From a2db446cf3b0c7372e467afc403b21f982f4290b Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sat, 29 Oct 2022 11:34:05 -0400
Subject: [PATCH 01/28] creade client ip db model

---
 database/db.go          | 7 +++++++
 database/model/model.go | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/database/db.go b/database/db.go
index 3273874a..ef5bf2f3 100644
--- a/database/db.go
+++ b/database/db.go
@@ -40,6 +40,9 @@ func initInbound() error {
 func initSetting() error {
 	return db.AutoMigrate(&model.Setting{})
 }
+func initInboundClientIps() error {
+	return db.AutoMigrate(&model.InboundClientIps{})
+}
 
 func InitDB(dbPath string) error {
 	dir := path.Dir(dbPath)
@@ -76,6 +79,10 @@ func InitDB(dbPath string) error {
 	if err != nil {
 		return err
 	}
+	err = initInboundClientIps()
+	if err != nil {
+		return err
+	}
 
 	return nil
 }
diff --git a/database/model/model.go b/database/model/model.go
index bc194445..b7142157 100644
--- a/database/model/model.go
+++ b/database/model/model.go
@@ -42,6 +42,11 @@ type Inbound struct {
 	Tag            string   `json:"tag" form:"tag" gorm:"unique"`
 	Sniffing       string   `json:"sniffing" form:"sniffing"`
 }
+type InboundClientIps struct {
+	Id       int    `json:"id" gorm:"primaryKey;autoIncrement"`
+	ClientEmail string `json:"clientEmail" form:"clientEmail" gorm:"unique"`
+	Ips string `json:"ips" form:"ips"`
+}
 
 func (i *Inbound) GenXrayInboundConfig() *xray.InboundConfig {
 	listen := i.Listen

From d864d20f34567251b65bae74ae5ae9a79eafaacb Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sat, 29 Oct 2022 11:42:15 -0400
Subject: [PATCH 02/28] add email and ip limit to vmess ui

---
 web/assets/js/model/xray.js           |  8 +++++++-
 web/html/xui/form/protocol/vmess.html | 18 ++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/web/assets/js/model/xray.js b/web/assets/js/model/xray.js
index ef5c4995..ecdf9e27 100644
--- a/web/assets/js/model/xray.js
+++ b/web/assets/js/model/xray.js
@@ -1157,16 +1157,22 @@ Inbound.VmessSettings = class extends Inbound.Settings {
     }
 };
 Inbound.VmessSettings.Vmess = class extends XrayCommonClass {
-    constructor(id=RandomUtil.randomUUID(), alterId=0) {
+    constructor(id=RandomUtil.randomUUID(), alterId=0, email='', limitIp=0) {
         super();
         this.id = id;
         this.alterId = alterId;
+        this.email = email;
+        this.limitIp = limitIp;
+
     }
 
     static fromJson(json={}) {
         return new Inbound.VmessSettings.Vmess(
             json.id,
             json.alterId,
+            json.email,
+            json.limitIp,
+
         );
     }
 };
diff --git a/web/html/xui/form/protocol/vmess.html b/web/html/xui/form/protocol/vmess.html
index 280e6a6a..ce23d4a3 100644
--- a/web/html/xui/form/protocol/vmess.html
+++ b/web/html/xui/form/protocol/vmess.html
@@ -1,5 +1,23 @@
 {{define "form/vmess"}}
 <a-form layout="inline">
+    <a-form layout="inline">
+        <a-form-item label="Email">
+            <a-input v-model.trim="inbound.settings.vmesses[0].email"></a-input>
+        </a-form-item>
+        <a-form-item>
+            <span slot="label">
+                Ip Count Limit
+                <a-tooltip>
+                    <template slot="title">
+                        disable inbound if more than entered count (0 for disable limit ip)
+                    </template>
+                    <a-icon type="question-circle" theme="filled"></a-icon>
+                </a-tooltip>
+            </span>
+        
+            <a-input type="number" v-model.number="inbound.settings.vmesses[0].limitIp"></a-input>
+        </a-form-item>
+    </a-form>
     <a-form-item label="id">
         <a-input v-model.trim="inbound.settings.vmesses[0].id"></a-input>
     </a-form-item>

From 20e7b9e02b02886d8855da00e53a15e56c16c34f Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sat, 29 Oct 2022 11:49:27 -0400
Subject: [PATCH 03/28] add client ip limit job

---
 web/job/check_clinet_ip_job.go | 232 +++++++++++++++++++++++++++++++++
 web/web.go                     |   4 +
 2 files changed, 236 insertions(+)
 create mode 100644 web/job/check_clinet_ip_job.go

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
new file mode 100644
index 00000000..2e922a19
--- /dev/null
+++ b/web/job/check_clinet_ip_job.go
@@ -0,0 +1,232 @@
+package job
+
+import (
+	"x-ui/logger"
+	"x-ui/web/service"
+	"x-ui/database"
+	"x-ui/database/model"
+    "os"
+ 	ss "strings"
+	"regexp"
+    "encoding/json"
+	"gorm.io/gorm"
+    "strconv"
+
+)
+
+type CheckClientIpJob struct {
+	xrayService    service.XrayService
+	inboundService service.InboundService
+}
+
+  
+func NewCheckClientIpJob() *CheckClientIpJob {
+	return new(CheckClientIpJob)
+}
+
+func (j *CheckClientIpJob) Run() {
+	processLogFile()
+}
+
+func processLogFile() {
+	accessLogPath := GetAccessLogPath()
+	if(accessLogPath == "") {
+		logger.Warning("xray log not init in config.json")
+		return
+	}
+
+    data, err := os.ReadFile(accessLogPath)
+	InboundClientIps := make(map[string][]string)
+    checkError(err)
+
+	// clean log
+	if err := os.Truncate(GetAccessLogPath(), 0); err != nil {
+		checkError(err)
+	}
+	
+	lines := ss.Split(string(data), "\n")
+	for _, line := range lines {
+		ipRegx, _ := regexp.Compile(`[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+`)
+		emailRegx, _ := regexp.Compile(`email:.+`)
+
+		matchesIp := ipRegx.FindString(line)
+		if(len(matchesIp) > 0) {
+			ip := string(matchesIp)
+			if( ip == "127.0.0.1" || ip == "1.1.1.1") {
+				continue
+			}
+
+			matchesEmail := emailRegx.FindString(line)
+			if(matchesEmail == "") {
+				continue
+			}
+			matchesEmail = ss.Split(matchesEmail, "email: ")[1]
+	
+			if(InboundClientIps[matchesEmail] != nil) {
+				if(contains(InboundClientIps[matchesEmail],ip)){
+					continue
+				}
+				InboundClientIps[matchesEmail] = append(InboundClientIps[matchesEmail],ip)
+
+				
+
+			}else{
+			InboundClientIps[matchesEmail] = append(InboundClientIps[matchesEmail],ip)
+		}
+		}
+
+	}
+	for clientEmail, ips := range InboundClientIps {
+		inboundClientIps,err := GetInboundClientIps(clientEmail)
+		if(err != nil){
+			addInboundClientIps(clientEmail,ips)
+
+		}else{
+			updateInboundClientIps(inboundClientIps,clientEmail,ips)
+		}
+			
+	}
+
+
+}
+func GetAccessLogPath() string {
+	
+    config, err := os.ReadFile("bin/config.json")
+    checkError(err)
+
+	jsonConfig := map[string]interface{}{}
+    err = json.Unmarshal([]byte(config), &jsonConfig)
+    if err != nil {
+        logger.Warning(err)
+    }
+	if(jsonConfig["log"] != nil) {
+		jsonLog := jsonConfig["log"].(map[string]interface{})
+		if(jsonLog["access"] != nil) {
+
+			accessLogPath := jsonLog["access"].(string)
+
+			return accessLogPath
+		}
+	}
+	return ""
+
+}
+func checkError(e error) {
+    if e != nil {
+		logger.Warning("client ip job err:", e)
+	}
+}
+func contains(s []string, str string) bool {
+	for _, v := range s {
+		if v == str {
+			return true
+		}
+	}
+
+	return false
+}
+// https://codereview.stackexchange.com/a/192954
+func Unique(slice []string) []string {
+    // create a map with all the values as key
+    uniqMap := make(map[string]struct{})
+    for _, v := range slice {
+        uniqMap[v] = struct{}{}
+    }
+
+    // turn the map keys into a slice
+    uniqSlice := make([]string, 0, len(uniqMap))
+    for v := range uniqMap {
+        uniqSlice = append(uniqSlice, v)
+    }
+    return uniqSlice
+}
+
+func GetInboundClientIps(clientEmail string) (*model.InboundClientIps, error) {
+	db := database.GetDB()
+	InboundClientIps := &model.InboundClientIps{}
+	err := db.Model(model.InboundClientIps{}).Where("client_email = ?", clientEmail).First(InboundClientIps).Error
+	if err != nil {
+		return nil, err
+	}
+	return InboundClientIps, nil
+}
+func addInboundClientIps(clientEmail string,ips []string) error {
+	inboundClientIps := &model.InboundClientIps{}
+    jsonIps, err := json.Marshal(ips)
+	checkError(err)
+
+	inboundClientIps.ClientEmail = clientEmail
+	inboundClientIps.Ips = string(jsonIps)
+	
+
+	db := database.GetDB()
+	tx := db.Begin()
+
+	defer func() {
+		if err == nil {
+			tx.Commit()
+		} else {
+			tx.Rollback()
+		}
+	}()
+
+	err = tx.Save(inboundClientIps).Error
+	if err != nil {
+		return err
+	}
+	return nil
+}
+func updateInboundClientIps(inboundClientIps *model.InboundClientIps,clientEmail string,ips []string) error {
+
+	var oldIps []string
+	err := json.Unmarshal([]byte(inboundClientIps.Ips), &oldIps)
+	mergedIps := Unique(append(oldIps, ips...))
+
+    jsonIps, err := json.Marshal(mergedIps)
+	checkError(err)
+
+	inboundClientIps.ClientEmail = clientEmail
+	inboundClientIps.Ips = string(jsonIps)
+	
+	// check inbound limitation
+	inbound, _ := GetInboundByEmail(clientEmail)
+
+	limitIpRegx, _ := regexp.Compile(`"limitIp": .+`)
+
+	limitIpMactch := limitIpRegx.FindString(inbound.Settings)
+	limitIpMactch =  ss.Split(limitIpMactch, `"limitIp": `)[1]
+    limitIp, err := strconv.Atoi(limitIpMactch)
+
+
+	if(limitIp < len(mergedIps) && limitIp != 0 && inbound.Enable) {
+
+		DisableInbound(inbound.Id)
+	}
+
+	db := database.GetDB()
+	err = db.Save(inboundClientIps).Error
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func GetInboundByEmail(clientEmail string) (*model.Inbound, error) {
+	db := database.GetDB()
+	var inbounds *model.Inbound
+	err := db.Model(model.Inbound{}).Where("settings LIKE ?", "%" + clientEmail + "%").Find(&inbounds).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		return nil, err
+	}
+	return inbounds, nil
+}
+func DisableInbound(id int) error{
+	db := database.GetDB()
+	result := db.Model(model.Inbound{}).
+		Where("id = ? and enable = ?", id, true).
+		Update("enable", false)
+	err := result.Error
+	logger.Warning("disable inbound with id:",id)
+
+	return err
+}
diff --git a/web/web.go b/web/web.go
index 972292f0..60a69da1 100644
--- a/web/web.go
+++ b/web/web.go
@@ -295,6 +295,10 @@ func (s *Server) startTask() {
 
 	// 每 30 秒检查一次 inbound 流量超出和到期的情况
 	s.cron.AddJob("@every 30s", job.NewCheckInboundJob())
+
+	// check client ips from log file every 1 min
+	s.cron.AddJob("@every 1m", job.NewCheckClientIpJob())
+
 	// 每一天提示一次流量情况,上海时间8点30
 	var entry cron.EntryID
 	isTgbotenabled, err := s.settingService.GetTgbotenabled()

From 2722d2920bbb3a6d1cdf2572f0eccf2431de75db Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sun, 30 Oct 2022 11:48:07 -0400
Subject: [PATCH 04/28] restart xray service after disable inbound

---
 web/job/check_clinet_ip_job.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index 2e922a19..7e1cc4f7 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -18,10 +18,11 @@ type CheckClientIpJob struct {
 	xrayService    service.XrayService
 	inboundService service.InboundService
 }
-
+var job *CheckClientIpJob
   
 func NewCheckClientIpJob() *CheckClientIpJob {
-	return new(CheckClientIpJob)
+	job = new(CheckClientIpJob)
+	return job
 }
 
 func (j *CheckClientIpJob) Run() {
@@ -228,5 +229,9 @@ func DisableInbound(id int) error{
 	err := result.Error
 	logger.Warning("disable inbound with id:",id)
 
+	if err == nil {
+		job.xrayService.SetToNeedRestart()
+	}
+
 	return err
 }

From e0abaf5044305a056d44dda8ab1b0333f0c9c2d6 Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sun, 30 Oct 2022 12:05:31 -0400
Subject: [PATCH 05/28] add ip log, clear ip log button in edit modal

---
 .gitignore                            |  2 ++
 web/controller/inbound.go             | 25 +++++++++++++++++++++++++
 web/html/xui/form/protocol/vmess.html | 17 +++++++++++++++++
 web/html/xui/inbound_modal.html       | 27 +++++++++++++++++++++++++--
 web/service/inbound.go                | 24 ++++++++++++++++++++++++
 5 files changed, 93 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 1b5f0069..419da08b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,5 @@ x-ui-*.tar.gz
 /release.sh
 .sync*
 main
+release/
+access.log
diff --git a/web/controller/inbound.go b/web/controller/inbound.go
index 3cb3b6b6..c9922b3f 100644
--- a/web/controller/inbound.go
+++ b/web/controller/inbound.go
@@ -30,6 +30,11 @@ func (a *InboundController) initRouter(g *gin.RouterGroup) {
 	g.POST("/add", a.addInbound)
 	g.POST("/del/:id", a.delInbound)
 	g.POST("/update/:id", a.updateInbound)
+
+	g.POST("/clientIps/:email", a.getClientIps)
+	g.POST("/clearClientIps/:email", a.clearClientIps)
+	
+
 }
 
 func (a *InboundController) startTask() {
@@ -106,3 +111,23 @@ func (a *InboundController) updateInbound(c *gin.Context) {
 		a.xrayService.SetToNeedRestart()
 	}
 }
+func (a *InboundController) getClientIps(c *gin.Context) {
+	email := c.Param("email")
+
+	ips , err := a.inboundService.GetInboundClientIps(email)
+	if err != nil {
+		jsonMsg(c, "修改", err)
+		return
+	}
+	jsonObj(c, ips, nil)
+}
+func (a *InboundController) clearClientIps(c *gin.Context) {
+	email := c.Param("email")
+
+	err := a.inboundService.ClearClientIps(email)
+	if err != nil {
+		jsonMsg(c, "修改", err)
+		return
+	}
+	jsonMsg(c, "Log Cleared", nil)
+}
\ No newline at end of file
diff --git a/web/html/xui/form/protocol/vmess.html b/web/html/xui/form/protocol/vmess.html
index ce23d4a3..c161563f 100644
--- a/web/html/xui/form/protocol/vmess.html
+++ b/web/html/xui/form/protocol/vmess.html
@@ -17,6 +17,23 @@
         
             <a-input type="number" v-model.number="inbound.settings.vmesses[0].limitIp"></a-input>
         </a-form-item>
+        <a-form-item v-if="inbound.settings.vmesses[0].email">
+            <span slot="label">
+                client ip log
+                <a-tooltip>
+                    <template slot="title">
+                        disable inbound if more than entered count (0 for disable limit ip)
+                    </template>
+                    <a-icon type="question-circle" theme="filled"></a-icon>
+                </a-tooltip>
+            </span>
+            
+            <a-textarea disabled :input="getDBClientIps(inbound.settings.vmesses[0].email)" v-model="clientIps" :auto-size="{ minRows: 3, maxRows: 3 }">
+            </a-textarea>
+
+            <a-button type="danger" @click="clearDBClientIps(inbound.settings.vmesses[0].email)" >clear log</a-button>
+        </a-form-item>
+
     </a-form>
     <a-form-item label="id">
         <a-input v-model.trim="inbound.settings.vmesses[0].id"></a-input>
diff --git a/web/html/xui/inbound_modal.html b/web/html/xui/inbound_modal.html
index 050b4a00..1bf06a7c 100644
--- a/web/html/xui/inbound_modal.html
+++ b/web/html/xui/inbound_modal.html
@@ -14,6 +14,7 @@
         confirm: null,
         inbound: new Inbound(),
         dbInbound: new DBInbound(),
+        clientIps: "",
         ok() {
             ObjectUtil.execute(inModal.confirm, inModal.inbound, inModal.dbInbound);
         },
@@ -64,6 +65,9 @@
             },
             get dbInbound() {
                 return inModal.dbInbound;
+            },
+            get clientIps() {
+                return inModal.clientIps;
             }
         },
         methods: {
@@ -71,8 +75,27 @@
                 if (oldValue === 'kcp') {
                     this.inModal.inbound.tls = false;
                 }
-            }
-        }
+            },
+            async getDBClientIps(email) {
+
+                const msg = await HttpUtil.post('/xui/inbound/clientIps/'+ email);
+                if (!msg.success) {
+                    return;
+                }
+                ips = JSON.parse(msg.obj)
+                ips = ips.join(",")
+                this.inModal.clientIps =  ips
+            },
+            async clearDBClientIps(email) {
+                const msg = await HttpUtil.post('/xui/inbound/clearClientIps/'+ email);
+                if (!msg.success) {
+                    return;
+                }
+                this.inModal.clientIps =  ""
+            },
+
+        },
+     
     });
 
 </script>
diff --git a/web/service/inbound.go b/web/service/inbound.go
index 726b7ba0..d440cbce 100644
--- a/web/service/inbound.go
+++ b/web/service/inbound.go
@@ -176,3 +176,27 @@ func (s *InboundService) DisableInvalidInbounds() (int64, error) {
 	count := result.RowsAffected
 	return count, err
 }
+
+func (s *InboundService) GetInboundClientIps(clientEmail string) (string, error) {
+	db := database.GetDB()
+	InboundClientIps := &model.InboundClientIps{}
+	err := db.Model(model.InboundClientIps{}).Where("client_email = ?", clientEmail).First(InboundClientIps).Error
+	if err != nil {
+		return "", err
+	}
+	return InboundClientIps.Ips, nil
+}
+func (s *InboundService) ClearClientIps(clientEmail string) (error) {
+	db := database.GetDB()
+
+	result := db.Model(model.InboundClientIps{}).
+		Where("client_email = ?", clientEmail).
+		Update("ips", "")
+	err := result.Error
+
+
+	if err != nil {
+		return err
+	}
+	return nil
+}

From beacad316857a8267a1cff13f2a042c87dfb357e Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sun, 30 Oct 2022 14:24:33 -0400
Subject: [PATCH 06/28] remove merging new ips and old ones in ip log

---
 web/job/check_clinet_ip_job.go | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index 7e1cc4f7..4e1d17fb 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -179,11 +179,7 @@ func addInboundClientIps(clientEmail string,ips []string) error {
 }
 func updateInboundClientIps(inboundClientIps *model.InboundClientIps,clientEmail string,ips []string) error {
 
-	var oldIps []string
-	err := json.Unmarshal([]byte(inboundClientIps.Ips), &oldIps)
-	mergedIps := Unique(append(oldIps, ips...))
-
-    jsonIps, err := json.Marshal(mergedIps)
+    jsonIps, err := json.Marshal(ips)
 	checkError(err)
 
 	inboundClientIps.ClientEmail = clientEmail
@@ -199,7 +195,7 @@ func updateInboundClientIps(inboundClientIps *model.InboundClientIps,clientEmail
     limitIp, err := strconv.Atoi(limitIpMactch)
 
 
-	if(limitIp < len(mergedIps) && limitIp != 0 && inbound.Enable) {
+	if(limitIp < len(ips) && limitIp != 0 && inbound.Enable) {
 
 		DisableInbound(inbound.Id)
 	}

From 58327d5062e62ba9c28f5e42a0fcf6f2dee4a71b Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sun, 30 Oct 2022 14:43:17 -0400
Subject: [PATCH 07/28] replace text and add condtion to field

---
 web/html/xui/form/protocol/vmess.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/web/html/xui/form/protocol/vmess.html b/web/html/xui/form/protocol/vmess.html
index c161563f..381caa5b 100644
--- a/web/html/xui/form/protocol/vmess.html
+++ b/web/html/xui/form/protocol/vmess.html
@@ -6,7 +6,7 @@
         </a-form-item>
         <a-form-item>
             <span slot="label">
-                Ip Count Limit
+                IP Count Limit
                 <a-tooltip>
                     <template slot="title">
                         disable inbound if more than entered count (0 for disable limit ip)
@@ -17,12 +17,12 @@
         
             <a-input type="number" v-model.number="inbound.settings.vmesses[0].limitIp"></a-input>
         </a-form-item>
-        <a-form-item v-if="inbound.settings.vmesses[0].email">
+        <a-form-item v-if="inbound.settings.vmesses[0].email && inbound.settings.vmesses[0].limitIp > 0 && inbound.id">
             <span slot="label">
-                client ip log
+                Client IP Log 
                 <a-tooltip>
                     <template slot="title">
-                        disable inbound if more than entered count (0 for disable limit ip)
+                        IPs history Log (before enabling inbound after it has been disabled by IP limit, you should clear the log)
                     </template>
                     <a-icon type="question-circle" theme="filled"></a-icon>
                 </a-tooltip>

From 60b649bf6aa3511b0f76aa675a16e048d4519de4 Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sun, 30 Oct 2022 18:28:50 -0400
Subject: [PATCH 08/28] bugs fix

---
 web/controller/inbound.go             |  2 +-
 web/html/xui/form/protocol/vmess.html |  2 +-
 web/html/xui/inbound_modal.html       | 20 ++++++++++++++++----
 web/html/xui/inbounds.html            |  6 ++++--
 4 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/web/controller/inbound.go b/web/controller/inbound.go
index c9922b3f..3a3c964b 100644
--- a/web/controller/inbound.go
+++ b/web/controller/inbound.go
@@ -116,7 +116,7 @@ func (a *InboundController) getClientIps(c *gin.Context) {
 
 	ips , err := a.inboundService.GetInboundClientIps(email)
 	if err != nil {
-		jsonMsg(c, "修改", err)
+		jsonObj(c, "No IP Record", nil)
 		return
 	}
 	jsonObj(c, ips, nil)
diff --git a/web/html/xui/form/protocol/vmess.html b/web/html/xui/form/protocol/vmess.html
index 381caa5b..84d90721 100644
--- a/web/html/xui/form/protocol/vmess.html
+++ b/web/html/xui/form/protocol/vmess.html
@@ -17,7 +17,7 @@
         
             <a-input type="number" v-model.number="inbound.settings.vmesses[0].limitIp"></a-input>
         </a-form-item>
-        <a-form-item v-if="inbound.settings.vmesses[0].email && inbound.settings.vmesses[0].limitIp > 0 && inbound.id">
+        <a-form-item v-if="inbound.settings.vmesses[0].email && inbound.settings.vmesses[0].limitIp > 0 && isEdit">
             <span slot="label">
                 Client IP Log 
                 <a-tooltip>
diff --git a/web/html/xui/inbound_modal.html b/web/html/xui/inbound_modal.html
index 1bf06a7c..1d58c60a 100644
--- a/web/html/xui/inbound_modal.html
+++ b/web/html/xui/inbound_modal.html
@@ -11,6 +11,7 @@
         visible: false,
         confirmLoading: false,
         okText: '确定',
+        isEdit: false,
         confirm: null,
         inbound: new Inbound(),
         dbInbound: new DBInbound(),
@@ -18,7 +19,7 @@
         ok() {
             ObjectUtil.execute(inModal.confirm, inModal.inbound, inModal.dbInbound);
         },
-        show({ title='', okText='确定', inbound=null, dbInbound=null, confirm=(inbound, dbInbound)=>{} }) {
+        show({ title='', okText='确定', inbound=null, dbInbound=null, confirm=(inbound, dbInbound)=>{}, isEdit=false }) {
             this.title = title;
             this.okText = okText;
             if (inbound) {
@@ -33,6 +34,7 @@
             }
             this.confirm = confirm;
             this.visible = true;
+            this.isEdit = isEdit;
         },
         close() {
             inModal.visible = false;
@@ -68,6 +70,9 @@
             },
             get clientIps() {
                 return inModal.clientIps;
+            },
+            get isEdit() {
+                return inModal.isEdit;
             }
         },
         methods: {
@@ -82,9 +87,16 @@
                 if (!msg.success) {
                     return;
                 }
-                ips = JSON.parse(msg.obj)
-                ips = ips.join(",")
-                this.inModal.clientIps =  ips
+                try {
+                    ips = JSON.parse(msg.obj)
+                    ips = ips.join(",")
+                    this.inModal.clientIps =  ips
+                } catch (error) {
+                    // text
+                    this.inModal.clientIps =  msg.obj
+
+                }
+
             },
             async clearDBClientIps(email) {
                 const msg = await HttpUtil.post('/xui/inbound/clearClientIps/'+ email);
diff --git a/web/html/xui/inbounds.html b/web/html/xui/inbounds.html
index 85321ede..6133ee78 100644
--- a/web/html/xui/inbounds.html
+++ b/web/html/xui/inbounds.html
@@ -240,7 +240,8 @@
                         inModal.loading();
                         await this.addInbound(inbound, dbInbound);
                         inModal.close();
-                    }
+                    },
+                    isEdit: false
                 });
             },
             openEditInbound(dbInbound) {
@@ -254,7 +255,8 @@
                         inModal.loading();
                         await this.updateInbound(inbound, dbInbound);
                         inModal.close();
-                    }
+                    },
+                    isEdit: true
                 });
             },
             async addInbound(inbound, dbInbound) {

From f8bddd48de7d8180116f5b7ce019a91dd06d022f Mon Sep 17 00:00:00 2001
From: proshir <hassanardeshir1020@gmail.com>
Date: Wed, 2 Nov 2022 01:47:09 +0330
Subject: [PATCH 09/28] add vless limit ip

---
 web/assets/js/model/xray.js           |  6 ++++-
 web/html/xui/form/protocol/vless.html | 34 +++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/web/assets/js/model/xray.js b/web/assets/js/model/xray.js
index ecdf9e27..2bce6a83 100644
--- a/web/assets/js/model/xray.js
+++ b/web/assets/js/model/xray.js
@@ -1215,16 +1215,20 @@ Inbound.VLESSSettings = class extends Inbound.Settings {
 };
 Inbound.VLESSSettings.VLESS = class extends XrayCommonClass {
 
-    constructor(id=RandomUtil.randomUUID(), flow=FLOW_CONTROL.DIRECT) {
+    constructor(id=RandomUtil.randomUUID(), flow=FLOW_CONTROL.DIRECT, email='', limitIp) {
         super();
         this.id = id;
         this.flow = flow;
+        this.email = email;
+        this.limitIp = limitIp;
     }
 
     static fromJson(json={}) {
         return new Inbound.VLESSSettings.VLESS(
             json.id,
             json.flow,
+            json.email,
+            json.limitIp
         );
     }
 };
diff --git a/web/html/xui/form/protocol/vless.html b/web/html/xui/form/protocol/vless.html
index 3e5a3a38..f02a4a8c 100644
--- a/web/html/xui/form/protocol/vless.html
+++ b/web/html/xui/form/protocol/vless.html
@@ -1,5 +1,39 @@
 {{define "form/vless"}}
 <a-form layout="inline">
+    <a-form layout="inline">
+        <a-form-item label="Email">
+            <a-input v-model.trim="inbound.settings.vlesses[0].email"></a-input>
+        </a-form-item>
+        <a-form-item>
+            <span slot="label">
+                IP Count Limit
+                <a-tooltip>
+                    <template slot="title">
+                        disable inbound if more than entered count (0 for disable limit ip)
+                    </template>
+                    <a-icon type="question-circle" theme="filled"></a-icon>
+                </a-tooltip>
+            </span>
+
+            <a-input type="number" v-model.number="inbound.settings.vlesses[0].limitIp"></a-input>
+        </a-form-item>
+        <a-form-item v-if="inbound.settings.vlesses[0].email && inbound.settings.vlesses[0].limitIp > 0 && isEdit">
+            <span slot="label">
+                client IP log
+                <a-tooltip>
+                    <template slot="title">
+                        IPs history Log (before enabling inbound after it has been disabled by IP limit, you should clear the log)
+                    </template>
+                    <a-icon type="question-circle" theme="filled"></a-icon>
+                </a-tooltip>
+            </span>
+
+            <a-textarea disabled :input="getDBClientIps(inbound.settings.vlesses[0].email)" v-model="clientIps" :auto-size="{ minRows: 3, maxRows: 3 }">
+            </a-textarea>
+
+            <a-button type="danger" @click="clearDBClientIps(inbound.settings.vlesses[0].email)" >clear log</a-button>
+        </a-form-item>
+    </a-form>
     <a-form-item label="id">
         <a-input v-model.trim="inbound.settings.vlesses[0].id"></a-input>
     </a-form-item>

From 375835e42ab68ae07ef02cb23aa032387d500786 Mon Sep 17 00:00:00 2001
From: proshir <hassanardeshir1020@gmail.com>
Date: Wed, 2 Nov 2022 12:23:47 +0330
Subject: [PATCH 10/28] clear ip log for clients after 1 min with bulk add

---
 web/job/check_clinet_ip_job.go | 119 +++++++++++++--------------------
 1 file changed, 47 insertions(+), 72 deletions(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index 4e1d17fb..9dfde67c 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -26,6 +26,7 @@ func NewCheckClientIpJob() *CheckClientIpJob {
 }
 
 func (j *CheckClientIpJob) Run() {
+	logger.Debug("Check Client IP Job...")
 	processLogFile()
 }
 
@@ -45,7 +46,9 @@ func processLogFile() {
 		checkError(err)
 	}
 	
-	lines := ss.Split(string(data), "\n")
+	lines := ss.Split(string(data), "\n")	if err != nil {
+		return nil
+	}
 	for _, line := range lines {
 		ipRegx, _ := regexp.Compile(`[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+`)
 		emailRegx, _ := regexp.Compile(`email:.+`)
@@ -77,18 +80,21 @@ func processLogFile() {
 		}
 
 	}
-	for clientEmail, ips := range InboundClientIps {
-		inboundClientIps,err := GetInboundClientIps(clientEmail)
-		if(err != nil){
-			addInboundClientIps(clientEmail,ips)
-
-		}else{
-			updateInboundClientIps(inboundClientIps,clientEmail,ips)
-		}
-			
+	err = ClearInboudClientIps()
+	if err != nil {
+		return
 	}
 
+	var inboundsClientIps []*model.InboundClientIps
+	for clientEmail, ips := range InboundClientIps {
+		inboundClientIps := GetInboundClientIps(clientEmail, ips)
+		if inboundClientIps != nil {
+			inboundsClientIps = append(inboundsClientIps, inboundClientIps)
+		}
+	}
 
+	err = AddInboundsClientIps(inboundsClientIps)
+	checkError(err)
 }
 func GetAccessLogPath() string {
 	
@@ -97,9 +103,7 @@ func GetAccessLogPath() string {
 
 	jsonConfig := map[string]interface{}{}
     err = json.Unmarshal([]byte(config), &jsonConfig)
-    if err != nil {
-        logger.Warning(err)
-    }
+	checkError(err)
 	if(jsonConfig["log"] != nil) {
 		jsonLog := jsonConfig["log"].(map[string]interface{})
 		if(jsonLog["access"] != nil) {
@@ -126,85 +130,55 @@ func contains(s []string, str string) bool {
 
 	return false
 }
-// https://codereview.stackexchange.com/a/192954
-func Unique(slice []string) []string {
-    // create a map with all the values as key
-    uniqMap := make(map[string]struct{})
-    for _, v := range slice {
-        uniqMap[v] = struct{}{}
-    }
 
-    // turn the map keys into a slice
-    uniqSlice := make([]string, 0, len(uniqMap))
-    for v := range uniqMap {
-        uniqSlice = append(uniqSlice, v)
-    }
-    return uniqSlice
-}
-
-func GetInboundClientIps(clientEmail string) (*model.InboundClientIps, error) {
+func ClearInboudClientIps() error {
 	db := database.GetDB()
-	InboundClientIps := &model.InboundClientIps{}
-	err := db.Model(model.InboundClientIps{}).Where("client_email = ?", clientEmail).First(InboundClientIps).Error
-	if err != nil {
-		return nil, err
-	}
-	return InboundClientIps, nil
+	err := db.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(&model.InboundClientIps{}).Error
+	checkError(err)
+	return err
 }
-func addInboundClientIps(clientEmail string,ips []string) error {
+
+func GetInboundClientIps(clientEmail string, ips []string) *model.InboundClientIps {
+	jsonIps, err := json.Marshal(ips)
+	if err != nil {
+		return nil
+	}
+
 	inboundClientIps := &model.InboundClientIps{}
-    jsonIps, err := json.Marshal(ips)
-	checkError(err)
-
 	inboundClientIps.ClientEmail = clientEmail
 	inboundClientIps.Ips = string(jsonIps)
-	
 
-	db := database.GetDB()
-	tx := db.Begin()
-
-	defer func() {
-		if err == nil {
-			tx.Commit()
-		} else {
-			tx.Rollback()
-		}
-	}()
-
-	err = tx.Save(inboundClientIps).Error
+	inbound, err := GetInboundByEmail(clientEmail)
 	if err != nil {
-		return err
+		return nil
 	}
-	return nil
-}
-func updateInboundClientIps(inboundClientIps *model.InboundClientIps,clientEmail string,ips []string) error {
-
-    jsonIps, err := json.Marshal(ips)
-	checkError(err)
-
-	inboundClientIps.ClientEmail = clientEmail
-	inboundClientIps.Ips = string(jsonIps)
-	
-	// check inbound limitation
-	inbound, _ := GetInboundByEmail(clientEmail)
-
 	limitIpRegx, _ := regexp.Compile(`"limitIp": .+`)
-
 	limitIpMactch := limitIpRegx.FindString(inbound.Settings)
 	limitIpMactch =  ss.Split(limitIpMactch, `"limitIp": `)[1]
     limitIp, err := strconv.Atoi(limitIpMactch)
-
-
+	if err != nil {
+		return nil
+	}
 	if(limitIp < len(ips) && limitIp != 0 && inbound.Enable) {
-
 		DisableInbound(inbound.Id)
 	}
 
+	return inboundClientIps
+}
+
+func AddInboundsClientIps(inboundsClientIps []*model.InboundClientIps) error {
+	if inboundsClientIps == nil || len(inboundsClientIps) == 0 {
+		return nil
+	}
 	db := database.GetDB()
-	err = db.Save(inboundClientIps).Error
+	tx := db.Begin()
+
+	err := tx.Save(inboundsClientIps).Error
 	if err != nil {
+		tx.Rollback()
 		return err
 	}
+	tx.Commit()
 	return nil
 }
 
@@ -217,7 +191,8 @@ func GetInboundByEmail(clientEmail string) (*model.Inbound, error) {
 	}
 	return inbounds, nil
 }
-func DisableInbound(id int) error{
+
+func DisableInbound(id int) error {
 	db := database.GetDB()
 	result := db.Model(model.Inbound{}).
 		Where("id = ? and enable = ?", id, true).

From 91e416b4365d1071856a8f9f1821d0a64c40a109 Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Wed, 2 Nov 2022 05:26:09 -0400
Subject: [PATCH 11/28] set default limitIp value

---
 web/assets/js/model/xray.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/assets/js/model/xray.js b/web/assets/js/model/xray.js
index 2bce6a83..4526ef1a 100644
--- a/web/assets/js/model/xray.js
+++ b/web/assets/js/model/xray.js
@@ -1215,7 +1215,7 @@ Inbound.VLESSSettings = class extends Inbound.Settings {
 };
 Inbound.VLESSSettings.VLESS = class extends XrayCommonClass {
 
-    constructor(id=RandomUtil.randomUUID(), flow=FLOW_CONTROL.DIRECT, email='', limitIp) {
+    constructor(id=RandomUtil.randomUUID(), flow=FLOW_CONTROL.DIRECT, email='', limitIp=0) {
         super();
         this.id = id;
         this.flow = flow;

From 74f7af68124b153de02beff38d30074dfe83d439 Mon Sep 17 00:00:00 2001
From: proshir <hassanardeshir1020@gmail.com>
Date: Wed, 2 Nov 2022 13:14:24 +0330
Subject: [PATCH 12/28] fix funny bug in line 49 check_clinet_ip_job

---
 web/job/check_clinet_ip_job.go | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index 9dfde67c..29e13a87 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -46,9 +46,7 @@ func processLogFile() {
 		checkError(err)
 	}
 	
-	lines := ss.Split(string(data), "\n")	if err != nil {
-		return nil
-	}
+	lines := ss.Split(string(data), "\n")
 	for _, line := range lines {
 		ipRegx, _ := regexp.Compile(`[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+`)
 		emailRegx, _ := regexp.Compile(`email:.+`)

From 3d0f25b66987dcab4526265747f081dd979374f2 Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Fri, 4 Nov 2022 07:56:25 -0400
Subject: [PATCH 13/28] add connection limit inbound

---
 go.mod                         |   1 +
 go.sum                         |   3 +
 web/job/check_clinet_ip_job.go | 142 ++++++++++++++++++++++++++++++++-
 3 files changed, 144 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 44b6570b..0342d7d2 100644
--- a/go.mod
+++ b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/Workiva/go-datastructures v1.0.53
 	github.com/gin-contrib/sessions v0.0.3
 	github.com/gin-gonic/gin v1.7.1
+	github.com/go-cmd/cmd v1.4.1 // indirect
 	github.com/go-ole/go-ole v1.2.5 // indirect
 	github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1
 	github.com/nicksnyder/go-i18n/v2 v2.1.2
diff --git a/go.sum b/go.sum
index c8ed240f..9b808dd8 100644
--- a/go.sum
+++ b/go.sum
@@ -57,6 +57,8 @@ github.com/gin-gonic/gin v1.7.1 h1:qC89GU3p8TvKWMAVhEpmpB2CIb1hnqt2UdKZaP93mS8=
 github.com/gin-gonic/gin v1.7.1/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
+github.com/go-cmd/cmd v1.4.1 h1:JUcEIE84v8DSy02XTZpUDeGKExk2oW3DA10hTjbQwmc=
+github.com/go-cmd/cmd v1.4.1/go.mod h1:tbBenttXtZU4c5djS1o7PWL5pd2xAr5sIqH1kGdNiRc=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-ole/go-ole v1.2.5 h1:t4MGB5xEDZvXI+0rMjjsfBsD7yAgp/s9ZDkL1JndXwY=
 github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
@@ -72,6 +74,7 @@ github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7a
 github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
 github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 h1:wG8n/XJQ07TmjbITcGiUaOtXxdrINDz1b0J1w0SzqDc=
 github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1/go.mod h1:A2S0CWkNylc2phvKXWBBdD3K0iGnDBGbzRpISP2zBl8=
+github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index 29e13a87..6d6b0b63 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -11,6 +11,10 @@ import (
     "encoding/json"
 	"gorm.io/gorm"
     "strconv"
+	"strings"
+	"time"
+	"net"
+ 	"github.com/go-cmd/cmd"
 
 )
 
@@ -19,7 +23,8 @@ type CheckClientIpJob struct {
 	inboundService service.InboundService
 }
 var job *CheckClientIpJob
-  
+var disAllowedIps []string 
+
 func NewCheckClientIpJob() *CheckClientIpJob {
 	job = new(CheckClientIpJob)
 	return job
@@ -84,6 +89,8 @@ func processLogFile() {
 	}
 
 	var inboundsClientIps []*model.InboundClientIps
+	disAllowedIps = []string{}
+
 	for clientEmail, ips := range InboundClientIps {
 		inboundClientIps := GetInboundClientIps(clientEmail, ips)
 		if inboundClientIps != nil {
@@ -93,6 +100,14 @@ func processLogFile() {
 
 	err = AddInboundsClientIps(inboundsClientIps)
 	checkError(err)
+
+	// check if inbound connection is more than limited ip and drop connection
+	LimitDevice := func() { LimitDevice() }
+
+	stop := schedule(LimitDevice, 1000 *time.Millisecond)
+	time.Sleep(10 * time.Second)
+	stop <- true
+ 
 }
 func GetAccessLogPath() string {
 	
@@ -157,9 +172,16 @@ func GetInboundClientIps(clientEmail string, ips []string) *model.InboundClientI
 	if err != nil {
 		return nil
 	}
+
 	if(limitIp < len(ips) && limitIp != 0 && inbound.Enable) {
-		DisableInbound(inbound.Id)
+
+		if(limitIp == 1){
+			limitIp = 0
+		}
+		disAllowedIps = append(disAllowedIps,ips[limitIp:]...)
+
 	}
+	logger.Debug("disAllowedIps ",disAllowedIps)
 
 	return inboundClientIps
 }
@@ -204,3 +226,119 @@ func DisableInbound(id int) error {
 
 	return err
 }
+
+func LimitDevice(){
+	
+	localIp,err := LocalIP()
+	checkError(err)
+
+	c := cmd.NewCmd("bash","-c","ss --tcp | grep -E '" + IPsToRegex(localIp) + "'| awk '{if($1==\"ESTAB\") print $4,$5;}'","| sort | uniq -c | sort -nr | head")
+
+	<-c.Start()
+	if len(c.Status().Stdout) > 0 {
+
+		for _, row := range c.Status().Stdout {
+			
+			data := strings.Split(row," ")
+			
+			dest,src := strings.Split(data[0],":"),strings.Split(data[1],":")
+			
+			destIp,destPort := dest[0],dest[1]
+			srcIp,srcPort := src[0],src[1]
+
+			if(contains(disAllowedIps,srcIp)){
+				dropCmd := cmd.NewCmd("bash","-c","ss -K dport = " + srcPort)
+				dropCmd.Start()
+
+				logger.Debug("request droped : ",srcIp,srcPort,"to",destIp,destPort)
+			} 
+		}
+	}
+
+}
+
+func LocalIP() ([]string, error) {
+	// get machine ips
+
+	ifaces, err := net.Interfaces()
+	ips := []string{}
+	if err != nil {
+		return ips, err
+	}
+	for _, i := range ifaces {
+		addrs, err := i.Addrs()
+		if err != nil {
+			return ips, err
+		}
+
+		for _, addr := range addrs {
+			var ip net.IP
+			switch v := addr.(type) {
+			case *net.IPNet:
+				ip = v.IP
+			case *net.IPAddr:
+				ip = v.IP
+			}
+
+			if isPrivateIP(ip) {
+				ips = append(ips,ip.String())
+			}
+		}
+	}
+	logger.Debug("System IPs : ",ips)
+
+	return ips, nil
+}
+
+func isPrivateIP(ip net.IP) bool {
+	var privateIPBlocks []*net.IPNet
+	for _, cidr := range []string{
+		// don't check loopback ips
+		//"127.0.0.0/8",    // IPv4 loopback
+		//"::1/128",        // IPv6 loopback
+		//"fe80::/10",      // IPv6 link-local
+		"10.0.0.0/8",     // RFC1918
+		"172.16.0.0/12",  // RFC1918
+		"192.168.0.0/16", // RFC1918
+	} {
+		_, block, _ := net.ParseCIDR(cidr)
+		privateIPBlocks = append(privateIPBlocks, block)
+	}
+
+	for _, block := range privateIPBlocks {
+		if block.Contains(ip) {
+			return true
+		}
+	}
+
+	return false
+}
+
+func IPsToRegex(ips []string) (string){
+
+	regx := ""
+	for _, ip := range ips {
+		regx += "(" + strings.Replace(ip, ".", "\\.", -1) + ")"
+
+	}
+	regx = "(" + strings.Replace(regx, ")(", ")|(.", -1)  + ")"
+
+	return regx
+}
+
+func schedule(LimitDevice func(), delay time.Duration) chan bool {
+	stop := make(chan bool)
+
+	go func() {
+		for {
+			LimitDevice()
+			select {
+			case <-time.After(delay):
+			case <-stop:
+				return
+			}
+		}
+	}()
+
+	return stop
+}

From 87b301cea6477c02aeb33d0179424409707f202c Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Fri, 4 Nov 2022 08:47:47 -0400
Subject: [PATCH 14/28] fix run schedule run time

---
 web/job/check_clinet_ip_job.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index 6d6b0b63..1da1f744 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -105,7 +105,7 @@ func processLogFile() {
 	LimitDevice := func() { LimitDevice() }
 
 	stop := schedule(LimitDevice, 1000 *time.Millisecond)
-	time.Sleep(10 * time.Second)
+	time.Sleep(60 * time.Second)
 	stop <- true
  
 }

From d564956134d04036789f0a5989113dd2c39189e3 Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Fri, 4 Nov 2022 09:08:46 -0400
Subject: [PATCH 15/28] ip sort and fix bug

---
 web/job/check_clinet_ip_job.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index 1da1f744..e9ec6886 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -15,7 +15,7 @@ import (
 	"time"
 	"net"
  	"github.com/go-cmd/cmd"
-
+	"sort"
 )
 
 type CheckClientIpJob struct {
@@ -176,12 +176,13 @@ func GetInboundClientIps(clientEmail string, ips []string) *model.InboundClientI
 	if(limitIp < len(ips) && limitIp != 0 && inbound.Enable) {
 
 		if(limitIp == 1){
-			limitIp = 0
+			limitIp = 2
 		}
-		disAllowedIps = append(disAllowedIps,ips[limitIp:]...)
+		disAllowedIps = append(disAllowedIps,ips[limitIp - 1:]...)
 
 	}
 	logger.Debug("disAllowedIps ",disAllowedIps)
+    sort.Sort(sort.StringSlice(disAllowedIps))
 
 	return inboundClientIps
 }

From 131a9aeefe2d75996454116e16d946a3f9a8da8b Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Fri, 4 Nov 2022 10:13:17 -0400
Subject: [PATCH 16/28] change job run time

---
 web/job/check_clinet_ip_job.go | 17 +----------------
 web/web.go                     |  4 ++--
 2 files changed, 3 insertions(+), 18 deletions(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index e9ec6886..e3396ad6 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -104,7 +104,7 @@ func processLogFile() {
 	// check if inbound connection is more than limited ip and drop connection
 	LimitDevice := func() { LimitDevice() }
 
-	stop := schedule(LimitDevice, 1000 *time.Millisecond)
+	stop := schedule(LimitDevice, 700 *time.Millisecond)
 	time.Sleep(60 * time.Second)
 	stop <- true
  
@@ -213,21 +213,6 @@ func GetInboundByEmail(clientEmail string) (*model.Inbound, error) {
 	return inbounds, nil
 }
 
-func DisableInbound(id int) error {
-	db := database.GetDB()
-	result := db.Model(model.Inbound{}).
-		Where("id = ? and enable = ?", id, true).
-		Update("enable", false)
-	err := result.Error
-	logger.Warning("disable inbound with id:",id)
-
-	if err == nil {
-		job.xrayService.SetToNeedRestart()
-	}
-
-	return err
-}
-
 func LimitDevice(){
 	
 	localIp,err := LocalIP()
diff --git a/web/web.go b/web/web.go
index 60a69da1..0793a390 100644
--- a/web/web.go
+++ b/web/web.go
@@ -296,8 +296,8 @@ func (s *Server) startTask() {
 	// 每 30 秒检查一次 inbound 流量超出和到期的情况
 	s.cron.AddJob("@every 30s", job.NewCheckInboundJob())
 
-	// check client ips from log file every 1 min
-	s.cron.AddJob("@every 1m", job.NewCheckClientIpJob())
+	// check client ips from log file every 30 sec
+	s.cron.AddJob("@every 30s", job.NewCheckClientIpJob())
 
 	// 每一天提示一次流量情况,上海时间8点30
 	var entry cron.EntryID

From 44ca9cc84125aa6130a9d8d9d44fd68dd6355dea Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sat, 5 Nov 2022 05:33:58 -0400
Subject: [PATCH 17/28] fix IP Restrict bug

---
 web/job/check_clinet_ip_job.go | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index e3396ad6..fa5bc254 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -222,15 +222,26 @@ func LimitDevice(){
 
 	<-c.Start()
 	if len(c.Status().Stdout) > 0 {
+		ipRegx, _ := regexp.Compile(`[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+`)
+		portRegx, _ := regexp.Compile(`(?:(:))([0-9]..[^.][0-9]+)`)
 
 		for _, row := range c.Status().Stdout {
 			
 			data := strings.Split(row," ")
 			
-			dest,src := strings.Split(data[0],":"),strings.Split(data[1],":")
+			destIp,destPort,srcIp,srcPort := "","","",""
+ 
+
+			destIp = string(ipRegx.FindString(data[0]))
+
+			destPort = portRegx.FindString(data[0])
+			destPort = strings.Replace(destPort,":","",-1)
 			
-			destIp,destPort := dest[0],dest[1]
-			srcIp,srcPort := src[0],src[1]
+			
+			srcIp = string(ipRegx.FindString(data[1]))
+
+			srcPort = portRegx.FindString(data[1])
+			srcPort = strings.Replace(srcPort,":","",-1)
 
 			if(contains(disAllowedIps,srcIp)){
 				dropCmd := cmd.NewCmd("bash","-c","ss -K dport = " + srcPort)

From 91c891ce8e998e20827281a860db1a7c43ade68e Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sat, 5 Nov 2022 14:55:48 +0400
Subject: [PATCH 18/28] Update README.md

---
 README.md | 141 +++++++++++++++++++++++++++++-------------------------
 1 file changed, 77 insertions(+), 64 deletions(-)

diff --git a/README.md b/README.md
index 80a9e302..5f65d263 100644
--- a/README.md
+++ b/README.md
@@ -1,31 +1,45 @@
 # x-ui
 
-支持多协议多用户的 xray 面板
+xray panel supporting multi-protocol multi-user
 
-# 功能介绍
+# Features
 
-- 系统状态监控
-- 支持多用户多协议，网页可视化操作
-- 支持的协议：vmess、vless、trojan、shadowsocks、dokodemo-door、socks、http
-- 支持配置更多传输配置
-- 流量统计，限制流量，限制到期时间
-- 可自定义 xray 配置模板
-- 支持 https 访问面板（自备域名 + ssl 证书）
-- 支持一键SSL证书申请且自动续签
-- 更多高级配置项，详见面板
+- System Status Monitoring
+- Support multi-user multi-protocol, web page visualization operation
+- Supported protocols: vmess, vless, trojan, shadowsocks, dokodemo-door, socks, http
+- Support for configuring more transport configurations
+- Traffic statistics, limit traffic, limit expiration time
+- Customizable xray configuration templates
+- Support https access panel (self-provided domain name + ssl certificate)
+- Support one-click SSL certificate application and automatic renewal
+- For more advanced configuration items, please refer to the panel
 
-# 安装&升级
+# Enable IP Restrictions Per Inbound
+1 - open panel settings and tab xray related settings put this to first of json :
+ ```
+ { 
+ "log": {
+    "loglevel": "warning", 
+    "access": "./access.log"
+  },
 
 ```
-bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
+- change access log path as you want
+
+2 - add **IP limit and Email** for inbound(vmess & vless)
+
+# Install & Upgrade
+
+```
+bash <(curl -Ls https://raw.githubusercontent.com/hossinasaadi/x-ui/master/install.sh)
 ```
 
-## 手动安装&升级
+## Manual install & upgrade
 
-1. 首先从 https://github.com/vaxilu/x-ui/releases 下载最新的压缩包，一般选择 `amd64`架构
-2. 然后将这个压缩包上传到服务器的 `/root/`目录下，并使用 `root`用户登录服务器
+1. First download the latest compressed package from https://github.com/hossinasaadi/x-ui/releases , generally choose Architecture `amd64`
+2. Then upload the compressed package to the server's `/root/` directory and `root` rootlog in to the server with user
 
-> 如果你的服务器 cpu 架构不是 `amd64`，自行将命令中的 `amd64`替换为其他架构
+> If your server cpu architecture is not `amd64` replace another architecture
 
 ```
 cd /root/
@@ -40,17 +54,17 @@ systemctl enable x-ui
 systemctl restart x-ui
 ```
 
-## 使用docker安装
+## Install using docker
 
-> 此 docker 教程与 docker 镜像由[Chasing66](https://github.com/Chasing66)提供
+> This docker tutorial and docker image are provided by [Chasing66](https://github.com/Chasing66)
 
-1. 安装docker
+1. install docker
 
 ```shell
 curl -fsSL https://get.docker.com | sh
 ```
 
-2. 安装x-ui
+2. install x-ui
 
 ```shell
 mkdir x-ui && cd x-ui
@@ -61,83 +75,82 @@ docker run -itd --network=host \
     enwaiax/x-ui:latest
 ```
 
-> Build 自己的镜像
+> Build your own image
 
 ```shell
 docker build -t x-ui .
 ```
 
-## SSL证书申请
+## SSL certificate application
 
-> 此功能与教程由[FranzKafkaYu](https://github.com/FranzKafkaYu)提供
+> This feature and tutorial are provided by [FranzKafkaYu](https://github.com/FranzKafkaYu)
 
-脚本内置SSL证书申请功能，使用该脚本申请证书，需满足以下条件:
+The script has a built-in SSL certificate application function. To use this script to apply for a certificate, the following conditions must be met:
 
-- 知晓Cloudflare 注册邮箱
-- 知晓Cloudflare Global API Key
-- 域名已通过cloudflare进行解析到当前服务器
+- Know the Cloudflare registered email
+- Know the Cloudflare Global API Key
+- The domain name has been resolved to the current server through cloudflare
 
-获取Cloudflare Global API Key的方法:
+How to get the Cloudflare Global API Key:
     ![](media/bda84fbc2ede834deaba1c173a932223.png)
     ![](media/d13ffd6a73f938d1037d0708e31433bf.png)
 
-使用时只需输入 `域名`, `邮箱`, `API KEY`即可，示意图如下：
+When using, just enter `email`, `domain`, `API KEY` and the schematic diagram is as follows：
         ![](media/2022-04-04_141259.png)
 
-注意事项:
+Precautions:
 
-- 该脚本使用DNS API进行证书申请
-- 默认使用Let'sEncrypt作为CA方
-- 证书安装目录为/root/cert目录
-- 本脚本申请证书均为泛域名证书
+- The script uses DNS API for certificate request
+- By default, Let'sEncrypt is used as the CA party
+- The certificate installation directory is the /root/cert directory
+- The certificates applied for by this script are all generic domain name certificates
 
-## Tg机器人使用（开发中，暂不可使用）
+## Tg robot use (under development, temporarily unavailable)
 
-> 此功能与教程由[FranzKafkaYu](https://github.com/FranzKafkaYu)提供
+> This feature and tutorial are provided by [FranzKafkaYu](https://github.com/FranzKafkaYu)
 
-X-UI支持通过Tg机器人实现每日流量通知，面板登录提醒等功能，使用Tg机器人，需要自行申请
-具体申请教程可以参考[博客链接](https://coderfan.net/how-to-use-telegram-bot-to-alarm-you-when-someone-login-into-your-vps.html)
-使用说明:在面板后台设置机器人相关参数，具体包括
+X-UI supports daily traffic notification, panel login reminder and other functions through the Tg robot. To use the Tg robot, you need to apply for the specific application tutorial. You can refer to the [blog](https://coderfan.net/how-to-use-telegram-bot-to-alarm-you-when-someone-login-into-your-vps.html)
+Set the robot-related parameters in the panel background, including:
 
-- Tg机器人Token
-- Tg机器人ChatId
-- Tg机器人周期运行时间，采用crontab语法  
+- Tg Robot Token
+- Tg Robot ChatId
+- Tg robot cycle runtime, in crontab syntax
 
-参考语法：
-- 30 * * * * * //每一分的第30s进行通知
-- @hourly      //每小时通知
-- @daily       //每天通知（凌晨零点整）
-- @every 8h    //每8小时通知  
 
-TG通知内容：
-- 节点流量使用
-- 面板登录提醒
-- 节点到期提醒
-- 流量预警提醒  
+Reference syntax:
 
-更多功能规划中...
-## 建议系统
+- 30 * * * * * //Notify at the 30s of each point
+- @hourly // hourly notification
+- @daily // Daily notification (00:00 in the morning)
+- @every 8h // notify every 8 hours
+- TG notification content:
+
+- Node traffic usage
+- Panel login reminder
+- Node expiration reminder
+- Traffic warning reminder
+
+More features are planned...
+
+
+## suggestion system
 
 - CentOS 7+
 - Ubuntu 16+
 - Debian 8+
 
-# 常见问题
+# common problem
 
-## 从 v2-ui 迁移
+## Migrating from v2-ui
 
-首先在安装了 v2-ui 的服务器上安装最新版 x-ui，然后使用以下命令进行迁移，将迁移本机 v2-ui 的 `所有 inbound 账号数据`至 x-ui，`面板设置和用户名密码不会迁移`
+First install the latest version of x-ui on the server where v2-ui is installed, and then use the following command to migrate, which will migrate the native v2-ui `All inbound account data` to x-ui，`Panel settings and username passwords are not migrated`
 
-> 迁移成功后请 `关闭 v2-ui`并且 `重启 x-ui`，否则 v2-ui 的 inbound 会与 x-ui 的 inbound 会产生 `端口冲突`
+> Please `Close v2-ui` and `restart x-ui`, otherwise the inbound of v2-ui will cause a `port conflict with the inbound of x-ui`
 
 ```
 x-ui v2-ui
 ```
 
-## issue 关闭
-
-各种小白问题看得血压很高
-
 ## Stargazers over time
 
-[![Stargazers over time](https://starchart.cc/vaxilu/x-ui.svg)](https://starchart.cc/vaxilu/x-ui)
+[![Stargazers over time](https://starchart.cc/hossinasaadi/x-ui.svg)](https://starchart.cc/hossinasaadi/x-ui)

From 8282a3be86b9b7ae8f1a949bd5e1a55d064cdd47 Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sat, 5 Nov 2022 15:00:49 +0400
Subject: [PATCH 19/28] Update install.sh

---
 install.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/install.sh b/install.sh
index d6ffd104..7dd07ed9 100755
--- a/install.sh
+++ b/install.sh
@@ -107,20 +107,20 @@ install_x-ui() {
     cd /usr/local/
 
     if [ $# == 0 ]; then
-        last_version=$(curl -Ls "https://api.github.com/repos/vaxilu/x-ui/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+        last_version=$(curl -Ls "https://api.github.com/repos/hossinasaadi/x-ui/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
         if [[ ! -n "$last_version" ]]; then
             echo -e "${red}检测 x-ui 版本失败，可能是超出 Github API 限制，请稍后再试，或手动指定 x-ui 版本安装${plain}"
             exit 1
         fi
         echo -e "检测到 x-ui 最新版本：${last_version}，开始安装"
-        wget -N --no-check-certificate -O /usr/local/x-ui-linux-${arch}.tar.gz https://github.com/vaxilu/x-ui/releases/download/${last_version}/x-ui-linux-${arch}.tar.gz
+        wget -N --no-check-certificate -O /usr/local/x-ui-linux-${arch}.tar.gz https://github.com/hossinasaadi/x-ui/releases/download/${last_version}/x-ui-linux-${arch}.tar.gz
         if [[ $? -ne 0 ]]; then
             echo -e "${red}下载 x-ui 失败，请确保你的服务器能够下载 Github 的文件${plain}"
             exit 1
         fi
     else
         last_version=$1
-        url="https://github.com/vaxilu/x-ui/releases/download/${last_version}/x-ui-linux-${arch}.tar.gz"
+        url="https://github.com/hossinasaadi/x-ui/releases/download/${last_version}/x-ui-linux-${arch}.tar.gz"
         echo -e "开始安装 x-ui v$1"
         wget -N --no-check-certificate -O /usr/local/x-ui-linux-${arch}.tar.gz ${url}
         if [[ $? -ne 0 ]]; then
@@ -138,7 +138,7 @@ install_x-ui() {
     cd x-ui
     chmod +x x-ui bin/xray-linux-${arch}
     cp -f x-ui.service /etc/systemd/system/
-    wget --no-check-certificate -O /usr/bin/x-ui https://raw.githubusercontent.com/vaxilu/x-ui/main/x-ui.sh
+    wget --no-check-certificate -O /usr/bin/x-ui https://raw.githubusercontent.com/hossinasaadi/x-ui/main/x-ui.sh
     chmod +x /usr/local/x-ui/x-ui.sh
     chmod +x /usr/bin/x-ui
     config_after_install

From 7327f2649e664bb860deb7a59479634a7a1dd78f Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sat, 5 Nov 2022 15:03:36 +0400
Subject: [PATCH 20/28] Update x-ui.sh

---
 x-ui.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/x-ui.sh b/x-ui.sh
index 859067d4..70ca33f1 100644
--- a/x-ui.sh
+++ b/x-ui.sh
@@ -94,7 +94,7 @@ before_show_menu() {
 }
 
 install() {
-    bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
+    bash <(curl -Ls https://raw.githubusercontent.com/hossinasaadi/x-ui/main/install.sh)
     if [[ $? == 0 ]]; then
         if [[ $# == 0 ]]; then
             start
@@ -113,7 +113,7 @@ update() {
         fi
         return 0
     fi
-    bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
+    bash <(curl -Ls https://raw.githubusercontent.com/hossinasaadi/x-ui/main/install.sh)
     if [[ $? == 0 ]]; then
         LOGI "更新完成，已自动重启面板 "
         exit 0
@@ -302,7 +302,7 @@ install_bbr() {
 }
 
 update_shell() {
-    wget -O /usr/bin/x-ui -N --no-check-certificate https://github.com/vaxilu/x-ui/raw/master/x-ui.sh
+    wget -O /usr/bin/x-ui -N --no-check-certificate https://github.com/hossinasaadi/x-ui/raw/main/x-ui.sh
     if [[ $? != 0 ]]; then
         echo ""
         LOGE "下载脚本失败，请检查本机能否连接 Github"

From 675c211dcde2783978f425571ea5a8693f11f9ba Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sat, 5 Nov 2022 10:19:18 -0400
Subject: [PATCH 21/28] fix getting server IP

---
 web/job/check_clinet_ip_job.go | 28 ++--------------------------
 1 file changed, 2 insertions(+), 26 deletions(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index fa5bc254..066a5cda 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -277,9 +277,8 @@ func LocalIP() ([]string, error) {
 				ip = v.IP
 			}
 
-			if isPrivateIP(ip) {
-				ips = append(ips,ip.String())
-			}
+			ips = append(ips,ip.String())
+			
 		}
 	}
 	logger.Debug("System IPs : ",ips)
@@ -287,29 +286,6 @@ func LocalIP() ([]string, error) {
 	return ips, nil
 }
 
-func isPrivateIP(ip net.IP) bool {
-	var privateIPBlocks []*net.IPNet
-	for _, cidr := range []string{
-		// don't check loopback ips
-		//"127.0.0.0/8",    // IPv4 loopback
-		//"::1/128",        // IPv6 loopback
-		//"fe80::/10",      // IPv6 link-local
-		"10.0.0.0/8",     // RFC1918
-		"172.16.0.0/12",  // RFC1918
-		"192.168.0.0/16", // RFC1918
-	} {
-		_, block, _ := net.ParseCIDR(cidr)
-		privateIPBlocks = append(privateIPBlocks, block)
-	}
-
-	for _, block := range privateIPBlocks {
-		if block.Contains(ip) {
-			return true
-		}
-	}
-
-	return false
-}
 
 func IPsToRegex(ips []string) (string){
 

From 253f5dcfab0bcc6d9839aac20f4e551ec23529d4 Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sat, 5 Nov 2022 11:10:21 -0400
Subject: [PATCH 22/28] sort Log Ips

---
 web/job/check_clinet_ip_job.go | 5 +++--
 web/web.go                     | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index 066a5cda..5eb4dbdf 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -92,6 +92,7 @@ func processLogFile() {
 	disAllowedIps = []string{}
 
 	for clientEmail, ips := range InboundClientIps {
+		sort.Sort(sort.StringSlice(ips))
 		inboundClientIps := GetInboundClientIps(clientEmail, ips)
 		if inboundClientIps != nil {
 			inboundsClientIps = append(inboundsClientIps, inboundClientIps)
@@ -104,8 +105,8 @@ func processLogFile() {
 	// check if inbound connection is more than limited ip and drop connection
 	LimitDevice := func() { LimitDevice() }
 
-	stop := schedule(LimitDevice, 700 *time.Millisecond)
-	time.Sleep(60 * time.Second)
+	stop := schedule(LimitDevice, 100 *time.Millisecond)
+	time.Sleep(11 * time.Second)
 	stop <- true
  
 }
diff --git a/web/web.go b/web/web.go
index 0793a390..16ee643c 100644
--- a/web/web.go
+++ b/web/web.go
@@ -296,8 +296,8 @@ func (s *Server) startTask() {
 	// 每 30 秒检查一次 inbound 流量超出和到期的情况
 	s.cron.AddJob("@every 30s", job.NewCheckInboundJob())
 
-	// check client ips from log file every 30 sec
-	s.cron.AddJob("@every 30s", job.NewCheckClientIpJob())
+	// check client ips from log file every 10 sec
+	s.cron.AddJob("@every 10s", job.NewCheckClientIpJob())
 
 	// 每一天提示一次流量情况,上海时间8点30
 	var entry cron.EntryID

From 3f0307054a6215e33f71764c9b40e8ed002445c0 Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sat, 5 Nov 2022 14:37:49 -0400
Subject: [PATCH 23/28] lower schedule time

---
 web/job/check_clinet_ip_job.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index 5eb4dbdf..b6bd3c8b 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -105,8 +105,8 @@ func processLogFile() {
 	// check if inbound connection is more than limited ip and drop connection
 	LimitDevice := func() { LimitDevice() }
 
-	stop := schedule(LimitDevice, 100 *time.Millisecond)
-	time.Sleep(11 * time.Second)
+	stop := schedule(LimitDevice, 10 *time.Millisecond)
+	time.Sleep(15 * time.Second)
 	stop <- true
  
 }

From ec56af480acd65dbb05ca370645f20812e996962 Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sat, 5 Nov 2022 16:13:58 -0400
Subject: [PATCH 24/28] revert schedule time

---
 web/job/check_clinet_ip_job.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index b6bd3c8b..362587d6 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -105,7 +105,7 @@ func processLogFile() {
 	// check if inbound connection is more than limited ip and drop connection
 	LimitDevice := func() { LimitDevice() }
 
-	stop := schedule(LimitDevice, 10 *time.Millisecond)
+	stop := schedule(LimitDevice, 100 *time.Millisecond)
 	time.Sleep(15 * time.Second)
 	stop <- true
  

From 3c5ddad31777808f0249c689bdb89b1bc341416d Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sun, 6 Nov 2022 04:39:31 -0500
Subject: [PATCH 25/28] fix clean all Ip database

---
 web/job/check_clinet_ip_job.go | 77 ++++------------------------------
 1 file changed, 7 insertions(+), 70 deletions(-)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index 362587d6..ed7563b4 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -83,24 +83,20 @@ func processLogFile() {
 		}
 
 	}
-	err = ClearInboudClientIps()
-	if err != nil {
-		return
-	}
-
-	var inboundsClientIps []*model.InboundClientIps
 	disAllowedIps = []string{}
 
 	for clientEmail, ips := range InboundClientIps {
+		inboundClientIps,err := GetInboundClientIps(clientEmail)
 		sort.Sort(sort.StringSlice(ips))
-		inboundClientIps := GetInboundClientIps(clientEmail, ips)
-		if inboundClientIps != nil {
-			inboundsClientIps = append(inboundsClientIps, inboundClientIps)
+		if(err != nil){
+			addInboundClientIps(clientEmail,ips)
+
+		}else{
+			updateInboundClientIps(inboundClientIps,clientEmail,ips)
 		}
+			
 	}
 
-	err = AddInboundsClientIps(inboundsClientIps)
-	checkError(err)
 
 	// check if inbound connection is more than limited ip and drop connection
 	LimitDevice := func() { LimitDevice() }
@@ -145,65 +141,6 @@ func contains(s []string, str string) bool {
 	return false
 }
 
-func ClearInboudClientIps() error {
-	db := database.GetDB()
-	err := db.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(&model.InboundClientIps{}).Error
-	checkError(err)
-	return err
-}
-
-func GetInboundClientIps(clientEmail string, ips []string) *model.InboundClientIps {
-	jsonIps, err := json.Marshal(ips)
-	if err != nil {
-		return nil
-	}
-
-	inboundClientIps := &model.InboundClientIps{}
-	inboundClientIps.ClientEmail = clientEmail
-	inboundClientIps.Ips = string(jsonIps)
-
-	inbound, err := GetInboundByEmail(clientEmail)
-	if err != nil {
-		return nil
-	}
-	limitIpRegx, _ := regexp.Compile(`"limitIp": .+`)
-	limitIpMactch := limitIpRegx.FindString(inbound.Settings)
-	limitIpMactch =  ss.Split(limitIpMactch, `"limitIp": `)[1]
-    limitIp, err := strconv.Atoi(limitIpMactch)
-	if err != nil {
-		return nil
-	}
-
-	if(limitIp < len(ips) && limitIp != 0 && inbound.Enable) {
-
-		if(limitIp == 1){
-			limitIp = 2
-		}
-		disAllowedIps = append(disAllowedIps,ips[limitIp - 1:]...)
-
-	}
-	logger.Debug("disAllowedIps ",disAllowedIps)
-    sort.Sort(sort.StringSlice(disAllowedIps))
-
-	return inboundClientIps
-}
-
-func AddInboundsClientIps(inboundsClientIps []*model.InboundClientIps) error {
-	if inboundsClientIps == nil || len(inboundsClientIps) == 0 {
-		return nil
-	}
-	db := database.GetDB()
-	tx := db.Begin()
-
-	err := tx.Save(inboundsClientIps).Error
-	if err != nil {
-		tx.Rollback()
-		return err
-	}
-	tx.Commit()
-	return nil
-}
-
 func GetInboundByEmail(clientEmail string) (*model.Inbound, error) {
 	db := database.GetDB()
 	var inbounds *model.Inbound

From e2150c38770ac1b67fb6623945f63bb9907c4eae Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Sun, 6 Nov 2022 04:43:02 -0500
Subject: [PATCH 26/28] add func

---
 web/job/check_clinet_ip_job.go | 85 ++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)

diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index ed7563b4..31387954 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -140,6 +140,91 @@ func contains(s []string, str string) bool {
 
 	return false
 }
+func GetInboundClientIps(clientEmail string) (*model.InboundClientIps, error) {
+	db := database.GetDB()
+	InboundClientIps := &model.InboundClientIps{}
+	err := db.Model(model.InboundClientIps{}).Where("client_email = ?", clientEmail).First(InboundClientIps).Error
+	if err != nil {
+		return nil, err
+	}
+	return InboundClientIps, nil
+}
+func addInboundClientIps(clientEmail string,ips []string) error {
+	inboundClientIps := &model.InboundClientIps{}
+    jsonIps, err := json.Marshal(ips)
+	checkError(err)
+
+	inboundClientIps.ClientEmail = clientEmail
+	inboundClientIps.Ips = string(jsonIps)
+	
+
+	db := database.GetDB()
+	tx := db.Begin()
+
+	defer func() {
+		if err == nil {
+			tx.Commit()
+		} else {
+			tx.Rollback()
+		}
+	}()
+
+	err = tx.Save(inboundClientIps).Error
+	if err != nil {
+		return err
+	}
+	return nil
+}
+func updateInboundClientIps(inboundClientIps *model.InboundClientIps,clientEmail string,ips []string) error {
+
+    jsonIps, err := json.Marshal(ips)
+	checkError(err)
+
+	inboundClientIps.ClientEmail = clientEmail
+	inboundClientIps.Ips = string(jsonIps)
+	
+	// check inbound limitation
+	inbound, _ := GetInboundByEmail(clientEmail)
+
+	limitIpRegx, _ := regexp.Compile(`"limitIp": .+`)
+
+	limitIpMactch := limitIpRegx.FindString(inbound.Settings)
+	limitIpMactch =  ss.Split(limitIpMactch, `"limitIp": `)[1]
+    limitIp, err := strconv.Atoi(limitIpMactch)
+
+
+	if(limitIp < len(ips) && limitIp != 0 && inbound.Enable) {
+
+		if(limitIp == 1){
+			limitIp = 2
+		}
+		disAllowedIps = append(disAllowedIps,ips[limitIp - 1:]...)
+
+	}
+	logger.Debug("disAllowedIps ",disAllowedIps)
+    sort.Sort(sort.StringSlice(disAllowedIps))
+
+	db := database.GetDB()
+	err = db.Save(inboundClientIps).Error
+	if err != nil {
+		return err
+	}
+	return nil
+}
+func DisableInbound(id int) error{
+	db := database.GetDB()
+	result := db.Model(model.Inbound{}).
+		Where("id = ? and enable = ?", id, true).
+		Update("enable", false)
+	err := result.Error
+	logger.Warning("disable inbound with id:",id)
+
+	if err == nil {
+		job.xrayService.SetToNeedRestart()
+	}
+
+	return err
+}
 
 func GetInboundByEmail(clientEmail string) (*model.Inbound, error) {
 	db := database.GetDB()

From 62d8c478bb3b7d9ed38fea5530b71d4d5002fe33 Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Mon, 7 Nov 2022 05:48:46 -0500
Subject: [PATCH 27/28] add Environment & update sh files

---
 install.sh                     |  8 ++++----
 web/job/check_clinet_ip_job.go | 20 +++++++++++++++-----
 x-ui.service                   |  1 +
 x-ui.sh                        |  6 +++---
 4 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/install.sh b/install.sh
index d6ffd104..7dd07ed9 100755
--- a/install.sh
+++ b/install.sh
@@ -107,20 +107,20 @@ install_x-ui() {
     cd /usr/local/
 
     if [ $# == 0 ]; then
-        last_version=$(curl -Ls "https://api.github.com/repos/vaxilu/x-ui/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+        last_version=$(curl -Ls "https://api.github.com/repos/hossinasaadi/x-ui/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
         if [[ ! -n "$last_version" ]]; then
             echo -e "${red}检测 x-ui 版本失败，可能是超出 Github API 限制，请稍后再试，或手动指定 x-ui 版本安装${plain}"
             exit 1
         fi
         echo -e "检测到 x-ui 最新版本：${last_version}，开始安装"
-        wget -N --no-check-certificate -O /usr/local/x-ui-linux-${arch}.tar.gz https://github.com/vaxilu/x-ui/releases/download/${last_version}/x-ui-linux-${arch}.tar.gz
+        wget -N --no-check-certificate -O /usr/local/x-ui-linux-${arch}.tar.gz https://github.com/hossinasaadi/x-ui/releases/download/${last_version}/x-ui-linux-${arch}.tar.gz
         if [[ $? -ne 0 ]]; then
             echo -e "${red}下载 x-ui 失败，请确保你的服务器能够下载 Github 的文件${plain}"
             exit 1
         fi
     else
         last_version=$1
-        url="https://github.com/vaxilu/x-ui/releases/download/${last_version}/x-ui-linux-${arch}.tar.gz"
+        url="https://github.com/hossinasaadi/x-ui/releases/download/${last_version}/x-ui-linux-${arch}.tar.gz"
         echo -e "开始安装 x-ui v$1"
         wget -N --no-check-certificate -O /usr/local/x-ui-linux-${arch}.tar.gz ${url}
         if [[ $? -ne 0 ]]; then
@@ -138,7 +138,7 @@ install_x-ui() {
     cd x-ui
     chmod +x x-ui bin/xray-linux-${arch}
     cp -f x-ui.service /etc/systemd/system/
-    wget --no-check-certificate -O /usr/bin/x-ui https://raw.githubusercontent.com/vaxilu/x-ui/main/x-ui.sh
+    wget --no-check-certificate -O /usr/bin/x-ui https://raw.githubusercontent.com/hossinasaadi/x-ui/main/x-ui.sh
     chmod +x /usr/local/x-ui/x-ui.sh
     chmod +x /usr/bin/x-ui
     config_after_install
diff --git a/web/job/check_clinet_ip_job.go b/web/job/check_clinet_ip_job.go
index 31387954..a7cac64a 100644
--- a/web/job/check_clinet_ip_job.go
+++ b/web/job/check_clinet_ip_job.go
@@ -9,7 +9,6 @@ import (
  	ss "strings"
 	"regexp"
     "encoding/json"
-	"gorm.io/gorm"
     "strconv"
 	"strings"
 	"time"
@@ -33,6 +32,12 @@ func NewCheckClientIpJob() *CheckClientIpJob {
 func (j *CheckClientIpJob) Run() {
 	logger.Debug("Check Client IP Job...")
 	processLogFile()
+
+	// disAllowedIps = []string{"192.168.1.183","192.168.1.197"}
+	blockedIps := []byte(ss.Join(disAllowedIps,","))
+    err := os.WriteFile("./bin/blockedIPs", blockedIps, 0755)
+	checkError(err)
+
 }
 
 func processLogFile() {
@@ -101,8 +106,8 @@ func processLogFile() {
 	// check if inbound connection is more than limited ip and drop connection
 	LimitDevice := func() { LimitDevice() }
 
-	stop := schedule(LimitDevice, 100 *time.Millisecond)
-	time.Sleep(15 * time.Second)
+	stop := schedule(LimitDevice, 1000 *time.Millisecond)
+	time.Sleep(10 * time.Second)
 	stop <- true
  
 }
@@ -184,9 +189,14 @@ func updateInboundClientIps(inboundClientIps *model.InboundClientIps,clientEmail
 	inboundClientIps.Ips = string(jsonIps)
 	
 	// check inbound limitation
-	inbound, _ := GetInboundByEmail(clientEmail)
+	inbound, err := GetInboundByEmail(clientEmail)
+	checkError(err)
 
 	limitIpRegx, _ := regexp.Compile(`"limitIp": .+`)
+	if inbound.Settings == "" {
+		logger.Debug("wrong data ",inbound)
+		return nil
+	}
 
 	limitIpMactch := limitIpRegx.FindString(inbound.Settings)
 	limitIpMactch =  ss.Split(limitIpMactch, `"limitIp": `)[1]
@@ -230,7 +240,7 @@ func GetInboundByEmail(clientEmail string) (*model.Inbound, error) {
 	db := database.GetDB()
 	var inbounds *model.Inbound
 	err := db.Model(model.Inbound{}).Where("settings LIKE ?", "%" + clientEmail + "%").Find(&inbounds).Error
-	if err != nil && err != gorm.ErrRecordNotFound {
+	if err != nil {
 		return nil, err
 	}
 	return inbounds, nil
diff --git a/x-ui.service b/x-ui.service
index 6aa17920..fbc99c55 100644
--- a/x-ui.service
+++ b/x-ui.service
@@ -4,6 +4,7 @@ After=network.target
 Wants=network.target
 
 [Service]
+Environment="xray.vmess.aead.forced=false"
 Type=simple
 WorkingDirectory=/usr/local/x-ui/
 ExecStart=/usr/local/x-ui/x-ui
diff --git a/x-ui.sh b/x-ui.sh
index 859067d4..70ca33f1 100644
--- a/x-ui.sh
+++ b/x-ui.sh
@@ -94,7 +94,7 @@ before_show_menu() {
 }
 
 install() {
-    bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
+    bash <(curl -Ls https://raw.githubusercontent.com/hossinasaadi/x-ui/main/install.sh)
     if [[ $? == 0 ]]; then
         if [[ $# == 0 ]]; then
             start
@@ -113,7 +113,7 @@ update() {
         fi
         return 0
     fi
-    bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
+    bash <(curl -Ls https://raw.githubusercontent.com/hossinasaadi/x-ui/main/install.sh)
     if [[ $? == 0 ]]; then
         LOGI "更新完成，已自动重启面板 "
         exit 0
@@ -302,7 +302,7 @@ install_bbr() {
 }
 
 update_shell() {
-    wget -O /usr/bin/x-ui -N --no-check-certificate https://github.com/vaxilu/x-ui/raw/master/x-ui.sh
+    wget -O /usr/bin/x-ui -N --no-check-certificate https://github.com/hossinasaadi/x-ui/raw/main/x-ui.sh
     if [[ $? != 0 ]]; then
         echo ""
         LOGE "下载脚本失败，请检查本机能否连接 Github"

From 979eccfbc2581b6f1b4c53d432eface72f96b191 Mon Sep 17 00:00:00 2001
From: Hossin Asaadi <hossin.asaadi@gmail.com>
Date: Mon, 7 Nov 2022 05:53:55 -0500
Subject: [PATCH 28/28] Update release.yml

---
 .github/workflows/release.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1dd0e5eb..9634488a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -42,7 +42,7 @@ jobs:
           mv xui-release x-ui
           mkdir bin
           cd bin
-          wget https://github.com/XTLS/Xray-core/releases/latest/download/Xray-linux-64.zip
+          wget https://github.com/hossinasaadi/Xray-core/releases/latest/download/Xray-linux-64.zip
           unzip Xray-linux-64.zip
           rm -f Xray-linux-64.zip geoip.dat geosite.dat
           wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
@@ -84,7 +84,7 @@ jobs:
           mv xui-release x-ui
           mkdir bin
           cd bin
-          wget https://github.com/XTLS/Xray-core/releases/latest/download/Xray-linux-arm64-v8a.zip
+          wget https://github.com/hossinasaadi/Xray-core/releases/latest/download/Xray-linux-arm64-v8a.zip
           unzip Xray-linux-arm64-v8a.zip
           rm -f Xray-linux-arm64-v8a.zip geoip.dat geosite.dat
           wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
@@ -126,7 +126,7 @@ jobs:
           mv xui-release x-ui
           mkdir bin
           cd bin
-          wget https://github.com/XTLS/Xray-core/releases/latest/download/Xray-linux-s390x.zip
+          wget https://github.com/hossinasaadi/Xray-core/releases/latest/download/Xray-linux-s390x.zip
           unzip Xray-linux-s390x.zip
           rm -f Xray-linux-s390x.zip geoip.dat geosite.dat
           wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
@@ -144,4 +144,4 @@ jobs:
           upload_url: ${{ needs.release.outputs.upload_url }}
           asset_path: x-ui-linux-s390x.tar.gz
           asset_name: x-ui-linux-s390x.tar.gz
-          asset_content_type: application/gzip
\ No newline at end of file
+          asset_content_type: application/gzip