v1.10.2

When Subscription Json is enabled in Alireza x-ui +v1.10.0
- TCPing test in apps such as v2rayNG should return again
- External proxy should no longer show ": null"
also:
- Preserves VMess compatibility properly
- Keeps level consistent
- Avoids empty flow
- Matches standard Xray schema precisely

.github/workflows/release.yml

@@ -86,7 +86,7 @@ jobs:
           cd x-ui/bin
           
           # Download dependencies
-          Xray_URL="https://github.com/XTLS/Xray-core/releases/download/v26.1.31/"
+          Xray_URL="https://github.com/XTLS/Xray-core/releases/download/v26.2.6/"
           if [ "${{ matrix.platform }}" == "amd64" ]; then
             wget -q ${Xray_URL}Xray-linux-64.zip
             unzip Xray-linux-64.zip
@@ -182,7 +182,7 @@ jobs:
           cd x-ui\bin
           
           # Download Xray for Windows
-          $Xray_URL = "https://github.com/XTLS/Xray-core/releases/download/v26.1.31/"
+          $Xray_URL = "https://github.com/XTLS/Xray-core/releases/download/v26.2.6/"
           Invoke-WebRequest -Uri "${Xray_URL}Xray-windows-64.zip" -OutFile "Xray-windows-64.zip"
           Expand-Archive -Path "Xray-windows-64.zip" -DestinationPath .
           Remove-Item "Xray-windows-64.zip"

.gitignore

@@ -14,4 +14,5 @@ dist/
 release/
 /release.sh
 /x-ui
-.DS_Store
+.DS_Store
+/dev/

CONTRIBUTING.md

@@ -0,0 +1,94 @@
+# Contribution guide
+
+This document describes **development-only** setup options for contributing to the x-ui project.
+Production deployments are **out of scope** for this guide.
+
+For safety, Docker-based development is **strongly recommended**.  
+Local installation should be performed **only inside a VM or disposable environment**.
+
+---
+
+## Recommended: Docker development setup
+
+### Prerequisites
+
+- Docker
+- Docker Compose (v2+)
+- Git
+
+### Steps
+
+```bash
+git clone https://github.com/alireza0/x-ui.git
+# or:
+# git clone https://github.com/<your_fork_name>/x-ui.git
+
+docker compose -f docker-compose.yml -f docker-compose.dev.yml up --build
+```
+
+### Explore panel
+
+- Panel should be available at localhost:54321 like: [http://127.0.0.1:54321](http://127.0.0.1:54321) for example
+- Default credentials: `admin` / `admin`
+
+To stop and remove containers or `ctrl` + `C`:
+
+```bash
+docker compose down
+```
+
+### Environment
+
+When using the Docker development setup, the [docker-compose.dev.yml](/docker-compose.dev.yml) file mounts the local database directory into the container:
+
+```yaml
+volumes:
+  - ./dev/db:/etc/x-ui
+```
+
+This means:
+
+- [./dev/db](/dev/db/) on the host is used to persist panel state during development
+- `/etc/x-ui` inside the container is the active database/config directory
+- Data will survive container restarts but is isolated from the host system
+- You can safely delete `./dev/db` to reset the development database
+
+---
+
+## Local development setup (unsafe on host OS)
+
+This method runs scripts with root privileges and alters the host system.
+Use **only inside a VM, container, or disposable test environment**.
+
+### Prerequisites
+
+- Ubuntu/Debian or Fedora (actually anything with systemd, just use proper package manager)
+
+### Install dependencies
+
+```bash
+# Ubuntu / Debian
+sudo apt update
+sudo apt upgrade -y
+sudo apt install -y golang unzip git wget
+
+# Fedora
+sudo dnf update -y
+sudo dnf install -y golang unzip git wget
+```
+
+### Setup panel
+
+```bash
+git clone https://github.com/alireza0/x-ui.git
+# or:
+# git clone https://github.com/<your_fork_name>/x-ui.git
+
+cd x-ui/
+sudo bash x-ui.sh   # Select -> 10. Start
+```
+
+### Explore panel
+
+- Panel should be available at localhost:54321 like: [http://127.0.0.1:54321](http://127.0.0.1:54321) for example
+- Default credentials: `admin` / `admin`

DockerInitFiles.sh

@@ -23,7 +23,7 @@ case $1 in
 esac
 mkdir -p build/bin
 cd build/bin
-wget -q "https://github.com/XTLS/Xray-core/releases/download/v26.1.31/Xray-linux-${ARCH}.zip"
+wget -q "https://github.com/XTLS/Xray-core/releases/download/v26.2.6/Xray-linux-${ARCH}.zip"
 unzip "Xray-linux-${ARCH}.zip"
 rm -f "Xray-linux-${ARCH}.zip" geoip.dat geosite.dat LICENSE README.md
 mv xray "xray-linux-${FNAME}"

config/version

@@ -1 +1 @@
-1.10.0
+1.10.2

docker-compose.dev.yml

@@ -0,0 +1,15 @@
+services:
+  xui:
+    build:
+      context: .
+      target: builder
+    working_dir: /app
+    volumes:
+      - .:/app
+      - ./dev/db:/etc/x-ui
+    environment:
+      XUI_BIN_FOLDER: /app/dev/bin
+      XUI_DB_FOLDER: /etc/x-ui
+      XUI_LOG_LEVEL: debug
+      XUI_DEBUG: "true"
+    command: ["go","run","./main.go"]

go.mod

@@ -1,6 +1,6 @@
 module github.com/alireza0/x-ui
 
-go 1.25.6
+go 1.25.7
 
 require (
 	github.com/gin-contrib/gzip v1.2.5
@@ -12,13 +12,13 @@ require (
 	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
 	github.com/pelletier/go-toml/v2 v2.2.4
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/shirou/gopsutil/v4 v4.25.12
+	github.com/shirou/gopsutil/v4 v4.26.1
-	github.com/xtls/xray-core v1.260131.0
+	github.com/xtls/xray-core v1.260206.0
 	go.uber.org/atomic v1.11.0
-	golang.org/x/text v0.33.0
+	golang.org/x/text v0.34.0
-	google.golang.org/grpc v1.78.0
+	google.golang.org/grpc v1.79.1
 	gorm.io/driver/sqlite v1.6.0
-	gorm.io/gorm v1.31.0
+	gorm.io/gorm v1.31.1
 )
 
 require (
@@ -30,13 +30,13 @@ require (
 	github.com/cloudflare/circl v1.6.3 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/ebitengine/purego v0.9.1 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.13 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.30.1 // indirect
-	github.com/goccy/go-yaml v1.18.0 // indirect
+	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
@@ -49,9 +49,9 @@ require (
 	github.com/klauspost/compress v1.18.3 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect
+	github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-sqlite3 v1.14.33 // indirect
+	github.com/mattn/go-sqlite3 v1.14.34 // indirect
 	github.com/miekg/dns v1.1.72 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -83,7 +83,7 @@ require (
 	golang.org/x/tools v0.41.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gvisor.dev/gvisor v0.0.0-20260122175437-89a5d21be8f0 // indirect
 	lukechampine.com/blake3 v1.4.1 // indirect

go.sum

@@ -10,6 +10,8 @@ github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uS
 github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
 github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
 github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8=
 github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=
 github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
@@ -19,8 +21,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A=
 github.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
-github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
+github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9Ufpk2AcUM=
-github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 h1:Arcl6UOIS/kgO2nW3A65HN+7CMjSDP/gofXL4CZt1V4=
 github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I=
 github.com/gin-contrib/gzip v1.2.5 h1:fIZs0S+l17pIu1P5XRJOo/YNqfIuPCrZZ3TWB7pjckI=
@@ -50,8 +52,8 @@ github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 h1:wG8n/XJQ07TmjbITcGi
 github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1/go.mod h1:A2S0CWkNylc2phvKXWBBdD3K0iGnDBGbzRpISP2zBl8=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
+github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
-github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/golang/mock v1.7.0-rc.1 h1:YojYx61/OLFsiv6Rw1Z96LpldJIy31o+UHmwAUMJ6/U=
 github.com/golang/mock v1.7.0-rc.1/go.mod h1:s42URUywIqd+OcERslBJvOjepvNymP31m3q8d/GkuRs=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
@@ -91,12 +93,12 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 h1:PwQumkgq4/acIiZhtifTV5OUqqiP82UAl0h87xj/l9k=
+github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88 h1:PTw+yKnXcOFCR6+8hHTyWBeQ/P4Nb7dd4/0ohEcWQuM=
-github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
+github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-sqlite3 v1.14.33 h1:A5blZ5ulQo2AtayQ9/limgHEkFreKj1Dv226a1K73s0=
+github.com/mattn/go-sqlite3 v1.14.34 h1:3NtcvcUnFBPsuRcno8pUtupspG/GM+9nZ88zgJcp6Zk=
-github.com/mattn/go-sqlite3 v1.14.33/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.34/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI=
 github.com/miekg/dns v1.1.72/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -132,8 +134,8 @@ github.com/sagernet/sing v0.7.17 h1:Jg4RUYIaQWTi7iY5ROHi3/Zsgxn4SPoRTwbdt35mt50=
 github.com/sagernet/sing v0.7.17/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/sagernet/sing-shadowsocks v0.2.9 h1:Paep5zCszRKsEn8587O0MnhFWKJwDW1Y4zOYYlIxMkM=
 github.com/sagernet/sing-shadowsocks v0.2.9/go.mod h1:TE/Z6401Pi8tgr0nBZcM/xawAI6u3F6TTbz4nH/qw+8=
-github.com/shirou/gopsutil/v4 v4.25.12 h1:e7PvW/0RmJ8p8vPGJH4jvNkOyLmbkXgXW4m6ZPic6CY=
+github.com/shirou/gopsutil/v4 v4.26.1 h1:TOkEyriIXk2HX9d4isZJtbjXbEjf5qyKPAzbzY0JWSo=
-github.com/shirou/gopsutil/v4 v4.25.12/go.mod h1:EivAfP5x2EhLp2ovdpKSozecVXn1TmuG7SMzs/Wh4PU=
+github.com/shirou/gopsutil/v4 v4.26.1/go.mod h1:medLI9/UNAb0dOI9Q3/7yWSqKkj00u+1tgY8nvv41pc=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -159,24 +161,24 @@ github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zd
 github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/xtls/reality v0.0.0-20251116175510-cd53f7d50237 h1:UXjrmniKlY+ZbIqpN91lejB3pszQQQRVu1vqH/p/aGM=
 github.com/xtls/reality v0.0.0-20251116175510-cd53f7d50237/go.mod h1:vbHCV/3VWUvy1oKvTxxWJRPEWSeR1sYgQHIh6u/JiZQ=
-github.com/xtls/xray-core v1.260131.0 h1:gPBykLhUvRZ8sfubNerkwWqV3c15UtmSYQG2cgKqrV4=
+github.com/xtls/xray-core v1.260206.0 h1:gY8IV6u76CW93txL9QmacgZ0Udxr2Q3e9qUxXAhdHqI=
-github.com/xtls/xray-core v1.260131.0/go.mod h1:cxzYFZrxu1B1NtPjHsqv4UzgDvRA71mV4rXYH4KtO7Q=
+github.com/xtls/xray-core v1.260206.0/go.mod h1:GyFIgVGRJkt3eyV/NMcdxOKXcJPqGGpyupHzy16uJhU=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
-go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
+go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
-go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
+go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
-go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
+go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
-go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
+go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
-go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
+go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
-go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
+go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
-go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
+go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
-go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
+go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
-go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
+go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
-go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
+go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
@@ -205,8 +207,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
 golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
-golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
@@ -217,10 +219,10 @@ golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb h1:whnFRlWMcXI9d+Z
 golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb/go.mod h1:rpwXGsirqLqN2L0JDJQlwOboGHmptD5ZD6T2VmcqhTw=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda h1:i/Q+bfisr7gq6feoJnS/DlpdwEL4ihp41fvRiM3Ork0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
-google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
+google.golang.org/grpc v1.79.1 h1:zGhSi45ODB9/p3VAawt9a+O/MULLl9dpizzNNpq7flY=
-google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
+google.golang.org/grpc v1.79.1/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -233,8 +235,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gorm.io/driver/sqlite v1.6.0 h1:WHRRrIiulaPiPFmDcod6prc4l2VGVWHz80KspNsxSfQ=
 gorm.io/driver/sqlite v1.6.0/go.mod h1:AO9V1qIQddBESngQUKWL9yoH93HIeA1X6V633rBwyT8=
-gorm.io/gorm v1.31.0 h1:0VlycGreVhK7RF/Bwt51Fk8v0xLiiiFdbGDPIZQ7mJY=
+gorm.io/gorm v1.31.1 h1:7CA8FTFz/gRfgqgpeKIBcervUn3xSyPUmr6B2WXJ7kg=
-gorm.io/gorm v1.31.0/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
+gorm.io/gorm v1.31.1/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
 gvisor.dev/gvisor v0.0.0-20260122175437-89a5d21be8f0 h1:Lk6hARj5UPY47dBep70OD/TIMwikJ5fGUGX0Rm3Xigk=
 gvisor.dev/gvisor v0.0.0-20260122175437-89a5d21be8f0/go.mod h1:QkHjoMIBaYtpVufgwv3keYAbln78mBoCuShZrPrer1Q=
 lukechampine.com/blake3 v1.4.1 h1:I3Smz7gso8w4/TunLKec6K2fn+kyKtDxr/xcQEN84Wg=

main.go

@@ -16,13 +16,13 @@ import (
 	"github.com/alireza0/x-ui/database"
 	"github.com/alireza0/x-ui/logger"
 	"github.com/alireza0/x-ui/sub"
+	"github.com/alireza0/x-ui/util/sys"
 	"github.com/alireza0/x-ui/web"
 	"github.com/alireza0/x-ui/web/global"
 	"github.com/alireza0/x-ui/web/service"
 
 	"github.com/op/go-logging"
 	"github.com/shirou/gopsutil/v4/net"
-	xrayCore "github.com/xtls/xray-core/core"
 )
 
 func runWebServer() {
@@ -68,7 +68,7 @@ func runWebServer() {
 
 	sigCh := make(chan os.Signal, 1)
 	// Trap shutdown signals
-	signal.Notify(sigCh, syscall.SIGHUP, syscall.SIGTERM)
+	signal.Notify(sigCh, syscall.SIGHUP, syscall.SIGTERM, sys.SIGUSR1)
 	for {
 		sig := <-sigCh
 
@@ -99,6 +99,12 @@ func runWebServer() {
 				log.Println(err)
 				return
 			}
+		case sys.SIGUSR1:
+			logger.Info("Received USR1 signal, restarting xray-core...")
+			err := server.RestartXray()
+			if err != nil {
+				logger.Error("Failed to restart xray-core:", err)
+			}
 		default:
 			server.Stop()
 			subServer.Stop()
@@ -473,9 +479,3 @@ func main() {
 		settingCmd.Usage()
 	}
 }
-
-func startXray() {
-	conf := xrayCore.Config{}
-	core, _ := xrayCore.New(&conf)
-	core.Start()
-}

sub/subJsonService.go

@@ -20,8 +20,7 @@ var defaultJson string
 type SubJsonService struct {
 	configJson       map[string]interface{}
 	defaultOutbounds []json_util.RawMessage
-	fragment         string
+	fragmentOrNoises bool
-	noises           string
 	mux              string
 
 	inboundService service.InboundService
@@ -39,6 +38,31 @@ func NewSubJsonService(fragment string, noises string, mux string, rules string,
 		}
 	}
 
+	fragmentOrNoises := false
+	if fragment != "" || noises != "" {
+		fragmentOrNoises = true
+		defaultOutboundsSettings := map[string]interface{}{
+			"domainStrategy": "UseIP",
+			"redirect":       "",
+		}
+
+		if fragment != "" {
+			defaultOutboundsSettings["fragment"] = json_util.RawMessage(fragment)
+		}
+
+		if noises != "" {
+			defaultOutboundsSettings["noises"] = json_util.RawMessage(noises)
+		}
+
+		defaultDirectOutbound := map[string]interface{}{
+			"protocol": "freedom",
+			"settings": defaultOutboundsSettings,
+			"tag":      "direct_out",
+		}
+		jsonBytes, _ := json.MarshalIndent(defaultDirectOutbound, "", "  ")
+		defaultOutbounds = append(defaultOutbounds, jsonBytes)
+	}
+
 	if rules != "" {
 		var newRules []interface{}
 		routing, _ := configJson["routing"].(map[string]interface{})
@@ -49,19 +73,10 @@ func NewSubJsonService(fragment string, noises string, mux string, rules string,
 		configJson["routing"] = routing
 	}
 
-	if fragment != "" {
-		defaultOutbounds = append(defaultOutbounds, json_util.RawMessage(fragment))
-	}
-
-	if noises != "" {
-		defaultOutbounds = append(defaultOutbounds, json_util.RawMessage(noises))
-	}
-
 	return &SubJsonService{
 		configJson:       configJson,
 		defaultOutbounds: defaultOutbounds,
-		fragment:         fragment,
+		fragmentOrNoises: fragmentOrNoises,
-		noises:           noises,
 		mux:              mux,
 		SubService:       subService,
 	}
@@ -222,8 +237,8 @@ func (s *SubJsonService) streamData(stream string) map[string]interface{} {
 	}
 	delete(streamSettings, "sockopt")
 
-	if s.fragment != "" {
+	if s.fragmentOrNoises {
-		streamSettings["sockopt"] = json_util.RawMessage(`{"dialerProxy": "fragment", "tcpKeepAliveIdle": 100, "penetrate": true}`)
+		streamSettings["sockopt"] = json_util.RawMessage(`{"dialerProxy": "direct_out", "tcpKeepAliveIdle": 100}`)
 	}
 
 	// remove proxy protocol
@@ -294,19 +309,39 @@ func (s *SubJsonService) genVnext(inbound *model.Inbound, streamSettings json_ut
 
 	outbound.Protocol = string(inbound.Protocol)
 	outbound.Tag = "proxy"
+
 	if s.mux != "" {
 		outbound.Mux = json_util.RawMessage(s.mux)
 	}
+
 	outbound.StreamSettings = streamSettings
-	settings := make(map[string]any)
+
-	settings["address"] = inbound.Listen
+	// Build standard Xray/V2Ray schema
-	settings["port"] = inbound.Port
+	user := map[string]any{
-	settings["id"] = client.ID
+		"id":    client.ID,
-	if inbound.Protocol == model.VLESS {
+		"level": 8,
-		settings["flow"] = client.Flow
+	}
-		settings["encryption"] = encryption
+
+	if inbound.Protocol == model.VLESS {
+		user["encryption"] = encryption
+		if client.Flow != "" {
+			user["flow"] = client.Flow
+		}
+	} else {
+		// VMess
+		user["alterId"] = 0
+		user["security"] = "auto"
+	}
+
+	vnext := map[string]any{
+		"address": inbound.Listen,
+		"port":    inbound.Port,
+		"users":   []any{user},
+	}
+
+	outbound.Settings = map[string]any{
+		"vnext": []any{vnext},
 	}
-	outbound.Settings = settings
 
 	result, _ := json.MarshalIndent(outbound, "", "  ")
 	return result

util/sys/sys_darwin.go

@@ -4,9 +4,13 @@
 package sys
 
 import (
+	"syscall"
+
 	"github.com/shirou/gopsutil/v4/net"
 )
 
+var SIGUSR1 = syscall.SIGUSR1
+
 func GetTCPCount() (int, error) {
 	stats, err := net.Connections("tcp")
 	if err != nil {

util/sys/sys_linux.go

@@ -8,8 +8,11 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"syscall"
 )
 
+var SIGUSR1 = syscall.SIGUSR1
+
 func getLinesNum(filename string) (int, error) {
 	file, err := os.Open(filename)
 	if err != nil {

util/sys/sys_windows.go

@@ -4,9 +4,13 @@
 package sys
 
 import (
+	"syscall"
+
 	"github.com/shirou/gopsutil/v4/net"
 )
 
+var SIGUSR1 = syscall.Signal(0)
+
 func GetTCPCount() (int, error) {
 	stats, err := net.Connections("tcp")
 	if err != nil {

web/assets/js/langs.js

@@ -34,13 +34,13 @@ function getLang() {
             lang = window.navigator.language || window.navigator.userLanguage;
 
             if (isSupportLang(lang)) {
-                setCookie('lang', lang, 150);
+                setCookie('lang', lang);
             } else {
-                setCookie('lang', 'en-US', 150);
+                setCookie('lang', 'en-US');
                 window.location.reload();
             }
         } else {
-            setCookie('lang', 'en-US', 150);
+            setCookie('lang', 'en-US');
             window.location.reload();
         }
     }
@@ -53,7 +53,7 @@ function setLang(lang) {
         lang = 'en-US';
     }
 
-    setCookie('lang', lang, 150);
+    setCookie('lang', lang);
     window.location.reload();
 }
 

web/assets/js/model/inbound.js

@@ -596,7 +596,6 @@ class TlsStreamSettings extends XrayCommonClass {
         maxVersion = TLS_VERSION_OPTION.TLS13,
         cipherSuites = '',
         rejectUnknownSni = false,
-        pinnedPeerCertSha256 = [],
         disableSystemRoot = false,
         enableSessionResumption = false,
         certificates = [new TlsStreamSettings.Cert()],
@@ -611,7 +610,6 @@ class TlsStreamSettings extends XrayCommonClass {
         this.maxVersion = maxVersion;
         this.cipherSuites = cipherSuites;
         this.rejectUnknownSni = rejectUnknownSni;
-        this.pinnedPeerCertSha256 = pinnedPeerCertSha256;
         this.disableSystemRoot = disableSystemRoot;
         this.enableSessionResumption = enableSessionResumption;
         this.certs = certificates;
@@ -645,7 +643,6 @@ class TlsStreamSettings extends XrayCommonClass {
             json.maxVersion,
             json.cipherSuites,
             json.rejectUnknownSni,
-            json.pinnedPeerCertSha256 || [],
             json.disableSystemRoot,
             json.enableSessionResumption,
             certs,
@@ -663,7 +660,6 @@ class TlsStreamSettings extends XrayCommonClass {
             maxVersion: this.maxVersion,
             cipherSuites: this.cipherSuites,
             rejectUnknownSni: this.rejectUnknownSni,
-            pinnedPeerCertSha256: this.pinnedPeerCertSha256.length > 0 ? this.pinnedPeerCertSha256 : undefined,
             disableSystemRoot: this.disableSystemRoot,
             enableSessionResumption: this.enableSessionResumption,
             certificates: TlsStreamSettings.toJsonArray(this.certs),
@@ -984,6 +980,8 @@ class UdpMask extends XrayCommonClass {
             case 'header-dns':
             case 'xdns':
                 return { domain: settings.domain || '' };
+            case 'xicmp':
+                return { ip: settings.ip || '', id: settings.id ?? 0 };
             case 'mkcp-original':
             case 'header-dtls':
             case 'header-srtp':
@@ -1309,14 +1307,6 @@ class Inbound extends XrayCommonClass {
         return null;
     }
 
-    get kcpType() {
-        return this.stream.kcp.type;
-    }
-
-    get kcpSeed() {
-        return this.stream.kcp.seed;
-    }
-
     get serviceName() {
         return this.stream.grpc.serviceName;
     }
@@ -1392,8 +1382,6 @@ class Inbound extends XrayCommonClass {
             }
         } else if (network === 'kcp') {
             const kcp = this.stream.kcp;
-            obj.type = kcp.type;
-            obj.path = kcp.seed;
         } else if (network === 'ws') {
             const ws = this.stream.ws;
             obj.path = ws.path;
@@ -1456,8 +1444,6 @@ class Inbound extends XrayCommonClass {
                 break;
             case "kcp":
                 const kcp = this.stream.kcp;
-                params.set("headerType", kcp.type);
-                params.set("seed", kcp.seed);
                 break;
             case "ws":
                 const ws = this.stream.ws;
@@ -1561,8 +1547,6 @@ class Inbound extends XrayCommonClass {
                 break;
             case "kcp":
                 const kcp = this.stream.kcp;
-                params.set("headerType", kcp.type);
-                params.set("seed", kcp.seed);
                 break;
             case "ws":
                 const ws = this.stream.ws;
@@ -1642,8 +1626,6 @@ class Inbound extends XrayCommonClass {
                 break;
             case "kcp":
                 const kcp = this.stream.kcp;
-                params.set("headerType", kcp.type);
-                params.set("seed", kcp.seed);
                 break;
             case "ws":
                 const ws = this.stream.ws;

web/assets/js/model/outbound.js

@@ -345,7 +345,8 @@ class TlsStreamSettings extends CommonClass {
         fingerprint = '',
         allowInsecure = false,
         echConfigList = '',
-        verifyPeerCertByName = []
+        verifyPeerCertByName = 'cloudflare-dns.com',
+        pinnedPeerCertSha256 = '',
     ) {
         super();
         this.serverName = serverName;
@@ -353,7 +354,8 @@ class TlsStreamSettings extends CommonClass {
         this.fingerprint = fingerprint;
         this.allowInsecure = allowInsecure;
         this.echConfigList = echConfigList;
-        this.verifyPeerCertByName = Array.isArray(verifyPeerCertByName) ? verifyPeerCertByName.join(",") : verifyPeerCertByName;
+        this.verifyPeerCertByName = verifyPeerCertByName;
+        this.pinnedPeerCertSha256 = pinnedPeerCertSha256;
     }
 
     static fromJson(json = {}) {
@@ -363,7 +365,8 @@ class TlsStreamSettings extends CommonClass {
             json.fingerprint,
             json.allowInsecure,
             json.echConfigList,
-            json.verifyPeerCertByName
+            json.verifyPeerCertByName,
+            json.pinnedPeerCertSha256,
         );
     }
 
@@ -374,7 +377,8 @@ class TlsStreamSettings extends CommonClass {
             fingerprint: this.fingerprint,
             allowInsecure: this.allowInsecure,
             echConfigList: this.echConfigList,
-            verifyPeerCertByName: this.verifyPeerCertByName.length > 0 ? this.verifyPeerCertByName.split(",") : undefined,
+            verifyPeerCertByName: this.verifyPeerCertByName,
+            pinnedPeerCertSha256: this.pinnedPeerCertSha256
         };
     }
 }
@@ -577,6 +581,8 @@ class UdpMask extends CommonClass {
             case 'header-dns':
             case 'xdns':
                 return { domain: settings.domain || '' };
+            case 'xicmp':
+                return { ip: settings.ip || '', id: settings.id ?? 0 };
             case 'mkcp-original':
             case 'header-dtls':
             case 'header-srtp':

web/assets/js/util/common.js

@@ -95,10 +95,13 @@ function getCookie(cname) {
 }
 
 function setCookie(cname, cvalue, exdays) {
-    const d = new Date();
+    let expires = "";
-    d.setTime(d.getTime() + exdays * 24 * 60 * 60 * 1000);
+    if (exdays > 0) {
-    let expires = "expires=" + d.toUTCString();
+        const d = new Date();
-    document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
+        d.setTime(d.getTime() + exdays * 24 * 60 * 60 * 1000);
+        expires = "expires=" + d.toUTCString();
+    }
+    document.cookie = cname + "=" + cvalue + ";" + expires + ";path=" + axios.defaults.baseURL;
 }
 
 function usageColor(data, threshold, total) {

web/controller/index.go

@@ -75,20 +75,12 @@ func (a *IndexController) login(c *gin.Context) {
 		a.tgbot.UserLoginNotify(safeUser, getRemoteIp(c), timeStr, 1)
 	}
 
-	sessionMaxAge, err := a.settingService.GetSessionMaxAge()
-	if err != nil {
-		logger.Info("Unable to get session's max age from DB")
-	}
-
-	if sessionMaxAge > 0 {
-		err = session.SetMaxAge(c, sessionMaxAge*60)
-		if err != nil {
-			logger.Info("Unable to set session's max age")
-		}
-	}
-
 	err = session.SetLoginUser(c, user)
-	logger.Infof("%s logged in successfully", user.Username)
+	if err == nil {
+		logger.Infof("%s logged in successfully", user.Username)
+	} else {
+		logger.Error("Unable to set login user")
+	}
 	jsonMsg(c, I18nWeb(c, "pages.login.toasts.successLogin"), err)
 }
 

web/html/xui/form/outbound.html

@@ -586,8 +586,13 @@
             <a-form-item label="Allow Insecure">
                 <a-switch v-model="outbound.stream.tls.allowInsecure"></a-switch>
             </a-form-item>
-            <a-form-item label="VerifyPeerCertByNames">
+            <a-form-item label="Verify Peer Cert By Name">
-                <a-input v-model.trim="outbound.stream.tls.verifyPeerCertByNames"></a-input>
+                <a-input v-model.trim="outbound.stream.tls.verifyPeerCertByName"></a-input>
+            </a-form-item>
+            <a-form-item label="Pinned Peer Cert">
+                <a-input v-model.trim="outbound.stream.tls.pinnedPeerCertSha256"
+                    placeholder="Enter SHA256 fingerprints (base64)">
+                </a-input>
             </a-form-item>
         </template>
         

web/html/xui/form/stream/stream_finalmask.html

@@ -48,6 +48,9 @@
                         v-if="['tcp', 'ws', 'httpupgrade', 'xhttp'].includes(inbound.stream.network)"
                         value="xdns">
                         xDNS (Experimental)</a-select-option>
+                    <a-select-option v-if="inbound.stream.network === 'kcp'"
+                        value="xicmp">
+                        xICMP (Experimental)</a-select-option>
                 </a-select>
             </a-form-item>
             <a-form-item label='Password'

web/html/xui/form/tls_settings.html

@@ -58,12 +58,6 @@
         <a-form-item label="Session Resumption">
         <a-switch v-model="inbound.stream.tls.enableSessionResumption"></a-switch>
         </a-form-item>
-        <a-form-item label="Pinned Peer Cert">
-        <a-select mode="tags" v-model="inbound.stream.tls.pinnedPeerCertSha256"
-            :dropdown-class-name="themeSwitcher.currentTheme"
-            placeholder="Enter SHA256 fingerprints (base64)">
-        </a-select>
-        </a-form-item>
         <a-divider :style="{ margin: '0' }"></a-divider>
         <template v-for="cert,index in inbound.stream.tls.certs">
             <a-form-item label='{{ i18n "certificate" }}'>

web/html/xui/inbound_info_modal.html

@@ -51,12 +51,7 @@
                     <a-tag>[[ inbound.stream.xhttp.mode ]]</a-tag>
                   </td>
                 </tr>
-              </template>
+              </template>           
-            <template v-if="inbound.isKcp">
-                <tr><td>kcp {{ i18n "encryption" }}</td><td><a-tag>[[ inbound.kcpType ]]</a-tag></td></tr>
-                <tr><td>kcp {{ i18n "password" }}</td><td><a-tag>[[ inbound.kcpSeed ]]</a-tag></td></tr>
-            </template>
-            
             <template v-if="inbound.isGrpc">
                 <tr><td>grpc serviceName</td><td>
                     <a-tooltip :title="[[ inbound.serviceName ]]">
@@ -443,4 +438,4 @@
     });
 
 </script>
-{{end}}
+{{end}}

web/html/xui/settings.html

@@ -477,34 +477,14 @@
                 remarkSeparators: [' ', '-', '_', '@', ':', '~', '|', ',', '.', '/'],
                 remarkSample: '',
                 defaultFragment: {
-                    tag: "fragment",
+                    packets: "tlshello",
-                    protocol: "freedom",
+                    length: "100-200",
-                    settings: {
+                    interval: "10-20",
-                        domainStrategy: "AsIs",
+                    maxSplit: "300-400"
-                        fragment: {
-                            packets: "tlshello",
-                            length: "100-200",
-                            interval: "10-20",
-                            maxSplit: "300-400"
-                        }
-                    },
-                    streamSettings: {
-                        sockopt: {
-                            tcpKeepAliveIdle: 100,
-                            penetrate: true
-                        }
-                    }
-                },
-                defaultNoises: {
-                    tag: "noises",
-                    protocol: "freedom",
-                    settings: {
-                        domainStrategy: "AsIs",
-                        noises: [
-                            { type: "rand", packet: "10-20", delay: "10-16" },
-                        ],
-                    },
                 },
+                defaultNoises: [
+                    { type: "rand", packet: "10-20", delay: "10-16" }
+                ],
                 defaultMux: {
                     enabled: true,
                     concurrency: 8,
@@ -661,41 +641,41 @@
                     }
                 },
                 fragmentPackets: {
-                    get: function () { return this.fragment ? JSON.parse(this.allSetting.subJsonFragment).settings.fragment.packets : ""; },
+                    get: function () { return this.fragment ? JSON.parse(this.allSetting.subJsonFragment).packets : ""; },
                     set: function (v) {
                         if (v != "") {
                             newFragment = JSON.parse(this.allSetting.subJsonFragment);
-                            newFragment.settings.fragment.packets = v;
+                            newFragment.packets = v;
                             this.allSetting.subJsonFragment = JSON.stringify(newFragment);
                         }
                     }
                 },
                 fragmentLength: {
-                    get: function () { return this.fragment ? JSON.parse(this.allSetting.subJsonFragment).settings.fragment.length : ""; },
+                    get: function () { return this.fragment ? JSON.parse(this.allSetting.subJsonFragment).length : ""; },
                     set: function (v) {
                         if (v != "") {
                             newFragment = JSON.parse(this.allSetting.subJsonFragment);
-                            newFragment.settings.fragment.length = v;
+                            newFragment.length = v;
                             this.allSetting.subJsonFragment = JSON.stringify(newFragment);
                         }
                     }
                 },
                 fragmentInterval: {
-                    get: function () { return this.fragment ? JSON.parse(this.allSetting.subJsonFragment).settings.fragment.interval : ""; },
+                    get: function () { return this.fragment ? JSON.parse(this.allSetting.subJsonFragment).interval : ""; },
                     set: function (v) {
                         if (v != "") {
                             newFragment = JSON.parse(this.allSetting.subJsonFragment);
-                            newFragment.settings.fragment.interval = v;
+                            newFragment.interval = v;
                             this.allSetting.subJsonFragment = JSON.stringify(newFragment);
                         }
                     }
                 },
                 fragmentMaxSplit: {
-                    get: function () { return this.fragment ? JSON.parse(this.allSetting.subJsonFragment).settings.fragment.maxSplit : ""; },
+                    get: function () { return this.fragment ? JSON.parse(this.allSetting.subJsonFragment).maxSplit : ""; },
                     set: function (v) {
                     if (v != "") {
                         newFragment = JSON.parse(this.allSetting.subJsonFragment);
-                        newFragment.settings.fragment.maxSplit = v;
+                        newFragment.maxSplit = v;
                         this.allSetting.subJsonFragment = JSON.stringify(newFragment);
                     }
                     }
@@ -714,13 +694,11 @@
                 },
                 noisesArray: {
                     get() {
-                        return this.noises ? JSON.parse(this.allSetting.subJsonNoises).settings.noises : [];
+                        return this.noises ? JSON.parse(this.allSetting.subJsonNoises) : [];
                     },
                     set(value) {
                         if (this.noises) {
-                            const newNoises = JSON.parse(this.allSetting.subJsonNoises);
+                            this.allSetting.subJsonNoises = JSON.stringify(value);
-                            newNoises.settings.noises = value;
-                            this.allSetting.subJsonNoises = JSON.stringify(newNoises);
                         }
                     }
                 },

web/html/xui/xray_rule_modal.html

@@ -220,13 +220,13 @@
             newRule = {};
             rule.type = "field";
             rule.domainMatcher = value.domainMatcher;
-            rule.domain = value.domain.length>0 ? value.domain.split(',') : [];
+            rule.domain = value.domain.length>0 ? value.domain.split(',').map(s => s.trim()) : [];
-            rule.ip = value.ip.length>0 ? value.ip.split(',') : [];
+            rule.ip = value.ip.length>0 ? value.ip.split(',').map(s => s.trim()) : [];
             rule.port = value.port;
             rule.sourcePort = value.sourcePort;
             rule.network = value.network;
-            rule.source = value.source.length>0 ? value.source.split(',') : [];
+            rule.source = value.source.length>0 ? value.source.split(',').map(s => s.trim()) : [];
-            rule.user = value.user.length>0 ? value.user.split(',') : [];
+            rule.user = value.user.length>0 ? value.user.split(',').map(s => s.trim()) : [];
             rule.inboundTag = value.inboundTag;
             rule.protocol = value.protocol;
             rule.attrs = Object.fromEntries(value.attrs);

web/locale/locale.go

@@ -48,10 +48,10 @@ func InitLocalizer(i18nFS embed.FS, settingService SettingService) error {
 	return nil
 }
 
-func createTemplateData(params []string, seperator ...string) map[string]interface{} {
+func createTemplateData(params []string, separator ...string) map[string]interface{} {
 	var sep string = "=="
-	if len(seperator) > 0 {
+	if len(separator) > 0 {
-		sep = seperator[0]
+		sep = separator[0]
 	}
 
 	templateData := make(map[string]interface{})

web/service/inbound.go

@@ -19,6 +19,10 @@ type InboundService struct {
 	xrayApi xray.XrayAPI
 }
 
+const (
+	safeBatchSize = 500
+)
+
 func (s *InboundService) GetInbounds(userId int) ([]*model.Inbound, error) {
 	db := database.GetDB()
 	var inbounds []*model.Inbound
@@ -789,6 +793,11 @@ func (s *InboundService) addInboundTraffic(tx *gorm.DB, traffics []*xray.Traffic
 	return nil
 }
 
+type newExpiryTime struct {
+	Email         string
+	NewExpiryTime int64
+}
+
 func (s *InboundService) addClientTraffic(tx *gorm.DB, traffics []*xray.ClientTraffic) (err error) {
 	if len(traffics) == 0 {
 		// Empty onlineUsers
@@ -805,9 +814,18 @@ func (s *InboundService) addClientTraffic(tx *gorm.DB, traffics []*xray.ClientTr
 		emails = append(emails, traffic.Email)
 	}
 	dbClientTraffics := make([]*xray.ClientTraffic, 0, len(traffics))
-	err = tx.Model(xray.ClientTraffic{}).Where("email IN (?)", emails).Find(&dbClientTraffics).Error
+	for i := 0; i < len(emails); i += safeBatchSize {
-	if err != nil {
+		end := i + safeBatchSize
-		return err
+		if end > len(emails) {
+			end = len(emails)
+		}
+
+		batchClientTraffics := make([]*xray.ClientTraffic, 0, end-i)
+		err = tx.Model(xray.ClientTraffic{}).Where("email IN ?", emails[i:end]).Find(&batchClientTraffics).Error
+		if err != nil {
+			return err
+		}
+		dbClientTraffics = append(dbClientTraffics, batchClientTraffics...)
 	}
 
 	// Avoid empty slice error
@@ -815,7 +833,20 @@ func (s *InboundService) addClientTraffic(tx *gorm.DB, traffics []*xray.ClientTr
 		return nil
 	}
 
-	dbClientTraffics, err = s.adjustTraffics(tx, dbClientTraffics)
+	inboundExpiryTimeMap := make(map[int][]newExpiryTime, 0)
+	for index, t := range dbClientTraffics {
+		if t.ExpiryTime < 0 {
+			newClientExpiryTime := (time.Now().Unix() * 1000) - int64(t.ExpiryTime)
+			newExpiryTime := newExpiryTime{
+				Email:         t.Email,
+				NewExpiryTime: newClientExpiryTime,
+			}
+			inboundExpiryTimeMap[t.InboundId] = append(inboundExpiryTimeMap[t.InboundId], newExpiryTime)
+			dbClientTraffics[index].ExpiryTime = newClientExpiryTime
+		}
+	}
+
+	err = s.adjustTraffics(tx, inboundExpiryTimeMap)
 	if err != nil {
 		return err
 	}
@@ -836,66 +867,90 @@ func (s *InboundService) addClientTraffic(tx *gorm.DB, traffics []*xray.ClientTr
 	}
 
 	// Set onlineUsers
-	p.SetOnlineClients(onlineClients)
+	if p != nil {
+		p.SetOnlineClients(onlineClients)
+	}
 
-	err = tx.Save(dbClientTraffics).Error
+	for i := 0; i < len(dbClientTraffics); i += safeBatchSize {
-	if err != nil {
+		end := i + safeBatchSize
-		logger.Warning("AddClientTraffic update data ", err)
+		if end > len(dbClientTraffics) {
+			end = len(dbClientTraffics)
+		}
+
+		err = tx.Save(dbClientTraffics[i:end]).Error
+		if err != nil {
+			logger.Warning("AddClientTraffic update data ", err)
+			return nil
+		}
 	}
 
 	return nil
 }
 
-func (s *InboundService) adjustTraffics(tx *gorm.DB, dbClientTraffics []*xray.ClientTraffic) ([]*xray.ClientTraffic, error) {
+func (s *InboundService) adjustTraffics(tx *gorm.DB, inboundExpiryTimeMap map[int][]newExpiryTime) error {
-	inboundIds := make([]int, 0, len(dbClientTraffics))
+	if len(inboundExpiryTimeMap) == 0 {
-	for _, dbClientTraffic := range dbClientTraffics {
+		return nil
-		if dbClientTraffic.ExpiryTime < 0 {
+	}
-			inboundIds = append(inboundIds, dbClientTraffic.InboundId)
+
+	inboundIds := make([]int, 0)
+	for inId := range inboundExpiryTimeMap {
+		inboundIds = append(inboundIds, inId)
+	}
+	inbounds := make([]*model.Inbound, 0, len(inboundIds))
+	for i := 0; i < len(inboundIds); i += safeBatchSize {
+		end := i + safeBatchSize
+		if end > len(inboundIds) {
+			end = len(inboundIds)
+		}
+
+		batchInbounds := make([]*model.Inbound, 0, end-i)
+		err := tx.Model(model.Inbound{}).Where("id IN ?", inboundIds[i:end]).Find(&batchInbounds).Error
+		if err != nil {
+			return err
+		}
+		inbounds = append(inbounds, batchInbounds...)
+	}
+	for inbound_index := range inbounds {
+		settings := map[string]interface{}{}
+		json.Unmarshal([]byte(inbounds[inbound_index].Settings), &settings)
+		clients, ok := settings["clients"].([]interface{})
+		inbEmails := inboundExpiryTimeMap[inbounds[inbound_index].Id]
+		if ok {
+			var newClients []interface{}
+			for client_index := range clients {
+				c := clients[client_index].(map[string]interface{})
+				for index := range inbEmails {
+					if c["email"] == inbEmails[index].Email {
+						c["expiryTime"] = inbEmails[index].NewExpiryTime
+						break
+					}
+				}
+				newClients = append(newClients, interface{}(c))
+			}
+			settings["clients"] = newClients
+			modifiedSettings, err := json.MarshalIndent(settings, "", "  ")
+			if err != nil {
+				return err
+			}
+
+			inbounds[inbound_index].Settings = string(modifiedSettings)
 		}
 	}
 
-	if len(inboundIds) > 0 {
+	for i := 0; i < len(inbounds); i += safeBatchSize {
-		var inbounds []*model.Inbound
+		end := i + safeBatchSize
-		err := tx.Model(model.Inbound{}).Where("id IN (?)", inboundIds).Find(&inbounds).Error
+		if end > len(inbounds) {
-		if err != nil {
+			end = len(inbounds)
-			return nil, err
 		}
-		for inbound_index := range inbounds {
-			settings := map[string]interface{}{}
-			json.Unmarshal([]byte(inbounds[inbound_index].Settings), &settings)
-			clients, ok := settings["clients"].([]interface{})
-			if ok {
-				var newClients []interface{}
-				for client_index := range clients {
-					c := clients[client_index].(map[string]interface{})
-					for traffic_index := range dbClientTraffics {
-						if dbClientTraffics[traffic_index].ExpiryTime < 0 && c["email"] == dbClientTraffics[traffic_index].Email {
-							oldExpiryTime := c["expiryTime"].(float64)
-							newExpiryTime := (time.Now().Unix() * 1000) - int64(oldExpiryTime)
-							c["expiryTime"] = newExpiryTime
-							dbClientTraffics[traffic_index].ExpiryTime = newExpiryTime
-							break
-						}
-					}
-					newClients = append(newClients, interface{}(c))
-				}
-				settings["clients"] = newClients
-				modifiedSettings, err := json.MarshalIndent(settings, "", "  ")
-				if err != nil {
-					return nil, err
-				}
 
-				inbounds[inbound_index].Settings = string(modifiedSettings)
+		err := tx.Save(inbounds[i:end]).Error
-			}
-		}
-		err = tx.Save(inbounds).Error
 		if err != nil {
 			logger.Warning("AddClientTraffic update inbounds ", err)
-			logger.Error(inbounds)
+			break
 		}
 	}
 
-	return dbClientTraffics, nil
+	return nil
 }
 
 func (s *InboundService) autoRenewClients(tx *gorm.DB) (bool, int64, error) {

web/service/setting.go

@@ -359,7 +359,12 @@ func (s *SettingService) GetTimeLocation() (*time.Location, error) {
 	if err != nil {
 		defaultLocation := defaultValueMap["timeLocation"]
 		logger.Errorf("location <%v> not exist, using default location: %v", l, defaultLocation)
-		return time.LoadLocation(defaultLocation)
+		location, err = time.LoadLocation(defaultLocation)
+		if err != nil {
+			logger.Errorf("failed to load default location, using UTC: %v", err)
+			return time.UTC, nil
+		}
+		return location, nil
 	}
 	return location, nil
 }

web/session/session.go

@@ -19,23 +19,10 @@ func init() {
 
 func SetLoginUser(c *gin.Context, user *model.User) error {
 	s := sessions.Default(c)
-	s.Options(sessions.Options{
-		Path:     "/",
-		HttpOnly: true,
-	})
 	s.Set(loginUser, user)
 	return s.Save()
 }
 
-func SetMaxAge(c *gin.Context, maxAge int) error {
-	s := sessions.Default(c)
-	s.Options(sessions.Options{
-		Path:   "/",
-		MaxAge: maxAge,
-	})
-	return s.Save()
-}
-
 func GetLoginUser(c *gin.Context) *model.User {
 	s := sessions.Default(c)
 	obj := s.Get(loginUser)
@@ -53,8 +40,12 @@ func IsLogin(c *gin.Context) bool {
 func ClearSession(c *gin.Context) {
 	s := sessions.Default(c)
 	s.Clear()
+	basePath := c.GetString("base_path")
+	if basePath == "" {
+		basePath = "/"
+	}
 	s.Options(sessions.Options{
-		Path:   "/",
+		Path:   basePath,
 		MaxAge: -1,
 	})
 	s.Save()

web/web.go

@@ -176,10 +176,23 @@ func (s *Server) initRouter() (*gin.Engine, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	sessionMaxAge, err := s.settingService.GetSessionMaxAge()
+	if err != nil {
+		return nil, err
+	}
 	engine.Use(gzip.Gzip(gzip.DefaultCompression, gzip.WithExcludedPaths([]string{basePath + "xui/API/"})))
 	assetsBasePath := basePath + "assets/"
 
 	store := cookie.NewStore(secret)
+	sessionOptions := sessions.Options{
+		Path:     basePath,
+		HttpOnly: true,
+	}
+	if sessionMaxAge > 0 {
+		sessionOptions.MaxAge = sessionMaxAge * 60
+	}
+	store.Options(sessionOptions)
 	engine.Use(sessions.Sessions("x-ui", store))
 	engine.Use(func(c *gin.Context) {
 		c.Set("base_path", basePath)
@@ -392,3 +405,7 @@ func (s *Server) GetCtx() context.Context {
 func (s *Server) GetCron() *cron.Cron {
 	return s.cron
 }
+
+func (s *Server) RestartXray() error {
+	return s.xrayService.RestartXray(true)
+}

x-ui.service

@@ -8,6 +8,7 @@ Environment="XRAY_VMESS_AEAD_FORCED=false"
 Type=simple
 WorkingDirectory=/usr/local/x-ui/
 ExecStart=/usr/local/x-ui/x-ui
+ExecReload=kill -USR1 $MAINPID
 Restart=on-failure
 
 [Install]

x-ui.sh

@@ -141,7 +141,7 @@ uninstall() {
 }
 
 reset_user() {
-    confirm "Reset your username and password to admin?" "n"
+    confirm "Are you sure to reset the username and password of the panel?" "n"
     if [[ $? != 0 ]]; then
         if [[ $# == 0 ]]; then
             show_menu
@@ -286,6 +286,16 @@ restart() {
     fi
 }
 
+restart_xray() {
+    systemctl reload x-ui
+    LOGI "xray-core Restart signal sent successfully, Please check the log information to confirm whether xray restarted successfully"
+    sleep 2
+    show_xray_status
+    if [[ $# == 0 ]]; then
+        before_show_menu
+    fi
+}
+
 status() {
     systemctl status x-ui -l
     if [[ $# == 0 ]]; then
@@ -1052,6 +1062,7 @@ show_usage() {
     echo "x-ui start        - Start"
     echo "x-ui stop         - Stop"
     echo "x-ui restart      - Restart"
+    echo "x-ui restart-xray - Restart xray-core"
     echo "x-ui status       - Current Status"
     echo "x-ui settings     - Current Settings"
     echo "x-ui enable       - Enable Autostart on OS Startup"
@@ -1084,19 +1095,20 @@ show_menu() {
   ${green}10.${plain} Start
   ${green}11.${plain} Stop
   ${green}12.${plain} Restart
-  ${green}13.${plain} Check State
+  ${green}13.${plain} Restart Xray
-  ${green}14.${plain} Check Logs
+  ${green}14.${plain} Check State
+  ${green}15.${plain} Check Logs
 ————————————————
-  ${green}15.${plain} Enable Autostart
+  ${green}16.${plain} Enable Autostart
-  ${green}16.${plain} Disable Autostart
+  ${green}17.${plain} Disable Autostart
 ————————————————
-  ${green}17.${plain} SSL Certificate Management
+  ${green}18.${plain} SSL Certificate Management
-  ${green}18.${plain} Cloudflare SSL Certificate
+  ${green}19.${plain} Cloudflare SSL Certificate
-  ${green}19.${plain} Firewall Management
+  ${green}20.${plain} Firewall Management
 ————————————————
-  ${green}20.${plain} Enable or Disable BBR
+  ${green}21.${plain} Enable or Disable BBR
-  ${green}21.${plain} Update Geo Files
+  ${green}22.${plain} Update Geo Files
-  ${green}22.${plain} Speedtest by Ookla
+  ${green}23.${plain} Speedtest by Ookla
  "
     show_status
     echo && read -p "Please enter your selection [0-22]: " num
@@ -1142,37 +1154,40 @@ show_menu() {
         check_install && restart
         ;;
     13)
-        check_install && status
+        check_install && restart_xray
         ;;
     14)
-        check_install && show_log
+        check_install && status
         ;;
     15)
-        check_install && enable
+        check_install && show_log
         ;;
     16)
-        check_install && disable
+        check_install && enable
         ;;
     17)
-        ssl_cert_issue_main
+        check_install && disable
         ;;
     18)
-        ssl_cert_issue_CF
+        ssl_cert_issue_main
         ;;
     19)
-        firewall_menu
+        ssl_cert_issue_CF
         ;;
     20)
-        bbr_menu
+        firewall_menu
         ;;
     21)
-        update_geo
+        bbr_menu
         ;;
     22)
+        update_geo
+        ;;
+    23)
         run_speedtest
         ;;
     *)
-        LOGE "Please enter the correct number [0-22]"
+        LOGE "Please enter the correct number [0-23]"
         ;;
     esac
 }
@@ -1188,6 +1203,9 @@ if [[ $# > 0 ]]; then
     "restart")
         check_install 0 && restart 0
         ;;
+    "restart-xray")
+        check_install 0 && restart_xray 0
+        ;;
     "status")
         check_install 0 && status 0
         ;;