<a-menu-item key="ios-happ"
                                                @click="open(happUrl)">Happ</a-menu-item>
                                        </a-menu>
                                    </a-dropdown>
                                </a-col>
--- a/web/html/settings/xray/dns.html
+++ b/web/html/settings/xray/dns.html
@@ -56,6 +56,13 @@
                    <a-switch v-model="dnsDisableFallbackIfMatch"></a-switch>
                </template>
            </a-setting-list-item>
            <a-setting-list-item paddings="small">
                <template #title>{{ i18n "pages.xray.dns.enableParallelQuery" }}</template>
                <template #description>{{ i18n "pages.xray.dns.enableParallelQueryDesc" }}</template>
                <template #control>
                    <a-switch v-model="dnsEnableParallelQuery"></a-switch>
                </template>
            </a-setting-list-item>
            <a-setting-list-item paddings="small">
                <template #title>{{ i18n "pages.xray.dns.useSystemHosts" }}</template>
--- a/web/html/xray.html
+++ b/web/html/xray.html
@@ -12,13 +12,14 @@
    <a-layout-content>
      <a-spin :spinning="loadingStates.spinning" :delay="500" tip='{{ i18n "loading"}}'>
        <transition name="list" appear>
-          <a-alert type="error" v-if="showAlert && loadingStates.fetched" :style="{ marginBottom: '10px' }" message='{{ i18n "secAlertTitle" }}'
+          <a-alert type="error" v-if="showAlert && loadingStates.fetched" :style="{ marginBottom: '10px' }"
-            color="red" description='{{ i18n "secAlertSsl" }}' show-icon closable>
+            message='{{ i18n "secAlertTitle" }}' color="red" description='{{ i18n "secAlertSsl" }}' show-icon closable>
          </a-alert>
        </transition>
        <transition name="list" appear>
          <a-row v-if="!loadingStates.fetched">
-            <a-card :style="{ textAlign: 'center', padding: '30px 0', marginTop: '10px', background: 'transparent', border: 'none' }">
+            <a-card
              :style="{ textAlign: 'center', padding: '30px 0', marginTop: '10px', background: 'transparent', border: 'none' }">
              <a-spin tip='{{ i18n "loading" }}'></a-spin>
            </a-card>
          </a-row>
@@ -37,7 +38,8 @@
                      <a-popover v-if="restartResult" :overlay-class-name="themeSwitcher.currentTheme">
                        <span slot="title">{{ i18n "pages.index.xrayErrorPopoverTitle" }}</span>
                        <template slot="content">
-                          <span :style="{ maxWidth: '400px' }" v-for="line in restartResult.split('\n')">[[ line ]]</span>
+                          <span :style="{ maxWidth: '400px' }" v-for="line in restartResult.split('\n')">[[ line
                            ]]</span>
                        </template>
                        <a-icon type="question-circle"></a-icon>
                      </a-popover>
@@ -267,7 +269,7 @@
        tag: "direct",
        protocol: "freedom"
      },
-      routingDomainStrategies: ["AsIs", "IPIfNonMatch", "IPOnDemand"],
+      routingDomainStrategies: ["AsIs", "IpIfNonMatch", "IpOnDemand"],
      log: {
        loglevel: ["none", "debug", "info", "warning", "error"],
        access: ["none", "./access.log"],
@@ -525,10 +527,10 @@
      findOutboundTraffic(o) {
        for (const otraffic of this.outboundsTraffic) {
          if (otraffic.tag == o.tag) {
-            return SizeFormatter.sizeFormat(otraffic.up) + ' / ' + SizeFormatter.sizeFormat(otraffic.down);
+            return `↑ ${SizeFormatter.sizeFormat(otraffic.up)} / ${SizeFormatter.sizeFormat(otraffic.down)} ↓`
          }
        }
-        return SizeFormatter.sizeFormat(0) + ' / ' + SizeFormatter.sizeFormat(0);
+        return `${SizeFormatter.sizeFormat(0)} / ${SizeFormatter.sizeFormat(0)}`
      },
      findOutboundAddress(o) {
        serverObj = null;
@@ -537,6 +539,7 @@
            serverObj = o.settings.vnext;
            break;
          case Protocols.VLESS:
            return [o.settings?.address + ':' + o.settings?.port];
          case Protocols.HTTP:
          case Protocols.Socks:
          case Protocols.Shadowsocks:
@@ -1312,7 +1315,8 @@
            newTemplateSettings.dns = {
              servers: [],
              queryStrategy: "UseIP",
-              tag: "dns_inbound"
+              tag: "dns_inbound",
              enableParallelQuery: false
            };
            newTemplateSettings.fakedns = null;
          } else {
@@ -1388,6 +1392,20 @@
          this.templateSettings = newTemplateSettings;
        }
      },
      dnsEnableParallelQuery: {
        get: function () {
          return this.enableDNS ? (this.templateSettings.dns.enableParallelQuery || false) : false;
        },
        set: function (newValue) {
          newTemplateSettings = this.templateSettings;
          if (newValue) {
            newTemplateSettings.dns.enableParallelQuery = newValue;
          } else {
            delete newTemplateSettings.dns.enableParallelQuery
          }
          this.templateSettings = newTemplateSettings;
        }
      },
      dnsUseSystemHosts: {
        get: function () {
          return this.enableDNS ? this.templateSettings.dns.useSystemHosts : false;
--- a/web/job/check_cpu_usage.go
+++ b/web/job/check_cpu_usage.go
@@ -22,7 +22,11 @@ func NewCheckCpuJob() *CheckCpuJob {
 // Run checks CPU usage over the last minute and sends a Telegram alert if it exceeds the threshold.
 func (j *CheckCpuJob) Run() {
-	threshold, _ := j.settingService.GetTgCpu()
+	threshold, err := j.settingService.GetTgCpu()
 	if err != nil || threshold <= 0 {
 		// If threshold cannot be retrieved or is not set, skip sending notifications
 		return
 	}
 	// get latest status of server
 	percent, err := cpu.Percent(1*time.Minute, false)
--- a/web/job/ldap_sync_job.go
+++ b/web/job/ldap_sync_job.go
@@ -0,0 +1,361 @@
 package job
 import (
 	"time"
 	"strings"
 	"github.com/mhsanaei/3x-ui/v2/database/model"
 	"github.com/mhsanaei/3x-ui/v2/logger"
 	ldaputil "github.com/mhsanaei/3x-ui/v2/util/ldap"
 	"github.com/mhsanaei/3x-ui/v2/web/service"
 	"strconv"
 	"github.com/google/uuid"
 )
 var DefaultTruthyValues = []string{"true", "1", "yes", "on"}
 type LdapSyncJob struct {
 	settingService service.SettingService
 	inboundService service.InboundService
 	xrayService    service.XrayService
 }
 // --- Helper functions for mustGet ---
 func mustGetString(fn func() (string, error)) string {
 	v, err := fn()
 	if err != nil {
 		panic(err)
 	}
 	return v
 }
 func mustGetInt(fn func() (int, error)) int {
 	v, err := fn()
 	if err != nil {
 		panic(err)
 	}
 	return v
 }
 func mustGetBool(fn func() (bool, error)) bool {
 	v, err := fn()
 	if err != nil {
 		panic(err)
 	}
 	return v
 }
 func mustGetStringOr(fn func() (string, error), fallback string) string {
 	v, err := fn()
 	if err != nil || v == "" {
 		return fallback
 	}
 	return v
 }
 func NewLdapSyncJob() *LdapSyncJob {
 	return new(LdapSyncJob)
 }
 func (j *LdapSyncJob) Run() {
 	logger.Info("LDAP sync job started")
 	enabled, err := j.settingService.GetLdapEnable()
 	if err != nil || !enabled {
 		logger.Warning("LDAP disabled or failed to fetch flag")
 		return
 	}
 	// --- LDAP fetch ---
 	cfg := ldaputil.Config{
 		Host:       mustGetString(j.settingService.GetLdapHost),
 		Port:       mustGetInt(j.settingService.GetLdapPort),
 		UseTLS:     mustGetBool(j.settingService.GetLdapUseTLS),
 		BindDN:     mustGetString(j.settingService.GetLdapBindDN),
 		Password:   mustGetString(j.settingService.GetLdapPassword),
 		BaseDN:     mustGetString(j.settingService.GetLdapBaseDN),
 		UserFilter: mustGetString(j.settingService.GetLdapUserFilter),
 		UserAttr:   mustGetString(j.settingService.GetLdapUserAttr),
 		FlagField:  mustGetStringOr(j.settingService.GetLdapFlagField, mustGetString(j.settingService.GetLdapVlessField)),
 		TruthyVals: splitCsv(mustGetString(j.settingService.GetLdapTruthyValues)),
 		Invert:     mustGetBool(j.settingService.GetLdapInvertFlag),
 	}
 	flags, err := ldaputil.FetchVlessFlags(cfg)
 	if err != nil {
 		logger.Warning("LDAP fetch failed:", err)
 		return
 	}
 	logger.Infof("Fetched %d LDAP flags", len(flags))
 	// --- Load all inbounds and all clients once ---
 	inboundTags := splitCsv(mustGetString(j.settingService.GetLdapInboundTags))
 	inbounds, err := j.inboundService.GetAllInbounds()
 	if err != nil {
 		logger.Warning("Failed to get inbounds:", err)
 		return
 	}
 	allClients := map[string]*model.Client{}  // email -> client
 	inboundMap := map[string]*model.Inbound{} // tag -> inbound
 	for _, ib := range inbounds {
 		inboundMap[ib.Tag] = ib
 		clients, _ := j.inboundService.GetClients(ib)
 		for i := range clients {
 			allClients[clients[i].Email] = &clients[i]
 		}
 	}
 	// --- Prepare batch operations ---
 	autoCreate := mustGetBool(j.settingService.GetLdapAutoCreate)
 	defGB := mustGetInt(j.settingService.GetLdapDefaultTotalGB)
 	defExpiryDays := mustGetInt(j.settingService.GetLdapDefaultExpiryDays)
 	defLimitIP := mustGetInt(j.settingService.GetLdapDefaultLimitIP)
 	clientsToCreate := map[string][]model.Client{} // tag -> []new clients
 	clientsToEnable := map[string][]string{}       // tag -> []email
 	clientsToDisable := map[string][]string{}      // tag -> []email
 	for email, allowed := range flags {
 		exists := allClients[email] != nil
 		for _, tag := range inboundTags {
 			if !exists && allowed && autoCreate {
 				newClient := j.buildClient(inboundMap[tag], email, defGB, defExpiryDays, defLimitIP)
 				clientsToCreate[tag] = append(clientsToCreate[tag], newClient)
 			} else if exists {
 				if allowed && !allClients[email].Enable {
 					clientsToEnable[tag] = append(clientsToEnable[tag], email)
 				} else if !allowed && allClients[email].Enable {
 					clientsToDisable[tag] = append(clientsToDisable[tag], email)
 				}
 			}
 		}
 	}
 	// --- Execute batch create ---
 	for tag, newClients := range clientsToCreate {
 		if len(newClients) == 0 {
 			continue
 		}
 		payload := &model.Inbound{Id: inboundMap[tag].Id}
 		payload.Settings = j.clientsToJSON(newClients)
 		if _, err := j.inboundService.AddInboundClient(payload); err != nil {
 			logger.Warningf("Failed to add clients for tag %s: %v", tag, err)
 		} else {
 			logger.Infof("LDAP auto-create: %d clients for %s", len(newClients), tag)
 			j.xrayService.SetToNeedRestart()
 		}
 	}
 	// --- Execute enable/disable batch ---
 	for tag, emails := range clientsToEnable {
 		j.batchSetEnable(inboundMap[tag], emails, true)
 	}
 	for tag, emails := range clientsToDisable {
 		j.batchSetEnable(inboundMap[tag], emails, false)
 	}
 	// --- Auto delete clients not in LDAP ---
 	autoDelete := mustGetBool(j.settingService.GetLdapAutoDelete)
 	if autoDelete {
 		ldapEmailSet := map[string]struct{}{}
 		for e := range flags {
 			ldapEmailSet[e] = struct{}{}
 		}
 		for _, tag := range inboundTags {
 			j.deleteClientsNotInLDAP(tag, ldapEmailSet)
 		}
 	}
 }
 func splitCsv(s string) []string {
 	if s == "" {
 		return DefaultTruthyValues
 	}
 	parts := strings.Split(s, ",")
 	out := make([]string, 0, len(parts))
 	for _, p := range parts {
 		v := strings.TrimSpace(p)
 		if v != "" {
 			out = append(out, v)
 		}
 	}
 	return out
 }
 // buildClient creates a new client for auto-create
 func (j *LdapSyncJob) buildClient(ib *model.Inbound, email string, defGB, defExpiryDays, defLimitIP int) model.Client {
 	c := model.Client{
 		Email:   email,
 		Enable:  true,
 		LimitIP: defLimitIP,
 		TotalGB: int64(defGB),
 	}
 	if defExpiryDays > 0 {
 		c.ExpiryTime = time.Now().Add(time.Duration(defExpiryDays) * 24 * time.Hour).UnixMilli()
 	}
 	switch ib.Protocol {
 	case model.Trojan, model.Shadowsocks:
 		c.Password = uuid.NewString()
 	default:
 		c.ID = uuid.NewString()
 	}
 	return c
 }
 // batchSetEnable enables/disables clients in batch through a single call
 func (j *LdapSyncJob) batchSetEnable(ib *model.Inbound, emails []string, enable bool) {
 	if len(emails) == 0 {
 		return
 	}
 	// Prepare JSON for mass update
 	clients := make([]model.Client, 0, len(emails))
 	for _, email := range emails {
 		clients = append(clients, model.Client{
 			Email:  email,
 			Enable: enable,
 		})
 	}
 	payload := &model.Inbound{
 		Id:       ib.Id,
 		Settings: j.clientsToJSON(clients),
 	}
 	// Use a single AddInboundClient call to update enable
 	if _, err := j.inboundService.AddInboundClient(payload); err != nil {
 		logger.Warningf("Batch set enable failed for inbound %s: %v", ib.Tag, err)
 		return
 	}
 	logger.Infof("Batch set enable=%v for %d clients in inbound %s", enable, len(emails), ib.Tag)
 	j.xrayService.SetToNeedRestart()
 }
 // deleteClientsNotInLDAP deletes clients not in LDAP using batches and a single restart
 func (j *LdapSyncJob) deleteClientsNotInLDAP(inboundTag string, ldapEmails map[string]struct{}) {
 	inbounds, err := j.inboundService.GetAllInbounds()
 	if err != nil {
 		logger.Warning("Failed to get inbounds for deletion:", err)
 		return
 	}
 	batchSize := 50 //  clients in 1 batch
 	restartNeeded := false
 	for _, ib := range inbounds {
 		if ib.Tag != inboundTag {
 			continue
 		}
 		clients, err := j.inboundService.GetClients(ib)
 		if err != nil {
 			logger.Warningf("Failed to get clients for inbound %s: %v", ib.Tag, err)
 			continue
 		}
 		// Collect clients for deletion
 		toDelete := []model.Client{}
 		for _, c := range clients {
 			if _, ok := ldapEmails[c.Email]; !ok {
 				toDelete = append(toDelete, c)
 			}
 		}
 		if len(toDelete) == 0 {
 			continue
 		}
 		// Delete in batches
 		for i := 0; i < len(toDelete); i += batchSize {
 			end := i + batchSize
 			if end > len(toDelete) {
 				end = len(toDelete)
 			}
 			batch := toDelete[i:end]
 			for _, c := range batch {
 				var clientKey string
 				switch ib.Protocol {
 				case model.Trojan:
 					clientKey = c.Password
 				case model.Shadowsocks:
 					clientKey = c.Email
 				default: // vless/vmess
 					clientKey = c.ID
 				}
 				if _, err := j.inboundService.DelInboundClient(ib.Id, clientKey); err != nil {
 					logger.Warningf("Failed to delete client %s from inbound id=%d(tag=%s): %v",
 						c.Email, ib.Id, ib.Tag, err)
 				} else {
 					logger.Infof("Deleted client %s from inbound id=%d(tag=%s)",
 						c.Email, ib.Id, ib.Tag)
 					// do not restart here
 					restartNeeded = true
 				}
 			}
 		}
 	}
 	// One time after all batches
 	if restartNeeded {
 		j.xrayService.SetToNeedRestart()
 		logger.Info("Xray restart scheduled after batch deletion")
 	}
 }
 // clientsToJSON serializes an array of clients to JSON
 func (j *LdapSyncJob) clientsToJSON(clients []model.Client) string {
 	b := strings.Builder{}
 	b.WriteString("{\"clients\":[")
 	for i, c := range clients {
 		if i > 0 {
 			b.WriteString(",")
 		}
 		b.WriteString(j.clientToJSON(c))
 	}
 	b.WriteString("]}")
 	return b.String()
 }
 // clientToJSON serializes minimal client fields to JSON object string without extra deps
 func (j *LdapSyncJob) clientToJSON(c model.Client) string {
 	// construct minimal JSON manually to avoid importing json for simple case
 	b := strings.Builder{}
 	b.WriteString("{")
 	if c.ID != "" {
 		b.WriteString("\"id\":\"")
 		b.WriteString(c.ID)
 		b.WriteString("\",")
 	}
 	if c.Password != "" {
 		b.WriteString("\"password\":\"")
 		b.WriteString(c.Password)
 		b.WriteString("\",")
 	}
 	b.WriteString("\"email\":\"")
 	b.WriteString(c.Email)
 	b.WriteString("\",")
 	b.WriteString("\"enable\":")
 	if c.Enable {
 		b.WriteString("true")
 	} else {
 		b.WriteString("false")
 	}
 	b.WriteString(",")
 	b.WriteString("\"limitIp\":")
 	b.WriteString(strconv.Itoa(c.LimitIP))
 	b.WriteString(",")
 	b.WriteString("\"totalGB\":")
 	b.WriteString(strconv.FormatInt(c.TotalGB, 10))
 	if c.ExpiryTime > 0 {
 		b.WriteString(",\"expiryTime\":")
 		b.WriteString(strconv.FormatInt(c.ExpiryTime, 10))
 	}
 	b.WriteString("}")
 	return b.String()
 }
--- a/web/job/periodic_traffic_reset_job.go
+++ b/web/job/periodic_traffic_reset_job.go
@@ -37,13 +37,19 @@ func (j *PeriodicTrafficResetJob) Run() {
 	resetCount := 0
 	for _, inbound := range inbounds {
-		if err := j.inboundService.ResetAllClientTraffics(inbound.Id); err != nil {
+		resetInboundErr := j.inboundService.ResetAllTraffics()
-			logger.Warning("Failed to reset traffic for inbound", inbound.Id, ":", err)
+		if resetInboundErr != nil {
-			continue
+			logger.Warning("Failed to reset traffic for inbound", inbound.Id, ":", resetInboundErr)
 		}
-		resetCount++
+		resetClientErr := j.inboundService.ResetAllClientTraffics(inbound.Id)
-		logger.Infof("Reset traffic for inbound %d (%s)", inbound.Id, inbound.Remark)
+		if resetClientErr != nil {
 			logger.Warning("Failed to reset traffic for all users of inbound", inbound.Id, ":", resetClientErr)
 		}
 		if resetInboundErr == nil && resetClientErr == nil {
 			resetCount++
 		}
 	}
 	if resetCount > 0 {
--- a/web/job/xray_traffic_job.go
+++ b/web/job/xray_traffic_job.go
@@ -5,6 +5,7 @@ import (
 	"github.com/mhsanaei/3x-ui/v2/logger"
 	"github.com/mhsanaei/3x-ui/v2/web/service"
 	"github.com/mhsanaei/3x-ui/v2/web/websocket"
 	"github.com/mhsanaei/3x-ui/v2/xray"
 	"github.com/valyala/fasthttp"
@@ -48,6 +49,23 @@ func (j *XrayTrafficJob) Run() {
 	if needRestart0 || needRestart1 {
 		j.xrayService.SetToNeedRestart()
 	}
 	// Get online clients and last online map for real-time status updates
 	onlineClients := j.inboundService.GetOnlineClients()
 	lastOnlineMap, err := j.inboundService.GetClientsLastOnline()
 	if err != nil {
 		logger.Warning("get clients last online failed:", err)
 		lastOnlineMap = make(map[string]int64)
 	}
 	// Broadcast traffic update via WebSocket
 	trafficUpdate := map[string]interface{}{
 		"traffics":       traffics,
 		"clientTraffics": clientTraffics,
 		"onlineClients":  onlineClients,
 		"lastOnlineMap":  lastOnlineMap,
 	}
 	websocket.BroadcastTraffic(trafficUpdate)
 }
 func (j *XrayTrafficJob) informTrafficToExternalAPI(inboundTraffics []*xray.Traffic, clientTraffics []*xray.ClientTraffic) {
--- a/web/service/inbound.go
+++ b/web/service/inbound.go
@@ -35,6 +35,25 @@ func (s *InboundService) GetInbounds(userId int) ([]*model.Inbound, error) {
 	if err != nil && err != gorm.ErrRecordNotFound {
 		return nil, err
 	}
 	// Enrich client stats with UUID/SubId from inbound settings
 	for _, inbound := range inbounds {
 		clients, _ := s.GetClients(inbound)
 		if len(clients) == 0 || len(inbound.ClientStats) == 0 {
 			continue
 		}
 		// Build a map email -> client
 		cMap := make(map[string]model.Client, len(clients))
 		for _, c := range clients {
 			cMap[strings.ToLower(c.Email)] = c
 		}
 		for i := range inbound.ClientStats {
 			email := strings.ToLower(inbound.ClientStats[i].Email)
 			if c, ok := cMap[email]; ok {
 				inbound.ClientStats[i].UUID = c.ID
 				inbound.ClientStats[i].SubId = c.SubID
 			}
 		}
 	}
 	return inbounds, nil
 }
@@ -47,6 +66,24 @@ func (s *InboundService) GetAllInbounds() ([]*model.Inbound, error) {
 	if err != nil && err != gorm.ErrRecordNotFound {
 		return nil, err
 	}
 	// Enrich client stats with UUID/SubId from inbound settings
 	for _, inbound := range inbounds {
 		clients, _ := s.GetClients(inbound)
 		if len(clients) == 0 || len(inbound.ClientStats) == 0 {
 			continue
 		}
 		cMap := make(map[string]model.Client, len(clients))
 		for _, c := range clients {
 			cMap[strings.ToLower(c.Email)] = c
 		}
 		for i := range inbound.ClientStats {
 			email := strings.ToLower(inbound.ClientStats[i].Email)
 			if c, ok := cMap[email]; ok {
 				inbound.ClientStats[i].UUID = c.ID
 				inbound.ClientStats[i].SubId = c.SubID
 			}
 		}
 	}
 	return inbounds, nil
 }
@@ -1532,6 +1569,22 @@ func (s *InboundService) ToggleClientEnableByEmail(clientEmail string) (bool, bo
 	return !clientOldEnabled, needRestart, nil
 }
 // SetClientEnableByEmail sets client enable state to desired value; returns (changed, needRestart, error)
 func (s *InboundService) SetClientEnableByEmail(clientEmail string, enable bool) (bool, bool, error) {
 	current, err := s.checkIsEnabledByEmail(clientEmail)
 	if err != nil {
 		return false, false, err
 	}
 	if current == enable {
 		return false, false, nil
 	}
 	newEnabled, needRestart, err := s.ToggleClientEnableByEmail(clientEmail)
 	if err != nil {
 		return false, needRestart, err
 	}
 	return newEnabled == enable, needRestart, nil
 }
 func (s *InboundService) ResetClientIpLimitByEmail(clientEmail string, count int) (bool, error) {
 	_, inbound, err := s.GetClientInboundByEmail(clientEmail)
 	if err != nil {
--- a/web/service/server.go
+++ b/web/service/server.go
@@ -110,6 +110,7 @@ type ServerService struct {
 	mu                 sync.Mutex
 	lastCPUTimes       cpu.TimesStat
 	hasLastCPUSample   bool
 	hasNativeCPUSample bool
 	emaCPU             float64
 	cpuHistory         []CPUSample
 	cachedCpuSpeedMhz  float64
@@ -432,23 +433,27 @@ func (s *ServerService) AppendCpuSample(t time.Time, v float64) {
 }
 func (s *ServerService) sampleCPUUtilization() (float64, error) {
-	// Prefer native Windows API to avoid external deps for CPU percent
+	// Try native platform-specific CPU implementation first (Windows, Linux, macOS)
-	if runtime.GOOS == "windows" {
+	if pct, err := sys.CPUPercentRaw(); err == nil {
-		if pct, err := sys.CPUPercentRaw(); err == nil {
+		s.mu.Lock()
-			s.mu.Lock()
+		// First call to native method returns 0 (initializes baseline)
-			// Smooth with EMA
+		if !s.hasNativeCPUSample {
-			const alpha = 0.3
+			s.hasNativeCPUSample = true
 			if s.emaCPU == 0 {
 				s.emaCPU = pct
 			} else {
 				s.emaCPU = alpha*pct + (1-alpha)*s.emaCPU
 			}
 			val := s.emaCPU
 			s.mu.Unlock()
-			return val, nil
+			return 0, nil
 		}
-		// If native call fails, fall back to gopsutil times
+		// Smooth with EMA
 		const alpha = 0.3
 		if s.emaCPU == 0 {
 			s.emaCPU = pct
 		} else {
 			s.emaCPU = alpha*pct + (1-alpha)*s.emaCPU
 		}
 		val := s.emaCPU
 		s.mu.Unlock()
 		return val, nil
 	}
 	// If native call fails, fall back to gopsutil times
 	// Read aggregate CPU times (all CPUs combined)
 	times, err := cpu.Times(false)
 	if err != nil {
@@ -471,17 +476,16 @@ func (s *ServerService) sampleCPUUtilization() (float64, error) {
 	}
 	// Compute busy and total deltas
 	// Note: Guest and GuestNice times are already included in User and Nice respectively,
 	// so we exclude them to avoid double-counting (Linux kernel accounting)
 	idleDelta := cur.Idle - s.lastCPUTimes.Idle
 	// Sum of busy deltas (exclude Idle)
 	busyDelta := (cur.User - s.lastCPUTimes.User) +
 		(cur.System - s.lastCPUTimes.System) +
 		(cur.Nice - s.lastCPUTimes.Nice) +
 		(cur.Iowait - s.lastCPUTimes.Iowait) +
 		(cur.Irq - s.lastCPUTimes.Irq) +
 		(cur.Softirq - s.lastCPUTimes.Softirq) +
-		(cur.Steal - s.lastCPUTimes.Steal) +
+		(cur.Steal - s.lastCPUTimes.Steal)
 		(cur.Guest - s.lastCPUTimes.Guest) +
 		(cur.GuestNice - s.lastCPUTimes.GuestNice)
 	totalDelta := busyDelta + idleDelta
@@ -525,6 +529,18 @@ func (s *ServerService) GetXrayVersions() ([]string, error) {
 	}
 	defer resp.Body.Close()
 	// Check HTTP status code - GitHub API returns object instead of array on error
 	if resp.StatusCode != http.StatusOK {
 		bodyBytes, _ := io.ReadAll(resp.Body)
 		var errorResponse struct {
 			Message string `json:"message"`
 		}
 		if json.Unmarshal(bodyBytes, &errorResponse) == nil && errorResponse.Message != "" {
 			return nil, fmt.Errorf("GitHub API error: %s", errorResponse.Message)
 		}
 		return nil, fmt.Errorf("GitHub API returned status %d: %s", resp.StatusCode, resp.Status)
 	}
 	buffer := bytes.NewBuffer(make([]byte, bufferSize))
 	buffer.Reset()
 	if _, err := buffer.ReadFrom(resp.Body); err != nil {
@@ -790,17 +806,17 @@ func (s *ServerService) GetXrayLogs(
 		for i, part := range parts {
 			if i == 0 {
-				dateTime, err := time.Parse("2006/01/02 15:04:05.999999", parts[0]+" "+parts[1])
+				dateTime, err := time.ParseInLocation("2006/01/02 15:04:05.999999", parts[0]+" "+parts[1], time.Local)
 				if err != nil {
 					continue
 				}
-				entry.DateTime = dateTime
+				entry.DateTime = dateTime.UTC()
 			}
 			if part == "from" {
-				entry.FromAddress = parts[i+1]
+				entry.FromAddress = strings.TrimLeft(parts[i+1], "/")
 			} else if part == "accepted" {
-				entry.ToAddress = parts[i+1]
+				entry.ToAddress = strings.TrimLeft(parts[i+1], "/")
 			} else if strings.HasPrefix(part, "[") {
 				entry.Inbound = part[1:]
 			} else if strings.HasSuffix(part, "]") {
@@ -938,13 +954,26 @@ func (s *ServerService) ImportDB(file multipart.File) error {
 		return common.NewErrorf("Error saving db: %v", err)
 	}
-	// Check if we can init the db or not
+	// Close temp file before opening via sqlite
-	if err = database.InitDB(tempPath); err != nil {
+	if err = tempFile.Close(); err != nil {
-		return common.NewErrorf("Error checking db: %v", err)
+		return common.NewErrorf("Error closing temporary db file: %v", err)
 	}
 	tempFile = nil
 	// Validate integrity (no migrations / side effects)
 	if err = database.ValidateSQLiteDB(tempPath); err != nil {
 		return common.NewErrorf("Invalid or corrupt db file: %v", err)
 	}
-	// Stop Xray
+	// Stop Xray (ignore error but log)
-	s.StopXrayService()
+	if errStop := s.StopXrayService(); errStop != nil {
 		logger.Warningf("Failed to stop Xray before DB import: %v", errStop)
 	}
 	// Close existing DB to release file locks (especially on Windows)
 	if errClose := database.CloseDB(); errClose != nil {
 		logger.Warningf("Failed to close existing DB before replacement: %v", errClose)
 	}
 	// Backup the current database for fallback
 	fallbackPath := fmt.Sprintf("%s.backup", config.GetDBPath())
@@ -979,7 +1008,7 @@ func (s *ServerService) ImportDB(file multipart.File) error {
 		return common.NewErrorf("Error moving db file: %v", err)
 	}
-	// Migrate DB
+	// Open & migrate new DB
 	if err = database.InitDB(config.GetDBPath()); err != nil {
 		if errRename := os.Rename(fallbackPath, config.GetDBPath()); errRename != nil {
 			return common.NewErrorf("Error migrating db and restoring fallback: %v", errRename)
--- a/web/service/setting.go
+++ b/web/service/setting.go
@@ -73,6 +73,27 @@ var defaultValueMap = map[string]string{
 	"warp":                        "",
 	"externalTrafficInformEnable": "false",
 	"externalTrafficInformURI":    "",
 	// LDAP defaults
 	"ldapEnable":            "false",
 	"ldapHost":              "",
 	"ldapPort":              "389",
 	"ldapUseTLS":            "false",
 	"ldapBindDN":            "",
 	"ldapPassword":          "",
 	"ldapBaseDN":            "",
 	"ldapUserFilter":        "(objectClass=person)",
 	"ldapUserAttr":          "mail",
 	"ldapVlessField":        "vless_enabled",
 	"ldapSyncCron":          "@every 1m",
 	"ldapFlagField":         "",
 	"ldapTruthyValues":      "true,1,yes,on",
 	"ldapInvertFlag":        "false",
 	"ldapInboundTags":       "",
 	"ldapAutoCreate":        "false",
 	"ldapAutoDelete":        "false",
 	"ldapDefaultTotalGB":    "0",
 	"ldapDefaultExpiryDays": "0",
 	"ldapDefaultLimitIP":    "0",
 }
 // SettingService provides business logic for application settings management.
@@ -458,10 +479,18 @@ func (s *SettingService) GetSubDomain() (string, error) {
 	return s.getString("subDomain")
 }
 func (s *SettingService) SetSubCertFile(subCertFile string) error {
 	return s.setString("subCertFile", subCertFile)
 }
 func (s *SettingService) GetSubCertFile() (string, error) {
 	return s.getString("subCertFile")
 }
 func (s *SettingService) SetSubKeyFile(subKeyFile string) error {
 	return s.setString("subKeyFile", subKeyFile)
 }
 func (s *SettingService) GetSubKeyFile() (string, error) {
 	return s.getString("subKeyFile")
 }
@@ -542,6 +571,87 @@ func (s *SettingService) GetIpLimitEnable() (bool, error) {
 	return (accessLogPath != "none" && accessLogPath != ""), nil
 }
 // LDAP exported getters
 func (s *SettingService) GetLdapEnable() (bool, error) {
 	return s.getBool("ldapEnable")
 }
 func (s *SettingService) GetLdapHost() (string, error) {
 	return s.getString("ldapHost")
 }
 func (s *SettingService) GetLdapPort() (int, error) {
 	return s.getInt("ldapPort")
 }
 func (s *SettingService) GetLdapUseTLS() (bool, error) {
 	return s.getBool("ldapUseTLS")
 }
 func (s *SettingService) GetLdapBindDN() (string, error) {
 	return s.getString("ldapBindDN")
 }
 func (s *SettingService) GetLdapPassword() (string, error) {
 	return s.getString("ldapPassword")
 }
 func (s *SettingService) GetLdapBaseDN() (string, error) {
 	return s.getString("ldapBaseDN")
 }
 func (s *SettingService) GetLdapUserFilter() (string, error) {
 	return s.getString("ldapUserFilter")
 }
 func (s *SettingService) GetLdapUserAttr() (string, error) {
 	return s.getString("ldapUserAttr")
 }
 func (s *SettingService) GetLdapVlessField() (string, error) {
 	return s.getString("ldapVlessField")
 }
 func (s *SettingService) GetLdapSyncCron() (string, error) {
 	return s.getString("ldapSyncCron")
 }
 func (s *SettingService) GetLdapFlagField() (string, error) {
 	return s.getString("ldapFlagField")
 }
 func (s *SettingService) GetLdapTruthyValues() (string, error) {
 	return s.getString("ldapTruthyValues")
 }
 func (s *SettingService) GetLdapInvertFlag() (bool, error) {
 	return s.getBool("ldapInvertFlag")
 }
 func (s *SettingService) GetLdapInboundTags() (string, error) {
 	return s.getString("ldapInboundTags")
 }
 func (s *SettingService) GetLdapAutoCreate() (bool, error) {
 	return s.getBool("ldapAutoCreate")
 }
 func (s *SettingService) GetLdapAutoDelete() (bool, error) {
 	return s.getBool("ldapAutoDelete")
 }
 func (s *SettingService) GetLdapDefaultTotalGB() (int, error) {
 	return s.getInt("ldapDefaultTotalGB")
 }
 func (s *SettingService) GetLdapDefaultExpiryDays() (int, error) {
 	return s.getInt("ldapDefaultExpiryDays")
 }
 func (s *SettingService) GetLdapDefaultLimitIP() (int, error) {
 	return s.getInt("ldapDefaultLimitIP")
 }
 func (s *SettingService) UpdateAllSetting(allSetting *entity.AllSetting) error {
 	if err := allSetting.CheckValid(); err != nil {
 		return err
--- a/web/service/tgbot.go
+++ b/web/service/tgbot.go
@@ -38,7 +38,15 @@ import (
 )
 var (
-	bot         *telego.Bot
+	bot *telego.Bot
 	// botCancel stores the function to cancel the context, stopping Long Polling gracefully.
 	botCancel context.CancelFunc
 	// tgBotMutex protects concurrent access to botCancel variable
 	tgBotMutex sync.Mutex
 	// botWG waits for the OnReceive Long Polling goroutine to finish.
 	botWG sync.WaitGroup
 	botHandler  *th.BotHandler
 	adminIds    []int64
 	isRunning   bool
@@ -46,22 +54,22 @@ var (
 	hashStorage *global.HashStorage
 	// Performance improvements
-	messageWorkerPool chan struct{} // Semaphore for limiting concurrent message processing
+	messageWorkerPool   chan struct{} // Semaphore for limiting concurrent message processing
-	optimizedHTTPClient *http.Client // HTTP client with connection pooling and timeouts
+	optimizedHTTPClient *http.Client  // HTTP client with connection pooling and timeouts
-	
+
 	// Simple cache for frequently accessed data
 	statusCache struct {
 		data      *Status
 		timestamp time.Time
 		mutex     sync.RWMutex
 	}
-	
+
 	serverStatsCache struct {
 		data      string
 		timestamp time.Time
 		mutex     sync.RWMutex
 	}
-	
+
 	// clients data to adding new client
 	receiver_inbound_ID int
 	client_Id           string
@@ -122,7 +130,7 @@ func (t *Tgbot) GetHashStorage() *global.HashStorage {
 func (t *Tgbot) getCachedStatus() (*Status, bool) {
 	statusCache.mutex.RLock()
 	defer statusCache.mutex.RUnlock()
-	
+
 	if statusCache.data != nil && time.Since(statusCache.timestamp) < 5*time.Second {
 		return statusCache.data, true
 	}
@@ -133,7 +141,7 @@ func (t *Tgbot) getCachedStatus() (*Status, bool) {
 func (t *Tgbot) setCachedStatus(status *Status) {
 	statusCache.mutex.Lock()
 	defer statusCache.mutex.Unlock()
-	
+
 	statusCache.data = status
 	statusCache.timestamp = time.Now()
 }
@@ -142,7 +150,7 @@ func (t *Tgbot) setCachedStatus(status *Status) {
 func (t *Tgbot) getCachedServerStats() (string, bool) {
 	serverStatsCache.mutex.RLock()
 	defer serverStatsCache.mutex.RUnlock()
-	
+
 	if serverStatsCache.data != "" && time.Since(serverStatsCache.timestamp) < 10*time.Second {
 		return serverStatsCache.data, true
 	}
@@ -153,7 +161,7 @@ func (t *Tgbot) getCachedServerStats() (string, bool) {
 func (t *Tgbot) setCachedServerStats(stats string) {
 	serverStatsCache.mutex.Lock()
 	defer serverStatsCache.mutex.Unlock()
-	
+
 	serverStatsCache.data = stats
 	serverStatsCache.timestamp = time.Now()
 }
@@ -166,12 +174,16 @@ func (t *Tgbot) Start(i18nFS embed.FS) error {
 		return err
 	}
 	// If Start is called again (e.g. during reload), ensure any previous long-polling
 	// loop is stopped before creating a new bot / receiver.
 	StopBot()
 	// Initialize hash storage to store callback queries
 	hashStorage = global.NewHashStorage(20 * time.Minute)
 	// Initialize worker pool for concurrent message processing (max 10 concurrent handlers)
 	messageWorkerPool = make(chan struct{}, 10)
-	
+
 	// Initialize optimized HTTP client with connection pooling
 	optimizedHTTPClient = &http.Client{
 		Timeout: 15 * time.Second,
@@ -199,17 +211,21 @@ func (t *Tgbot) Start(i18nFS embed.FS) error {
 		return err
 	}
 	parsedAdminIds := make([]int64, 0)
 	// Parse admin IDs from comma-separated string
 	if tgBotID != "" {
 		for _, adminID := range strings.Split(tgBotID, ",") {
-			id, err := strconv.Atoi(adminID)
+			id, err := strconv.ParseInt(adminID, 10, 64)
 			if err != nil {
 				logger.Warning("Failed to parse admin ID from Telegram bot chat ID:", err)
 				return err
 			}
-			adminIds = append(adminIds, int64(id))
+			parsedAdminIds = append(parsedAdminIds, int64(id))
 		}
 	}
 	tgBotMutex.Lock()
 	adminIds = parsedAdminIds
 	tgBotMutex.Unlock()
 	// Get Telegram bot proxy URL
 	tgBotProxy, err := t.settingService.GetTgBotProxy()
@@ -244,10 +260,12 @@ func (t *Tgbot) Start(i18nFS embed.FS) error {
 	}
 	// Start receiving Telegram bot messages
-	if !isRunning {
+	tgBotMutex.Lock()
 	alreadyRunning := isRunning || botCancel != nil
 	tgBotMutex.Unlock()
 	if !alreadyRunning {
 		logger.Info("Telegram bot receiver started")
 		go t.OnReceive()
 		isRunning = true
 	}
 	return nil
@@ -292,6 +310,8 @@ func (t *Tgbot) NewBot(token string, proxyUrl string, apiServerUrl string) (*tel
 // IsRunning checks if the Telegram bot is currently running.
 func (t *Tgbot) IsRunning() bool {
 	tgBotMutex.Lock()
 	defer tgBotMutex.Unlock()
 	return isRunning
 }
@@ -306,14 +326,40 @@ func (t *Tgbot) SetHostname() {
 	hostname = host
 }
-// Stop stops the Telegram bot and cleans up resources.
+// Stop safely stops the Telegram bot's Long Polling operation.
 // This method now calls the global StopBot function and cleans up other resources.
 func (t *Tgbot) Stop() {
-	if botHandler != nil {
+	StopBot()
 		botHandler.Stop()
 	}
 	logger.Info("Stop Telegram receiver ...")
-	isRunning = false
+	tgBotMutex.Lock()
 	adminIds = nil
 	tgBotMutex.Unlock()
 }
 // StopBot safely stops the Telegram bot's Long Polling operation by cancelling its context.
 // This is the global function called from main.go's signal handler and t.Stop().
 func StopBot() {
 	// Don't hold the mutex while cancelling/waiting.
 	tgBotMutex.Lock()
 	cancel := botCancel
 	botCancel = nil
 	handler := botHandler
 	botHandler = nil
 	isRunning = false
 	tgBotMutex.Unlock()
 	if handler != nil {
 		handler.Stop()
 	}
 	if cancel != nil {
 		logger.Info("Sending cancellation signal to Telegram bot...")
 		// Cancels the context passed to UpdatesViaLongPolling; this closes updates channel
 		// and lets botHandler.Start() exit cleanly.
 		cancel()
 		botWG.Wait()
 		logger.Info("Telegram bot successfully stopped.")
 	}
 }
 // encodeQuery encodes the query string if it's longer than 64 characters.
@@ -345,188 +391,209 @@ func (t *Tgbot) OnReceive() {
 	params := telego.GetUpdatesParams{
 		Timeout: 30, // Increased timeout to reduce API calls
 	}
 	// Strict singleton: never start a second long-polling loop.
 	tgBotMutex.Lock()
 	if botCancel != nil || isRunning {
 		tgBotMutex.Unlock()
 		logger.Warning("TgBot OnReceive called while already running; ignoring.")
 		return
 	}
-	updates, _ := bot.UpdatesViaLongPolling(context.Background(), &params)
+	ctx, cancel := context.WithCancel(context.Background())
 	botCancel = cancel
 	isRunning = true
 	// Add to WaitGroup before releasing the lock so StopBot() can't return
 	// before this receiver goroutine is accounted for.
 	botWG.Add(1)
 	tgBotMutex.Unlock()
-	botHandler, _ = th.NewBotHandler(bot, updates)
+	// Get updates channel using the context.
 	updates, _ := bot.UpdatesViaLongPolling(ctx, &params)
 	go func() {
 		defer botWG.Done()
 		h, _ := th.NewBotHandler(bot, updates)
 		tgBotMutex.Lock()
 		botHandler = h
 		tgBotMutex.Unlock()
-	botHandler.HandleMessage(func(ctx *th.Context, message telego.Message) error {
+		h.HandleMessage(func(ctx *th.Context, message telego.Message) error {
 		delete(userStates, message.Chat.ID)
 		t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.keyboardClosed"), tu.ReplyKeyboardRemove())
 		return nil
 	}, th.TextEqual(t.I18nBot("tgbot.buttons.closeKeyboard")))
 	botHandler.HandleMessage(func(ctx *th.Context, message telego.Message) error {
 		// Use goroutine with worker pool for concurrent command processing
 		go func() {
 			messageWorkerPool <- struct{}{} // Acquire worker
 			defer func() { <-messageWorkerPool }() // Release worker
 			delete(userStates, message.Chat.ID)
-			t.answerCommand(&message, message.Chat.ID, checkAdmin(message.From.ID))
+			t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.keyboardClosed"), tu.ReplyKeyboardRemove())
-		}()
+			return nil
-		return nil
+		}, th.TextEqual(t.I18nBot("tgbot.buttons.closeKeyboard")))
 	}, th.AnyCommand())
-	botHandler.HandleCallbackQuery(func(ctx *th.Context, query telego.CallbackQuery) error {
+		h.HandleMessage(func(ctx *th.Context, message telego.Message) error {
-		// Use goroutine with worker pool for concurrent callback processing
+			// Use goroutine with worker pool for concurrent command processing
-		go func() {
+			go func() {
-			messageWorkerPool <- struct{}{} // Acquire worker
+				messageWorkerPool <- struct{}{}        // Acquire worker
-			defer func() { <-messageWorkerPool }() // Release worker
+				defer func() { <-messageWorkerPool }() // Release worker
 			delete(userStates, query.Message.GetChat().ID)
 			t.answerCallback(&query, checkAdmin(query.From.ID))
 		}()
 		return nil
 	}, th.AnyCallbackQueryWithMessage())
 	botHandler.HandleMessage(func(ctx *th.Context, message telego.Message) error {
 		if userState, exists := userStates[message.Chat.ID]; exists {
 			switch userState {
 			case "awaiting_id":
 				if client_Id == strings.TrimSpace(message.Text) {
 					t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.using_default_value"), 3, tu.ReplyKeyboardRemove())
 					delete(userStates, message.Chat.ID)
 					inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
 					message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
 					t.addClient(message.Chat.ID, message_text)
 					return nil
 				}
 				client_Id = strings.TrimSpace(message.Text)
 				if t.isSingleWord(client_Id) {
 					userStates[message.Chat.ID] = "awaiting_id"
 					cancel_btn_markup := tu.InlineKeyboard(
 						tu.InlineKeyboardRow(
 							tu.InlineKeyboardButton(t.I18nBot("tgbot.buttons.use_default")).WithCallbackData("add_client_default_info"),
 						),
 					)
 					t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.messages.incorrect_input"), cancel_btn_markup)
 				} else {
 					t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.received_id"), 3, tu.ReplyKeyboardRemove())
 					delete(userStates, message.Chat.ID)
 					inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
 					message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
 					t.addClient(message.Chat.ID, message_text)
 				}
 			case "awaiting_password_tr":
 				if client_TrPassword == strings.TrimSpace(message.Text) {
 					t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.using_default_value"), 3, tu.ReplyKeyboardRemove())
 					delete(userStates, message.Chat.ID)
 					return nil
 				}
 				client_TrPassword = strings.TrimSpace(message.Text)
 				if t.isSingleWord(client_TrPassword) {
 					userStates[message.Chat.ID] = "awaiting_password_tr"
 					cancel_btn_markup := tu.InlineKeyboard(
 						tu.InlineKeyboardRow(
 							tu.InlineKeyboardButton(t.I18nBot("tgbot.buttons.use_default")).WithCallbackData("add_client_default_info"),
 						),
 					)
 					t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.messages.incorrect_input"), cancel_btn_markup)
 				} else {
 					t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.received_password"), 3, tu.ReplyKeyboardRemove())
 					delete(userStates, message.Chat.ID)
 					inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
 					message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
 					t.addClient(message.Chat.ID, message_text)
 				}
 			case "awaiting_password_sh":
 				if client_ShPassword == strings.TrimSpace(message.Text) {
 					t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.using_default_value"), 3, tu.ReplyKeyboardRemove())
 					delete(userStates, message.Chat.ID)
 					return nil
 				}
 				client_ShPassword = strings.TrimSpace(message.Text)
 				if t.isSingleWord(client_ShPassword) {
 					userStates[message.Chat.ID] = "awaiting_password_sh"
 					cancel_btn_markup := tu.InlineKeyboard(
 						tu.InlineKeyboardRow(
 							tu.InlineKeyboardButton(t.I18nBot("tgbot.buttons.use_default")).WithCallbackData("add_client_default_info"),
 						),
 					)
 					t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.messages.incorrect_input"), cancel_btn_markup)
 				} else {
 					t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.received_password"), 3, tu.ReplyKeyboardRemove())
 					delete(userStates, message.Chat.ID)
 					inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
 					message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
 					t.addClient(message.Chat.ID, message_text)
 				}
 			case "awaiting_email":
 				if client_Email == strings.TrimSpace(message.Text) {
 					t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.using_default_value"), 3, tu.ReplyKeyboardRemove())
 					delete(userStates, message.Chat.ID)
 					return nil
 				}
 				client_Email = strings.TrimSpace(message.Text)
 				if t.isSingleWord(client_Email) {
 					userStates[message.Chat.ID] = "awaiting_email"
 					cancel_btn_markup := tu.InlineKeyboard(
 						tu.InlineKeyboardRow(
 							tu.InlineKeyboardButton(t.I18nBot("tgbot.buttons.use_default")).WithCallbackData("add_client_default_info"),
 						),
 					)
 					t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.messages.incorrect_input"), cancel_btn_markup)
 				} else {
 					t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.received_email"), 3, tu.ReplyKeyboardRemove())
 					delete(userStates, message.Chat.ID)
 					inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
 					message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
 					t.addClient(message.Chat.ID, message_text)
 				}
 			case "awaiting_comment":
 				if client_Comment == strings.TrimSpace(message.Text) {
 					t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.using_default_value"), 3, tu.ReplyKeyboardRemove())
 					delete(userStates, message.Chat.ID)
 					return nil
 				}
 				client_Comment = strings.TrimSpace(message.Text)
 				t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.received_comment"), 3, tu.ReplyKeyboardRemove())
 				delete(userStates, message.Chat.ID)
-				inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
+				t.answerCommand(&message, message.Chat.ID, checkAdmin(message.From.ID))
-				message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
+			}()
-				t.addClient(message.Chat.ID, message_text)
+			return nil
-			}
+		}, th.AnyCommand())
-		} else {
+		h.HandleCallbackQuery(func(ctx *th.Context, query telego.CallbackQuery) error {
-			if message.UsersShared != nil {
+			// Use goroutine with worker pool for concurrent callback processing
-				if checkAdmin(message.From.ID) {
+			go func() {
-					for _, sharedUser := range message.UsersShared.Users {
+				messageWorkerPool <- struct{}{}        // Acquire worker
-						userID := sharedUser.UserID
+				defer func() { <-messageWorkerPool }() // Release worker
-						needRestart, err := t.inboundService.SetClientTelegramUserID(message.UsersShared.RequestID, userID)
+
-						if needRestart {
+				delete(userStates, query.Message.GetChat().ID)
-							t.xrayService.SetToNeedRestart()
+				t.answerCallback(&query, checkAdmin(query.From.ID))
-						}
+			}()
-						output := ""
+			return nil
-						if err != nil {
+		}, th.AnyCallbackQueryWithMessage())
-							output += t.I18nBot("tgbot.messages.selectUserFailed")
+
-						} else {
+		h.HandleMessage(func(ctx *th.Context, message telego.Message) error {
-							output += t.I18nBot("tgbot.messages.userSaved")
+			if userState, exists := userStates[message.Chat.ID]; exists {
-						}
+				switch userState {
-						t.SendMsgToTgbot(message.Chat.ID, output, tu.ReplyKeyboardRemove())
+				case "awaiting_id":
 					if client_Id == strings.TrimSpace(message.Text) {
 						t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.using_default_value"), 3, tu.ReplyKeyboardRemove())
 						delete(userStates, message.Chat.ID)
 						inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
 						message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
 						t.addClient(message.Chat.ID, message_text)
 						return nil
 					}
 					client_Id = strings.TrimSpace(message.Text)
 					if t.isSingleWord(client_Id) {
 						userStates[message.Chat.ID] = "awaiting_id"
 						cancel_btn_markup := tu.InlineKeyboard(
 							tu.InlineKeyboardRow(
 								tu.InlineKeyboardButton(t.I18nBot("tgbot.buttons.use_default")).WithCallbackData("add_client_default_info"),
 							),
 						)
 						t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.messages.incorrect_input"), cancel_btn_markup)
 					} else {
 						t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.received_id"), 3, tu.ReplyKeyboardRemove())
 						delete(userStates, message.Chat.ID)
 						inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
 						message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
 						t.addClient(message.Chat.ID, message_text)
 					}
 				case "awaiting_password_tr":
 					if client_TrPassword == strings.TrimSpace(message.Text) {
 						t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.using_default_value"), 3, tu.ReplyKeyboardRemove())
 						delete(userStates, message.Chat.ID)
 						return nil
 					}
 					client_TrPassword = strings.TrimSpace(message.Text)
 					if t.isSingleWord(client_TrPassword) {
 						userStates[message.Chat.ID] = "awaiting_password_tr"
 						cancel_btn_markup := tu.InlineKeyboard(
 							tu.InlineKeyboardRow(
 								tu.InlineKeyboardButton(t.I18nBot("tgbot.buttons.use_default")).WithCallbackData("add_client_default_info"),
 							),
 						)
 						t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.messages.incorrect_input"), cancel_btn_markup)
 					} else {
 						t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.received_password"), 3, tu.ReplyKeyboardRemove())
 						delete(userStates, message.Chat.ID)
 						inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
 						message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
 						t.addClient(message.Chat.ID, message_text)
 					}
 				case "awaiting_password_sh":
 					if client_ShPassword == strings.TrimSpace(message.Text) {
 						t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.using_default_value"), 3, tu.ReplyKeyboardRemove())
 						delete(userStates, message.Chat.ID)
 						return nil
 					}
 					client_ShPassword = strings.TrimSpace(message.Text)
 					if t.isSingleWord(client_ShPassword) {
 						userStates[message.Chat.ID] = "awaiting_password_sh"
 						cancel_btn_markup := tu.InlineKeyboard(
 							tu.InlineKeyboardRow(
 								tu.InlineKeyboardButton(t.I18nBot("tgbot.buttons.use_default")).WithCallbackData("add_client_default_info"),
 							),
 						)
 						t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.messages.incorrect_input"), cancel_btn_markup)
 					} else {
 						t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.received_password"), 3, tu.ReplyKeyboardRemove())
 						delete(userStates, message.Chat.ID)
 						inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
 						message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
 						t.addClient(message.Chat.ID, message_text)
 					}
 				case "awaiting_email":
 					if client_Email == strings.TrimSpace(message.Text) {
 						t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.using_default_value"), 3, tu.ReplyKeyboardRemove())
 						delete(userStates, message.Chat.ID)
 						return nil
 					}
 					client_Email = strings.TrimSpace(message.Text)
 					if t.isSingleWord(client_Email) {
 						userStates[message.Chat.ID] = "awaiting_email"
 						cancel_btn_markup := tu.InlineKeyboard(
 							tu.InlineKeyboardRow(
 								tu.InlineKeyboardButton(t.I18nBot("tgbot.buttons.use_default")).WithCallbackData("add_client_default_info"),
 							),
 						)
 						t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.messages.incorrect_input"), cancel_btn_markup)
 					} else {
 						t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.received_email"), 3, tu.ReplyKeyboardRemove())
 						delete(userStates, message.Chat.ID)
 						inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
 						message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
 						t.addClient(message.Chat.ID, message_text)
 					}
 				case "awaiting_comment":
 					if client_Comment == strings.TrimSpace(message.Text) {
 						t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.using_default_value"), 3, tu.ReplyKeyboardRemove())
 						delete(userStates, message.Chat.ID)
 						return nil
 					}
 					client_Comment = strings.TrimSpace(message.Text)
 					t.SendMsgToTgbotDeleteAfter(message.Chat.ID, t.I18nBot("tgbot.messages.received_comment"), 3, tu.ReplyKeyboardRemove())
 					delete(userStates, message.Chat.ID)
 					inbound, _ := t.inboundService.GetInbound(receiver_inbound_ID)
 					message_text, _ := t.BuildInboundClientDataMessage(inbound.Remark, inbound.Protocol)
 					t.addClient(message.Chat.ID, message_text)
 				}
 			} else {
 				if message.UsersShared != nil {
 					if checkAdmin(message.From.ID) {
 						for _, sharedUser := range message.UsersShared.Users {
 							userID := sharedUser.UserID
 							needRestart, err := t.inboundService.SetClientTelegramUserID(message.UsersShared.RequestID, userID)
 							if needRestart {
 								t.xrayService.SetToNeedRestart()
 							}
 							output := ""
 							if err != nil {
 								output += t.I18nBot("tgbot.messages.selectUserFailed")
 							} else {
 								output += t.I18nBot("tgbot.messages.userSaved")
 							}
 							t.SendMsgToTgbot(message.Chat.ID, output, tu.ReplyKeyboardRemove())
 						}
 					} else {
 						t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.noResult"), tu.ReplyKeyboardRemove())
 					}
 				} else {
 					t.SendMsgToTgbot(message.Chat.ID, t.I18nBot("tgbot.noResult"), tu.ReplyKeyboardRemove())
 				}
 			}
-		}
+			return nil
-		return nil
+		}, th.AnyMessage())
 	}, th.AnyMessage())
-	botHandler.Start()
+		h.Start()
 	}()
 }
 // answerCommand processes incoming command messages from Telegram users.
@@ -852,8 +919,8 @@ func (t *Tgbot) answerCallback(callbackQuery *telego.CallbackQuery, isAdmin bool
 				t.sendCallbackAnswerTgBot(callbackQuery.ID, t.I18nBot("tgbot.answers.errorOperation"))
 				t.searchClient(chatId, email, callbackQuery.Message.GetMessageID())
 			case "add_client_limit_traffic_c":
-				limitTraffic, _ := strconv.Atoi(dataArray[1])
+				limitTraffic, _ := strconv.ParseInt(dataArray[1], 10, 64)
-				client_TotalGB = int64(limitTraffic) * 1024 * 1024 * 1024
+				client_TotalGB = limitTraffic * 1024 * 1024 * 1024
 				messageId := callbackQuery.Message.GetMessageID()
 				inbound, err := t.inboundService.GetInbound(receiver_inbound_ID)
 				if err != nil {
@@ -957,7 +1024,7 @@ func (t *Tgbot) answerCallback(callbackQuery *telego.CallbackQuery, isAdmin bool
 				t.editMessageCallbackTgBot(chatId, callbackQuery.Message.GetMessageID(), inlineKeyboard)
 			case "reset_exp_c":
 				if len(dataArray) == 3 {
-					days, err := strconv.Atoi(dataArray[2])
+					days, err := strconv.ParseInt(dataArray[2], 10, 64)
 					if err == nil {
 						var date int64
 						if days > 0 {
@@ -1062,7 +1129,7 @@ func (t *Tgbot) answerCallback(callbackQuery *telego.CallbackQuery, isAdmin bool
 				t.searchClient(chatId, email, callbackQuery.Message.GetMessageID())
 			case "add_client_reset_exp_c":
 				client_ExpiryTime = 0
-				days, _ := strconv.Atoi(dataArray[1])
+				days, _ := strconv.ParseInt(dataArray[1], 10, 64)
 				var date int64
 				if client_ExpiryTime > 0 {
 					if client_ExpiryTime-time.Now().Unix()*1000 < 0 {
@@ -2537,7 +2604,7 @@ func (t *Tgbot) prepareServerUsageInfo() string {
 	if cachedStats, found := t.getCachedServerStats(); found {
 		return cachedStats
 	}
-	
+
 	info, ipv4, ipv6 := "", "", ""
 	// get latest status of server with caching
@@ -2588,10 +2655,10 @@ func (t *Tgbot) prepareServerUsageInfo() string {
 	info += t.I18nBot("tgbot.messages.udpCount", "Count=="+strconv.Itoa(t.lastStatus.UdpCount))
 	info += t.I18nBot("tgbot.messages.traffic", "Total=="+common.FormatTraffic(int64(t.lastStatus.NetTraffic.Sent+t.lastStatus.NetTraffic.Recv)), "Upload=="+common.FormatTraffic(int64(t.lastStatus.NetTraffic.Sent)), "Download=="+common.FormatTraffic(int64(t.lastStatus.NetTraffic.Recv)))
 	info += t.I18nBot("tgbot.messages.xrayStatus", "State=="+fmt.Sprint(t.lastStatus.Xray.State))
-	
+
 	// Cache the complete server stats
 	t.setCachedServerStats(info)
-	
+
 	return info
 }
@@ -2899,10 +2966,12 @@ func (t *Tgbot) clientInfoMsg(
 	}
 	status := t.I18nBot("tgbot.offline")
 	isOnline := false
 	if p.IsRunning() {
 		for _, online := range p.GetOnlineClients() {
 			if online == traffic.Email {
 				status = t.I18nBot("tgbot.online")
 				isOnline = true
 				break
 			}
 		}
@@ -2915,6 +2984,9 @@ func (t *Tgbot) clientInfoMsg(
 	}
 	if printOnline {
 		output += t.I18nBot("tgbot.messages.online", "Status=="+status)
 		if !isOnline && traffic.LastOnline > 0 {
 			output += t.I18nBot("tgbot.messages.lastOnline", "Time=="+time.UnixMilli(traffic.LastOnline).Format("2006-01-02 15:04:05"))
 		}
 	}
 	if printActive {
 		output += t.I18nBot("tgbot.messages.active", "Enable=="+active)
--- a/web/service/user.go
+++ b/web/service/user.go
@@ -7,7 +7,7 @@ import (
 	"github.com/mhsanaei/3x-ui/v2/database/model"
 	"github.com/mhsanaei/3x-ui/v2/logger"
 	"github.com/mhsanaei/3x-ui/v2/util/crypto"
-
+	ldaputil "github.com/mhsanaei/3x-ui/v2/util/ldap"
 	"github.com/xlzd/gotp"
 	"gorm.io/gorm"
 )
@@ -49,8 +49,37 @@ func (s *UserService) CheckUser(username string, password string, twoFactorCode
 		return nil
 	}
 	// If LDAP enabled and local password check fails, attempt LDAP auth
 	if !crypto.CheckPasswordHash(user.Password, password) {
-		return nil
+		ldapEnabled, _ := s.settingService.GetLdapEnable()
 		if !ldapEnabled {
 			return nil
 		}
 		host, _ := s.settingService.GetLdapHost()
 		port, _ := s.settingService.GetLdapPort()
 		useTLS, _ := s.settingService.GetLdapUseTLS()
 		bindDN, _ := s.settingService.GetLdapBindDN()
 		ldapPass, _ := s.settingService.GetLdapPassword()
 		baseDN, _ := s.settingService.GetLdapBaseDN()
 		userFilter, _ := s.settingService.GetLdapUserFilter()
 		userAttr, _ := s.settingService.GetLdapUserAttr()
 		cfg := ldaputil.Config{
 			Host:       host,
 			Port:       port,
 			UseTLS:     useTLS,
 			BindDN:     bindDN,
 			Password:   ldapPass,
 			BaseDN:     baseDN,
 			UserFilter: userFilter,
 			UserAttr:   userAttr,
 		}
 		ok, err := ldaputil.AuthenticateUser(cfg, username, password)
 		if err != nil || !ok {
 			return nil
 		}
 		// On successful LDAP auth, continue 2FA checks below
 	}
 	twoFactorEnable, err := s.settingService.GetTwoFactorEnable()
--- a/web/translation/translate.ar_EG.toml
+++ b/web/translation/translate.ar_EG.toml
@@ -106,7 +106,7 @@
 "invalidFormData" = "تنسيق البيانات المدخلة مش صحيح."
 "emptyUsername" = "اسم المستخدم مطلوب"
 "emptyPassword" = "الباسورد مطلوب"
-"wrongUsernameOrPassword" = "اسم المستخدم أو كلمة المرور أو كود المصادقة الثنائية غير صحيح."  
+"wrongUsernameOrPassword" = "اسم المستخدم أو كلمة المرور أو كود المصادقة الثنائية غير صحيح."
 "successLogin" = "لقد تم تسجيل الدخول إلى حسابك بنجاح."
 [pages.index]
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "بيعطل استعلامات DNS الاحتياطية"
 "disableFallbackIfMatch" = "تعطيل النسخ الاحتياطي عند التطابق"
 "disableFallbackIfMatchDesc" = "بيعطل استعلامات DNS الاحتياطية لما يتحقق تطابق مع قائمة الدومينات"
 "enableParallelQuery" = "تفعيل الاستعلام المتوازي"
 "enableParallelQueryDesc" = "تفعيل استعلامات DNS المتوازية لعدة خوادم لحل أسرع"
 "strategy" = "استراتيجية الاستعلام"
 "strategyDesc" = "الاستراتيجية العامة لحل أسماء الدومين"
 "add" = "أضف سيرفر"
@@ -565,9 +567,9 @@
 [pages.settings.security]
 "admin" = "بيانات الأدمن"
-"twoFactor" = "المصادقة الثنائية"  
+"twoFactor" = "المصادقة الثنائية"
-"twoFactorEnable" = "تفعيل المصادقة الثنائية"  
+"twoFactorEnable" = "تفعيل المصادقة الثنائية"
-"twoFactorEnableDesc" = "يضيف طبقة إضافية من المصادقة لتعزيز الأمان."  
+"twoFactorEnableDesc" = "يضيف طبقة إضافية من المصادقة لتعزيز الأمان."
 "twoFactorModalSetTitle" = "تفعيل المصادقة الثنائية"
 "twoFactorModalDeleteTitle" = "تعطيل المصادقة الثنائية"
 "twoFactorModalSteps" = "لإعداد المصادقة الثنائية، قم ببعض الخطوات:"
@@ -663,6 +665,7 @@
 "active" = "💡 مفعل: {{ .Enable }}\r\n"
 "enabled" = "🚨 مفعل: {{ .Enable }}\r\n"
 "online" = "🌐 حالة الاتصال: {{ .Status }}\r\n"
 "lastOnline" = "🔙 آخر متصل: {{ .Time }}\r\n"
 "email" = "📧 الإيميل: {{ .Email }}\r\n"
 "upload" = "🔼 رفع: ↑{{ .Upload }}\r\n"
 "download" = "🔽 تنزيل: ↓{{ .Download }}\r\n"
--- a/web/translation/translate.en_US.toml
+++ b/web/translation/translate.en_US.toml
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "Disables fallback DNS queries"
 "disableFallbackIfMatch" = "Disable Fallback If Match"
 "disableFallbackIfMatchDesc" = "Disables fallback DNS queries when the matching domain list of the DNS server is hit"
 "enableParallelQuery" = "Enable Parallel Query"
 "enableParallelQueryDesc" = "Enable parallel DNS queries to multiple servers for faster resolution"
 "strategy" = "Query Strategy"
 "strategyDesc" = "Overall strategy to resolve domain names"
 "add" = "Add Server"
@@ -663,6 +665,7 @@
 "active" = "💡 Active: {{ .Enable }}\r\n"
 "enabled" = "🚨 Enabled: {{ .Enable }}\r\n"
 "online" = "🌐 Connection status: {{ .Status }}\r\n"
 "lastOnline" = "🔙 Last online: {{ .Time }}\r\n"
 "email" = "📧 Email: {{ .Email }}\r\n"
 "upload" = "🔼 Upload: ↑{{ .Upload }}\r\n"
 "download" = "🔽 Download: ↓{{ .Download }}\r\n"
@@ -688,9 +691,9 @@
 "inbound_client_data_id" = "🔄 Inbound: {{ .InboundRemark }}\n\n🔑 ID: {{ .ClientId }}\n📧 Email: {{ .ClientEmail }}\n📊 Traffic: {{ .ClientTraffic }}\n📅 Expire Date: {{ .ClientExp }}\n🌐 IP Limit: {{ .IpLimit }}\n💬 Comment: {{ .ClientComment }}\n\nYou can add the client to inbound now!"
 "inbound_client_data_pass" = "🔄 Inbound: {{ .InboundRemark }}\n\n🔑 Password: {{ .ClientPass }}\n📧 Email: {{ .ClientEmail }}\n📊 Traffic: {{ .ClientTraffic }}\n📅 Expire Date: {{ .ClientExp }}\n🌐 IP Limit: {{ .IpLimit }}\n💬 Comment: {{ .ClientComment }}\n\nYou can add the client to inbound now!"
 "cancel" = "❌ Process Canceled! \n\nYou can /start again anytime. 🔄"
-"error_add_client"  = "⚠️ Error:\n\n {{ .error }}"
+"error_add_client" = "⚠️ Error:\n\n {{ .error }}"
-"using_default_value"  = "Okay, I'll stick with the default value. 😊"
+"using_default_value" = "Okay, I'll stick with the default value. 😊"
-"incorrect_input" ="Your input is not valid.\nThe phrases should be continuous without spaces.\nCorrect example: aaaaaa\nIncorrect example: aaa aaa 🚫"
+"incorrect_input" = "Your input is not valid.\nThe phrases should be continuous without spaces.\nCorrect example: aaaaaa\nIncorrect example: aaa aaa 🚫"
 "AreYouSure" = "Are you sure? 🤔"
 "SuccessResetTraffic" = "📧 Email: {{ .ClientEmail }}\n🏁 Result: ✅ Success"
 "FailedResetTraffic" = "📧 Email: {{ .ClientEmail }}\n🏁 Result: ❌ Failed \n\n🛠️ Error: [ {{ .ErrorMessage }} ]"
--- a/web/translation/translate.es_ES.toml
+++ b/web/translation/translate.es_ES.toml
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "Desactiva las consultas DNS de respaldo"
 "disableFallbackIfMatch" = "Desactivar respaldo si coincide"
 "disableFallbackIfMatchDesc" = "Desactiva las consultas DNS de respaldo cuando se acierta en la lista de dominios coincidentes del servidor DNS"
 "enableParallelQuery" = "Habilitar consulta paralela"
 "enableParallelQueryDesc" = "Habilitar consultas DNS paralelas a múltiples servidores para una resolución más rápida"
 "strategy" = "Estrategia de Consulta"
 "strategyDesc" = "Estrategia general para resolver nombres de dominio"
 "add" = "Agregar Servidor"
@@ -663,6 +665,7 @@
 "active" = "💡 Activo: {{ .Enable }}\r\n"
 "enabled" = "🚨 Habilitado: {{ .Enable }}\r\n"
 "online" = "🌐 Estado de conexión: {{ .Status }}\r\n"
 "lastOnline" = "🔙 Última conexión: {{ .Time }}\r\n"
 "email" = "📧 Email: {{ .Email }}\r\n"
 "upload" = "🔼 Subida: ↑{{ .Upload }}\r\n"
 "download" = "🔽 Bajada: ↓{{ .Download }}\r\n"
@@ -688,9 +691,9 @@
 "inbound_client_data_id" = "🔄 Entrada: {{ .InboundRemark }}\n\n🔑 ID: {{ .ClientId }}\n📧 Correo: {{ .ClientEmail }}\n📊 Tráfico: {{ .ClientTraffic }}\n📅 Fecha de expiración: {{ .ClientExp }}\n🌐 Límite de IP: {{ .IpLimit }}\n💬 Comentario: {{ .ClientComment }}\n\n¡Ahora puedes agregar al cliente a la entrada!"
 "inbound_client_data_pass" = "🔄 Entrada: {{ .InboundRemark }}\n\n🔑 Contraseña: {{ .ClientPass }}\n📧 Correo: {{ .ClientEmail }}\n📊 Tráfico: {{ .ClientTraffic }}\n📅 Fecha de expiración: {{ .ClientExp }}\n🌐 Límite de IP: {{ .IpLimit }}\n💬 Comentario: {{ .ClientComment }}\n\n¡Ahora puedes agregar al cliente a la entrada!"
 "cancel" = "❌ ¡Proceso cancelado! \n\nPuedes /start de nuevo en cualquier momento. 🔄"
-"error_add_client"  = "⚠️ Error:\n\n {{ .error }}"
+"error_add_client" = "⚠️ Error:\n\n {{ .error }}"
-"using_default_value"  = "Está bien, me quedaré con el valor predeterminado. 😊"
+"using_default_value" = "Está bien, me quedaré con el valor predeterminado. 😊"
-"incorrect_input" ="Tu entrada no es válida.\nLas frases deben ser continuas sin espacios.\nEjemplo correcto: aaaaaa\nEjemplo incorrecto: aaa aaa 🚫"
+"incorrect_input" = "Tu entrada no es válida.\nLas frases deben ser continuas sin espacios.\nEjemplo correcto: aaaaaa\nEjemplo incorrecto: aaa aaa 🚫"
 "AreYouSure" = "¿Estás seguro? 🤔"
 "SuccessResetTraffic" = "📧 Correo: {{ .ClientEmail }}\n🏁 Resultado: ✅ Éxito"
 "FailedResetTraffic" = "📧 Correo: {{ .ClientEmail }}\n🏁 Resultado: ❌ Fallido \n\n🛠️ Error: [ {{ .ErrorMessage }} ]"
--- a/web/translation/translate.fa_IR.toml
+++ b/web/translation/translate.fa_IR.toml
@@ -106,7 +106,7 @@
 "invalidFormData" = "اطلاعات به‌درستی وارد نشده‌است"
 "emptyUsername" = "لطفا یک نام‌کاربری وارد کنید‌"
 "emptyPassword" = "لطفا یک رمزعبور وارد کنید"
-"wrongUsernameOrPassword" = "نام کاربری، رمز عبور یا کد دو مرحله‌ای نامعتبر است."  
+"wrongUsernameOrPassword" = "نام کاربری، رمز عبور یا کد دو مرحله‌ای نامعتبر است."
 "successLogin" = "شما با موفقیت به حساب کاربری خود وارد شدید."
 [pages.index]
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "درخواست‌های DNS Fallback را غیرفعال می‌کند"
 "disableFallbackIfMatch" = "غیرفعال‌سازی Fallback در صورت تطابق"
 "disableFallbackIfMatchDesc" = "درخواست‌های DNS Fallback را زمانی که لیست دامنه‌های مطابقت‌یافته سرور DNS فعال است، غیرفعال می‌کند"
 "enableParallelQuery" = "فعال‌سازی پرس‌وجوی موازی"
 "enableParallelQueryDesc" = "فعال‌سازی پرس‌وجوهای DNS موازی به چندین سرور برای وضوح سریع‌تر"
 "strategy" = "استراتژی پرس‌وجو"
 "strategyDesc" = "استراتژی کلی برای حل نام دامنه"
 "add" = "افزودن سرور"
@@ -565,9 +567,9 @@
 [pages.settings.security]
 "admin" = "اعتبارنامه‌های ادمین"
-"twoFactor" = "احراز هویت دو مرحله‌ای"  
+"twoFactor" = "احراز هویت دو مرحله‌ای"
-"twoFactorEnable" = "فعال‌سازی 2FA"  
+"twoFactorEnable" = "فعال‌سازی 2FA"
-"twoFactorEnableDesc" = "یک لایه اضافی امنیتی برای احراز هویت فراهم می‌کند."  
+"twoFactorEnableDesc" = "یک لایه اضافی امنیتی برای احراز هویت فراهم می‌کند."
 "twoFactorModalSetTitle" = "فعال‌سازی احراز هویت دو مرحله‌ای"
 "twoFactorModalDeleteTitle" = "غیرفعال‌سازی احراز هویت دو مرحله‌ای"
 "twoFactorModalSteps" = "برای راه‌اندازی احراز هویت دو مرحله‌ای، مراحل زیر را انجام دهید:"
@@ -663,6 +665,7 @@
 "active" = "💡 فعال: {{ .Enable }}\r\n"
 "enabled" = "🚨 وضعیت: {{ .Enable }}\r\n"
 "online" = "🌐 وضعیت اتصال: {{ .Status }}\r\n"
 "lastOnline" = "🔙 آخرین فعالیت: {{ .Time }}\r\n"
 "email" = "📧 ایمیل: {{ .Email }}\r\n"
 "upload" = "🔼 آپلود↑: {{ .Upload }}\r\n"
 "download" = "🔽 دانلود↓: {{ .Download }}\r\n"
@@ -688,9 +691,9 @@
 "inbound_client_data_id" = "🔄 ورودی: {{ .InboundRemark }}\n\n🔑 شناسه: {{ .ClientId }}\n📧 ایمیل: {{ .ClientEmail }}\n📊 ترافیک: {{ .ClientTraffic }}\n📅 تاریخ انقضا: {{ .ClientExp }}\n🌐 محدودیت IP: {{ .IpLimit }}\n💬 توضیح: {{ .ClientComment }}\n\nاکنون می‌تونی مشتری را به ورودی اضافه کنی!"
 "inbound_client_data_pass" = "🔄 ورودی: {{ .InboundRemark }}\n\n🔑 رمز عبور: {{ .ClientPass }}\n📧 ایمیل: {{ .ClientEmail }}\n📊 ترافیک: {{ .ClientTraffic }}\n📅 تاریخ انقضا: {{ .ClientExp }}\n🌐 محدودیت IP: {{ .IpLimit }}\n💬 توضیح: {{ .ClientComment }}\n\nاکنون می‌تونی مشتری را به ورودی اضافه کنی!"
 "cancel" = "❌ فرآیند لغو شد! \n\nمی‌توانید هر زمان که خواستید /start را دوباره اجرا کنید. 🔄"
-"error_add_client"  = "⚠️ خطا:\n\n {{ .error }}"
+"error_add_client" = "⚠️ خطا:\n\n {{ .error }}"
-"using_default_value"  = "باشه، از مقدار پیش‌فرض استفاده می‌کنم. 😊"
+"using_default_value" = "باشه، از مقدار پیش‌فرض استفاده می‌کنم. 😊"
-"incorrect_input" ="ورودی شما معتبر نیست.\nعبارت‌ها باید بدون فاصله باشند.\nمثال صحیح: aaaaaa\nمثال نادرست: aaa aaa 🚫"
+"incorrect_input" = "ورودی شما معتبر نیست.\nعبارت‌ها باید بدون فاصله باشند.\nمثال صحیح: aaaaaa\nمثال نادرست: aaa aaa 🚫"
 "AreYouSure" = "مطمئنی؟ 🤔"
 "SuccessResetTraffic" = "📧 ایمیل: {{ .ClientEmail }}\n🏁 نتیجه: ✅ موفقیت‌آمیز"
 "FailedResetTraffic" = "📧 ایمیل: {{ .ClientEmail }}\n🏁 نتیجه: ❌ ناموفق \n\n🛠️ خطا: [ {{ .ErrorMessage }} ]"
--- a/web/translation/translate.id_ID.toml
+++ b/web/translation/translate.id_ID.toml
@@ -106,12 +106,12 @@
 "invalidFormData" = "Format data input tidak valid."
 "emptyUsername" = "Nama Pengguna diperlukan"
 "emptyPassword" = "Kata Sandi diperlukan"
-"wrongUsernameOrPassword" = "Username, kata sandi, atau kode dua faktor tidak valid."  
+"wrongUsernameOrPassword" = "Username, kata sandi, atau kode dua faktor tidak valid."
 "successLogin" = "Anda telah berhasil masuk ke akun Anda."
 [pages.index]
 "title" = "Ikhtisar"
-"cpu" = "CPU" 
+"cpu" = "CPU"
 "logicalProcessors" = "Prosesor logis"
 "frequency" = "Frekuensi"
 "swap" = "Swap"
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "Menonaktifkan kueri DNS fallback"
 "disableFallbackIfMatch" = "Nonaktifkan Fallback Jika Cocok"
 "disableFallbackIfMatchDesc" = "Menonaktifkan kueri DNS fallback ketika daftar domain yang cocok dari server DNS terpenuhi"
 "enableParallelQuery" = "Aktifkan Kueri Paralel"
 "enableParallelQueryDesc" = "Aktifkan kueri DNS paralel ke beberapa server untuk resolusi yang lebih cepat"
 "strategy" = "Strategi Kueri"
 "strategyDesc" = "Strategi keseluruhan untuk menyelesaikan nama domain"
 "add" = "Tambahkan Server"
@@ -663,6 +665,7 @@
 "active" = "💡 Aktif: {{ .Enable }}\r\n"
 "enabled" = "🚨 Diaktifkan: {{ .Enable }}\r\n"
 "online" = "🌐 Status Koneksi: {{ .Status }}\r\n"
 "lastOnline" = "🔙 Terakhir online: {{ .Time }}\r\n"
 "email" = "📧 Email: {{ .Email }}\r\n"
 "upload" = "🔼 Unggah: ↑{{ .Upload }}\r\n"
 "download" = "🔽 Unduh: ↓{{ .Download }}\r\n"
@@ -688,9 +691,9 @@
 "inbound_client_data_id" = "🔄 Masuk: {{ .InboundRemark }}\n\n🔑 ID: {{ .ClientId }}\n📧 Email: {{ .ClientEmail }}\n📊 Lalu lintas: {{ .ClientTraffic }}\n📅 Tanggal Kedaluwarsa: {{ .ClientExp }}\n🌐 Batas IP: {{ .IpLimit }}\n💬 Komentar: {{ .ClientComment }}\n\nSekarang kamu bisa menambahkan klien ke inbound!"
 "inbound_client_data_pass" = "🔄 Masuk: {{ .InboundRemark }}\n\n🔑 Kata sandi: {{ .ClientPass }}\n📧 Email: {{ .ClientEmail }}\n📊 Lalu lintas: {{ .ClientTraffic }}\n📅 Tanggal Kedaluwarsa: {{ .ClientExp }}\n🌐 Batas IP: {{ .IpLimit }}\n💬 Komentar: {{ .ClientComment }}\n\nSekarang kamu bisa menambahkan klien ke inbound!"
 "cancel" = "❌ Proses Dibatalkan! \n\nAnda dapat /start lagi kapan saja. 🔄"
-"error_add_client"  = "⚠️ Kesalahan:\n\n {{ .error }}"
+"error_add_client" = "⚠️ Kesalahan:\n\n {{ .error }}"
-"using_default_value"  = "Oke, saya akan tetap menggunakan nilai default. 😊"
+"using_default_value" = "Oke, saya akan tetap menggunakan nilai default. 😊"
-"incorrect_input" ="Masukan Anda tidak valid.\nFrasa harus berlanjut tanpa spasi.\nContoh benar: aaaaaa\nContoh salah: aaa aaa 🚫"
+"incorrect_input" = "Masukan Anda tidak valid.\nFrasa harus berlanjut tanpa spasi.\nContoh benar: aaaaaa\nContoh salah: aaa aaa 🚫"
 "AreYouSure" = "Apakah kamu yakin? 🤔"
 "SuccessResetTraffic" = "📧 Email: {{ .ClientEmail }}\n🏁 Hasil: ✅ Berhasil"
 "FailedResetTraffic" = "📧 Email: {{ .ClientEmail }}\n🏁 Hasil: ❌ Gagal \n\n🛠️ Kesalahan: [ {{ .ErrorMessage }} ]"
--- a/web/translation/translate.ja_JP.toml
+++ b/web/translation/translate.ja_JP.toml
@@ -106,7 +106,7 @@
 "invalidFormData" = "データ形式エラー"
 "emptyUsername" = "ユーザー名を入力してください"
 "emptyPassword" = "パスワードを入力してください"
-"wrongUsernameOrPassword" = "ユーザー名、パスワード、または二段階認証コードが無効です。"  
+"wrongUsernameOrPassword" = "ユーザー名、パスワード、または二段階認証コードが無効です。"
 "successLogin" = "アカウントに正常にログインしました。"
 [pages.index]
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "フォールバックDNSクエリを無効にします"
 "disableFallbackIfMatch" = "一致した場合にフォールバックを無効にする"
 "disableFallbackIfMatchDesc" = "DNSサーバーの一致するドメインリストにヒットした場合、フォールバックDNSクエリを無効にします"
 "enableParallelQuery" = "並列クエリを有効にする"
 "enableParallelQueryDesc" = "複数のサーバーへの並列DNSクエリを有効にして、より高速な解決を実現"
 "strategy" = "クエリ戦略"
 "strategyDesc" = "ドメイン名解決の全体的な戦略"
 "add" = "サーバー追加"
@@ -565,9 +567,9 @@
 [pages.settings.security]
 "admin" = "管理者の資格情報"
-"twoFactor" = "二段階認証"  
+"twoFactor" = "二段階認証"
-"twoFactorEnable" = "2FAを有効化"  
+"twoFactorEnable" = "2FAを有効化"
-"twoFactorEnableDesc" = "セキュリティを強化するために追加の認証層を追加します。"  
+"twoFactorEnableDesc" = "セキュリティを強化するために追加の認証層を追加します。"
 "twoFactorModalSetTitle" = "二段階認証を有効にする"
 "twoFactorModalDeleteTitle" = "二段階認証を無効にする"
 "twoFactorModalSteps" = "二段階認証を設定するには、次の手順を実行してください:"
@@ -663,6 +665,7 @@
 "active" = "💡 有効：{{ .Enable }}\r\n"
 "enabled" = "🚨 有効化済み：{{ .Enable }}\r\n"
 "online" = "🌐 接続ステータス：{{ .Status }}\r\n"
 "lastOnline" = "🔙 最終オンライン: {{ .Time }}\r\n"
 "email" = "📧 メール：{{ .Email }}\r\n"
 "upload" = "🔼 アップロード↑：{{ .Upload }}\r\n"
 "download" = "🔽 ダウンロード↓：{{ .Download }}\r\n"
@@ -688,9 +691,9 @@
 "inbound_client_data_id" = "🔄 インバウンド: {{ .InboundRemark }}\n\n🔑 ID: {{ .ClientId }}\n📧 メール: {{ .ClientEmail }}\n📊 トラフィック: {{ .ClientTraffic }}\n📅 有効期限: {{ .ClientExp }}\n🌐 IP制限: {{ .IpLimit }}\n💬 コメント: {{ .ClientComment }}\n\n今すぐこのクライアントをインバウンドに追加できます！"
 "inbound_client_data_pass" = "🔄 インバウンド: {{ .InboundRemark }}\n\n🔑 パスワード: {{ .ClientPass }}\n📧 メール: {{ .ClientEmail }}\n📊 トラフィック: {{ .ClientTraffic }}\n📅 有効期限: {{ .ClientExp }}\n🌐 IP制限: {{ .IpLimit }}\n💬 コメント: {{ .ClientComment }}\n\n今すぐこのクライアントをインバウンドに追加できます！"
 "cancel" = "❌ プロセスがキャンセルされました！\n\nいつでも /start で再開できます。 🔄"
-"error_add_client"  = "⚠️ エラー:\n\n {{ .error }}"
+"error_add_client" = "⚠️ エラー:\n\n {{ .error }}"
-"using_default_value"  = "わかりました、デフォルト値を使用します。 😊"
+"using_default_value" = "わかりました、デフォルト値を使用します。 😊"
-"incorrect_input" ="入力が無効です。\nフレーズはスペースなしで続けて入力してください。\n正しい例: aaaaaa\n間違った例: aaa aaa 🚫"
+"incorrect_input" = "入力が無効です。\nフレーズはスペースなしで続けて入力してください。\n正しい例: aaaaaa\n間違った例: aaa aaa 🚫"
 "AreYouSure" = "本当にいいですか？🤔"
 "SuccessResetTraffic" = "📧 メール: {{ .ClientEmail }}\n🏁 結果: ✅ 成功"
 "FailedResetTraffic" = "📧 メール: {{ .ClientEmail }}\n🏁 結果: ❌ 失敗 \n\n🛠️ エラー: [ {{ .ErrorMessage }} ]"
--- a/web/translation/translate.pt_BR.toml
+++ b/web/translation/translate.pt_BR.toml
@@ -106,12 +106,12 @@
 "invalidFormData" = "O formato dos dados de entrada é inválido."
 "emptyUsername" = "Nome de usuário é obrigatório"
 "emptyPassword" = "Senha é obrigatória"
-"wrongUsernameOrPassword" = "Nome de usuário, senha ou código de dois fatores inválido."  
+"wrongUsernameOrPassword" = "Nome de usuário, senha ou código de dois fatores inválido."
 "successLogin" = "Você entrou na sua conta com sucesso."
 [pages.index]
 "title" = "Visão Geral"
-"cpu" = "CPU" 
+"cpu" = "CPU"
 "logicalProcessors" = "Processadores lógicos"
 "frequency" = "Frequência"
 "swap" = "Swap"
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "Desativa consultas DNS de fallback"
 "disableFallbackIfMatch" = "Desativar Fallback Se Corresponder"
 "disableFallbackIfMatchDesc" = "Desativa consultas DNS de fallback quando a lista de domínios correspondentes do servidor DNS é atingida"
 "enableParallelQuery" = "Habilitar Consulta Paralela"
 "enableParallelQueryDesc" = "Habilitar consultas DNS paralelas para múltiplos servidores para resolução mais rápida"
 "strategy" = "Estratégia de Consulta"
 "strategyDesc" = "Estratégia geral para resolver nomes de domínio"
 "add" = "Adicionar Servidor"
@@ -565,9 +567,9 @@
 [pages.settings.security]
 "admin" = "Credenciais de administrador"
-"twoFactor" = "Autenticação de dois fatores"  
+"twoFactor" = "Autenticação de dois fatores"
-"twoFactorEnable" = "Ativar 2FA"  
+"twoFactorEnable" = "Ativar 2FA"
-"twoFactorEnableDesc" = "Adiciona uma camada extra de autenticação para mais segurança."  
+"twoFactorEnableDesc" = "Adiciona uma camada extra de autenticação para mais segurança."
 "twoFactorModalSetTitle" = "Ativar autenticação de dois fatores"
 "twoFactorModalDeleteTitle" = "Desativar autenticação de dois fatores"
 "twoFactorModalSteps" = "Para configurar a autenticação de dois fatores, siga alguns passos:"
@@ -663,6 +665,7 @@
 "active" = "💡 Ativo: {{ .Enable }}\r\n"
 "enabled" = "🚨 Ativado: {{ .Enable }}\r\n"
 "online" = "🌐 Status da conexão: {{ .Status }}\r\n"
 "lastOnline" = "🔙 Última vez online: {{ .Time }}\r\n"
 "email" = "📧 Email: {{ .Email }}\r\n"
 "upload" = "🔼 Upload: ↑{{ .Upload }}\r\n"
 "download" = "🔽 Download: ↓{{ .Download }}\r\n"
@@ -688,9 +691,9 @@
 "inbound_client_data_id" = "🔄 Entrada: {{ .InboundRemark }}\n\n🔑 ID: {{ .ClientId }}\n📧 Email: {{ .ClientEmail }}\n📊 Tráfego: {{ .ClientTraffic }}\n📅 Data de expiração: {{ .ClientExp }}\n🌐 Limite de IP: {{ .IpLimit }}\n💬 Comentário: {{ .ClientComment }}\n\nAgora você pode adicionar o cliente à entrada!"
 "inbound_client_data_pass" = "🔄 Entrada: {{ .InboundRemark }}\n\n🔑 Senha: {{ .ClientPass }}\n📧 Email: {{ .ClientEmail }}\n📊 Tráfego: {{ .ClientTraffic }}\n📅 Data de expiração: {{ .ClientExp }}\n🌐 Limite de IP: {{ .IpLimit }}\n💬 Comentário: {{ .ClientComment }}\n\nAgora você pode adicionar o cliente à entrada!"
 "cancel" = "❌ Processo Cancelado! \n\nVocê pode iniciar novamente a qualquer momento com /start. 🔄"
-"error_add_client"  = "⚠️ Erro:\n\n {{ .error }}"
+"error_add_client" = "⚠️ Erro:\n\n {{ .error }}"
-"using_default_value"  = "Tudo bem, vou manter o valor padrão. 😊"
+"using_default_value" = "Tudo bem, vou manter o valor padrão. 😊"
-"incorrect_input" ="Sua entrada não é válida.\nAs frases devem ser contínuas, sem espaços.\nExemplo correto: aaaaaa\nExemplo incorreto: aaa aaa 🚫"
+"incorrect_input" = "Sua entrada não é válida.\nAs frases devem ser contínuas, sem espaços.\nExemplo correto: aaaaaa\nExemplo incorreto: aaa aaa 🚫"
 "AreYouSure" = "Você tem certeza? 🤔"
 "SuccessResetTraffic" = "📧 Email: {{ .ClientEmail }}\n🏁 Resultado: ✅ Sucesso"
 "FailedResetTraffic" = "📧 Email: {{ .ClientEmail }}\n🏁 Resultado: ❌ Falhou \n\n🛠️ Erro: [ {{ .ErrorMessage }} ]"
--- a/web/translation/translate.ru_RU.toml
+++ b/web/translation/translate.ru_RU.toml
@@ -32,7 +32,7 @@
 "copySuccess" = "Скопировано"
 "sure" = "Да"
 "encryption" = "Шифрование"
-"useIPv4ForHost" = "Использовать IPv4 для хоста"
+"useIPv4ForHost" = "Использовать IPv4 для подключения к хосту"
 "transmission" = "Транспорт"
 "host" = "Хост"
 "path" = "Путь"
@@ -46,8 +46,8 @@
 "online" = "Онлайн"
 "domainName" = "Домен"
 "monitor" = "Мониторинг IP"
-"certificate" = "SSL сертификат"
+"certificate" = "SSL-сертификат"
-"fail" = "Ошибка"
+"fail" = "Сбой"
 "comment" = "Комментарий"
 "success" = "Успешно"
 "lastOnline" = "Был(а) в сети"
@@ -55,17 +55,17 @@
 "install" = "Установка"
 "clients" = "Клиенты"
 "usage" = "Использование"
-"twoFactorCode" = "Код"
+"twoFactorCode" = "Код 2FA"
 "remained" = "Остаток"
 "security" = "Безопасность"
 "secAlertTitle" = "Предупреждение системы безопасности"
-"secAlertSsl" = "Это соединение не защищено. Пожалуйста, не вводите конфиденциальную информацию, пока не установите SSL сертификат для защиты соединения"
+"secAlertSsl" = "Соединение не защищено. Не вводите конфиденциальные данные до установки SSL-сертификата."
-"secAlertConf" = "Некоторые настройки уязвимы для атак. Чтобы в будущем не было проблем, нужно усилить защиту."
+"secAlertConf" = "Некоторые настройки уязвимы. Рекомендуется усилить защиту для предотвращения атак."
-"secAlertSSL" = "Ваше подключение к панели не защищено. Установите SSL сертификат для защиты данных."
+"secAlertSSL" = "Подключение к панели не защищено. Установите SSL-сертификат для защиты данных."
-"secAlertPanelPort" = "Порт панели по умолчанию небезопасен. Установите случайный или просто другой порт."
+"secAlertPanelPort" = "Порт панели по умолчанию небезопасен. Установите нестандартный или случайный порт."
-"secAlertPanelURI" = "Адрес панели по умолчанию небезопасен. Сделайте адрес сложным."
+"secAlertPanelURI" = "Адрес панели по умолчанию небезопасен. Настройте уникальный и сложный URI."
-"secAlertSubURI" = "URI-адрес подписки по умолчанию небезопасен. Пожалуйста, настройте сложный URI-адрес."
+"secAlertSubURI" = "URI подписки по умолчанию небезопасен. Настройте уникальный и сложный адрес."
-"secAlertSubJsonURI" = "URI-адрес по умолчанию для JSON подписки небезопасен. Пожалуйста, настройте сложный URI-адрес."
+"secAlertSubJsonURI" = "URI JSON-подписки по умолчанию небезопасен. Настройте уникальный и сложный адрес."
 "emptyDnsDesc" = "Нет добавленных DNS-серверов."
 "emptyFakeDnsDesc" = "Нет добавленных Fake DNS-серверов."
 "emptyBalancersDesc" = "Нет добавленных балансировщиков."
@@ -83,15 +83,15 @@
 "individualLinks" = "Индивидуальные ссылки"
 "active" = "Активна"
 "inactive" = "Неактивна"
-"unlimited" = "Безлимит"
+"unlimited" = "Неограниченно"
-"noExpiry" = "Без срока"
+"noExpiry" = "Бессрочно"
 [menu]
 "theme" = "Тема"
 "dark" = "Темная"
 "ultraDark" = "Очень темная"
 "dashboard" = "Дашборд"
-"inbounds" = "Инбаунды"
+"inbounds" = "Подключения"
 "settings" = "Настройки"
 "xray" = "Настройки Xray"
 "logout" = "Выход"
@@ -99,7 +99,7 @@
 [pages.login]
 "hello" = "Привет!"
-"title" = "Приветствие!"
+"title" = "Добро пожаловать!"
 "loginAgain" = "Сессия истекла. Войдите в систему снова"
 [pages.login.toasts]
@@ -107,7 +107,7 @@
 "emptyUsername" = "Введите имя пользователя"
 "emptyPassword" = "Введите пароль"
 "wrongUsernameOrPassword" = "Неверные данные учетной записи."
-"successLogin" = "Вы успешно вошли в аккаунт"
+"successLogin" = "Вход выполнен успешно"
 [pages.index]
 "title" = "Дашборд"
@@ -122,7 +122,7 @@
 "stopXray" = "Остановить"
 "restartXray" = "Перезапустить"
 "xraySwitch" = "Выбор версии"
-"xraySwitchClick" = "Выберите желаемую версию"
+"xraySwitchClick" = "Выберите нужную версию"
 "xraySwitchClickDesk" = "Важно: старые версии могут не поддерживать текущие настройки"
 "xrayStatusUnknown" = "Неизвестно"
 "xrayStatusRunning" = "Запущен"
@@ -134,7 +134,7 @@
 "systemLoadDesc" = "Средняя загрузка системы за последние 1, 5 и 15 минут"
 "connectionCount" = "Количество соединений"
 "ipAddresses" = "IP-адреса сервера"
-"toggleIpVisibility" = "Переключить видимость IP-адресов сервера"
+"toggleIpVisibility" = "Скрыть или показать IP-адреса сервера"
 "overallSpeed" = "Общая скорость передачи трафика"
 "upload" = "Отправка"
 "download" = "Загрузка"
@@ -168,10 +168,10 @@
 [pages.inbounds]
 "allTimeTraffic" = "Общий трафик"
 "allTimeTrafficUsage" = "Общее использование за все время"
-"title" = "Инбаунды"
+"title" = "Подключения"
-"totalDownUp" = "Объем отправленного/полученного трафика"
+"totalDownUp" = "Отправлено/получено"
 "totalUsage" = "Всего трафика"
-"inboundCount" = "Всего инбаундов"
+"inboundCount" = "Всего подключений"
 "operate" = "Меню"
 "enable" = "Включить"
 "remark" = "Примечание"
@@ -185,13 +185,13 @@
 "createdAt" = "Создано"
 "updatedAt" = "Обновлено"
 "resetTraffic" = "Сброс трафика"
-"addInbound" = "Создать инбаунд"
+"addInbound" = "Создать подключение"
 "generalActions" = "Общие действия"
 "autoRefresh" = "Автообновление"
 "autoRefreshInterval" = "Интервал"
-"modifyInbound" = "Изменить инбаунд"
+"modifyInbound" = "Изменить подключение"
-"deleteInbound" = "Удалить инбаунд"
+"deleteInbound" = "Удалить подключение"
-"deleteInboundContent" = "Вы уверены, что хотите удалить инбаунд?"
+"deleteInboundContent" = "Вы уверены, что хотите удалить подключение?"
 "deleteClient" = "Удалить клиента"
 "deleteClientContent" = "Вы уверены, что хотите удалить клиента?"
 "resetTrafficContent" = "Вы уверены, что хотите сбросить трафик?"
@@ -214,11 +214,11 @@
 "export" = "Экспорт ссылок"
 "clone" = "Клонировать"
 "cloneInbound" = "Клонировать"
-"cloneInboundContent" = "Будут клонированы все настройки инбаундов, кроме списка клиентов, порта и IP-адреса прослушивания"
+"cloneInboundContent" = "Будут клонированы все настройки подключений, кроме списка клиентов, порта и IP-адреса прослушивания"
 "cloneInboundOk" = "Клонировано"
-"resetAllTraffic" = "Сброс трафика всех инбаундов"
+"resetAllTraffic" = "Сброс трафика всех подключений"
-"resetAllTrafficTitle" = "Сброс трафика всех инбаундов"
+"resetAllTrafficTitle" = "Сброс трафика всех подключений"
-"resetAllTrafficContent" = "Вы уверены, что хотите сбросить трафик всех инбаундов?"
+"resetAllTrafficContent" = "Вы уверены, что хотите сбросить трафик всех подключений?"
 "resetInboundClientTraffics" = "Сброс трафика клиента"
 "resetInboundClientTrafficTitle" = "Сброс трафика клиентов"
 "resetInboundClientTrafficContent" = "Вы уверены, что хотите сбросить трафик для этих клиентов?"
@@ -231,7 +231,7 @@
 "email" = "Email"
 "emailDesc" = "Пожалуйста, укажите уникальный Email"
 "IPLimit" = "Лимит по количеству IP"
-"IPLimitDesc" = "Ограничение количества одновременных подключений с разных IP(0 – отключить)"
+"IPLimitDesc" = "Ограничение числа одновременных подключений с разных IP (0 – отключить)"
 "IPLimitlog" = "Лог IP-адресов"
 "IPLimitlogDesc" = "Лог IP-адресов (перед включением лога IP-адресов, вы должны очистить лог)"
 "IPLimitlogclear" = "Очистить лог"
@@ -240,19 +240,19 @@
 "subscriptionDesc" = "Вы можете найти свою ссылку подписки в разделе 'Подробнее'"
 "info" = "Информация"
 "same" = "Тот же"
-"inboundData" = "Данные инбаундов"
+"inboundData" = "Данные подключений"
-"exportInbound" = "Экспорт инбаундов"
+"exportInbound" = "Экспорт подключений"
 "import" = "Импортировать"
-"importInbound" = "Импорт инбаундов"
+"importInbound" = "Импорт подключений"
 "periodicTrafficResetTitle" = "Сброс трафика"
 "periodicTrafficResetDesc" = "Автоматический сброс счетчика трафика через указанные интервалы"
 "lastReset" = "Последний сброс"
 [pages.client]
-"add" = "Создать клиента"
+"add" = "Добавить клиента"
 "edit" = "Редактировать клиента"
 "submitAdd" = "Добавить"
-"submitEdit" = "Сохранить"
+"submitEdit" = "Сохранить изменения"
 "clientCount" = "Количество клиентов"
 "bulk" = "Добавить несколько"
 "method" = "Метод"
@@ -276,13 +276,13 @@
 "obtain" = "Получить"
 "updateSuccess" = "Обновление прошло успешно"
 "logCleanSuccess" = "Лог был очищен"
-"inboundsUpdateSuccess" = "Инбаунды успешно обновлены"
+"inboundsUpdateSuccess" = "Подключения успешно обновлены"
-"inboundUpdateSuccess" = "Инбаунд успешно обновлено"
+"inboundUpdateSuccess" = "Подключение успешно обновлено"
-"inboundCreateSuccess" = "Инбаунд успешно создано"
+"inboundCreateSuccess" = "Подключение успешно создано"
-"inboundDeleteSuccess" = "Инбаунд успешно удалено"
+"inboundDeleteSuccess" = "Подключение успешно удалено"
-"inboundClientAddSuccess" = "Клиент(ы) инбаунда добавлен(ы)"
+"inboundClientAddSuccess" = "Клиент(ы) подключения добавлен(ы)"
-"inboundClientDeleteSuccess" = "Клиент инбаунда удалён"
+"inboundClientDeleteSuccess" = "Клиент подключения удалён"
-"inboundClientUpdateSuccess" = "Клиент инбаунда обновлён"
+"inboundClientUpdateSuccess" = "Клиент подключения обновлён"
 "delDepletedClientsSuccess" = "Все исчерпанные клиенты удалены"
 "resetAllClientTrafficSuccess" = "Весь трафик клиента сброшен"
 "resetAllTrafficSuccess" = "Весь трафик сброшен"
@@ -310,7 +310,7 @@
 [pages.settings]
 "title" = "Настройки"
 "save" = "Сохранить"
-"infoDesc" = "Каждое внесённое изменение должно быть сохранено. Пожалуйста, перезапустите панель, чтобы изменения вступили в силу."
+"infoDesc" = "Сохраните изменения и перезапустите панель для их применения."
 "restartPanel" = "Перезапуск панели"
 "restartPanelDesc" = "Вы уверены, что хотите перезапустить панель? Подтвердите, и перезапуск произойдёт через 3 секунды. Если панель будет недоступна, проверьте лог сервера"
 "restartPanelSuccess" = "Панель успешно перезапущена"
@@ -318,11 +318,11 @@
 "resetDefaultConfig" = "Восстановить настройки по умолчанию"
 "panelSettings" = "Панель"
 "securitySettings" = "Учетная запись"
-"TGBotSettings" = "Telegram"
+"TGBotSettings" = "Telegram-Бот"
 "panelListeningIP" = "IP-адрес для управления панелью"
 "panelListeningIPDesc" = "Оставьте пустым для подключения с любого IP"
 "panelListeningDomain" = "Домен панели"
-"panelListeningDomainDesc" = "По умолчанию оставьте пустым, чтобы подключаться с любых доменов и IP-адресов"
+"panelListeningDomainDesc" = "Оставьте пустым для подключения с любых доменов и IP."
 "panelPort" = "Порт панели"
 "panelPortDesc" = "Порт, на котором работает панель"
 "publicKeyPath" = "Путь к файлу публичного ключа сертификата панели"
@@ -332,11 +332,11 @@
 "panelUrlPath" = "Корневой путь URL адреса панели"
 "panelUrlPathDesc" = "Должен начинаться с '/' и заканчиваться '/'"
 "pageSize" = "Размер нумерации страниц"
-"pageSizeDesc" = "Определить размер страницы для таблицы инбаундов. Установите 0, чтобы отключить"
+"pageSizeDesc" = "Определить размер страницы для таблицы подключений. Установите 0, чтобы отключить"
 "remarkModel" = "Модель примечания и символ разделения"
-"datepicker" = "Выбор даты"
+"datepicker" = "Тип календаря"
 "datepickerPlaceholder" = "Выберите дату"
-"datepickerDescription" = "Запланированные задачи будут выполняться в выбранное время"
+"datepickerDescription" = "Запланированные задачи будут выполняться в соответствии с этим календарем."
 "sampleRemark" = "Пример примечания"
 "oldUsername" = "Текущий логин"
 "currentPassword" = "Текущий пароль"
@@ -346,7 +346,7 @@
 "telegramBotEnableDesc" = "Доступ к функциям панели через Telegram-бота"
 "telegramToken" = "Токен Telegram бота"
 "telegramTokenDesc" = "Необходимо получить токен у менеджера ботов Telegram @botfather"
-"telegramProxy" = "Прокси Socks5"
+"telegramProxy" = "Прокси-сервер Socks5"
 "telegramProxyDesc" = "Если для подключения к Telegram вам нужен прокси Socks5, настройте его параметры согласно руководству."
 "telegramAPIServer" = "API-сервер Telegram"
 "telegramAPIServerDesc" = "Используемый API-сервер Telegram. Оставьте пустым, чтобы использовать сервер по умолчанию."
@@ -451,11 +451,11 @@
 "RoutingStrategy" = "Настройка маршрутизации доменов"
 "RoutingStrategyDesc" = "Установка общей стратегии маршрутизации разрешения DNS"
 "Torrent" = "Заблокировать BitTorrent"
-"Inbounds" = "Инбаунды"
+"Inbounds" = "Входящие подключения"
 "InboundsDesc" = "Изменение шаблона конфигурации для подключения определенных клиентов"
-"Outbounds" = "Аутбаунды"
+"Outbounds" = "Исходящие подключения"
 "Balancers" = "Балансировщик"
-"OutboundsDesc" = "Изменение шаблона конфигурации, чтобы определить аутбаунды для этого сервера"
+"OutboundsDesc" = "Изменение шаблона конфигурации, чтобы определить исходящие подключения для этого сервера"
 "Routings" = "Маршрутизация"
 "RoutingsDesc" = "Важен приоритет каждого правила!"
 "completeTemplate" = "Все"
@@ -486,8 +486,8 @@
 "down" = "Опустить вниз"
 "source" = "Источник"
 "dest" = "Пункт назначения"
-"inbound" = "Инбаунд"
+"inbound" = "Входящее подключение"
-"outbound" = "Аутбаунд"
+"outbound" = "Исходящее подключение"
 "balancer" = "Балансировщик"
 "info" = "Информация"
 "add" = "Создать правило"
@@ -495,9 +495,9 @@
 "useComma" = "Элементы, разделённые запятыми"
 [pages.xray.outbound]
-"addOutbound" = "Создать аутбаунд"
+"addOutbound" = "Создать исходящее подключение"
 "addReverse" = "Создать реверс-прокси"
-"editOutbound" = "Изменить аутбаунд"
+"editOutbound" = "Изменить исходящее подключение"
 "editReverse" = "Редактировать реверс-прокси"
 "tag" = "Тег"
 "tagDesc" = "Уникальный тег"
@@ -511,7 +511,7 @@
 "intercon" = "Соединение"
 "settings" = "Настройки"
 "accountInfo" = "Информация об учетной записи"
-"outboundStatus" = "Статус аутбаунда"
+"outboundStatus" = "Статус исходящего подключения"
 "sendThrough" = "Отправить через"
 [pages.xray.balancer]
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "Отключает резервные DNS-запросы"
 "disableFallbackIfMatch" = "Отключить резервный DNS при совпадении"
 "disableFallbackIfMatchDesc" = "Отключает резервные DNS-запросы при совпадении списка доменов DNS-сервера"
 "enableParallelQuery" = "Включить параллельные запросы"
 "enableParallelQueryDesc" = "Включить параллельные DNS-запросы к нескольким серверам для более быстрого разрешения"
 "strategy" = "Стратегия запроса"
 "strategyDesc" = "Общая стратегия разрешения доменных имен"
 "add" = "Создать DNS"
@@ -587,8 +589,8 @@
 "modifyUser" = "Вы успешно изменили учетные данные администратора."
 "originalUserPassIncorrect" = "Неверное имя пользователя или пароль"
 "userPassMustBeNotEmpty" = "Новое имя пользователя и новый пароль должны быть заполнены"
-"getOutboundTrafficError" = "Ошибка получения трафика аутбаунда"
+"getOutboundTrafficError" = "Ошибка получения трафика исходящего подключения"
-"resetOutboundTrafficError" = "Ошибка сброса трафика аутбаунда"
+"resetOutboundTrafficError" = "Ошибка сброса трафика исходящего подключения"
 [tgbot]
 "keyboardClosed" = "❌ Клавиатура закрыта."
@@ -596,7 +598,7 @@
 "noQuery" = "❌ Запрос не найден. Пожалуйста, повторите команду."
 "wentWrong" = "❌ Что-то пошло не так..."
 "noIpRecord" = "❗ Нет записей об IP-адресе."
-"noInbounds" = "❗ У вас не настроено ни одного инбаунда."
+"noInbounds" = "❗ У вас не настроено ни одного входящего подключения."
 "unlimited" = "♾ Безлимит"
 "add" = "Добавить"
 "month" = "Месяц"
@@ -606,7 +608,7 @@
 "hours" = "Часов"
 "minutes" = "Минуты"
 "unknown" = "Неизвестно"
-"inbounds" = "Инбаунды"
+"inbounds" = "Входящие подключения"
 "clients" = "Клиенты"
 "offline" = "🔴 Офлайн"
 "online" = "🟢 Онлайн"
@@ -620,7 +622,7 @@
 "status" = "✅ Бот функционирует нормально."
 "usage" = "❗ Пожалуйста, укажите email для поиска."
 "getID" = "🆔 Ваш User ID: <code>{{ .ID }}</code>"
-"helpAdminCommands" = "🔃 Для перезапуска Xray Core:\r\n<code>/restart</code>\r\n\r\n🔎 Для поиска клиента по email:\r\n<code>/usage [Email]</code>\r\n\r\n📊 Для поиска инбаундов (со статистикой клиентов):\r\n<code>/inbound [имя подключения]</code>\r\n\r\n🆔 Ваш Telegram User ID:\r\n<code>/id</code>"
+"helpAdminCommands" = "🔃 Для перезапуска Xray Core:\r\n<code>/restart</code>\r\n\r\n🔎 Для поиска клиента по email:\r\n<code>/usage [Email]</code>\r\n\r\n📊 Для поиска входящих подключений (со статистикой клиентов):\r\n<code>/inbound [имя подключения]</code>\r\n\r\n🆔 Ваш Telegram User ID:\r\n<code>/id</code>"
 "helpClientCommands" = "💲 Для просмотра информации о вашей подписке используйте команду:\r\n<code>/usage [Email]</code>\r\n\r\n🆔 Ваш Telegram User ID:\r\n<code>/id</code>"
 "restartUsage" = "\r\n\r\n<code>/restart</code>"
 "restartSuccess" = "✅ Ядро Xray успешно перезапущено."
@@ -648,7 +650,7 @@
 "ips" = "🔢 IP-адреса:\r\n{{ .IPs }}\r\n"
 "serverUpTime" = "⏳ Время работы сервера: {{ .UpTime }} {{ .Unit }}\r\n"
 "serverLoad" = "📈 Нагрузка сервера: {{ .Load1 }}, {{ .Load2 }}, {{ .Load3 }}\r\n"
-"serverMemory" = "📋 Диск сервера: {{ .Current }}/{{ .Total }}\r\n"
+"serverMemory" = "📋 ОЗУ сервера: {{ .Current }}/{{ .Total }}\r\n"
 "tcpCount" = "🔹 Количество TCP-соединений: {{ .Count }}\r\n"
 "udpCount" = "🔸 Количество UDP-соединений: {{ .Count }}\r\n"
 "traffic" = "🚦 Трафик: {{ .Total }} (↑{{ .Upload }},↓{{ .Download }})\r\n"
@@ -656,13 +658,14 @@
 "username" = "👤 Имя пользователя: {{ .Username }}\r\n"
 "password" = "👤 Пароль: {{ .Password }}\r\n"
 "time" = "⏰ Время: {{ .Time }}\r\n"
-"inbound" = "📍 Входящий поток: {{ .Remark }}\r\n"
+"inbound" = "📍 Входящее подключение: {{ .Remark }}\r\n"
 "port" = "🔌 Порт: {{ .Port }}\r\n"
 "expire" = "📅 Дата окончания: {{ .Time }}\r\n"
 "expireIn" = "📅 Окончание через: {{ .Time }}\r\n"
 "active" = "💡 Активен: {{ .Enable }}\r\n"
 "enabled" = "🚨 Активен: {{ .Enable }}\r\n"
 "online" = "🌐 Статус соединения: {{ .Status }}\r\n"
 "lastOnline" = "🔙 Был(а) в сети: {{ .Time }}\r\n"
 "email" = "📧 Email: {{ .Email }}\r\n"
 "upload" = "🔼 Исходящий трафик: ↑{{ .Upload }}\r\n"
 "download" = "🔽 Входящий трафик: ↓{{ .Download }}\r\n"
@@ -685,12 +688,12 @@
 "pass_prompt" = "🔑 Стандартный пароль: {{ .ClientPassword }}\n\nВведите ваш пароль."
 "email_prompt" = "📧 Стандартный email: {{ .ClientEmail }}\n\nВведите ваш email."
 "comment_prompt" = "💬 Стандартный комментарий: {{ .ClientComment }}\n\nВведите ваш комментарий."
-"inbound_client_data_id" = "🔄 Инбаунды: {{ .InboundRemark }}\n\n🔑 ID: {{ .ClientId }}\n📧 Email: {{ .ClientEmail }}\n📊 Трафик: {{ .ClientTraffic }}\n📅 Дата исчерпания: {{ .ClientExp }}\n💬 Комментарий: {{ .ClientComment }}\n\nТеперь вы можете добавить клиента в инбаунд!"
+"inbound_client_data_id" = "🔄 Входящие подключения: {{ .InboundRemark }}\n\n🔑 ID: {{ .ClientId }}\n📧 Email: {{ .ClientEmail }}\n📊 Трафик: {{ .ClientTraffic }}\n📅 Срок действия: {{ .ClientExp }}\n💬 Комментарий: {{ .ClientComment }}\n\nТеперь вы можете добавить клиента в входящее подключение!"
-"inbound_client_data_pass" = "🔄 Инбаунды: {{ .InboundRemark }}\n\n🔑 Пароль: {{ .ClientPass }}\n📧 Email: {{ .ClientEmail }}\n📊 Трафик: {{ .ClientTraffic }}\n📅 Дата исчерпания: {{ .ClientExp }}\n💬 Комментарий: {{ .ClientComment }}\n\nТеперь вы можете добавить клиента в инбаунд!"
+"inbound_client_data_pass" = "🔄 Входящие подключения: {{ .InboundRemark }}\n\n🔑 Пароль: {{ .ClientPass }}\n📧 Email: {{ .ClientEmail }}\n📊 Трафик: {{ .ClientTraffic }}\n📅 Срок действия: {{ .ClientExp }}\n💬 Комментарий: {{ .ClientComment }}\n\nТеперь вы можете добавить клиента в входящее подключение!"
 "cancel" = "❌ Процесс отменён! \n\nВы можете снова начать с /start в любое время. 🔄"
-"error_add_client"  = "⚠️ Ошибка:\n\n {{ .error }}"
+"error_add_client" = "⚠️ Ошибка:\n\n {{ .error }}"
-"using_default_value"  = "Используется значение по умолчанию👌"
+"using_default_value" = "Используется значение по умолчанию👌"
-"incorrect_input" ="Ваш ввод недействителен.\nФразы должны быть непрерывными без пробелов.\nПравильный пример: aaaaaa\nНеправильный пример: aaa aaa 🚫"
+"incorrect_input" = "Ваш ввод недействителен.\nФразы должны быть непрерывными без пробелов.\nПравильный пример: aaaaaa\nНеправильный пример: aaa aaa 🚫"
 "AreYouSure" = "Вы уверены? 🤔"
 "SuccessResetTraffic" = "📧 Почта: {{ .ClientEmail }}\n🏁 Результат: ✅ Успешно"
 "FailedResetTraffic" = "📧 Почта: {{ .ClientEmail }}\n🏁 Результат: ❌ Неудача \n\n🛠️ Ошибка: [ {{ .ErrorMessage }} ]"
@@ -707,7 +710,7 @@
 "confirmToggle" = "✅ Подтвердить вкл/выкл пользователя?"
 "dbBackup" = "📂 Бэкап БД"
 "serverUsage" = "💻 Состояние сервера"
-"getInbounds" = "🔌 Инбаунды"
+"getInbounds" = "🔌 Входящие подключения"
 "depleteSoon" = "⚠️ Скоро конец"
 "clientUsage" = "Статистика клиента"
 "onlines" = "🟢 Онлайн"
@@ -731,7 +734,7 @@
 "allClients" = "👥 Все клиенты"
 "addClient" = "➕ Новый клиент"
 "submitDisable" = "Добавить отключенным ☑️"
-"submitEnable" = "Добавить включенныи ✅"
+"submitEnable" = "Добавить включенным ✅"
 "use_default" = "🏷️ Использовать по умолчанию"
 "change_id" = "⚙️🔑 ID"
 "change_password" = "⚙️🔑 Пароль"
@@ -743,7 +746,7 @@
 [tgbot.answers]
 "successfulOperation" = "✅ Успешно!"
 "errorOperation" = "❗ Ошибка в операции."
-"getInboundsFailed" = "❌ Не удалось получить инбаунды."
+"getInboundsFailed" = "❌ Не удалось получить входящие подключения."
 "getClientsFailed" = "❌ Не удалось получить клиентов."
 "canceled" = "❌ {{ .Email }}: Операция отменена."
 "clientRefreshSuccess" = "✅ {{ .Email }}: Клиент успешно обновлен."
@@ -760,5 +763,5 @@
 "enableSuccess" = "✅ {{ .Email }}: Включено успешно."
 "disableSuccess" = "✅ {{ .Email }}: Отключено успешно."
 "askToAddUserId" = "❌ Ваша конфигурация не найдена!\r\n💭 Пожалуйста, попросите администратора использовать ваш Telegram User ID в конфигурации.\r\n\r\n🆔 Ваш User ID: <code>{{ .TgUserID }}</code>"
-"chooseClient" = "Выберите клиента для инбаунда {{ .Inbound }}"
+"chooseClient" = "Выберите клиента для входящего подключения {{ .Inbound }}"
-"chooseInbound" = "Выберите инбаунд"
+"chooseInbound" = "Выберите входящее подключение"
--- a/web/translation/translate.tr_TR.toml
+++ b/web/translation/translate.tr_TR.toml
@@ -106,7 +106,7 @@
 "invalidFormData" = "Girdi verisi formatı geçersiz."
 "emptyUsername" = "Kullanıcı adı gerekli"
 "emptyPassword" = "Şifre gerekli"
-"wrongUsernameOrPassword" = "Geçersiz kullanıcı adı, şifre veya iki adımlı doğrulama kodu."  
+"wrongUsernameOrPassword" = "Geçersiz kullanıcı adı, şifre veya iki adımlı doğrulama kodu."
 "successLogin" = "Hesabınıza başarıyla giriş yaptınız."
 [pages.index]
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "Yedek DNS sorgularını devre dışı bırakır"
 "disableFallbackIfMatch" = "Eşleşirse Yedeklemeyi Devre Dışı Bırak"
 "disableFallbackIfMatchDesc" = "DNS sunucusunun eşleşen alan adı listesi vurulduğunda yedek DNS sorgularını devre dışı bırakır"
 "enableParallelQuery" = "Paralel Sorguyu Etkinleştir"
 "enableParallelQueryDesc" = "Daha hızlı çözümleme için birden fazla sunucuya paralel DNS sorgularını etkinleştir"
 "strategy" = "Sorgu Stratejisi"
 "strategyDesc" = "Alan adlarını çözmek için genel strateji"
 "add" = "Sunucu Ekle"
@@ -565,9 +567,9 @@
 [pages.settings.security]
 "admin" = "Yönetici kimlik bilgileri"
-"twoFactor" = "İki adımlı doğrulama"  
+"twoFactor" = "İki adımlı doğrulama"
-"twoFactorEnable" = "2FA'yı Etkinleştir"  
+"twoFactorEnable" = "2FA'yı Etkinleştir"
-"twoFactorEnableDesc" = "Daha fazla güvenlik için ek bir doğrulama katmanı ekler."  
+"twoFactorEnableDesc" = "Daha fazla güvenlik için ek bir doğrulama katmanı ekler."
 "twoFactorModalSetTitle" = "İki adımlı doğrulamayı etkinleştir"
 "twoFactorModalDeleteTitle" = "İki adımlı doğrulamayı devre dışı bırak"
 "twoFactorModalSteps" = "İki adımlı doğrulamayı ayarlamak için şu adımları izleyin:"
@@ -663,6 +665,7 @@
 "active" = "💡 Aktif: {{ .Enable }}\r\n"
 "enabled" = "🚨 Etkin: {{ .Enable }}\r\n"
 "online" = "🌐 Bağlantı durumu: {{ .Status }}\r\n"
 "lastOnline" = "🔙 Son çevrimiçi: {{ .Time }}\r\n"
 "email" = "📧 E-posta: {{ .Email }}\r\n"
 "upload" = "🔼 Yükleme: ↑{{ .Upload }}\r\n"
 "download" = "🔽 İndirme: ↓{{ .Download }}\r\n"
@@ -688,9 +691,9 @@
 "inbound_client_data_id" = "🔄 Giriş: {{ .InboundRemark }}\n\n🔑 Kimlik: {{ .ClientId }}\n📧 E-posta: {{ .ClientEmail }}\n📊 Trafik: {{ .ClientTraffic }}\n📅 Bitiş Tarihi: {{ .ClientExp }}\n🌐 IP Sınırı: {{ .IpLimit }}\n💬 Yorum: {{ .ClientComment }}\n\nArtık bu müşteriyi girişe ekleyebilirsin!"
 "inbound_client_data_pass" = "🔄 Giriş: {{ .InboundRemark }}\n\n🔑 Şifre: {{ .ClientPass }}\n📧 E-posta: {{ .ClientEmail }}\n📊 Trafik: {{ .ClientTraffic }}\n📅 Bitiş Tarihi: {{ .ClientExp }}\n🌐 IP Sınırı: {{ .IpLimit }}\n💬 Yorum: {{ .ClientComment }}\n\nArtık bu müşteriyi girişe ekleyebilirsin!"
 "cancel" = "❌ İşlem iptal edildi! \n\nİstediğiniz zaman /start ile yeniden başlayabilirsiniz. 🔄"
-"error_add_client"  = "⚠️ Hata:\n\n {{ .error }}"
+"error_add_client" = "⚠️ Hata:\n\n {{ .error }}"
-"using_default_value"  = "Tamam, varsayılan değeri kullanacağım. 😊"
+"using_default_value" = "Tamam, varsayılan değeri kullanacağım. 😊"
-"incorrect_input" ="Girdiğiniz değer geçerli değil.\nKelime öbekleri boşluk olmadan devam etmelidir.\nDoğru örnek: aaaaaa\nYanlış örnek: aaa aaa 🚫"
+"incorrect_input" = "Girdiğiniz değer geçerli değil.\nKelime öbekleri boşluk olmadan devam etmelidir.\nDoğru örnek: aaaaaa\nYanlış örnek: aaa aaa 🚫"
 "AreYouSure" = "Emin misin? 🤔"
 "SuccessResetTraffic" = "📧 E-posta: {{ .ClientEmail }}\n🏁 Sonuç: ✅ Başarılı"
 "FailedResetTraffic" = "📧 E-posta: {{ .ClientEmail }}\n🏁 Sonuç: ❌ Başarısız \n\n🛠️ Hata: [ {{ .ErrorMessage }} ]"
--- a/web/translation/translate.uk_UA.toml
+++ b/web/translation/translate.uk_UA.toml
@@ -106,7 +106,7 @@
 "invalidFormData" = "Формат вхідних даних недійсний."
 "emptyUsername" = "Потрібне ім'я користувача"
 "emptyPassword" = "Потрібен пароль"
-"wrongUsernameOrPassword" = "Невірне ім’я користувача, пароль або код двофакторної аутентифікації."  
+"wrongUsernameOrPassword" = "Невірне ім’я користувача, пароль або код двофакторної аутентифікації."
 "successLogin" = "Ви успішно увійшли до свого облікового запису."
 [pages.index]
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "Вимкнути резервні DNS-запити"
 "disableFallbackIfMatch" = "Вимкнути резервний DNS при збігу"
 "disableFallbackIfMatchDesc" = "Вимкнути резервні DNS-запити при збігу списку доменів DNS-сервера"
 "enableParallelQuery" = "Увімкнути паралельні запити"
 "enableParallelQueryDesc" = "Увімкнути паралельні DNS-запити до кількох серверів для швидшого вирішення"
 "strategy" = "Стратегія запиту"
 "strategyDesc" = "Загальна стратегія вирішення доменних імен"
 "add" = "Додати сервер"
@@ -565,9 +567,9 @@
 [pages.settings.security]
 "admin" = "Облікові дані адміністратора"
-"twoFactor" = "Двофакторна аутентифікація"  
+"twoFactor" = "Двофакторна аутентифікація"
-"twoFactorEnable" = "Увімкнути 2FA"  
+"twoFactorEnable" = "Увімкнути 2FA"
-"twoFactorEnableDesc" = "Додає додатковий рівень аутентифікації для підвищення безпеки."  
+"twoFactorEnableDesc" = "Додає додатковий рівень аутентифікації для підвищення безпеки."
 "twoFactorModalSetTitle" = "Увімкнути двофакторну аутентифікацію"
 "twoFactorModalDeleteTitle" = "Вимкнути двофакторну аутентифікацію"
 "twoFactorModalSteps" = "Щоб налаштувати двофакторну аутентифікацію, виконайте кілька кроків:"
@@ -663,6 +665,7 @@
 "active" = "💡 Активний: {{ .Enable }}\r\n"
 "enabled" = "🚨 Увімкнено: {{ .Enable }}\r\n"
 "online" = "🌐 Стан підключення: {{ .Status }}\r\n"
 "lastOnline" = "🔙 Був(ла) онлайн: {{ .Time }}\r\n"
 "email" = "📧 Електронна пошта: {{ .Email }}\r\n"
 "upload" = "🔼 Upload: ↑{{ .Upload }}\r\n"
 "download" = "🔽 Download: ↓{{ .Download }}\r\n"
@@ -688,9 +691,9 @@
 "inbound_client_data_id" = "🔄 Вхід: {{ .InboundRemark }}\n\n🔑 ID: {{ .ClientId }}\n📧 Електронна пошта: {{ .ClientEmail }}\n📊 Трафік: {{ .ClientTraffic }}\n📅 Дата завершення: {{ .ClientExp }}\n🌐 Обмеження IP: {{ .IpLimit }}\n💬 Коментар: {{ .ClientComment }}\n\nТепер ви можете додати клієнта до вхідного з'єднання!"
 "inbound_client_data_pass" = "🔄 Вхід: {{ .InboundRemark }}\n\n🔑 Пароль: {{ .ClientPass }}\n📧 Електронна пошта: {{ .ClientEmail }}\n📊 Трафік: {{ .ClientTraffic }}\n📅 Дата завершення: {{ .ClientExp }}\n🌐 Обмеження IP: {{ .IpLimit }}\n💬 Коментар: {{ .ClientComment }}\n\nТепер ви можете додати клієнта до вхідного з'єднання!"
 "cancel" = "❌ Процес скасовано! \n\nВи можете знову розпочати, використовуючи /start у будь-який час. 🔄"
-"error_add_client"  = "⚠️ Помилка:\n\n {{ .error }}"
+"error_add_client" = "⚠️ Помилка:\n\n {{ .error }}"
-"using_default_value"  = "Гаразд, залишу значення за замовчуванням. 😊"
+"using_default_value" = "Гаразд, залишу значення за замовчуванням. 😊"
-"incorrect_input" ="Ваш ввід невірний.\nФрази повинні бути без пробілів.\nПравильний приклад: aaaaaa\nНеправильний приклад: aaa aaa 🚫"
+"incorrect_input" = "Ваш ввід невірний.\nФрази повинні бути без пробілів.\nПравильний приклад: aaaaaa\nНеправильний приклад: aaa aaa 🚫"
 "AreYouSure" = "Ви впевнені? 🤔"
 "SuccessResetTraffic" = "📧 Електронна пошта: {{ .ClientEmail }}\n🏁 Результат: ✅ Успішно"
 "FailedResetTraffic" = "📧 Електронна пошта: {{ .ClientEmail }}\n🏁 Результат: ❌ Невдача \n\n🛠️ Помилка: [ {{ .ErrorMessage }} ]"
--- a/web/translation/translate.vi_VN.toml
+++ b/web/translation/translate.vi_VN.toml
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "Tắt các truy vấn DNS Fallback"
 "disableFallbackIfMatch" = "Tắt Fallback Nếu Khớp"
 "disableFallbackIfMatchDesc" = "Tắt các truy vấn DNS Fallback khi danh sách tên miền khớp của máy chủ DNS được kích hoạt"
 "enableParallelQuery" = "Bật Truy vấn Song song"
 "enableParallelQueryDesc" = "Bật truy vấn DNS song song đến nhiều máy chủ để phân giải nhanh hơn"
 "strategy" = "Chiến lược truy vấn"
 "strategyDesc" = "Chiến lược tổng thể để phân giải tên miền"
 "add" = "Thêm máy chủ"
@@ -663,6 +665,7 @@
 "active" = "💡 Đang hoạt động: {{ .Enable }}\r\n"
 "enabled" = "🚨 Đã bật: {{ .Enable }}\r\n"
 "online" = "🌐 Trạng thái kết nối: {{ .Status }}\r\n"
 "lastOnline" = "🔙 Lần online gần nhất: {{ .Time }}\r\n"
 "email" = "📧 Email: {{ .Email }}\r\n"
 "upload" = "🔼 Tải lên: ↑{{ .Upload }}\r\n"
 "download" = "🔽 Tải xuống: ↓{{ .Download }}\r\n"
@@ -688,9 +691,9 @@
 "inbound_client_data_id" = "🔄 Kết nối vào: {{ .InboundRemark }}\n\n🔑 ID: {{ .ClientId }}\n📧 Email: {{ .ClientEmail }}\n📊 Dung lượng: {{ .ClientTraffic }}\n📅 Ngày hết hạn: {{ .ClientExp }}\n🌐 Giới hạn IP: {{ .IpLimit }}\n💬 Ghi chú: {{ .ClientComment }}\n\nBây giờ bạn có thể thêm khách hàng vào inbound!"
 "inbound_client_data_pass" = "🔄 Kết nối vào: {{ .InboundRemark }}\n\n🔑 Mật khẩu: {{ .ClientPass }}\n📧 Email: {{ .ClientEmail }}\n📊 Dung lượng: {{ .ClientTraffic }}\n📅 Ngày hết hạn: {{ .ClientExp }}\n🌐 Giới hạn IP: {{ .IpLimit }}\n💬 Ghi chú: {{ .ClientComment }}\n\nBây giờ bạn có thể thêm khách hàng vào inbound!"
 "cancel" = "❌ Quá trình đã bị hủy! \n\nBạn có thể bắt đầu lại bất cứ lúc nào bằng cách nhập /start. 🔄"
-"error_add_client"  = "⚠️ Lỗi:\n\n {{ .error }}"
+"error_add_client" = "⚠️ Lỗi:\n\n {{ .error }}"
-"using_default_value"  = "Được rồi, tôi sẽ sử dụng giá trị mặc định. 😊"
+"using_default_value" = "Được rồi, tôi sẽ sử dụng giá trị mặc định. 😊"
-"incorrect_input" ="Dữ liệu bạn nhập không hợp lệ.\nCác chuỗi phải liền mạch và không có dấu cách.\nVí dụ đúng: aaaaaa\nVí dụ sai: aaa aaa 🚫"
+"incorrect_input" = "Dữ liệu bạn nhập không hợp lệ.\nCác chuỗi phải liền mạch và không có dấu cách.\nVí dụ đúng: aaaaaa\nVí dụ sai: aaa aaa 🚫"
 "AreYouSure" = "Bạn có chắc không? 🤔"
 "SuccessResetTraffic" = "📧 Email: {{ .ClientEmail }}\n🏁 Kết quả: ✅ Thành công"
 "FailedResetTraffic" = "📧 Email: {{ .ClientEmail }}\n🏁 Kết quả: ❌ Thất bại \n\n🛠️ Lỗi: [ {{ .ErrorMessage }} ]"
--- a/web/translation/translate.zh_CN.toml
+++ b/web/translation/translate.zh_CN.toml
@@ -106,7 +106,7 @@
 "invalidFormData" = "数据格式错误"
 "emptyUsername" = "请输入用户名"
 "emptyPassword" = "请输入密码"
-"wrongUsernameOrPassword" = "用户名、密码或双重验证码无效。"  
+"wrongUsernameOrPassword" = "用户名、密码或双重验证码无效。"
 "successLogin" = "您已成功登录您的账户。"
 [pages.index]
@@ -242,7 +242,7 @@
 "same" = "相同"
 "inboundData" = "入站数据"
 "exportInbound" = "导出入站规则"
-"import"="导入"
+"import" = "导入"
 "importInbound" = "导入入站规则"
 "periodicTrafficResetTitle" = "流量重置"
 "periodicTrafficResetDesc" = "按指定间隔自动重置流量计数器"
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "禁用回退DNS查询"
 "disableFallbackIfMatch" = "匹配时禁用回退"
 "disableFallbackIfMatchDesc" = "当DNS服务器的匹配域名列表命中时，禁用回退DNS查询"
 "enableParallelQuery" = "启用并行查询"
 "enableParallelQueryDesc" = "启用并行DNS查询到多个服务器以实现更快的解析"
 "strategy" = "查询策略"
 "strategyDesc" = "解析域名的总体策略"
 "add" = "添加服务器"
@@ -565,9 +567,9 @@
 [pages.settings.security]
 "admin" = "管理员凭据"
-"twoFactor" = "双重验证"  
+"twoFactor" = "双重验证"
-"twoFactorEnable" = "启用2FA"  
+"twoFactorEnable" = "启用2FA"
-"twoFactorEnableDesc" = "增加额外的验证层以提高安全性。"  
+"twoFactorEnableDesc" = "增加额外的验证层以提高安全性。"
 "twoFactorModalSetTitle" = "启用双重认证"
 "twoFactorModalDeleteTitle" = "停用双重认证"
 "twoFactorModalSteps" = "要设定双重认证，请执行以下步骤："
@@ -663,6 +665,7 @@
 "active" = "💡 激活：{{ .Enable }}\r\n"
 "enabled" = "🚨 已启用：{{ .Enable }}\r\n"
 "online" = "🌐 连接状态：{{ .Status }}\r\n"
 "lastOnline" = "🔙 上次在线: {{ .Time }}\r\n"
 "email" = "📧 邮箱：{{ .Email }}\r\n"
 "upload" = "🔼 上传↑：{{ .Upload }}\r\n"
 "download" = "🔽 下载↓：{{ .Download }}\r\n"
@@ -688,9 +691,9 @@
 "inbound_client_data_id" = "🔄 入站: {{ .InboundRemark }}\n\n🔑 ID: {{ .ClientId }}\n📧 邮箱: {{ .ClientEmail }}\n📊 流量: {{ .ClientTraffic }}\n📅 到期日期: {{ .ClientExp }}\n🌐 IP 限制: {{ .IpLimit }}\n💬 备注: {{ .ClientComment }}\n\n你现在可以将客户添加到入站了！"
 "inbound_client_data_pass" = "🔄 入站: {{ .InboundRemark }}\n\n🔑 密码: {{ .ClientPass }}\n📧 邮箱: {{ .ClientEmail }}\n📊 流量: {{ .ClientTraffic }}\n📅 到期日期: {{ .ClientExp }}\n🌐 IP 限制: {{ .IpLimit }}\n💬 备注: {{ .ClientComment }}\n\n你现在可以将客户添加到入站了！"
 "cancel" = "❌ 进程已取消！\n\n您可以随时使用 /start 重新开始。 🔄"
-"error_add_client"  = "⚠️ 错误:\n\n {{ .error }}"
+"error_add_client" = "⚠️ 错误:\n\n {{ .error }}"
-"using_default_value"  = "好的，我会使用默认值。 😊"
+"using_default_value" = "好的，我会使用默认值。 😊"
-"incorrect_input" ="您的输入无效。\n短语应连续输入，不能有空格。\n正确示例: aaaaaa\n错误示例: aaa aaa 🚫"
+"incorrect_input" = "您的输入无效。\n短语应连续输入，不能有空格。\n正确示例: aaaaaa\n错误示例: aaa aaa 🚫"
 "AreYouSure" = "你确定吗？🤔"
 "SuccessResetTraffic" = "📧 邮箱: {{ .ClientEmail }}\n🏁 结果: ✅ 成功"
 "FailedResetTraffic" = "📧 邮箱: {{ .ClientEmail }}\n🏁 结果: ❌ 失败 \n\n🛠️ 错误: [ {{ .ErrorMessage }} ]"
--- a/web/translation/translate.zh_TW.toml
+++ b/web/translation/translate.zh_TW.toml
@@ -106,7 +106,7 @@
 "invalidFormData" = "資料格式錯誤"
 "emptyUsername" = "請輸入使用者名稱"
 "emptyPassword" = "請輸入密碼"
-"wrongUsernameOrPassword" = "用戶名、密碼或雙重驗證碼無效。"  
+"wrongUsernameOrPassword" = "用戶名、密碼或雙重驗證碼無效。"
 "successLogin" = "您已成功登入您的帳戶。"
 [pages.index]
@@ -242,7 +242,7 @@
 "same" = "相同"
 "inboundData" = "入站資料"
 "exportInbound" = "匯出入站規則"
-"import"="匯入"
+"import" = "匯入"
 "importInbound" = "匯入入站規則"
 "periodicTrafficResetTitle" = "流量重置"
 "periodicTrafficResetDesc" = "按指定間隔自動重置流量計數器"
@@ -544,6 +544,8 @@
 "disableFallbackDesc" = "禁用回退DNS查詢"
 "disableFallbackIfMatch" = "匹配時禁用回退"
 "disableFallbackIfMatchDesc" = "當DNS伺服器的匹配域名列表命中時，禁用回退DNS查詢"
 "enableParallelQuery" = "啟用並行查詢"
 "enableParallelQueryDesc" = "啟用並行DNS查詢到多個伺服器以實現更快的解析"
 "strategy" = "查詢策略"
 "strategyDesc" = "解析域名的總體策略"
 "add" = "新增伺服器"
@@ -565,9 +567,9 @@
 [pages.settings.security]
 "admin" = "管理員憑證"
-"twoFactor" = "雙重驗證"  
+"twoFactor" = "雙重驗證"
-"twoFactorEnable" = "啟用2FA"  
+"twoFactorEnable" = "啟用2FA"
-"twoFactorEnableDesc" = "增加額外的驗證層以提高安全性。"  
+"twoFactorEnableDesc" = "增加額外的驗證層以提高安全性。"
 "twoFactorModalSetTitle" = "啟用雙重認證"
 "twoFactorModalDeleteTitle" = "停用雙重認證"
 "twoFactorModalSteps" = "要設定雙重認證，請執行以下步驟："
@@ -663,6 +665,7 @@
 "active" = "💡 啟用：{{ .Enable }}\r\n"
 "enabled" = "🚨 已啟用：{{ .Enable }}\r\n"
 "online" = "🌐 連線狀態：{{ .Status }}\r\n"
 "lastOnline" = "🔙 上次上線: {{ .Time }}\r\n"
 "email" = "📧 郵箱：{{ .Email }}\r\n"
 "upload" = "🔼 上傳↑：{{ .Upload }}\r\n"
 "download" = "🔽 下載↓：{{ .Download }}\r\n"
@@ -688,9 +691,9 @@
 "inbound_client_data_id" = "🔄 入站: {{ .InboundRemark }}\n\n🔑 ID: {{ .ClientId }}\n📧 電子郵件: {{ .ClientEmail }}\n📊 流量: {{ .ClientTraffic }}\n📅 到期日: {{ .ClientExp }}\n🌐 IP 限制: {{ .IpLimit }}\n💬 備註: {{ .ClientComment }}\n\n你現在可以將客戶加入入站了！"
 "inbound_client_data_pass" = "🔄 入站: {{ .InboundRemark }}\n\n🔑 密碼: {{ .ClientPass }}\n📧 電子郵件: {{ .ClientEmail }}\n📊 流量: {{ .ClientTraffic }}\n📅 到期日: {{ .ClientExp }}\n🌐 IP 限制: {{ .IpLimit }}\n💬 備註: {{ .ClientComment }}\n\n你現在可以將客戶加入入站了！"
 "cancel" = "❌ 程序已取消！\n\n您可以隨時使用 /start 重新開始。 🔄"
-"error_add_client"  = "⚠️ 錯誤:\n\n {{ .error }}"
+"error_add_client" = "⚠️ 錯誤:\n\n {{ .error }}"
-"using_default_value"  = "好的，我會使用預設值。 😊"
+"using_default_value" = "好的，我會使用預設值。 😊"
-"incorrect_input" ="您的輸入無效。\n短語應連續輸入，不能有空格。\n正確示例: aaaaaa\n錯誤示例: aaa aaa 🚫"
+"incorrect_input" = "您的輸入無效。\n短語應連續輸入，不能有空格。\n正確示例: aaaaaa\n錯誤示例: aaa aaa 🚫"
 "AreYouSure" = "你確定嗎？🤔"
 "SuccessResetTraffic" = "📧 電子郵件: {{ .ClientEmail }}\n🏁 結果: ✅ 成功"
 "FailedResetTraffic" = "📧 電子郵件: {{ .ClientEmail }}\n🏁 結果: ❌ 失敗 \n\n🛠️ 錯誤: [ {{ .ErrorMessage }} ]"
--- a/web/web.go
+++ b/web/web.go
@@ -25,6 +25,7 @@ import (
 	"github.com/mhsanaei/3x-ui/v2/web/middleware"
 	"github.com/mhsanaei/3x-ui/v2/web/network"
 	"github.com/mhsanaei/3x-ui/v2/web/service"
 	"github.com/mhsanaei/3x-ui/v2/web/websocket"
 	"github.com/gin-contrib/gzip"
 	"github.com/gin-contrib/sessions"
@@ -95,15 +96,17 @@ type Server struct {
 	httpServer *http.Server
 	listener   net.Listener
-	index  *controller.IndexController
+	index *controller.IndexController
-	server *controller.ServerController
+	panel *controller.XUIController
-	panel  *controller.XUIController
+	api   *controller.APIController
-	api    *controller.APIController
+	ws    *controller.WebSocketController
 	xrayService    service.XrayService
 	settingService service.SettingService
 	tgbotService   service.Tgbot
 	wsHub *websocket.Hub
 	cron *cron.Cron
 	ctx    context.Context
@@ -264,10 +267,28 @@ func (s *Server) initRouter() (*gin.Engine, error) {
 	g := engine.Group(basePath)
 	s.index = controller.NewIndexController(g)
 	s.server = controller.NewServerController(g)
 	s.panel = controller.NewXUIController(g)
 	s.api = controller.NewAPIController(g)
 	// Initialize WebSocket hub
 	s.wsHub = websocket.NewHub()
 	go s.wsHub.Run()
 	// Initialize WebSocket controller
 	s.ws = controller.NewWebSocketController(s.wsHub)
 	// Register WebSocket route with basePath (g already has basePath prefix)
 	g.GET("/ws", s.ws.HandleWebSocket)
 	// Chrome DevTools endpoint for debugging web apps
 	engine.GET("/.well-known/appspecific/com.chrome.devtools.json", func(c *gin.Context) {
 		c.JSON(http.StatusOK, gin.H{})
 	})
 	// Add a catch-all route to handle undefined paths and return 404
 	engine.NoRoute(func(c *gin.Context) {
 		c.AbortWithStatus(http.StatusNotFound)
 	})
 	return engine, nil
 }
@@ -311,6 +332,17 @@ func (s *Server) startTask() {
 	// Run once a month, midnight, first of month
 	s.cron.AddJob("@monthly", job.NewPeriodicTrafficResetJob("monthly"))
 	// LDAP sync scheduling
 	if ldapEnabled, _ := s.settingService.GetLdapEnable(); ldapEnabled {
 		runtime, err := s.settingService.GetLdapSyncCron()
 		if err != nil || runtime == "" {
 			runtime = "@every 1m"
 		}
 		j := job.NewLdapSyncJob()
 		// job has zero-value services with method receivers that read settings on demand
 		s.cron.AddJob(runtime, j)
 	}
 	// Make a traffic condition every day, 8:30
 	var entry cron.EntryID
 	isTgbotenabled, err := s.settingService.GetTgbotEnabled()
@@ -429,6 +461,10 @@ func (s *Server) Stop() error {
 	if s.tgbotService.IsRunning() {
 		s.tgbotService.Stop()
 	}
 	// Gracefully stop WebSocket hub
 	if s.wsHub != nil {
 		s.wsHub.Stop()
 	}
 	var err1 error
 	var err2 error
 	if s.httpServer != nil {
@@ -449,3 +485,8 @@ func (s *Server) GetCtx() context.Context {
 func (s *Server) GetCron() *cron.Cron {
 	return s.cron
 }
 // GetWSHub returns the WebSocket hub instance.
 func (s *Server) GetWSHub() interface{} {
 	return s.wsHub
 }
--- a/web/websocket/hub.go
+++ b/web/websocket/hub.go
@@ -0,0 +1,379 @@
 // Package websocket provides WebSocket hub for real-time updates and notifications.
 package websocket
 import (
 	"context"
 	"encoding/json"
 	"runtime"
 	"sync"
 	"time"
 	"github.com/mhsanaei/3x-ui/v2/logger"
 )
 // MessageType represents the type of WebSocket message
 type MessageType string
 const (
 	MessageTypeStatus       MessageType = "status"       // Server status update
 	MessageTypeTraffic      MessageType = "traffic"      // Traffic statistics update
 	MessageTypeInbounds     MessageType = "inbounds"     // Inbounds list update
 	MessageTypeNotification MessageType = "notification" // System notification
 	MessageTypeXrayState    MessageType = "xray_state"   // Xray state change
 )
 // Message represents a WebSocket message
 type Message struct {
 	Type    MessageType `json:"type"`
 	Payload interface{} `json:"payload"`
 	Time    int64       `json:"time"`
 }
 // Client represents a WebSocket client connection
 type Client struct {
 	ID     string
 	Send   chan []byte
 	Hub    *Hub
 	Topics map[MessageType]bool // Subscribed topics
 }
 // Hub maintains the set of active clients and broadcasts messages to them
 type Hub struct {
 	// Registered clients
 	clients map[*Client]bool
 	// Inbound messages from clients
 	broadcast chan []byte
 	// Register requests from clients
 	register chan *Client
 	// Unregister requests from clients
 	unregister chan *Client
 	// Mutex for thread-safe operations
 	mu sync.RWMutex
 	// Context for graceful shutdown
 	ctx    context.Context
 	cancel context.CancelFunc
 	// Worker pool for parallel broadcasting
 	workerPoolSize int
 	broadcastWg    sync.WaitGroup
 }
 // NewHub creates a new WebSocket hub
 func NewHub() *Hub {
 	ctx, cancel := context.WithCancel(context.Background())
 	// Calculate optimal worker pool size (CPU cores * 2, but max 100)
 	workerPoolSize := runtime.NumCPU() * 2
 	if workerPoolSize > 100 {
 		workerPoolSize = 100
 	}
 	if workerPoolSize < 10 {
 		workerPoolSize = 10
 	}
 	return &Hub{
 		clients:        make(map[*Client]bool),
 		broadcast:      make(chan []byte, 2048), // Increased from 256 to 2048 for high load
 		register:       make(chan *Client, 100), // Buffered channel for fast registration
 		unregister:     make(chan *Client, 100), // Buffered channel for fast unregistration
 		ctx:            ctx,
 		cancel:         cancel,
 		workerPoolSize: workerPoolSize,
 	}
 }
 // Run starts the hub's main loop
 func (h *Hub) Run() {
 	defer func() {
 		if r := recover(); r != nil {
 			logger.Error("WebSocket hub panic recovered:", r)
 			// Restart the hub loop
 			go h.Run()
 		}
 	}()
 	for {
 		select {
 		case <-h.ctx.Done():
 			// Graceful shutdown: close all clients
 			h.mu.Lock()
 			for client := range h.clients {
 				// Safely close channel (avoid double close panic)
 				select {
 				case _, stillOpen := <-client.Send:
 					if stillOpen {
 						close(client.Send)
 					}
 				default:
 					close(client.Send)
 				}
 			}
 			h.clients = make(map[*Client]bool)
 			h.mu.Unlock()
 			// Wait for all broadcast workers to finish
 			h.broadcastWg.Wait()
 			logger.Info("WebSocket hub stopped gracefully")
 			return
 		case client := <-h.register:
 			if client == nil {
 				continue
 			}
 			h.mu.Lock()
 			h.clients[client] = true
 			count := len(h.clients)
 			h.mu.Unlock()
 			logger.Debugf("WebSocket client connected: %s (total: %d)", client.ID, count)
 		case client := <-h.unregister:
 			if client == nil {
 				continue
 			}
 			h.mu.Lock()
 			if _, ok := h.clients[client]; ok {
 				delete(h.clients, client)
 				// Safely close channel (avoid double close panic)
 				// Check if channel is already closed by trying to read from it
 				select {
 				case _, stillOpen := <-client.Send:
 					if stillOpen {
 						// Channel was open and had data, now it's empty, safe to close
 						close(client.Send)
 					}
 					// If stillOpen is false, channel was already closed, do nothing
 				default:
 					// Channel is empty and open, safe to close
 					close(client.Send)
 				}
 			}
 			count := len(h.clients)
 			h.mu.Unlock()
 			logger.Debugf("WebSocket client disconnected: %s (total: %d)", client.ID, count)
 		case message := <-h.broadcast:
 			if message == nil {
 				continue
 			}
 			// Optimization: quickly copy client list and release lock
 			h.mu.RLock()
 			clientCount := len(h.clients)
 			if clientCount == 0 {
 				h.mu.RUnlock()
 				continue
 			}
 			// Pre-allocate memory for client list
 			clients := make([]*Client, 0, clientCount)
 			for client := range h.clients {
 				clients = append(clients, client)
 			}
 			h.mu.RUnlock()
 			// Parallel broadcast using worker pool
 			h.broadcastParallel(clients, message)
 		}
 	}
 }
 // broadcastParallel sends message to all clients in parallel for maximum performance
 func (h *Hub) broadcastParallel(clients []*Client, message []byte) {
 	if len(clients) == 0 {
 		return
 	}
 	// For small number of clients, use simple parallel sending
 	if len(clients) < h.workerPoolSize {
 		var wg sync.WaitGroup
 		for _, client := range clients {
 			wg.Add(1)
 			go func(c *Client) {
 				defer wg.Done()
 				defer func() {
 					if r := recover(); r != nil {
 						// Channel may be closed, safely ignore
 						logger.Debugf("WebSocket broadcast panic recovered for client %s: %v", c.ID, r)
 					}
 				}()
 				select {
 				case c.Send <- message:
 				default:
 					// Client's send buffer is full, disconnect
 					logger.Debugf("WebSocket client %s send buffer full, disconnecting", c.ID)
 					h.Unregister(c)
 				}
 			}(client)
 		}
 		wg.Wait()
 		return
 	}
 	// For large number of clients, use worker pool for optimal performance
 	clientChan := make(chan *Client, len(clients))
 	for _, client := range clients {
 		clientChan <- client
 	}
 	close(clientChan)
 	// Start workers for parallel processing
 	h.broadcastWg.Add(h.workerPoolSize)
 	for i := 0; i < h.workerPoolSize; i++ {
 		go func() {
 			defer h.broadcastWg.Done()
 			for client := range clientChan {
 				func() {
 					defer func() {
 						if r := recover(); r != nil {
 							// Channel may be closed, safely ignore
 							logger.Debugf("WebSocket broadcast panic recovered for client %s: %v", client.ID, r)
 						}
 					}()
 					select {
 					case client.Send <- message:
 					default:
 						// Client's send buffer is full, disconnect
 						logger.Debugf("WebSocket client %s send buffer full, disconnecting", client.ID)
 						h.Unregister(client)
 					}
 				}()
 			}
 		}()
 	}
 	// Wait for all workers to finish
 	h.broadcastWg.Wait()
 }
 // Broadcast sends a message to all connected clients
 func (h *Hub) Broadcast(messageType MessageType, payload interface{}) {
 	if h == nil {
 		return
 	}
 	if payload == nil {
 		logger.Warning("Attempted to broadcast nil payload")
 		return
 	}
 	msg := Message{
 		Type:    messageType,
 		Payload: payload,
 		Time:    getCurrentTimestamp(),
 	}
 	data, err := json.Marshal(msg)
 	if err != nil {
 		logger.Error("Failed to marshal WebSocket message:", err)
 		return
 	}
 	// Limit message size to prevent memory issues
 	const maxMessageSize = 1024 * 1024 // 1MB
 	if len(data) > maxMessageSize {
 		logger.Warningf("WebSocket message too large: %d bytes, dropping", len(data))
 		return
 	}
 	// Non-blocking send with timeout to prevent delays
 	select {
 	case h.broadcast <- data:
 	case <-time.After(100 * time.Millisecond):
 		logger.Warning("WebSocket broadcast channel is full, dropping message")
 	case <-h.ctx.Done():
 		// Hub is shutting down
 	}
 }
 // BroadcastToTopic sends a message only to clients subscribed to the specific topic
 func (h *Hub) BroadcastToTopic(messageType MessageType, payload interface{}) {
 	if h == nil {
 		return
 	}
 	if payload == nil {
 		logger.Warning("Attempted to broadcast nil payload to topic")
 		return
 	}
 	msg := Message{
 		Type:    messageType,
 		Payload: payload,
 		Time:    getCurrentTimestamp(),
 	}
 	data, err := json.Marshal(msg)
 	if err != nil {
 		logger.Error("Failed to marshal WebSocket message:", err)
 		return
 	}
 	// Limit message size to prevent memory issues
 	const maxMessageSize = 1024 * 1024 // 1MB
 	if len(data) > maxMessageSize {
 		logger.Warningf("WebSocket message too large: %d bytes, dropping", len(data))
 		return
 	}
 	h.mu.RLock()
 	// Filter clients by topics and quickly release lock
 	subscribedClients := make([]*Client, 0)
 	for client := range h.clients {
 		if len(client.Topics) == 0 || client.Topics[messageType] {
 			subscribedClients = append(subscribedClients, client)
 		}
 	}
 	h.mu.RUnlock()
 	// Parallel send to subscribed clients
 	if len(subscribedClients) > 0 {
 		h.broadcastParallel(subscribedClients, data)
 	}
 }
 // GetClientCount returns the number of connected clients
 func (h *Hub) GetClientCount() int {
 	h.mu.RLock()
 	defer h.mu.RUnlock()
 	return len(h.clients)
 }
 // Register registers a new client with the hub
 func (h *Hub) Register(client *Client) {
 	if h == nil || client == nil {
 		return
 	}
 	select {
 	case h.register <- client:
 	case <-h.ctx.Done():
 		// Hub is shutting down
 	}
 }
 // Unregister unregisters a client from the hub
 func (h *Hub) Unregister(client *Client) {
 	if h == nil || client == nil {
 		return
 	}
 	select {
 	case h.unregister <- client:
 	case <-h.ctx.Done():
 		// Hub is shutting down
 	}
 }
 // Stop gracefully stops the hub and closes all connections
 func (h *Hub) Stop() {
 	if h == nil {
 		return
 	}
 	if h.cancel != nil {
 		h.cancel()
 	}
 }
 // getCurrentTimestamp returns current Unix timestamp in milliseconds
 func getCurrentTimestamp() int64 {
 	return time.Now().UnixMilli()
 }
--- a/web/websocket/notifier.go
+++ b/web/websocket/notifier.go
@@ -0,0 +1,74 @@
 // Package websocket provides WebSocket hub for real-time updates and notifications.
 package websocket
 import (
 	"github.com/mhsanaei/3x-ui/v2/logger"
 	"github.com/mhsanaei/3x-ui/v2/web/global"
 )
 // GetHub returns the global WebSocket hub instance
 func GetHub() *Hub {
 	webServer := global.GetWebServer()
 	if webServer == nil {
 		return nil
 	}
 	hub := webServer.GetWSHub()
 	if hub == nil {
 		return nil
 	}
 	wsHub, ok := hub.(*Hub)
 	if !ok {
 		logger.Warning("WebSocket hub type assertion failed")
 		return nil
 	}
 	return wsHub
 }
 // BroadcastStatus broadcasts server status update to all connected clients
 func BroadcastStatus(status interface{}) {
 	hub := GetHub()
 	if hub != nil {
 		hub.Broadcast(MessageTypeStatus, status)
 	}
 }
 // BroadcastTraffic broadcasts traffic statistics update to all connected clients
 func BroadcastTraffic(traffic interface{}) {
 	hub := GetHub()
 	if hub != nil {
 		hub.Broadcast(MessageTypeTraffic, traffic)
 	}
 }
 // BroadcastInbounds broadcasts inbounds list update to all connected clients
 func BroadcastInbounds(inbounds interface{}) {
 	hub := GetHub()
 	if hub != nil {
 		hub.Broadcast(MessageTypeInbounds, inbounds)
 	}
 }
 // BroadcastNotification broadcasts a system notification to all connected clients
 func BroadcastNotification(title, message, level string) {
 	hub := GetHub()
 	if hub != nil {
 		notification := map[string]string{
 			"title":   title,
 			"message": message,
 			"level":   level, // info, warning, error, success
 		}
 		hub.Broadcast(MessageTypeNotification, notification)
 	}
 }
 // BroadcastXrayState broadcasts Xray state change to all connected clients
 func BroadcastXrayState(state string, errorMsg string) {
 	hub := GetHub()
 	if hub != nil {
 		stateUpdate := map[string]string{
 			"state":    state,
 			"errorMsg": errorMsg,
 		}
 		hub.Broadcast(MessageTypeXrayState, stateUpdate)
 	}
 }
--- a/x-ui.rc
+++ b/x-ui.rc
@@ -0,0 +1,13 @@
 #!/sbin/openrc-run
 command="/usr/local/x-ui/x-ui"
 command_background=true
 pidfile="/run/x-ui.pid"
 description="x-ui Service"
 procname="x-ui"
 depend() {
    need net
 }
 start_pre(){
    cd /usr/local/x-ui
 }
--- a/x-ui.service.debian
+++ b/x-ui.service.debian
@@ -4,6 +4,7 @@ After=network.target
 Wants=network.target
 [Service]
 EnvironmentFile=-/etc/default/x-ui
 Environment="XRAY_VMESS_AEAD_FORCED=false"
 Type=simple
 WorkingDirectory=/usr/local/x-ui/
--- a/x-ui.service.rhel
+++ b/x-ui.service.rhel
@@ -0,0 +1,16 @@
 [Unit]
 Description=x-ui Service
 After=network.target
 Wants=network.target
 [Service]
 EnvironmentFile=-/etc/sysconfig/x-ui
 Environment="XRAY_VMESS_AEAD_FORCED=false"
 Type=simple
 WorkingDirectory=/usr/local/x-ui/
 ExecStart=/usr/local/x-ui/x-ui
 Restart=on-failure
 RestartSec=5s
 [Install]
 WantedBy=multi-user.target
--- a/x-ui.sh
+++ b/x-ui.sh
--- a/xray/api.go
+++ b/xray/api.go
@@ -110,10 +110,33 @@ func (x *XrayAPI) AddUser(Protocol string, inboundTag string, user map[string]an
 			Id: user["id"].(string),
 		})
 	case "vless":
-		account = serial.ToTypedMessage(&vless.Account{
+		vlessAccount := &vless.Account{
 			Id:   user["id"].(string),
 			Flow: user["flow"].(string),
-		})
+		}
 		// Add testseed if provided
 		if testseedVal, ok := user["testseed"]; ok {
 			if testseedArr, ok := testseedVal.([]interface{}); ok && len(testseedArr) >= 4 {
 				testseed := make([]uint32, len(testseedArr))
 				for i, v := range testseedArr {
 					if num, ok := v.(float64); ok {
 						testseed[i] = uint32(num)
 					}
 				}
 				vlessAccount.Testseed = testseed
 			} else if testseedArr, ok := testseedVal.([]uint32); ok && len(testseedArr) >= 4 {
 				vlessAccount.Testseed = testseedArr
 			}
 		}
 		// Add testpre if provided (for outbound, but can be in user for compatibility)
 		if testpreVal, ok := user["testpre"]; ok {
 			if testpre, ok := testpreVal.(float64); ok && testpre > 0 {
 				vlessAccount.Testpre = uint32(testpre)
 			} else if testpre, ok := testpreVal.(uint32); ok && testpre > 0 {
 				vlessAccount.Testpre = testpre
 			}
 		}
 		account = serial.ToTypedMessage(vlessAccount)
 	case "trojan":
 		account = serial.ToTypedMessage(&trojan.Account{
 			Password: user["password"].(string),
Author	SHA1	Message	Date
lolka1333	a6b3623634	Added curl dependency to Dockerfile for improved functionality (#3617 ) Co-authored-by: lolka1333 <test123@gmail.com>	2026-01-03 17:18:28 +01:00
MHSanaei	947fd4fae1	fix	2026-01-03 07:27:39 +01:00
MHSanaei	e69a31dd59	v2.8.6	2026-01-03 06:44:39 +01:00
Nebulosa	719ae0e014	Remove wget dependency from everywhere (#3598 ) * Remove wget dependency * Merge branch 'curl_only' of https://github.com/nebulosa2007/3x-ui into nebulosa2007-curl_only --------- Co-authored-by: Sanaei <ho3ein.sanaei@gmail.com>	2026-01-03 06:41:40 +01:00
MHSanaei	5bcf6a8aeb	minor changes	2026-01-03 05:56:35 +01:00
MHSanaei	945fefde12	update dependencies	2026-01-03 05:36:05 +01:00
lolka1333	313a2acbf6	feat: Add WebSocket support for real-time updates and enhance VLESS settings (#3605 ) * feat: add support for trusted X-Forwarded-For and testseed parameters in VLESS settings * chore: update Xray Core version to 25.12.8 in release workflow * chore: update Xray Core version to 25.12.8 in Docker initialization script * chore: bump version to 2.8.6 and add watcher for security changes in inbound modal * refactor: remove default and random seed buttons from outbound form * refactor: update VLESS form to rename 'Test Seed' to 'Vision Seed' and change button functionality for seed generation * refactor: enhance TLS settings form layout with improved button styling and spacing * feat: integrate WebSocket support for real-time updates on inbounds and Xray service status * chore: downgrade version to 2.8.5 * refactor: translate comments to English * fix: ensure testseed is initialized correctly for VLESS protocol and improve client handling in inbound modal * refactor: simplify VLESS divider condition by removing unnecessary flow checks * fix: add fallback date formatting for cases when IntlUtil is not available * refactor: simplify WebSocket message handling by removing batching and ensuring individual message delivery * refactor: disable WebSocket notifications in inbound and index HTML files * refactor: enhance VLESS testseed initialization and button functionality in inbound modal * fix: * refactor: ensure proper WebSocket URL construction by normalizing basePath * fix: * fix: * fix: * refactor: update testseed methods for improved reactivity and binding in VLESS form * logger info to debug --------- Co-authored-by: lolka1333 <test123@gmail.com>	2026-01-03 05:26:00 +01:00
Igor Kamyshnikov	b747730211	vless: use Inbound Listen address in Subscription service (#3610 ) * vless: use Inbound Listen address in Subscription service vless manual connection link and subscription produced connection link are aligned. subscription service now returns an IP address configured on Inbound, instead of subscription service IP, which is consistent when the address, returned by QR code for manual vless link distribution.	2026-01-03 04:39:30 +01:00
Nebulosa	692a73788a	Set variables for packaging purposes (#3600 ) * Set Variables for settings	2026-01-03 03:57:19 +01:00
Mikhail Grigorev	3287fa4d80	Added EnvironmentFile to systemd unit (#3606 ) * Added EnvironmentFile to systemd unit * Added support for older releases * Remove ARGS * Fixed copy unit * Fixed unit filename * Update update.sh	2026-01-03 03:37:48 +01:00
weekend sorrow	1393f981bc	feat: Add etckeeper compatibility (#3602 )	2026-01-03 03:13:00 +01:00
Ilya Kryuchkov	9a2c1c6b43	Fix: panel redirecting to old port after restart (#3594 ) * Fix panel redirect logic * Fix panel redirect logic * remove duplicate code * Cr fixes	2026-01-03 03:05:10 +01:00
Vlad Yaroslavlev	278aa1c85c	Fix telegram bot issue (#3608 ) * fix: improve Telegram bot handling for concurrent starts and graceful shutdown - Added logic to stop any existing long-polling loop when Start is called again. - Introduced a mutex to manage access to shared state variables, ensuring thread safety. - Updated the OnReceive method to prevent multiple concurrent executions. - Enhanced Stop method to ensure proper cleanup of resources and state management. * fix: enhance Telegram bot's long-polling management - Improved handling of concurrent starts by stopping existing long-polling loops. - Implemented mutex for thread-safe access to shared state variables. - Updated OnReceive method to prevent multiple executions. - Enhanced Stop method for better resource cleanup and state management. * .	2026-01-02 16:13:32 +01:00
Anton Petrov	8fe297ef9d	Fix QR codes colors inversion (#3607 )	2026-01-02 16:12:30 +01:00
Zhenyu Qi	c881d1015a	fix: handle GitHub API error responses in GetXrayVersions (#3609 ) GitHub API returns JSON object instead of array when encountering errors (e.g., rate limit exceeded). This causes JSON unmarshal error: 'cannot unmarshal object into Go value of type []service.Release' Add HTTP status code check to handle error responses gracefully and return user-friendly error messages instead of JSON parsing errors. Fixes issue where getXrayVersion fails with unmarshal error when GitHub API rate limit is exceeded.	2026-01-02 16:12:13 +01:00
Nebulosa	c061337ce7	Set log folder variable to /var/log/3x-ui (#3599 ) * Set log folder variable to /var/log/3x-ui * Set log folder as x-ui and create the log folder * Create the log folder in install and update scripts	2026-01-02 16:11:32 +01:00
Wyatt	260eedf8c4	fix: add missing is_domain helper function to x-ui.sh (#3612 ) The is_domain function was being called in ssl_cert_issue() but was never defined in x-ui.sh, causing 'Invalid domain format' errors for valid domains. Added is_ipv4, is_ipv6, is_ip, and is_domain helper functions to match the definitions in install.sh and update.sh. Co-authored-by: wyatt <wyatt@Wyatts-MacBook-Air.local>	2025-12-28 16:38:26 +01:00
Sanaei	69ccdba734	Self-signed SSL (#3611 )	2025-12-28 00:03:33 +01:00
zd	4c797dc154	fix: display of outbound traffic (#3604 ) shows the direction of traffic	2025-12-23 15:43:25 +01:00
Борисов Семён	f000322a06	fix: handle CPU threshold error to prevent false notifications (#3603 ) Previously, when GetTgCpu() failed, the error was ignored and threshold defaulted to 0, causing notifications to be sent for any CPU usage. Now the job properly checks for errors and skips notifications if: - The threshold cannot be retrieved (error) - The threshold is not set or is 0 This ensures notifications are only sent when CPU usage exceeds the configured threshold value from settings.	2025-12-12 14:29:27 +01:00
MHSanaei	0ea8b5352a	fix	2025-12-04 00:09:13 +01:00
MHSanaei	68240061aa	Xray Core 25.12.2	2025-12-03 23:45:28 +01:00
MHSanaei	0695f677ba	update dependencies	2025-12-03 23:45:11 +01:00
Danil S.	70f6d6b21a	chore: use `Intl` for date formatting (#3588 ) * chore: use `Intl` for date formatting * fix: show last traffic reset * chore: use raw timestamps * fix: remove unnecessary import	2025-12-03 23:37:27 +01:00
JieXu	e8c509c720	Update for Red Hat base Linux (#3589 ) * Update install.sh * Update update.sh * Update x-ui.sh * Update install.sh * Update update.sh * Update x-ui.sh * fix	2025-12-03 21:40:49 +01:00
Roman Gogolev	83a1c721c7	Fix int64 for 32-bit arch (#3591 ) * fix int64 for 32-bit arch * Update web/service/tgbot.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-12-03 14:58:54 +01:00
Anton Petrov	7ccc0877a1	Add "Last Online" printing for Telegram bot (#3593 )	2025-12-03 14:43:37 +01:00
Evgeny Popov	ad659e48cf	Update x-ui.sh (#3595 ) Add curl & openssl pkgs for acme inside docker container	2025-12-03 14:42:10 +01:00
mhsanaei	784ed39930	update dependencies	2025-11-09 00:56:14 +01:00
fgsfds	538f7fd5d7	Fix: Incorrect time in xray logs (#3587 ) * fixed timezone in xray logs * remove leading / at the address	2025-11-09 00:42:02 +01:00
fgsfds	cf38226b5d	Add update-all-geofiles key to x-ui.sh (#3586 ) * added update-all-geofiles key to x-ui.sh that updated all geofiles * fix * text fixes * typo fix * cleanup	2025-11-07 19:26:43 +01:00
lillinlin	575ee854c8	Better Random Reality (#3585 ) * Update reality_targets.js * Update inbound.js	2025-11-02 14:46:50 +01:00
OleksandrParshyn	9936af80dd	Fix: Invoke service.StopBot() in signal handlers (#3583 ) Ensures the global Telegram bot stop function (`service.StopBot()`) is called upon receiving system signals (SIGHUP for restart, SIGINT/SIGTERM for shutdown). This complements the changes in `tgbot.go` to guarantee a clean shutdown of the Telegram bot's Long Polling operation, fully resolving the 409 Conflict issue during panel restarts or shutdowns. Changes: - Added `service.StopBot()` call to the `syscall.SIGHUP` handler. - Added `service.StopBot()` call to the default shutdown handler.	2025-11-01 14:33:35 +01:00
Дмитрий Олегович Саенко	4a75bd0a48	Feature: add setting certs for subscription while generating for panel (#3578 )	2025-11-01 13:10:27 +01:00
Rashid Yusubov	b0c223c631	fix: improve russian localization (#3576 ) * fix: improve russian localization * fix: updating the Russian translation according to the suggestions	2025-11-01 13:07:49 +01:00
Denis Gorelov	313b51f96f	feat: Add random Reality Target/SNI selection from 52 popular services (#3577 ) * feat: Add random Reality Target/SNI selection from 52 popular services - Created reality_targets.js with list of 52 popular services - Updated RealityStreamSettings to use random targets by default - Added UI randomize buttons with sync icon in Reality settings form - Implemented randomizeRealityTarget() method in inbound modal - Replaces hardcoded google.com with diverse global services * fix --------- Co-authored-by: mhsanaei <ho3ein.sanaei@gmail.com>	2025-11-01 13:07:05 +01:00
OleksandrParshyn	020cd63e22	Fix: Graceful Telegram bot shutdown to prevent 409 Conflict (#3580 ) * Fix: Graceful Telegram bot shutdown to prevent 409 Conflict Introduces a `botCancel` context and a global `StopBot()` function to ensure the Telegram bot's Long Polling operation is safely terminated (via context cancellation) before the service restarts. This prevents the "Conflict: another update consumer is running" (409) error upon panel restart. Changes: - Added `botCancel context.CancelFunc` to manage context cancellation. - Implemented global `StopBot()` function. - Updated `Tgbot.Stop()` to call `StopBot()`. - Modified `Tgbot.OnReceive()` to use the new cancellable context for `UpdatesViaLongPolling`. * Fix: Prevent race condition and goroutine leak in TgBot Addresses a critical race condition on the global `botCancel` variable, which could occur if `Tgbot.OnReceive()` was called concurrently (e.g., during rapid panel restarts or unexpected behavior). Changes in tgbot.go: - Added `tgBotMutex sync.Mutex` to ensure thread safety. - Protected `botCancel` creation and assignment in `OnReceive()` using the mutex, and added a check to prevent overwriting an active context, which avoids goroutine leaks. - Protected the cancellation and cleanup logic in `StopBot()` with the mutex. * Refactor: Replace time.Sleep with sync.WaitGroup for reliable TgBot shutdown Replaced the unreliable `time.Sleep(1 * time.Second)` in `service.StopBot()` with `sync.WaitGroup`. This ensures the Long Polling goroutine is explicitly waited for and reliably exits before the panel continues, preventing potential resource leaks and incomplete shutdowns during restarts. Changes: - Added `botWG sync.WaitGroup` variable. - Updated `service.StopBot()` to call `botWG.Wait()` instead of `time.Sleep()`. - Modified `Tgbot.OnReceive()` to correctly use `botWG.Add(1)` and `defer botWG.Done()` within the Long Polling goroutine. - Corrected the goroutine structure in `OnReceive()` to properly encapsulate all message handling logic.	2025-11-01 13:01:44 +01:00
BOplaid	6e46e9b16e	Improve English README (#3579 )	2025-11-01 12:48:16 +01:00
mhsanaei	713a7328f6	gofmt	2025-10-21 13:02:55 +02:00
mhsanaei	01d4a7488d	v2.8.5	2025-10-15 11:40:40 +02:00
mhsanaei	2b2ed3349a	Xray-core v25.10.15	2025-10-15 11:40:04 +02:00
mhsanaei	d8523bbdac	fix(import): prevent sqlite disk I/O error by validating temp DB then swapping	2025-10-14 22:03:17 +02:00
Slava M.	8afa39144e	feat: add file logger support (#3575 ) * feat: add backend for file logger	2025-10-09 17:39:29 +02:00
fpointsstar	00baeffe74	Update translate.ru_RU.toml (#3574 ) Fix RU translation for login title: replace “Приветствие!” with “Добро пожаловать!” to match English “Welcome”.	2025-10-07 16:31:32 +02:00
mhsanaei	b578a33518	update dependencies	2025-10-07 13:49:08 +02:00
mhsanaei	8153e0ac05	fragment : MaxSplit	2025-10-07 13:46:30 +02:00
mhsanaei	2eb9d2e2e8	DevTools	2025-10-02 01:47:12 +02:00
Vadim Iskuchekov	a824875c4f	fix: improve error handling in periodic traffic reset job (#3572 )	2025-10-01 23:12:09 +02:00
JieXu	cafcb250ec	Add support for OpenSUSE Leap (#3573 ) * Update update.sh * Update install.sh * Update x-ui.sh * Update x-ui.sh	2025-10-01 23:11:37 +02:00
mhsanaei	e7cfee570b	first try native CPU implementation	2025-10-01 20:13:32 +02:00
JieXu	90c3529301	[Security] Replace timestamp-based password generation with random generator (#3571 ) * Update x-ui.sh * Update x-ui.sh * Update x-ui.sh * Update x-ui.sh	2025-10-01 18:37:31 +02:00
konstpic	b65ec83c39	fix: fix delete method (#3569 ) Co-authored-by: Пичугин Константин <k.pichugin@comagic.dev>	2025-09-29 18:16:46 +02:00
konstpic	28a17a80ec	feat: add ldap component (#3568 ) * add ldap component * fix: fix russian comments, tls cert verify default true * feat: remove replaces go mod for local dev	2025-09-28 21:04:54 +02:00
Mikhail Grigorev	3056583388	feat: Add update script (#3555 ) * feat: Add update script * Small fix * Fixed typo * Fixed typo * chmod +x * Update x-ui * Fixed update message * Fixed typo * Added downloading via IPv4 * Remove check_glibc_version * Fixed self destroy * Fixed typo * Fixed self destroy ---------	2025-09-28 14:09:27 +02:00
Дмитрий Олегович Саенко	172f2ddaa7	fix russian translate in tgbot (#3557 )	2025-09-25 15:21:40 +02:00
Tara Rostami	d69af328dc	fix: login animation (#3559 ) * Add IPv4 for wget in install * fix: login animation	2025-09-25 15:16:50 +02:00
mhsanaei	ee0e3093ba	Add IPv4 for wget in install	2025-09-25 15:08:13 +02:00
mhsanaei	89def9aee6	fix	2025-09-24 21:30:58 +02:00
mhsanaei	b2b0024648	login: autocomplete password	2025-09-24 20:41:32 +02:00
mhsanaei	5822758b7c	tiny changes	2025-09-24 19:51:01 +02:00
mhsanaei	49430b3991	Update docker.yml	2025-09-24 15:42:01 +02:00
mhsanaei	104526aab2	v2.8.4	2025-09-24 11:47:43 +02:00
mhsanaei	a0c07241c0	minor changes	2025-09-24 11:47:14 +02:00
mhsanaei	adf3242602	bug fix	2025-09-24 11:44:02 +02:00
mhsanaei	3f62592e4b	API improve security: returns 404 for unauthenticated API requests	2025-09-24 11:29:55 +02:00
Дмитрий Олегович Саенко	02bff4db6c	max port to 65535 (#3536 ) * add EXPOSE port in Dockerfile * fix: max port 65 531 -> 65 535 * fix --------- Co-authored-by: mhsanaei <ho3ein.sanaei@gmail.com>	2025-09-23 19:43:56 +02:00
Happ-dev	8ff4e1ff31	Add Happ client export open link (#3542 ) Co-authored-by: y.sivushkin <y.sivushkin@corp.101xp.com>	2025-09-23 16:46:45 +02:00
mhsanaei	26c6438ec2	fix api : subid, uuid from inbound settings	2025-09-23 11:52:40 +02:00
Evgeny Volferts	b3e96230c4	Add Alpine Linux support (#3534 ) * Add Alpine linux support * Fix for reading logs	2025-09-22 21:56:43 +02:00
mhsanaei	1016f3b4f9	fix: outbound address for vless	2025-09-22 00:20:05 +02:00