Merge 2fdffab3c6 into d3bc8ff8fe

Update websocket settings

.github/workflows/docker-publish.yml

@@ -1,89 +1,91 @@
-name: Docker
+name: Docker Build and Publish
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
 
 on:
   push:
-    branches: [ "dev" ]
+    branches: ["legacy"]
-    # Publish semver tags as releases.
+  workflow_dispatch:
-    tags: [ 'v*.*.*' ]
-  workflow_dispatch:  # Enable manual trigger
 
 env:
-  # Use docker.io for Docker Hub if empty
   REGISTRY: ghcr.io
-  # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
 
-
 jobs:
   build:
-
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
       id-token: write
 
     steps:
-      - name: Checkout repository
+      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
-      - uses: satackey/action-docker-layer-caching@v0.0.11
+        with:
-        continue-on-error: true
+          fetch-depth: 0
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
+        with:
+          platforms: 'arm64,amd64'
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+          driver-opts: |
+            image=moby/buildkit:latest
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=sha,format=long
+            type=raw,value=new
+
+      - name: Get version
+        id: get_version
+        run: echo "version=$(git describe --tags --always)" >> $GITHUB_OUTPUT
+
+      - name: Update version in app.php
+        run: |
+          VERSION=$(date '+%Y%m%d')-$(git rev-parse --short HEAD)
+          sed -i "s/'version' => '.*'/'version' => '$VERSION'/g" config/app.php
+          echo "Updated version to: $VERSION"
+
+      - name: Build and push
+        id: build-and-push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: |
+            ${{ env.REGISTRY }}/${{ github.repository_owner }}/xboard:legacy
+            ${{ env.REGISTRY }}/${{ github.repository_owner }}/xboard:${{ steps.get_version.outputs.version }}
+          build-args: |
+            BUILDKIT_INLINE_CACHE=1
+          provenance: false
 
       - name: Install cosign
         uses: sigstore/cosign-installer@v3.4.0
         with:
           cosign-release: 'v2.2.2'
 
-      - name: Set up Docker Buildx
+      - name: Sign image
-        uses: docker/setup-buildx-action@v3.2.0
+        if: steps.build-and-push.outputs.digest != ''
-
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
-      - name: Log into registry ${{ env.REGISTRY }}
-        uses: docker/login-action@v3.1.0
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract Docker metadata
-        id: meta
-        uses: docker/metadata-action@v5.5.1
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
-      - name: Get version
-        id: get_version
-        run: echo "version=$(git describe --tags --always)" >> $GITHUB_OUTPUT
-
-      - name: Build and push Docker image
-        id: build-and-push
-        uses: docker/build-push-action@v5.3.0
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: ${{ env.REGISTRY }}/${{ github.repository_owner }}/xboard:latest,${{ env.REGISTRY }}/${{ github.repository_owner }}/xboard,${{ env.REGISTRY }}/${{ github.repository_owner }}/xboard:${{ steps.get_version.outputs.version }}
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
         env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          COSIGN_EXPERIMENTAL: 1
-          TAGS: ${{ steps.meta.outputs.tags }}
+        run: |
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes "{}@${{ steps.build-and-push.outputs.digest }}"
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

app/Payments/StripeALLInOne.php

@@ -66,7 +66,7 @@ class StripeALLInOne {
                 'confirm' => true,
                 'payment_method' => $stripePaymentMethod->id,
                 'automatic_payment_methods' => ['enabled' => true],
-                'statement_descriptor' => 'sub-' . $order['user_id'] . '-' . substr($order['trade_no'], -8),
+                'statement_descriptor_suffix' => 'sub-' . $order['user_id'] . '-' . substr($order['trade_no'], -8),
                 'description' => $this->config['description'],
                 'metadata' => [
                     'user_id' => $order['user_id'],

app/Protocols/ClashMeta.php

@@ -195,8 +195,6 @@ class ClashMeta
         $array['server'] = $server['host'];
         $array['port'] = $server['port'];
         $array['uuid'] = $password;
-        $array['alterId'] = 0;
-        $array['cipher'] = 'auto';
         $array['udp'] = true;
 
         // XTLS流控算法
@@ -243,10 +241,8 @@ class ClashMeta
                     $array['ws-opts']['path'] = $wsSettings['path'];
                 if (isset($wsSettings['headers']['Host']) && !empty($wsSettings['headers']['Host']))
                     $array['ws-opts']['headers'] = ['Host' => $wsSettings['headers']['Host']];
-                if (isset($wsSettings['path']) && !empty($wsSettings['path']))
+				$array['ws-opts']['max-early-data'] = 2560;
-                    $array['ws-path'] = $wsSettings['path'];
+                $array['ws-opts']['early-data-header-name'] = 'Sec-WebSocket-Protocol';
-                if (isset($wsSettings['headers']['Host']) && !empty($wsSettings['headers']['Host']))
-                    $array['ws-headers'] = ['Host' => $wsSettings['headers']['Host']];
             }
         }
         if ($server['network'] === 'grpc') {

app/Protocols/General.php

@@ -74,6 +74,8 @@ class General
                 $tlsSettings = $server['tlsSettings'];
                 if (isset($tlsSettings['serverName']) && !empty($tlsSettings['serverName']))
                     $config['sni'] = $tlsSettings['serverName'];
+                if (isset($tlsSettings['allowInsecure']) && !empty($tlsSettings['allowInsecure']))
+                    $config['allowInsecure'] = $tlsSettings['allowInsecure'];  
             }
         }
         if ((string)$server['network'] === 'tcp') {
@@ -122,6 +124,8 @@ class General
                         if (isset($tlsSettings['server_name']) && !empty($tlsSettings['server_name']))
                             $config['sni'] = $tlsSettings['server_name'];
                             $config['security'] = "tls";
+                        if (isset($tlsSettings['allow_insecure']) && !empty($tlsSettings['allow_insecure']))
+                            $config['allowInsecure'] = $tlsSettings['allow_insecure'];  
                     }
                     break;
                 case 2: //reality

app/Protocols/Passwall.php

@@ -72,6 +72,8 @@ class Passwall
                 $tlsSettings = $server['tlsSettings'];
                 if (isset($tlsSettings['serverName']) && !empty($tlsSettings['serverName']))
                     $config['sni'] = $tlsSettings['serverName'];
+                if (isset($tlsSettings['allowInsecure']) && !empty($tlsSettings['allowInsecure']))
+                    $config['allowInsecure'] = $tlsSettings['allowInsecure'];  
             }
         }
         if ((string)$server['network'] === 'tcp') {
@@ -120,6 +122,8 @@ class Passwall
                         if (isset($tlsSettings['server_name']) && !empty($tlsSettings['server_name']))
                             $config['sni'] = $tlsSettings['server_name'];
                             $config['security'] = "tls";
+                        if (isset($tlsSettings['allow_insecure']) && !empty($tlsSettings['allow_insecure']))
+                            $config['allowInsecure'] = $tlsSettings['allow_insecure'];
                     }
                     break;
                 case 2: //reality

app/Protocols/SSRPlus.php

@@ -72,6 +72,8 @@ class SSRPlus
                 $tlsSettings = $server['tlsSettings'];
                 if (isset($tlsSettings['serverName']) && !empty($tlsSettings['serverName']))
                     $config['sni'] = $tlsSettings['serverName'];
+                if (isset($tlsSettings['allowInsecure']) && !empty($tlsSettings['allowInsecure']))
+                    $config['allowInsecure'] = $tlsSettings['allowInsecure'];
             }
         }
         if ((string)$server['network'] === 'ws') {
@@ -108,6 +110,8 @@ class SSRPlus
                         if (isset($tlsSettings['server_name']) && !empty($tlsSettings['server_name']))
                             $config['sni'] = $tlsSettings['server_name'];
                             $config['security'] = "tls";
+                        if (isset($tlsSettings['allow_insecure']) && !empty($tlsSettings['allow_insecure']))
+                            $config['allowInsecure'] = $tlsSettings['allow_insecure'];
                     }
                     break;
                 case 2: //reality

app/Protocols/SagerNet.php

@@ -70,6 +70,8 @@ class SagerNet
                 $tlsSettings = $server['tlsSettings'];
                 if (isset($tlsSettings['serverName']) && !empty($tlsSettings['serverName']))
                     $config['sni'] = urlencode($tlsSettings['serverName']);
+                if (isset($tlsSettings['allowInsecure']) && !empty($tlsSettings['allowInsecure']))
+                    $config['allowInsecure'] = $tlsSettings['allowInsecure'];
             }
         }
         if ((string)$server['network'] === 'tcp') {

app/Protocols/Shadowrocket.php

@@ -150,8 +150,8 @@ class Shadowrocket
                     $config['tls'] = 1;
                     if ($server['tls_settings']) {
                         $tlsSettings = $server['tls_settings'];
-                        if (isset($tlsSettings['allowInsecure']) && !empty($tlsSettings['allowInsecure']))
+                        if (isset($tlsSettings['allow_insecure']) && !empty($tlsSettings['allow_insecure']))
-                            $config['allowInsecure'] = (int)$tlsSettings['allowInsecure'];
+                            $config['allowInsecure'] = (int)$tlsSettings['allow_insecure'];
                         if (isset($tlsSettings['server_name']) && !empty($tlsSettings['server_name']))
                             $config['peer'] = $tlsSettings['server_name'];
                     }
@@ -190,7 +190,7 @@ class Shadowrocket
             if ($server['network_settings']) {
                 $wsSettings = $server['network_settings'];
                 if (isset($wsSettings['path']) && !empty($wsSettings['path']))
-                    $config['path'] = $wsSettings['path'];
+                    $config['path'] = $wsSettings['path'] . '?ed=2560';
                 if (isset($wsSettings['headers']['Host']) && !empty($wsSettings['headers']['Host']))
                     $config['obfsParam'] = $wsSettings['headers']['Host'];
             }

app/Protocols/SingBox.php

@@ -149,7 +149,7 @@ class SingBox
                     $array['transport']['path'] = $wsSettings['path'];
                 if (isset($wsSettings['headers']['Host']) && !empty($wsSettings['headers']['Host']))
                     $array['transport']['headers'] = ['Host' => array($wsSettings['headers']['Host'])];
-                $array['transport']['max_early_data'] = 2048;
+                $array['transport']['max_early_data'] = 2560;
                 $array['transport']['early_data_header_name'] = 'Sec-WebSocket-Protocol';
             }
         }
@@ -217,7 +217,7 @@ class SingBox
                     $array['transport']['path'] = $wsSettings['path'];
                 if (isset($wsSettings['headers']['Host']) && !empty($wsSettings['headers']['Host']))
                     $array['transport']['headers'] = ['Host' => array($wsSettings['headers']['Host'])];
-                $array['transport']['max_early_data'] = 2048;
+                $array['transport']['max_early_data'] = 2560;
                 $array['transport']['early_data_header_name'] = 'Sec-WebSocket-Protocol';
             }
         }
@@ -272,7 +272,7 @@ class SingBox
                 if (isset($server['network_settings']['headers']['Host'])) {
                     $array['transport']['headers'] = ['Host' => array($server['network_settings']['headers']['Host'])];
                 }
-                $array['transport']['max_early_data'] = 2048;
+                $array['transport']['max_early_data'] = 2560;
                 $array['transport']['early_data_header_name'] = 'Sec-WebSocket-Protocol';
             }
         }

app/Protocols/Stash.php

@@ -189,6 +189,8 @@ class Stash
                 case 1:
                     if ($server['tls_settings']) {
                         $tlsSettings = $server['tls_settings'];
+                        if (isset($tlsSettings['allow_insecure']) && !empty($tlsSettings['allow_insecure']))
+                            $array['skip-cert-verify'] = ($tlsSettings['allow_insecure'] ? true : false);
                         if (isset($tlsSettings['server_name']) && !empty($tlsSettings['server_name']))
                             $array['servername'] = $tlsSettings['server_name'];
                     }

app/Protocols/V2rayN.php

@@ -75,6 +75,8 @@ class V2rayN
                 $tlsSettings = $server['tlsSettings'];
                 if (isset($tlsSettings['serverName']) && !empty($tlsSettings['serverName']))
                     $config['sni'] = $tlsSettings['serverName'];
+                if (isset($tlsSettings['allowInsecure']) && !empty($tlsSettings['allowInsecure']))
+                    $config['allowInsecure'] = $tlsSettings['allowInsecure'];
             }
         }
         if ((string)$server['network'] === 'tcp') {
@@ -123,6 +125,8 @@ class V2rayN
                         if (isset($tlsSettings['server_name']) && !empty($tlsSettings['server_name']))
                             $config['sni'] = $tlsSettings['server_name'];
                             $config['security'] = "tls";
+                        if (isset($tlsSettings['allow_insecure']) && !empty($tlsSettings['allow_insecure']))
+                            $config['allowInsecure'] = $tlsSettings['allow_insecure'];
                     }
                     break;
                 case 2: //reality

app/Protocols/V2rayNG.php

@@ -76,6 +76,8 @@ class V2rayNG
                 $tlsSettings = $server['tlsSettings'];
                 if (isset($tlsSettings['serverName']) && !empty($tlsSettings['serverName']))
                     $config['sni'] = $tlsSettings['serverName'];
+                if (isset($tlsSettings['allowInsecure']) && !empty($tlsSettings['allowInsecure']))
+                    $config['allowInsecure'] = $tlsSettings['allowInsecure'];
             }
         }
         if ((string)$server['network'] === 'tcp') {
@@ -124,6 +126,8 @@ class V2rayNG
                         if (isset($tlsSettings['server_name']) && !empty($tlsSettings['server_name']))
                             $config['sni'] = $tlsSettings['server_name'];
                             $config['security'] = "tls";
+                        if (isset($tlsSettings['allow_insecure']) && !empty($tlsSettings['allow_insecure']))
+                            $config['allowInsecure'] = $tlsSettings['allow_insecure'];
                     }
                     break;
                 case 2: //reality

docker-compose.sample.yaml

@@ -3,7 +3,7 @@ services:
   xboard:
     # build: 
     #   context: .
-    image: ghcr.io/cedar2025/xboard:latest
+    image: ghcr.io/cedar2025/xboard:legacy
     volumes:
       - ./:/www/
       # - ./.env:/www/.env

docs/aapanel+docker安装指南.md

@@ -39,7 +39,7 @@ rm -rf .htaccess 404.html 502.html index.html .user.ini
 ```
 > 执行命令从 Github 克隆到当前目录。
 ```
-git clone https://github.com/cedar2025/Xboard.git ./
+git clone -b legacy https://github.com/cedar2025/Xboard.git ./
 ```
 > 复制一份docker-compose.yaml文件
 ```

docs/aapanel安装指南.md

@@ -48,7 +48,7 @@ rm -rf .htaccess 404.html 502.html index.html .user.ini
 ```
 > 执行命令从 Github 克隆到当前目录。
 ```
-git clone https://github.com/cedar2025/Xboard.git ./
+git clone -b legacy https://github.com/cedar2025/Xboard.git ./
 ```
 > 执行命令安装依赖包以及V2board
 ```

docs/docker-compose安装指南.md

@@ -1,77 +1,119 @@
-## Docker-Compose 部署教程
+## Docker-Compose 快速部署指南
-本文教你如何在命令行使用docker-compose + sqlite来快速部署Xboard  
+
-如果你需要使用Mysql，你需要自行处理好Mysql的安装。
+### 环境要求
-### 部署 (使用docker-compose 2分钟部署)
+- Docker (最新稳定版)
-> 在此提供Xboard安装、快速体验Xboard的步骤。   
+- 至少 1GB 可用内存
-使用docker compose + sqlite 快速部署站点（**无需安装Mysql以及redis**）
+- 至少 10GB 可用磁盘空间
-1. 安装docker
+- 系统支持: Linux/macOS/Windows
-```
+- 开放端口: 7001 (默认)
+
+### 部署步骤
+
+#### 1. 安装 Docker
+```bash
+# 安装 Docker
 curl -sSL https://get.docker.com | bash
-```  
+
-Centos系统可能需要执行下面命令来启动Docker。
+# CentOS 系统需要执行以下命令启动 Docker
-```
 systemctl enable docker
 systemctl start docker
 ```
-2. 获取Docker compose 文件
+
-```
+#### 2. 获取部署文件
+```bash
 git clone -b docker-compose --depth 1 https://github.com/cedar2025/Xboard
 cd Xboard
 ```
-3. 执行数据库安装命令
+
-> 选择 **启用sqlite** 和 **Docker内置的Redis**
+#### 3. 初始化安装
-```
+> 提供两种安装方式，选择其一即可：
-docker compose run -it --rm -e enable_sqlite=true -e enable_redis=true -e admin_account=your_admin_email@example.com xboard php artisan xboard:install
+
-```
+**方式一：快速安装** (推荐)
-> 或者根据自己的需要在运行时选择
+```bash
+# 使用 SQLite + Docker内置Redis
+docker compose run -it --rm \
+    -e enable_sqlite=true \
+    -e enable_redis=true \
+    -e admin_account=admin@demo.com \
+    xboard php artisan xboard:install
 ```
+
+**方式二：自定义安装**
+```bash
+# 根据提示自定义配置
 docker compose run -it --rm xboard php artisan xboard:install
 ```
-> 执行这条命令之后，会返回你的后台地址和管理员账号密码（你需要记录下来）  
-> 你需要执行下面的 **启动xborad** 步骤之后才能访问后台
 
-4. 启动Xboard
+> **重要提示：** 
-```
+> - 安装完成后会显示后台地址和管理员账号密码，请务必保存
+> - 如需使用 MySQL，请先自行安装并配置 MySQL 后再部署
+
+#### 4. 启动服务
+```bash
 docker compose up -d
 ```
-> 安装完成之后即可访问你的站点
-5. 访问站点 
-> 启动之后网站端口默认为7001, 你可以配置nginx反向代理使用80端口  
 
-网站地址:   http://你的IP:7001/   
+#### 5. 访问站点
-在此你已经成功部署了, 你可以访问网址体验Xboard的完整功能， 
+- 网站地址：`http://服务器IP:7001`
+- 后台地址：安装时提供的地址
 
-> 如果你需要使用mysql，请自行安装Mysql后重新部署
+### 更新指南
 
-### **更新**
+#### 方式一：快速更新（保持最新版本）
-1. 修改版本
+```bash
-```
 cd Xboard
-vi docker-compose.yaml
-```
-> 修改docker-compose.yaml 当中image后面的版本号为你需要的版本  
-> 如果为版本为latest 则可以忽略这一步，直接进行第二步
-
-2. 更新数据库（可以执行多次都是安全的）
-```
 docker compose pull
 docker compose down
 docker compose run -it --rm xboard php artisan xboard:update
 docker compose up -d
 ```
-> 即可更新成功
 
-### **回滚**
+#### 方式二：更新至指定版本
-> 此回滚不回滚数据库，是否回滚数据库请查看相关文档
+1. 修改版本号
-1. 回退版本  
+```bash
-```
+# 编辑 docker-compose.yaml，修改 image 的版本号
 vi docker-compose.yaml
 ```
-> 修改docker-compose.yaml 当中image后面的版本号为更新前的版本号
+
-2. 启动
+2. 执行更新
-```
+```bash
+docker compose pull
+docker compose down
+docker compose run -it --rm xboard php artisan xboard:update
 docker compose up -d
 ```
 
-### 注意
+### 版本回滚
-启用webman后做的任何代码修改都需要重启生效
+```bash
+# 1. 修改 docker-compose.yaml 中的版本号为目标版本
+vi docker-compose.yaml
+
+# 2. 重启服务
+docker compose up -d
+```
+
+### 常见问题
+
+1. **端口配置**
+- 默认端口为 7001
+- 可通过 Nginx 反向代理使用 80/443 端口
+- 如需修改端口，请编辑 docker-compose.yaml
+
+2. **数据持久化**
+- 数据默认存储在 ./data 目录
+- 建议定期备份 data 目录
+
+3. **性能优化**
+- 启用 webman 后的代码修改需要重启服务才能生效
+- 可根据实际需求调整容器资源限制
+
+### 安全建议
+1. 及时更新到最新版本
+2. 修改默认管理员账号
+3. 使用强密码
+4. 建议配置 SSL 证书
+5. 定期备份数据
+
+### 技术支持
+- GitHub Issues: https://github.com/cedar2025/Xboard/issues
+- 官方文档：[文档链接]