rms/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-05-17 00:05:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,407 Commits 3 Branches 112 Tags
main
Commit Graph

2407 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Komar
f9ae0347c6 fix(translation): correct typos and improve phrasing in English localization (#4430) 2026-05-16 10:24:04 +02:00
MHSanaei
2928b52b04 feat(tgbot): add Flow picker when creating a VLESS client 
The bot's add-client flow already serialised client_Flow into the VLESS
JSON template but never exposed a way to set it from Telegram, so every
client ended up with an empty flow regardless of the inbound's transport.

Added an inline "Flow" row to the VLESS protocol keyboard with three
choices — None, xtls-rprx-vision, and xtls-rprx-vision-udp443 — and a
matching i18n key in all 13 locale files. The row is only shown when
the inbound can actually use Vision flow (mirrors the frontend's
canEnableTlsFlow check: VLESS over TCP with TLS or Reality); on other
transports it's hidden and any stale client_Flow value is reset, so the
generated JSON stays consistent with the inbound's stream settings.
 2026-05-15 13:12:54 +02:00
MHSanaei
07cdb82027 fix(inbounds): don't delete remote inbound when toggling enable 
SetInboundEnable called rt.DelInbound for every runtime, but Remote.DelInbound
hits panel/api/inbounds/del/:id on the node — a real row delete, not just a
"stop serving" hint like Local.DelInbound. Flipping the enable switch on a
remote inbound therefore wiped the row on the node entirely.

Route remote inbounds through UpdateInbound instead so the row stays and only
the enable flag is patched. Local path keeps the Del+Add flow since that's
how Xray's gRPC API expects to be driven.

Fixes #4402
 2026-05-15 12:43:16 +02:00
MHSanaei
f00f82b392 fix(outbound): probe UDP-based outbounds over UDP instead of TCP 
The fast-probe mode hard-coded net.DialTimeout("tcp", ...), so testing a
WARP/WireGuard or Hysteria outbound always failed with an i/o timeout —
those transports only listen on UDP, never on TCP.

Probe is now transport-aware: extractOutboundEndpoints tags each endpoint
with the network the proxy actually listens on (UDP for wireguard,
hysteria, and any outbound whose streamSettings.network is hysteria, kcp,
or quic; TCP otherwise). probeUDPEndpoint dials UDP, writes a single
sentinel byte so the kernel can surface ICMP errors, and treats a read
timeout as success (WireGuard ignores invalid packets, so silence is the
expected reply from a reachable server). The result's mode field now
reflects what was probed, so the UI badge shows UDP for these outbounds
instead of mislabelling them as TCP.
 2026-05-15 12:29:53 +02:00
MHSanaei
5a1019534f refactor(inbounds): tighten advanced JSON helpers and fix dark-mode subtitles 
Collapsed repeated stream/sniffing/settings handling in InboundFormModal
into shared helpers (stampAdvancedTextFor, parseAdvancedSliceWithLabel,
compactAdvancedJson, withSaving) plus a wrapped-config factory for the
single-key editors. Cuts ~120 lines from the script section with no
behavior change.

The advanced-panel subtitle and editor-meta text used a fixed dark color
that was unreadable on the dark and ultra-dark modal backgrounds.
Switched both to opacity-on-inherit so they pick up AntD's theme-aware
foreground color, the same pattern .section-heading already uses.
 2026-05-15 12:12:47 +02:00
Abdalrahman
78f1719c6d fix: prevent online clients from randomly disappearing from panel UI (#4387) 
* fix: prevent online clients from randomly disappearing from panel UI

Online status was determined solely by whether a client transferred
bytes in the current 5-second polling window. The online list was
completely replaced each cycle, so idle-but-connected clients with no
traffic delta in that window were dropped from the UI.

Now online status is computed from lastOnline DB timestamps with a
5-second grace period via RefreshOnlineClientsFromMap(), so clients
remain visible across idle polling windows.

Closes #4384

* fix: extend online client grace period to survive idle poll cycles

The 5s grace period equalled the traffic-poll interval, so a client
whose Xray stats reported a zero delta for one cycle was still dropped
on the very next tick. Bump to 20s (~4 polls) so idle-but-connected
sessions stay visible across momentary counter gaps without lingering
long after a real disconnect.

Refs #4384

---------

Co-authored-by: MHSanaei <ho3ein.sanaei@gmail.com>
 2026-05-15 11:41:29 +02:00
MHSanaei
5cf8a08540 fix: disable balancer fallbackTag for random / roundRobin strategies 
Xray-core's RandomStrategy and RoundRobinStrategy register a pending
dependency on the Observatory feature whenever fallbackTag is non-empty.
Since the panel only provisions observatory for leastPing / leastLoad
balancers, picking roundRobin with a fallbackTag caused xray to fail
boot with "not all dependencies are resolved". Disable the fallback
field for the two strategies that cannot resolve it, and strip
fallbackTag from the wire balancer as a defensive backstop for users
who edit the JSON template directly.
 2026-05-15 11:24:50 +02:00
MHSanaei
79a9be7b22 fix: split locale chunks by removing eager i18n glob 
The eager `import.meta.glob` was statically pulling all 13 locale JSON
files into the main bundle, defeating the sibling lazy glob and emitting
INEFFECTIVE_DYNAMIC_IMPORT warnings. Statically import only the en-US
fallback, lazy-load the rest, and await `readyI18n()` in each entry
before mount so the first paint still uses the active locale.
 2026-05-15 10:50:40 +02:00
Abdalrahman
19d50bd16c fix: add i18n translations for Allow private address node option across all locales (#4386) 
* fix: add Chinese locale translations for Allow private address node option

* fix: add Allow private address translations to all remaining locale files
 2026-05-15 09:51:14 +02:00
MHSanaei
3af45c1462 fix: Add base-path meta tag for Cloudflare Rocket Loader compatibility 
When Cloudflare Rocket Loader is enabled, it interferes with inline scripts that set window.X_UI_BASE_PATH, causing the frontend to fail to configure the correct base URL for API calls. This results in 404 errors on the login page when calling /getTwoFactorEnable.

Solution: Add meta name='base-path' tag to HTML (similar to csrf-token), update axios initialization to read from meta tag as fallback. Meta tags are not affected by CSP or Rocket Loader delays.

Fixes #4393
 2026-05-14 23:37:25 +02:00
MHSanaei
6badd829df Remove streamSettings for protocols that don't support it 
- Frontend: Only include streamSettings in toJson() for vmess, vless, trojan, shadowsocks, and hysteria protocols
- Frontend: Hide Stream tab in Advanced section for unsupported protocols
- Frontend: Clear streamSettings in Advanced tab when switching to unsupported protocols
- Frontend: Add CodeMirror JSON editor to config view in index page with mobile responsive design
- Backend: Add normalizeStreamSettings() to clear streamSettings for tunnel, mixed, http, tun, and wireguard protocols
- Backend: Apply normalization in AddInbound() and UpdateInbound()
- Backend: Add omitempty JSON tag to StreamSettings field to exclude null values from Xray config
 2026-05-14 23:18:23 +02:00
MHSanaei
b79abc8bc9 refactor: remove legacy advancedJson state 2026-05-14 20:32:38 +02:00
MHSanaei
05b68c3b13 fix: remove Auth password 
#4388
 2026-05-14 19:28:09 +02:00
Abdalrahman
f3c7660f84 fix: correct Hysteria2 Obfs password label to Auth password (#4388) 
The Obfs password field in the Hysteria2 stream settings tab was incorrectly
labeled. It binds to hysteriaSettings.auth (the server-wide authentication
password), not to the salamander obfuscation password. Per Xray-core docs,
Hysteria2 salamander obfuscation belongs in finalmask.udp[].salamander.password,
which is correctly handled by the FinalMaskForm (UDP Masks section).

Fixed the label to Auth password with an accurate tooltip explaining that
salamander obfuscation is configured via the UDP Masks section below.
 2026-05-14 18:53:04 +02:00
MHSanaei
9b0fd047cb fix: guard certificate and key against undefined before join 2026-05-14 17:46:24 +02:00
MHSanaei
e4218a1029 feat: click QR to copy/save image instead of link text 2026-05-14 17:40:40 +02:00
Fedor Batonogov
7065d41be6 docs(readme): add Community Tools section (#4114) 
3x-ui has a growing ecosystem of community tools (Terraform, scripts,
exporters, etc.). This adds a Community Tools section between
Acknowledgment and Support project in all 6 localized READMEs so users
can discover them from the main project page.

The format mirrors the existing Acknowledgment section so future
maintainers of 3x-ui-related tools can extend it with one-line PRs.
 2026-05-14 15:54:52 +02:00
MHSanaei
1284756f8a fix(outbound): restore TLS, QUIC params and TCP masks when importing share links 
- fromHysteriaLink: parse security= URL param and populate stream.tls
  (SNI, fingerprint, ALPN, ECH) when security=tls; previously always
  forced security to 'none'
- fromHysteriaLink: parse fm JSON param and populate both
  stream.finalmask.quicParams (drives the QUIC Params toggle in
  FinalMaskForm) and the mirrored stream.hysteria fields
- fromParamLink (VLESS/Trojan/SS): parse fm JSON param and restore
  stream.finalmask (TCP masks, UDP masks, QUIC params)
- fromVmessLink (VMess): same fm handling for the base64-JSON path

Closes #4376
 2026-05-14 13:27:55 +02:00
MHSanaei
1f052c0e8f fix: preserve TLS cert file paths when deploying inbound to remote node 
When creating a Hysteria (or any TLS-required) inbound from the central
panel and deploying it to a remote node, sanitizeStreamSettingsForRemote
was unconditionally stripping certificateFile / keyFile from the TLS
settings. This left Xray on the remote node with a TLS block containing
no certificate, causing Xray to crash and the inbounds page to hang.

The fix: only strip cert file paths when inline certificate content
(certificate / key arrays) is also present in the same entry — those
file paths are then truly redundant. When only file paths are present
the user explicitly entered paths that live on the remote node's
filesystem; they are now passed through untouched.

Fixes #4370
 2026-05-14 12:41:08 +02:00
MHSanaei
ae6f13b533 fix: also hide QR code for ML-KEM-768 links (too long for QR generation) 2026-05-14 12:34:23 +02:00
MHSanaei
1cf2582e6d fix: hide QR code for mldsa65 links (too long for QR generation) 2026-05-14 12:30:48 +02:00
Abdalrahman
eacb9f63b0 fix: protocol filter placeholder not showing on initial load (#4372) 2026-05-14 12:12:44 +02:00
MHSanaei
e7035b56fe fix: sync advancedJson before tab switch in convertLink v3.0.2 2026-05-14 11:46:07 +02:00
dependabot[bot]
5f526e5201 build(deps): bump actions/setup-node from 5 to 6 (#4368) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-14 11:11:12 +02:00
MHSanaei
bd8d33980f fix: ignore duplicate column errors during AutoMigrate on upgraded DBs 
SQLite raises 'duplicate column name: <col>' when GORM tries to ADD a
column that already exists in an older schema (seen: allow_private_address,
node_id on the nodes table). This caused database initialisation to fail on
every restart after an upgrade.

The new isIgnorableDuplicateColumnErr helper skips the error only when:
  1. The error message matches 'duplicate column name: <col>'
  2. Migrator().HasColumn confirms the column is already present in the DB

Fresh databases and all other error types are unaffected.
 2026-05-14 11:10:38 +02:00
MHSanaei
5dc02a9af3 v3.0.2 2026-05-14 10:27:33 +02:00
Abdalrahman
033c5993e0 feat: add API token to install output (#4322) 
* feat: add API token to install output

Add -getApiToken flag to the setting subcommand so shell scripts
can retrieve the panel API token. Include the token in the
install.sh completion banner for automation/deployment use.

* fix(install): adapt -getApiToken CLI to multi-token service

settingService.GetApiToken was removed when API tokens moved to a
multi-row ApiTokenService. Switch the install-time CLI to list tokens
and create one named "install" if none exist, preserving the
`apiToken: <value>` output the install.sh grep depends on.

---------

Co-authored-by: Sanaei <ho3ein.sanaei@gmail.com>
 2026-05-14 10:24:23 +02:00
MHSanaei
2204c8231d Adjust QR panel sizing and collapse JSON subscription by default 2026-05-14 10:23:27 +02:00
Abdalrahman
01a7dc807b fix(sub): include xhttp mode in extra JSON for karing compatibility (#4365) 
- Add mode to buildXhttpExtra() so clients reading xtra param
  (karing, etc.) receive the xhttp mode alongside other bidirectional
  SplitHTTP fields. Previously mode was only a flat URL param and was
  silently dropped when xtra was present.
- Add xhttp case to streamData() to strip acceptProxyProtocol and
  server-only fields (noSSEHeader, scMaxBufferedPosts,
  scStreamUpServerSecs, serverMaxHeaderBytes) from JSON sub configs.
- Sync frontend buildXhttpExtra() with the same mode addition.

Closes #4364
 2026-05-14 10:02:45 +02:00
Farhad H. P. Shirvan
6bf4a2c4f0 fix(docker): update port mapping for 3xui service in docker-compose (#4362) 2026-05-14 10:00:09 +02:00
MHSanaei
21058eb63c fix(routing): make rule drag-and-drop work on mobile cards 
The pointermove handler looked up the drop target via
el.closest('tr[data-row-key]'). That selector only matches the
desktop a-table rows; the mobile branch renders each rule as a
<div class="rule-card" data-row-key>, so on phones the lookup
always returned null, dropTargetIndex stayed pinned to the start
index, and the eventual drop was a no-op. Loosened the selector
to [data-row-key] so both DOM shapes resolve.
 2026-05-14 02:04:05 +02:00
Black
194de8869e feat(panel): add 'Edit' button to tables and enhance layout (#4355) 
- Move 'Edit' button from dropdown to the table since it's the most used action. Only for desktop.
- Increase column widths for action keys in Inbounds, Balancers, Outbounds and Routing tables.
- Slightly enhance layout for consistency.
 2026-05-14 01:55:00 +02:00
MHSanaei
26accfd8f7 fix(qr): lock QR code modules to black-on-white across all themes 
AntD's <a-qrcode> defaults the module color to the active theme's
text token. Under the dark and ultra-dark themes that text is a light
gray, so the QR rendered low-contrast on the white canvas background
and phones could not lock onto it. Pinned color="#000000" and
bg-color="#ffffff" on every <a-qrcode> usage (share links in
QrPanel, 2FA enrollment in TwoFactorModal, sub/json/clash codes on
SubPage) so the contrast stays high regardless of panel theme.
 2026-05-14 01:45:00 +02:00
MHSanaei
2551a673c3 fix(inbounds): refresh client rows live over websocket 
Two bugs combined to leave per-client traffic / remained / all-time
columns stuck at stale numbers while only the inbound-level row and
the online badge refreshed:

1. Backend (xray + node sync traffic jobs) only included the per-client
   array in the client_stats broadcast when activeEmails / touched
   was non-empty. Cycles with no client deltas — or any node sync that
   failed to fetch a snapshot — shipped only the inbound summary, so
   the frontend had nothing to merge for clients. Replaced both code
   paths with a single GetAllClientTraffics() snapshot per cycle; the
   broadcast now always carries the full client list.

2. Frontend mutated dbInbound.clientStats[i] in place. DBInbound is a
   plain class instance (not wrapped in reactive()), so Vue could not
   see the field-level changes and ClientRowTable's statsMap computed
   stayed cached forever. Added a statsVersion tick bumped on every
   merge and read inside statsMap so the computed re-evaluates and the
   template pulls fresh up/down/allTime/expiryTime each push.

Removed the now-dead emailSet helper from node_traffic_sync_job and
the activeEmails filter from xray_traffic_job.
 2026-05-14 01:31:49 +02:00
MHSanaei
ce4c42e09c feat(json): swap raw textareas for a CodeMirror 6 JsonEditor 
A new JsonEditor.vue component wraps CodeMirror 6 + lang-json with
line numbers, JSON syntax highlighting, bracket matching, code
folding, search (Ctrl+F), undo/redo, lint (red squiggle and gutter
icon on invalid JSON), tab indent, and line wrapping. It is wired
into the four raw-JSON spots that previously used <a-textarea
class="json-editor">: the Xray Advanced Template tab, the Outbound
JSON tab, the Balancer Observatory pane, and the Inbound Advanced
tab (settings / streamSettings / sniffing).

Chrome colors are driven by EditorView.theme so they win the
specificity fight cleanly against CodeMirror's own injected styles.
A single buildDarkTheme() factory yields a Dark+ palette (#1e1e1e
background, #252526 active line, #2d2d30 panels) for the regular
dark mode and a near-black variant (#0a0a0a / #141414 / #1f1f1f
border) for ultra-dark — both pair with oneDarkHighlightStyle for
the syntax colors. Light mode stays on basicSetup's default.

CodeMirror lazy-loads as a ~17 kB gzipped chunk that only appears
on the Xray/Inbounds bundles.
 2026-05-14 00:02:59 +02:00
MHSanaei
18614bd6ea feat(tabs): collapse settings and xray tab bars to evenly-spread icons 
On phones the five Settings tabs and six Xray tabs overflowed the
viewport. Now the tab labels are stripped (v-if="!isMobile"), the
nav-list stretches to full width via display:flex + width:100%, and
each tab claims an equal share with flex:1 1 0 so the icons spread
across the row instead of bunching. Icons bumped to 18px with a
tooltip carrying the original label for discoverability.
 2026-05-13 23:33:50 +02:00
MHSanaei
e564c9283d feat(nodes): mobile card list, info modal, and tighter summary layout 
NodeList now branches on isMobile: a vertical card list mirrors the
inbound mobile redesign — status dot + name + an Info icon that opens
an a-modal with the full per-node stats (address, status, CPU/mem,
xray version, uptime, latency, last heartbeat). The card head expands
to surface NodeHistoryPanel inline (parity with the desktop expandable
row), and the more-dropdown carries probe/edit/delete.

NodesPage also gets two layout fixes: an 8px vertical gutter between
the summary card and the node list on mobile (was 0), and a 2x2 grid
for the four summary statistics on phones via :xs="12" plus a 16px
inner vertical gutter, so Total/Online/Offline/Avg Latency no longer
crowd each other.
 2026-05-13 23:14:56 +02:00
MHSanaei
933567d423 feat(inbounds): collapse mobile cards to id/email + info button 
Mobile inbound cards now show only #id and remark; mobile client cards
show only the status badge and email. The full stat grid (protocol,
port, node, traffic, all-time, clients, expiry — and per-client
remained/online/expiry) moves behind a new info icon that opens an
a-modal, so the list stays scannable on small screens.
 2026-05-13 23:03:19 +02:00
MHSanaei
771bc7c8ef feat(inbounds): align tunnel, tun, and hysteria UI with Xray docs 
* tunnel: rename settings to Xray's current schema (address →
  rewriteAddress, port → rewritePort, network → allowedNetwork) in
  the model, form modal, info modal, and the bundled API inbound
  template; expose portMap so per-port forwarding can be configured
  from the panel.
* tun: add the full TUN protocol form and read-only info blocks
  (name, mtu, gateway, dns, userLevel, autoSystemRoutingTable,
  autoOutboundsInterface) — previously the protocol was selectable
  but the form rendered blank.
* hysteria: surface the stream-level version, obfs password, and
  udpIdleTimeout fields that the model already supported.

Refs https://xtls.github.io/config/inbounds/tunnel.html
Refs https://xtls.github.io/config/inbounds/tun.html
Refs https://xtls.github.io/config/transports/hysteria.html
 2026-05-13 22:44:08 +02:00
MHSanaei
61ab602887 fix(iplog): parse xray access-log timestamps in local time 
Xray writes access-log timestamps in the server's local timezone, but
time.Parse interpreted them as UTC, shifting the stored unix epoch by
the host offset. The panel rendered the epoch back to local time, so
CST users saw IP-log times 8 hours in the future. Parse the log
timestamp with time.ParseInLocation(time.Local) so it round-trips.

Fixes #4147
 2026-05-13 21:50:16 +02:00
MHSanaei
adc262a238 fix(warp): set license against Cloudflare API and surface errors inline 
The license update was always failing because the Cloudflare response has
no `success` field — the check rejected every successful PUT. On real
errors (e.g. "Too many connected devices."), the toast leaked the raw URL
+ JSON body. Now the WARP API's error envelope is parsed into a clean
message and shown inline next to the Update button.
 2026-05-13 21:13:16 +02:00
Vladislav Kasperov
67b098dfd3 Add possibility to remove client email from sub (#4297) 2026-05-13 19:04:17 +02:00
MHSanaei
5543466fcc fix(forms): validate JSON tabs before applying or saving 
InboundFormModal: switching out of the Advanced tab now parses the three
JSON textareas and rebuilds the structured Inbound via Inbound.fromJson,
so the Basic tab reflects what was pasted. Invalid JSON keeps the user
on Advanced with a specific parse error.

XrayPage: Save now parses xraySetting upfront and snaps the user back to
the Advanced tab on invalid JSON instead of letting the backend reject a
generic blob.
 2026-05-13 19:01:12 +02:00
MHSanaei
b10a9f1de7 fix(inbounds): hide node UI when no enabled node exists 
The Deploy-to selector, node column, node stat row, and node filter all
appeared whenever a node row existed in the DB. Local-only deployments
with no nodes (or only disabled nodes) saw a dropdown that only had
"Local Panel" and a filter that did nothing.

useNodeList now exposes hasActive (any node with enable === true).
Inbounds form and list gate node UI on hasActive instead of map size.
 2026-05-13 17:42:40 +02:00
Amirmohammad Sadat Shokouhi
4399fe2a85 add log rotate to 3xui.log file to avoid disk space consumption (#4277) 
* add log rotate to 3xui.log file to avoid disk space consumption
 2026-05-13 17:03:56 +02:00
MHSanaei
6c6b40e063 fix(outbound): accept JSON-only configs and sync JSON to basic form on tab switch 
Pasting a JSON config and clicking OK failed with "Something went wrong"
because validation read the empty form-side tag input instead of the
JSON's tag. Switching from the JSON tab to Basic also discarded any
JSON the user had pasted.

- onOk now validates and submits from the JSON tab using the parsed JSON
- Tab switch JSON→Basic deserializes the JSON back into the structured form
- Invalid JSON keeps the user on the JSON tab with a clear parse error
- Empty form-tag / duplicate-tag errors are now specific, not generic
 2026-05-13 16:48:16 +02:00
MHSanaei
b97ff40ad6 feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 
Replace the single regenerable API token with a named-token list:
- New ApiToken model + service with constant-time auth matching
- Seeder migrates the legacy `apiToken` setting into a "default" row
- Security tab gets create/enable/delete UI; api-docs page links to it
- Dedicated "API Tokens" section in the in-panel docs

URL anchors now reflect the active tab/section on Settings, Xray, and
API Docs pages, so deep links like `/panel/settings#security` work.

Translations for the 8 new SecurityTab strings added across all locales.
 2026-05-13 16:34:31 +02:00
MHSanaei
46b6f8c66c feat(routing): drag-reorder rules, split balancer column, mobile card layout 
- Grip-handle drag-and-drop on the # cell to reorder rules, built on
  Pointer Events so the same code works for mouse, touch, and pen
  (HTML5 drag doesn't fire from touch on iOS Safari). 5px threshold
  keeps quick taps from triggering a reorder; up/down arrow menu
  items stay as a keyboard/a11y fallback. Drop indicator is a 2px
  blue line on the target edge; dragged row fades to 40%.
- Split the old combined target column into Outbounds and Balancer
  columns. Each row now has exactly one populated cell — green
  outbound tag or purple balancer tag.
- Mobile drops the a-table (520px+ of column widths overflowed every
  phone) for a stacked card layout: # + grip + actions on top, an
  "Inbound → Outbound/Balancer" flow row in the middle, and criteria
  chips (domain, IP, port, src IP/port, L4, protocol, user, VLESS)
  below for whichever fields are actually set. Multi-value chips
  collapse to "first +N" with full value on hover.
 2026-05-13 15:30:25 +02:00
Abdalrahman
102df7a290 style(api-docs): redesign TOC, section icons, endpoint rows, and code blocks with ultra-dark support (#4332) 
* style(api-docs): redesign TOC, section icons, endpoint rows, and code blocks with ultra-dark support

* style(api-docs): rename visibleSections to visibleEndpoints, drop dead toc-stuck CSS

- visibleSections counted endpoints, not sections — rename matches
  the displayed "X / Y endpoints" label.
- .toc-nav.toc-stuck was never toggled by any code path.

* docs(api): add missing POST /panel/api/inbounds/:id/resetTraffic entry

This route was added in #4334/#4338 but endpoints.js wasn't updated,
breaking TestAPIRoutesDocumented (91 routes in source, 90 documented).

---------

Co-authored-by: Sanaei <ho3ein.sanaei@gmail.com>
 2026-05-13 15:05:23 +02:00
Abdalrahman
f29c8a5e29 fix: single inbound traffic reset resets all inbounds (#4334) (#4338) 2026-05-13 14:49:54 +02:00