README: Persian

v2.5.1
Xray Core v25.1.30
2025-02-03 20:30:42 +01:00 · 2025-02-03 17:40:33 +01:00 · 2025-02-03 17:37:01 +01:00 · 2025-02-03 13:36:03 +01:00 · 2025-01-31 18:54:52 +01:00 · 2025-01-31 16:01:14 +01:00
134 changed files with 9064 additions and 4150 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,14 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+polar: # Replace with a single Polar username
+buy_me_a_coffee: mhsanaei
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,10 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "gomod" # See documentation for possible values
-    directory: "/" # Location of package manifests
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -1,41 +1,57 @@
 name: Release 3X-UI for Docker
 on:
+  workflow_dispatch:
  push:
    tags:
-      - "*"
-  workflow_dispatch:
+      - "v*.*.*"

 jobs:
-  build_and_push:
-    runs-on: ubuntu-latest
+  build:
+    runs-on: ubuntu-20.04

    steps:
-      - name: Check out the code
-        uses: actions/checkout@v4
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+    - uses: actions/checkout@v4
+      with:
+        submodules: true
+   
+    - name: Docker meta
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          hsanaeii/3x-ui
+          ghcr.io/mhsanaei/3x-ui
+        tags: |
+          type=ref,event=branch
+          type=ref,event=tag
+          type=pep440,pattern={{version}}

-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3

-      - name: Login to GHCR
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+      with:
+        install: true

-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ghcr.io/${{ github.repository }}
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_HUB_USERNAME }}
+        password: ${{ secrets.DOCKER_HUB_TOKEN }}

-      - name: Build and push Docker image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          platforms: linux/amd64, linux/arm64/v8, linux/arm/v7, linux/arm/v6, linux/386
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+    - name: Login to GHCR
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        push: true
+        platforms: linux/amd64, linux/arm64/v8, linux/arm/v7, linux/arm/v6, linux/386
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,10 +1,10 @@
 name: Release 3X-UI

 on:
+  workflow_dispatch:
  push:
    tags:
-      - "*"
-  workflow_dispatch:
+      - "v*.*.*"

 jobs:
  build:
@@ -72,7 +72,7 @@ jobs:
            export GOARCH=s390x
            export CC=s390x-linux-gnu-gcc
          fi
-          go build -o xui-release -v main.go
+          go build -ldflags "-w -s" -o xui-release -v main.go
          
          mkdir x-ui
          cp xui-release x-ui/
@@ -83,43 +83,43 @@ jobs:
          cd x-ui/bin
          
          # Download dependencies
-          Xray_URL="https://github.com/XTLS/Xray-core/releases/download/v1.8.21/"
+          Xray_URL="https://github.com/XTLS/Xray-core/releases/download/v25.1.30/"
          if [ "${{ matrix.platform }}" == "amd64" ]; then
-            wget ${Xray_URL}Xray-linux-64.zip
+            wget -q ${Xray_URL}Xray-linux-64.zip
            unzip Xray-linux-64.zip
            rm -f Xray-linux-64.zip
          elif [ "${{ matrix.platform }}" == "arm64" ]; then
-            wget ${Xray_URL}Xray-linux-arm64-v8a.zip
+            wget -q ${Xray_URL}Xray-linux-arm64-v8a.zip
            unzip Xray-linux-arm64-v8a.zip
            rm -f Xray-linux-arm64-v8a.zip
          elif [ "${{ matrix.platform }}" == "armv7" ]; then
-            wget ${Xray_URL}Xray-linux-arm32-v7a.zip
+            wget -q ${Xray_URL}Xray-linux-arm32-v7a.zip
            unzip Xray-linux-arm32-v7a.zip
            rm -f Xray-linux-arm32-v7a.zip
          elif [ "${{ matrix.platform }}" == "armv6" ]; then
-            wget ${Xray_URL}Xray-linux-arm32-v6.zip
+            wget -q ${Xray_URL}Xray-linux-arm32-v6.zip
            unzip Xray-linux-arm32-v6.zip
            rm -f Xray-linux-arm32-v6.zip
          elif [ "${{ matrix.platform }}" == "386" ]; then
-            wget ${Xray_URL}Xray-linux-32.zip
+            wget -q ${Xray_URL}Xray-linux-32.zip
            unzip Xray-linux-32.zip
            rm -f Xray-linux-32.zip
          elif [ "${{ matrix.platform }}" == "armv5" ]; then
-            wget ${Xray_URL}Xray-linux-arm32-v5.zip
+            wget -q ${Xray_URL}Xray-linux-arm32-v5.zip
            unzip Xray-linux-arm32-v5.zip
            rm -f Xray-linux-arm32-v5.zip
          elif [ "${{ matrix.platform }}" == "s390x" ]; then
-            wget ${Xray_URL}Xray-linux-s390x.zip
+            wget -q ${Xray_URL}Xray-linux-s390x.zip
            unzip Xray-linux-s390x.zip
            rm -f Xray-linux-s390x.zip
          fi
          rm -f geoip.dat geosite.dat
-          wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
-          wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
-          wget -O geoip_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geoip.dat
-          wget -O geosite_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geosite.dat
-          wget -O geoip_VN.dat https://github.com/vuong2023/vn-v2ray-rules/releases/latest/download/geoip.dat
-          wget -O geosite_VN.dat https://github.com/vuong2023/vn-v2ray-rules/releases/latest/download/geosite.dat
+          wget -q https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
+          wget -q https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
+          wget -q -O geoip_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geoip.dat
+          wget -q -O geosite_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geosite.dat
+          wget -q -O geoip_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geoip.dat
+          wget -q -O geosite_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geosite.dat
          mv xray xray-linux-${{ matrix.platform }}
          cd ../..
          
--- a/DockerEntrypoint.sh
+++ b/DockerEntrypoint.sh
@@ -1,7 +1,7 @@
 #!/bin/sh

 # Start fail2ban
-fail2ban-client -x start
+[ $X_UI_ENABLE_FAIL2BAN == "true" ] && fail2ban-client -x start

 # Run x-ui
 exec /app/x-ui
--- a/DockerInit.sh
+++ b/DockerInit.sh
@@ -27,14 +27,14 @@ case $1 in
 esac
 mkdir -p build/bin
 cd build/bin
-wget "https://github.com/XTLS/Xray-core/releases/download/v1.8.21/Xray-linux-${ARCH}.zip"
+wget -q "https://github.com/XTLS/Xray-core/releases/download/v25.1.30/Xray-linux-${ARCH}.zip"
 unzip "Xray-linux-${ARCH}.zip"
 rm -f "Xray-linux-${ARCH}.zip" geoip.dat geosite.dat
 mv xray "xray-linux-${FNAME}"
-wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
-wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
-wget -O geoip_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geoip.dat
-wget -O geosite_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geosite.dat
-wget -O geoip_VN.dat https://github.com/vuong2023/vn-v2ray-rules/releases/latest/download/geoip.dat
-wget -O geosite_VN.dat https://github.com/vuong2023/vn-v2ray-rules/releases/latest/download/geosite.dat
+wget -q https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
+wget -q https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
+wget -q -O geoip_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geoip.dat
+wget -q -O geosite_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geosite.dat
+wget -q -O geoip_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geoip.dat
+wget -q -O geosite_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geosite.dat
 cd ../../
--- a/5
+++ b/5
@@ -1,7 +1,7 @@
 # ========================================================
 # Stage: Builder
 # ========================================================
-FROM golang:1.22-alpine AS builder
+FROM golang:1.23-alpine AS builder
 WORKDIR /app
 ARG TARGETARCH

@@ -15,7 +15,7 @@ COPY . .

 ENV CGO_ENABLED=1
 ENV CGO_CFLAGS="-D_LARGEFILE64_SOURCE"
-RUN go build -o build/x-ui main.go
+RUN go build -ldflags "-w -s" -o build/x-ui main.go
 RUN ./DockerInit.sh "$TARGETARCH"

 # ========================================================
@@ -48,6 +48,7 @@ RUN chmod +x \
  /app/x-ui \
  /usr/bin/x-ui

+ENV X_UI_ENABLE_FAIL2BAN="true"
 VOLUME [ "/etc/x-ui" ]
 CMD [ "./x-ui" ]
 ENTRYPOINT [ "/app/DockerEntrypoint.sh" ]
--- a/README.es_ES.md
+++ b/README.es_ES.md
@@ -1,6 +1,11 @@
-[English](/README.md) | [Chinese](/README.zh.md) | [Español](/README.es_ES.md)
+[English](/README.md) | [فارسی](/README.fa_IR.md) | [中文](/README.zh_CN.md) | [Español](/README.es_ES.md) | [Русский](/README.ru_RU.md)

-<p align="center"><a href="#"><img src="./media/3X-UI.png" alt="Image"></a></p>
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="./media/3x-ui-dark.png">
+    <img alt="3x-ui" src="./media/3x-ui-light.png">
+  </picture>
+</p>

 **Un Panel Web Avanzado • Construido sobre Xray Core**

@@ -14,7 +19,11 @@

 **Si este proyecto te es útil, podrías considerar darle una**:star2:

-<p align="left"><a href="#"><img width="125" src="https://github.com/MHSanaei/3x-ui/assets/115543613/7aa895dd-048a-42e7-989b-afd41a74e2e1" alt="Image"></a></p>
+<p align="left">
+  <a href="https://buymeacoffee.com/mhsanaei" target="_blank">
+    <img src="./media/buymeacoffe.png" alt="Image">
+  </a>
+</p>

 - USDT (TRC20): `TXncxkvhkDWGts487Pjqq1qT9JmwRUz8CC`
 - MATIC (polygon): `0x41C9548675D044c6Bfb425786C765bc37427256A`
@@ -26,38 +35,62 @@
 bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh)
 ```

-## Instalar una Versión Personalizada
+## Instalar versión antigua (no recomendamos)

-Para instalar la versión deseada, agrega la versión al final del comando de instalación. Por ejemplo, ver `v2.3.6`:
+Para instalar la versión deseada, utiliza el siguiente comando de instalación. Por ejemplo, ver `v1.7.9`:

 ```
-bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh) v2.3.6
+VERSION=v1.7.9 && <(curl -Ls "https://raw.githubusercontent.com/mhsanaei/3x-ui/$VERSION/install.sh") $VERSION
 ```

 ## Certificado SSL

 <details>
-  <summary>Haz clic para el Certificado SSL</summary>
+  <summary>Haga clic para ver los detalles del certificado SSL</summary>

-### Cloudflare
+### ACME

-El script de gestión tiene una aplicación de certificado SSL incorporada para Cloudflare. Para usar este script para colocar un certificado, necesitas lo siguiente:
+Para gestionar certificados SSL utilizando ACME:

- Correo electrónico registrado en Cloudflare
- Clave Global de API de Cloudflare
- El nombre de dominio se ha resuelto en el servidor actual a través de Cloudflare
-
-**1:** Ejecuta el comando`x-ui`en la terminal, luego elige `Certificado SSL de Cloudflare`.
+1. Asegúrate de que tu dominio esté correctamente resuelto al servidor.
+2. Ejecuta el comando `x-ui` en la terminal y elige `Gestión de Certificados SSL`.
+3. Se te presentarán las siguientes opciones:

+   - **Get SSL:** Obtener certificados SSL.
+   - **Revoke:** Revocar certificados SSL existentes.
+   - **Force Renew:** Forzar la renovación de certificados SSL.
+   - **Show Existing Domains:** Mostrar todos los certificados de dominio disponibles en el servidor.  
+   - **Set Certificate Paths for the Panel:** Especificar el certificado para tu dominio que será utilizado por el panel. 

 ### Certbot
-```
+
+Para instalar y usar Certbot:
+
+```sh
 apt-get install certbot -y
 certbot certonly --standalone --agree-tos --register-unsafely-without-email -d yourdomain.com
 certbot renew --dry-run
 ```

-***Consejo:*** *Certbot también está integrado en el script de gestión. Puedes ejecutar el comando `x-ui` , luego elegir `Gestión de Certificados SSL`.*
+### Cloudflare
+
+El script de gestión incluye una aplicación de certificado SSL integrada para Cloudflare. Para usar este script para solicitar un certificado, necesitas lo siguiente:
+
+- Correo electrónico registrado en Cloudflare
+- Clave API Global de Cloudflare
+- El nombre de dominio debe estar resuelto al servidor actual a través de Cloudflare
+
+**Cómo obtener la Clave API Global de Cloudflare:**
+
+1. Ejecuta el comando `x-ui` en la terminal y elige `Certificado SSL de Cloudflare`.
+2. Visita el enlace: [Tokens de API de Cloudflare](https://dash.cloudflare.com/profile/api-tokens).
+3. Haz clic en "Ver Clave API Global" (consulta la captura de pantalla a continuación):
+   ![](media/APIKey1.PNG)
+4. Es posible que necesites volver a autenticar tu cuenta. Después de eso, se mostrará la Clave API (consulta la captura de pantalla a continuación):
+   ![](media/APIKey2.png)
+
+Al utilizarlo, simplemente ingresa tu `nombre de dominio`, `correo electrónico` y `CLAVE API`. El diagrama es el siguiente:
+   ![](media/DetailEnter.png)

 </details>

@@ -173,19 +206,59 @@ eliminar 3x-ui de docker

 </details>

+## Configuración de Nginx
+<details>
+  <summary>Haga clic aquí para configurar el proxy inverso</summary>
+
+#### Proxy inverso Nginx
+```nginx
+location / {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range; 
+    proxy_redirect off;
+    proxy_pass http://127.0.0.1:2053;
+}
+```
+
+#### Nginx sub-path
+- EAsegúrese de que la "Ruta Raíz de la URL del Panel" en la configuración del panel `/sub` es la misma.
+- El `url` en la configuración del panel debe terminar con `/`.   
+
+```nginx
+location /sub {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range; 
+    proxy_redirect off;
+    proxy_pass http://127.0.0.1:2053;
+}
+```
+</details>

 ## SO Recomendados

 - Ubuntu 20.04+
 - Debian 11+
 - CentOS 8+
+- OpenEuler 22.03+
 - Fedora 36+
 - Arch Linux
+- Parch Linux
 - Manjaro
 - Armbian
- AlmaLinux 9+
- Rockylinux 9+
+- AlmaLinux 8.0+
+- Rocky Linux 8+
+- Oracle Linux 8+
 - OpenSUSE Tubleweed
+- Amazon Linux 2023
+- Windows x64

 ## Arquitecturas y Dispositivos Compatibles

@@ -209,14 +282,18 @@ Nuestra plataforma ofrece compatibilidad con una amplia gama de arquitecturas y

 ## Idiomas

- Inglés
- Farsi
- Chino
- Ruso
- Vietnamita
- Español
- Indonesio
- Ucraniano
+- English (inglés)  
+- Persian (persa)  
+- Traditional Chinese (chino tradicional)  
+- Simplified Chinese (chino simplificado)  
+- Japanese (japonés)  
+- Russian (ruso)  
+- Vietnamese (vietnamita)  
+- Spanish (español)  
+- Indonesian (indonesio)  
+- Ukrainian (ucraniano)  
+- Turkish (turco)  
+- Português (Brazil) (portugués (Brasil))  


 ## Características
@@ -237,88 +314,103 @@ Nuestra plataforma ofrece compatibilidad con una amplia gama de arquitecturas y
 - Soporta exportar/importar base de datos desde el panel


-## Configuraciones por Defecto
+## Configuración Predeterminada del Panel

 <details>
-  <summary>Haz clic para detalles de las configuraciones por defecto</summary>
+  <summary>Haz clic para ver los detalles de la configuración predeterminada</summary>

-  ### Información
+### Nombre de usuario, Contraseña, Puerto y Ruta Base Web

+Si elige no modificar estas configuraciones, se generarán aleatoriamente (esto no se aplica a Docker).
+
+**Configuraciones predeterminadas para Docker:**
+- **Nombre de usuario:** admin
+- **Contraseña:** admin
 - **Puerto:** 2053
- **Usuario y Contraseña:** Se generarán aleatoriamente si omites la modificación.
+
+### Gestión de la Base de Datos:
+
+  Puedes realizar copias de seguridad y restauraciones de la base de datos directamente desde el panel.
+
 - **Ruta de la Base de Datos:**
-  - /etc/x-ui/x-ui.db
- **Ruta de Configuración de Xray:**
-  - /usr/local/x-ui/bin/config.json
- **Ruta del Panel Web sin Implementar SSL:**
-  - http://ip:2053/panel
-  - http://domain:2053/panel
- **Ruta del Panel Web con Implementación de SSL:**
-  - https://domain:2053/panel
- 
+  - `/etc/x-ui/x-ui.db`
+
+### Ruta Base Web
+
+1. **Restablecer la Ruta Base Web:**
+   - Abre tu terminal.
+   - Ejecuta el comando `x-ui`.
+   - Selecciona la opción `Restablecer la Ruta Base Web`.
+
+2. **Generar o Personalizar la Ruta:**
+   - La ruta se generará aleatoriamente, o puedes ingresar una ruta personalizada.
+
+3. **Ver Configuración Actual:**
+   - Para ver tu configuración actual, utiliza el comando `x-ui settings` en el terminal o selecciona `Ver Configuración Actual` en `x-ui`.
+
+### Recomendación de Seguridad:
+- Para mayor seguridad, utiliza una palabra larga y aleatoria en la estructura de tu URL.
+
+**Ejemplos:**
+- `http://ip:port/*webbasepath*/panel`
+- `http://domain:port/*webbasepath*/panel`
+
 </details>

-## Configuración WARP
+## Configuración de WARP

 <details>
-  <summary>Haz clic para detalles de la configuración WARP</summary>
+  <summary>Haz clic para ver los detalles de la configuración de WARP</summary>

 #### Uso

-Si deseas usar enrutamiento a WARP antes de la versión v2.1.0, sigue los pasos a continuación:
+**Para versiones `v2.1.0` y posteriores:**

-**1.** Instala WARP en **Modo de Proxy SOCKS**:
-
-   ```sh
-   bash <(curl -sSL https://raw.githubusercontent.com/hamid-gh98/x-ui-scripts/main/install_warp_proxy.sh)
-   ```
-
-**2.** Si ya instalaste warp, puedes desinstalarlo usando el siguiente comando:
-
-   ```sh
-   warp u
-   ```
-
-**3.** Activa la configuración que necesites en el panel
-
-   Características de Configuración:
-
-   - Bloquear Anuncios
-   - Enrutar Google + Netflix + Spotify + OpenAI (ChatGPT) a WARP
-   - Corregir error 403 de Google
+WARP está integrado, no se requiere instalación adicional. Simplemente habilita la configuración necesaria en el panel.

 </details>

 ## Límite de IP

 <details>
-  <summary>Haz clic para más detalles del límite de IP</summary>
+  <summary>Haz clic para ver los detalles del límite de IP</summary>

 #### Uso

-**Nota:** El Límite de IP no funcionará correctamente cuando se use IP Tunnel
-
- Para versiones hasta `v1.6.1`:
+**Nota:** El Límite de IP no funcionará correctamente cuando uses Túnel IP.

+- **Para versiones hasta `v1.6.1`:**
  - El límite de IP está integrado en el panel.

- Para versiones `v1.7.0` y posteriores:
+**Para versiones `v1.7.0` y posteriores:**

-  - Para que el Límite de IP funcione correctamente, necesitas instalar fail2ban y sus archivos requeridos siguiendo estos pasos:
+Para habilitar la funcionalidad de límite de IP, necesitas instalar `fail2ban` y los archivos requeridos siguiendo estos pasos:

-    1. Usa el comando `x-ui` dentro de la terminal.
-    2. Selecciona `Gestión de Límite de IP`.
-    3. Elige las opciones apropiadas según tus necesidades.
-   
-  - asegúrate de tener ./access.log en tu Configuración de Xray después de la v2.1.3 tenemos una opción para ello
-  
-  ```sh
+1. Ejecuta el comando `x-ui` en el terminal, luego elige `Gestión de Límite de IP`.
+2. Verás las siguientes opciones:
+
+   - **Cambiar la Duración del Bloqueo:** Ajustar la duración de los bloqueos.
+   - **Desbloquear a Todos:** Levantar todos los bloqueos actuales.
+   - **Revisar los Registros:** Revisar los registros.
+   - **Estado de Fail2ban:** Verificar el estado de `fail2ban`.
+   - **Reiniciar Fail2ban:** Reiniciar el servicio `fail2ban`.
+   - **Desinstalar Fail2ban:** Desinstalar Fail2ban con la configuración.
+
+3. Agrega una ruta para el registro de acceso en el panel configurando `Xray Configs/log/Access log` a `./access.log`, luego guarda y reinicia Xray.
+
+- **Para versiones anteriores a `v2.1.3`:**
+  - Necesitas configurar manualmente la ruta del registro de acceso en tu configuración de Xray:
+
+    ```sh
    "log": {
      "access": "./access.log",
      "dnsLog": false,
      "loglevel": "warning"
    },
-  ```
+    ```
+
+- **Para versiones `v2.1.3` y posteriores:**
+  - Hay una opción para configurar `access.log` directamente desde el panel.

 </details>

@@ -369,7 +461,7 @@ El panel web admite tráfico diario, inicio de sesión en el panel, copia de seg

 - Inicia [Botfather](https://t.me/BotFather) en tu cuenta de Telegram:
    ![Botfather](./media/botfather.png)
-  
+
 - Crea un nuevo bot usando el comando /newbot: Te hará 2 preguntas, Un nombre y un nombre de usuario para tu bot. Ten en cuenta que el nombre de usuario debe terminar con la palabra "bot".
    ![Create new bot](./media/newbot.png)

@@ -394,6 +486,7 @@ Ingresa el ID de chat de usuario en el campo de entrada número 4. Las cuentas d

 #### Uso

+- [Documentación de API](https://www.postman.com/hsanaei/3x-ui/collection/q1l5l0u/3x-ui)
 - `/login` con `POST` datos de usuario: `{username: '', password: ''}` para iniciar sesión
 - `/panel/api/inbounds` base para las siguientes acciones:

@@ -423,9 +516,7 @@ Ingresa el ID de chat de usuario en el campo de entrada número 4. Las cuentas d
 - `client.password` para TROJAN
 - `client.email` para Shadowsocks

-
- [Documentación de API](https://documenter.getpostman.com/view/16802678/2s9YkgD5jm)
- [<img src="https://run.pstmn.io/button.svg" alt="Run In Postman" style="width: 128px; height: 32px;">](https://app.getpostman.com/run-collection/16802678-1a4c9270-ac77-40ed-959a-7aa56dc4a415?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D16802678-1a4c9270-ac77-40ed-959a-7aa56dc4a415%26entityType%3Dcollection%26workspaceId%3D2cd38c01-c851-4a15-a972-f181c23359d9)
+- [<img src="https://run.pstmn.io/button.svg" alt="Run In Postman" style="width: 128px; height: 32px;">](https://app.getpostman.com/run-collection/5146551-dda3cab3-0e33-485f-96f9-d4262f437ac5?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D5146551-dda3cab3-0e33-485f-96f9-d4262f437ac5%26entityType%3Dcollection%26workspaceId%3Dd64f609f-485a-4951-9b8f-876b3f917124)
 </details>

 ## Variables de Entorno
@@ -453,13 +544,34 @@ XUI_BIN_FOLDER="bin" XUI_DB_FOLDER="/etc/x-ui" go build main.go

 ## Vista previa

-![1](./media/1.png)
-![2](./media/2.png)
-![3](./media/3.png)
-![4](./media/4.png)
-![5](./media/5.png)
-![6](./media/6.png)
-![7](./media/7.png)
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/01-overview-dark.png">
+  <img alt="3x-ui" src="./media/01-overview-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/02-inbounds-dark.png">
+  <img alt="3x-ui" src="./media/02-inbounds-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/03-add-inbound-dark.png">
+  <img alt="3x-ui" src="./media/03-add-inbound-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/04-add-client-dark.png">
+  <img alt="3x-ui" src="./media/04-add-client-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/05-settings-dark.png">
+  <img alt="3x-ui" src="./media/05-settings-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/06-configs-dark.png">
+  <img alt="3x-ui" src="./media/06-configs-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/07-bot-dark.png">
+  <img alt="3x-ui" src="./media/07-bot-light.png">
+</picture>

 ## Un agradecimiento especial a

@@ -468,8 +580,8 @@ XUI_BIN_FOLDER="bin" XUI_DB_FOLDER="/etc/x-ui" go build main.go
 ## Reconocimientos

 - [Iran v2ray rules](https://github.com/chocolate4u/Iran-v2ray-rules) (Licencia: **GPL-3.0**): _Reglas de enrutamiento mejoradas de v2ray/xray y v2ray/xray-clients con dominios iraníes integrados y un enfoque en seguridad y bloqueo de anuncios._
- [Vietnam Adblock rules](https://github.com/vuong2023/vn-v2ray-rules) (License: **GPL-3.0**): _Un dominio alojado en Vietnam y una lista de bloqueo con la máxima eficiencia para vietnamitas._
+- [Russia v2ray rules](https://github.com/runetfreedom/russia-v2ray-rules-dat) (License: **GPL-3.0**): _Este repositorio contiene reglas de enrutamiento de V2Ray actualizadas automáticamente basadas en datos de dominios y direcciones bloqueados en Rusia._

 ## Estrellas a lo largo del tiempo

-[![Stargazers over time](https://starchart.cc/MHSanaei/3x-ui.svg)](https://starchart.cc/MHSanaei/3x-ui)
+[![Stargazers over time](https://starchart.cc/MHSanaei/3x-ui.svg?variant=adaptive)](https://starchart.cc/MHSanaei/3x-ui)
--- a/README.fa_IR.md
+++ b/README.fa_IR.md
@@ -0,0 +1,527 @@
+[English](/README.md) | [فارسی](/README.fa_IR.md) | [中文](/README.zh_CN.md) | [Español](/README.es_ES.md) | [Русский](/README.ru_RU.md)
+
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="./media/3x-ui-dark.png">
+    <img alt="3x-ui" src="./media/3x-ui-light.png">
+  </picture>
+</p>
+
+**یک پنل وب پیشرفته • ساخته شده بر پایه Xray Core**
+
+[![](https://img.shields.io/github/v/release/mhsanaei/3x-ui.svg)](https://github.com/MHSanaei/3x-ui/releases)
+[![](https://img.shields.io/github/actions/workflow/status/mhsanaei/3x-ui/release.yml.svg)](#)
+[![GO Version](https://img.shields.io/github/go-mod/go-version/mhsanaei/3x-ui.svg)](#)
+[![Downloads](https://img.shields.io/github/downloads/mhsanaei/3x-ui/total.svg)](#)
+[![License](https://img.shields.io/badge/license-GPL%20V3-blue.svg?longCache=true)](https://www.gnu.org/licenses/gpl-3.0.en.html)
+
+> **سلب مسئولیت:** این پروژه صرفاً برای اهداف آموزشی و تحقیقاتی است. استفاده از آن برای مقاصد غیرقانونی یا در محیط‌های عملیاتی ممنوع است.
+
+**اگر این پروژه برای شما مفید بوده، می‌توانید با دادن یک**:star2: از آن حمایت کنید.
+
+<p align="left">
+  <a href="https://buymeacoffee.com/mhsanaei" target="_blank">
+    <img src="./media/buymeacoffe.png" alt="Image">
+  </a>
+</p>
+
+- USDT (TRC20): `TXncxkvhkDWGts487Pjqq1qT9JmwRUz8CC`
+- MATIC (polygon): `0x41C9548675D044c6Bfb425786C765bc37427256A`
+- LTC (Litecoin): `ltc1q2ach7x6d2zq0n4l0t4zl7d7xe2s6fs7a3vspwv`
+
+## نصب و ارتقا
+
+```
+bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh)
+```
+
+## نصب نسخه‌های قدیمی (توصیه نمی‌شود)
+
+برای نصب نسخه خاصی از دستور زیر استفاده کنید. مثال برای نسخه `v1.7.9`:
+
+```
+VERSION=v1.7.9 && bash <(curl -Ls "https://raw.githubusercontent.com/mhsanaei/3x-ui/$VERSION/install.sh") $VERSION
+```
+
+## گواهی SSL
+
+<details>
+  <summary>جزئیات گواهی SSL</summary>
+
+### ACME
+
+برای مدیریت گواهی‌های SSL با استفاده از ACME:
+
+1. اطمینان حاصل کنید دامنه شما به درستی به سرور متصل است.
+2. دستور `x-ui` را در ترمینال اجرا کرده و گزینه `مدیریت گواهی SSL` را انتخاب کنید.
+3. گزینه‌های زیر نمایش داده می‌شوند:
+
+   - **دریافت SSL:** دریافت گواهی SSL
+   - **لغو:** لغو گواهی‌های موجود
+   - **تمدید اجباری:** تمدید اجباری گواهی‌ها
+   - **نمایش دامنه‌های موجود:** نمایش تمام دامنه‌های دارای گواهی  
+   - **تنظیم مسیر گواهی برای پنل:** تنظیم مسیر گواهی برای دامنه شما
+
+### Certbot
+
+نصب و استفاده از Certbot:
+
+```sh
+apt-get install certbot -y
+certbot certonly --standalone --agree-tos --register-unsafely-without-email -d yourdomain.com
+certbot renew --dry-run
+```
+
+### Cloudflare
+
+اسکریپت داخلی برای دریافت گواهی SSL از Cloudflare. نیازمند:
+
+- ایمیل ثبت‌شده در Cloudflare
+- کلید API جهانی Cloudflare
+- دامنه باید از طریق Cloudflare به سرور متصل باشد
+
+**دریافت کلید API جهانی Cloudflare:**
+
+1. دستور `x-ui` را اجرا و گزینه `گواهی SSL کلادفلر` را انتخاب کنید.
+2. به لینک [Cloudflare API Tokens](https://dash.cloudflare.com/profile/api-tokens) مراجعه کنید.
+3. روی "View Global API Key" کلیک کنید:
+   ![](media/APIKey1.PNG)
+4. پس از احراز هویت، کلید API نمایش داده می‌شود:
+   ![](media/APIKey2.png)
+
+در هنگام استفاده، نام دامنه، ایمیل و کلید API را وارد کنید:
+   ![](media/DetailEnter.png)
+
+</details>
+
+## نصب دستی و ارتقا
+
+<details>
+  <summary>جزئیات نصب دستی</summary>
+
+#### استفاده
+
+1. دریافت آخرین نسخه از سرور:
+
+```sh
+ARCH=$(uname -m)
+case "${ARCH}" in
+  x86_64 | x64 | amd64) XUI_ARCH="amd64" ;;
+  i*86 | x86) XUI_ARCH="386" ;;
+  armv8* | armv8 | arm64 | aarch64) XUI_ARCH="arm64" ;;
+  armv7* | armv7) XUI_ARCH="armv7" ;;
+  armv6* | armv6) XUI_ARCH="armv6" ;;
+  armv5* | armv5) XUI_ARCH="armv5" ;;
+  s390x) echo 's390x' ;;
+  *) XUI_ARCH="amd64" ;;
+esac
+
+wget https://github.com/MHSanaei/3x-ui/releases/latest/download/x-ui-linux-${XUI_ARCH}.tar.gz
+```
+
+2. نصب یا ارتقا:
+
+```sh
+ARCH=$(uname -m)
+case "${ARCH}" in
+  x86_64 | x64 | amd64) XUI_ARCH="amd64" ;;
+  i*86 | x86) XUI_ARCH="386" ;;
+  armv8* | armv8 | arm64 | aarch64) XUI_ARCH="arm64" ;;
+  armv7* | armv7) XUI_ARCH="armv7" ;;
+  armv6* | armv6) XUI_ARCH="armv6" ;;
+  armv5* | armv5) XUI_ARCH="armv5" ;;
+  s390x) echo 's390x' ;;
+  *) XUI_ARCH="amd64" ;;
+esac
+
+cd /root/
+rm -rf x-ui/ /usr/local/x-ui/ /usr/bin/x-ui
+tar zxvf x-ui-linux-${XUI_ARCH}.tar.gz
+chmod +x x-ui/x-ui x-ui/bin/xray-linux-* x-ui/x-ui.sh
+cp x-ui/x-ui.sh /usr/bin/x-ui
+cp -f x-ui/x-ui.service /etc/systemd/system/
+mv x-ui/ /usr/local/
+systemctl daemon-reload
+systemctl enable x-ui
+systemctl restart x-ui
+```
+
+</details>
+
+## نصب با Docker
+
+<details>
+  <summary>جزئیات Docker</summary>
+
+#### استفاده
+
+1. **نصب Docker:**
+
+   ```sh
+   bash <(curl -sSL https://get.docker.com)
+   ```
+
+2. **کلون پروژه:**
+
+   ```sh
+   git clone https://github.com/MHSanaei/3x-ui.git
+   cd 3x-ui
+   ```
+
+3. **راه‌اندازی سرویس:**
+
+   ```sh
+   docker compose up -d
+   ```
+
+   یا
+
+   ```sh
+   docker run -itd \
+      -e XRAY_VMESS_AEAD_FORCED=false \
+      -v $PWD/db/:/etc/x-ui/ \
+      -v $PWD/cert/:/root/cert/ \
+      --network=host \
+      --restart=unless-stopped \
+      --name 3x-ui \
+      ghcr.io/mhsanaei/3x-ui:latest
+   ```
+
+4. **به‌روزرسانی:**
+
+   ```sh
+   cd 3x-ui
+   docker compose down
+   docker compose pull 3x-ui
+   docker compose up -d
+   ```
+
+5. **حذف:**
+
+   ```sh
+   docker stop 3x-ui
+   docker rm 3x-ui
+   cd --
+   rm -r 3x-ui
+   ```
+
+</details>
+
+## تنظیمات Nginx
+<details>
+  <summary>پیکربندی Reverse Proxy</summary>
+
+#### Nginx Reverse Proxy
+```nginx
+location / {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range; 
+    proxy_redirect off;
+    proxy_pass http://127.0.0.1:2053;
+}
+```
+
+#### مسیر فرعی در Nginx
+- اطمینان حاصل کنید "URI Path" در تنظیمات پنل یکسان باشد.
+- `url` در تنظیمات پنل باید با `/` پایان یابد.   
+
+```nginx
+location /sub {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range; 
+    proxy_redirect off;
+    proxy_pass http://127.0.0.1:2053;
+}
+```
+</details>
+
+## سیستم‌عامل‌های توصیه شده
+
+- Ubuntu 20.04+
+- Debian 11+
+- CentOS 8+
+- OpenEuler 22.03+
+- Fedora 36+
+- Arch Linux
+- Parch Linux
+- Manjaro
+- Armbian
+- AlmaLinux 8.0+
+- Rocky Linux 8+
+- Oracle Linux 8+
+- OpenSUSE Tubleweed
+- Amazon Linux 2023
+- Windows x64
+
+## معماری‌ها و دستگاه‌های پشتیبانی شده
+
+<details>
+  <summary>جزئیات معماری‌ها و دستگاه‌ها</summary>
+
+- **amd64**: معماری استاندارد برای کامپیوترهای شخصی و سرورها
+- **x86 / i386**: سیستم‌های دسکتاپ و لپ‌تاپ
+- **armv8 / arm64 / aarch64**: دستگاه‌های موبایل و embedded مانند Raspberry Pi 4
+- **armv7 / arm / arm32**: دستگاه‌های قدیمی مانند Orange Pi Zero
+- **armv6 / arm / arm32**: دستگاه‌های بسیار قدیمی مانند Raspberry Pi 1
+- **armv5 / arm / arm32**: سیستم‌های embedded قدیمی
+- **s390x**: کامپیوترهای IBM mainframe
+</details>
+
+## زبان‌های پشتیبانی شده
+
+- انگلیسی
+- فارسی
+- چینی سنتی
+- چینی ساده‌شده
+- ژاپنی
+- روسی
+- ویتنامی
+- اسپانیایی
+- اندونزیایی
+- اوکراینی
+- ترکی
+- پرتغالی (برزیل)
+
+## ویژگی‌ها
+
+- مانیتورینگ وضعیت سیستم
+- جستجو در بین inboundها و کلاینت‌ها
+- تم تاریک/روشن
+- پشتیبانی از چند کاربر و پروتکل
+- پروتکل‌های VMESS، VLESS، Trojan، Shadowsocks، Dokodemo-door، Socks، HTTP، WireGuard
+- پشتیبانی از XTLS شامل RPRX-Direct، Vision، REALITY
+- آمار ترافیک، محدودیت ترافیک، محدودیت زمانی
+- تنظیمات سفارشی Xray
+- پشتیبانی از HTTPS برای پنل
+- دریافت خودکار گواهی SSL
+- مسیرهای API اصلاح شده
+- پشتیبانی از تغییر تنظیمات از طریق پنل
+- امکان export/import دیتابیس
+
+## تنظیمات پیش‌فرض پنل
+
+<details>
+  <summary>جزئیات تنظیمات پیش‌فرض</summary>
+
+### نام کاربری، رمز عبور، پورت و مسیر وب
+
+در صورت عدم تغییر، این موارد به صورت تصادفی ایجاد می‌شوند (به جز Docker).
+
+**تنظیمات پیش‌فرض Docker:**
+- **نام کاربری:** admin
+- **رمز عبور:** admin
+- **پورت:** 2053
+
+### مدیریت دیتابیس:
+
+  امکان Backup و Restore دیتابیس از طریق پنل.
+
+- **مسیر دیتابیس:**
+  - `/etc/x-ui/x-ui.db`
+
+### مسیر پایه وب
+
+1. **بازنشانی مسیر:**
+   - اجرای دستور `x-ui`
+   - انتخاب گزینه `Reset Web Base Path`
+
+2. **ساخت یا تنظیم مسیر:**
+   - مسیر به صورت تصادفی ساخته شده یا قابل تنظیم است
+
+3. **مشاهده تنظیمات فعلی:**
+   - استفاده از دستور `x-ui settings` یا `View Current Settings` در `x-ui`
+
+**توصیه امنیتی:**
+- استفاده از مسیرهای طولانی و تصادفی برای افزایش امنیت
+
+**مثال:**
+- `http://ip:port/*webbasepath*/panel`
+- `http://domain:port/*webbasepath*/panel`
+
+</details>
+
+## پیکربندی WARP
+
+<details>
+  <summary>جزئیات WARP</summary>
+
+#### استفاده
+
+**برای نسخه‌های `v2.1.0` و جدیدتر:**
+
+WARP به صورت داخلی پشتیبانی می‌شود. تنها نیاز به فعال‌سازی در پنل است.
+
+</details>
+
+## محدودیت IP
+
+<details>
+  <summary>جزئیات محدودیت IP</summary>
+
+#### استفاده
+
+**توجه:** محدودیت IP در صورت استفاده از IP Tunnel کار نمی‌کند.
+
+- **تا نسخه `v1.6.1`:**
+  - محدودیت IP به صورت داخلی در پنل وجود دارد
+
+**برای نسخه‌های `v1.7.0` و جدیدتر:**
+
+برای فعال‌سازی نیاز به نصب `fail2ban` است:
+
+1. اجرای دستور `x-ui` و انتخاب `مدیریت محدودیت IP`
+2. گزینه‌های موجود:
+
+   - **تغییر مدت زمان Ban**
+   - **حذف تمام Banها**
+   - **مشاهده لاگ‌ها**
+   - **وضعیت Fail2ban**
+   - **راه‌اندازی مجدد Fail2ban**
+   - **حذف Fail2ban**
+
+3. تنظیم مسیر `Access log` در پنل به `./access.log` و ذخیره و راه‌اندازی مجدد Xray
+
+- **قبل از نسخه `v2.1.3`:**
+  - تنظیم دستی `access.log` در تنظیمات Xray:
+
+    ```sh
+    "log": {
+      "access": "./access.log",
+      "dnsLog": false,
+      "loglevel": "warning"
+    },
+    ```
+
+- **از نسخه `v2.1.3`:**
+  - امکان تنظیم `access.log` از طریق پنل
+
+</details>
+
+## ربات تلگرام
+
+<details>
+  <summary>جزئیات ربات تلگرام</summary>
+
+#### استفاده
+
+ربات تلگرام برای اطلاع‌رسانی ترافیک، ورود به پنل، Backup دیتابیس و ... استفاده می‌شود. نیازمند تنظیم:
+
+- توکن تلگرام
+- Chat ID ادمین‌ها
+- زمان اطلاع‌رسانی (Cron syntax)
+- اطلاع‌رسانی انقضا
+- اطلاع‌رسانی ترافیک
+- Backup دیتابیس
+- اطلاع‌رسانی مصرف CPU
+
+**سینتکس نمونه:**
+
+- `30 \* \* \* \* \*` - اطلاع در ثانیه 30 هر دقیقه
+- `@hourly` - هر ساعت
+- `@daily` - هر روز
+
+### ویژگی‌های ربات
+
+- گزارش دوره‌ای
+- اطلاع ورود به پنل
+- اطلاع مصرف CPU
+- اطلاع پیش‌از موعد انقضا و ترافیک
+- گزارش ترافیک کلاینت‌ها
+- منوی مبتنی بر دستور
+- جستجوی کلاینت بر اساس ایمیل
+- بررسی inboundها
+- بررسی وضعیت سرور
+- دریافت Backup
+- چندزبانه
+
+### راه‌اندازی ربات
+
+- شروع [Botfather](https://t.me/BotFather) در تلگرام:
+    ![Botfather](./media/botfather.png)
+
+- ساخت ربات جدید با دستور /newbot:
+    ![Create new bot](./media/newbot.png)
+
+- شروع ربات ساخته شده:
+    ![token](./media/token.png)
+
+- تنظیمات پنل:
+![Panel Config](./media/panel-bot-config.png)
+
+وارد کردن توکن و Chat ID (دریافت از [این ربات](https://t.me/useridinfobot)):
+![User ID](./media/user-id.png)
+
+</details>
+
+## مسیرهای API
+
+<details>
+  <summary>جزئیات API</summary>
+
+#### استفاده
+
+- [مستندات API](https://www.postman.com/hsanaei/3x-ui/collection/q1l5l0u/3x-ui)
+- `/login` با `POST` داده کاربر: `{username: '', password: ''}`
+
+| Method | مسیر                               | عملکرد                                      |
+| :----: | ---------------------------------- | ------------------------------------------- |
+| `GET`  | `"/list"`                          | دریافت تمام inboundها                      |
+| `GET`  | `"/get/:id"`                       | دریافت inbound بر اساس id                  |
+| `POST` | `"/add"`                           | افزودن inbound                              |
+| `POST` | `"/del/:id"`                       | حذف inbound                                 |
+
+- [<img src="https://run.pstmn.io/button.svg" alt="Run In Postman" style="width: 128px; height: 32px;">](https://app.getpostman.com/run-collection/5146551-dda3cab3-0e33-485f-96f9-d4262f437ac5?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D5146551-dda3cab3-0e33-485f-96f9-d4262f437ac5%26entityType%3Dcollection%26workspaceId%3Dd64f609f-485a-4951-9b8f-876b3f917124)
+</details>
+
+## متغیرهای محیطی
+
+<details>
+  <summary>جزئیات متغیرها</summary>
+
+#### استفاده
+
+| متغیر         |                      نوع                      | پیش‌فرض       |
+| ------------- | :--------------------------------------------: | :------------ |
+| XUI_LOG_LEVEL | `"debug"` \| `"info"` \| `"warn"` \| `"error"` | `"info"`      |
+| XUI_DEBUG     |                   `boolean`                    | `false`       |
+| XUI_BIN_FOLDER|                    `string`                    | `"bin"`       |
+
+مثال:
+
+```sh
+XUI_BIN_FOLDER="bin" XUI_DB_FOLDER="/etc/x-ui" go build main.go
+```
+
+</details>
+
+## پیش‌نمایش
+
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/01-overview-dark.png">
+  <img alt="3x-ui" src="./media/01-overview-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/02-inbounds-dark.png">
+  <img alt="3x-ui" src="./media/02-inbounds-light.png">
+</picture>
+
+## قدردانی ویژه از
+
+- [alireza0](https://github.com/alireza0/)
+
+## تشکر و قدردانی
+
+- [Iran v2ray rules](https://github.com/chocolate4u/Iran-v2ray-rules) (مجوز: **GPL-3.0**)
+- [Russia v2ray rules](https://github.com/runetfreedom/russia-v2ray-rules-dat) (مجوز: **GPL-3.0**)
+
+## Stargazers over Time
+
+[![Stargazers over time](https://starchart.cc/MHSanaei/3x-ui.svg?variant=adaptive)](https://starchart.cc/MHSanaei/3x-ui)
--- a/README.md
+++ b/README.md
@@ -1,6 +1,11 @@
-[English](/README.md) | [Chinese](/README.zh.md) | [Español](/README.es_ES.md)
+[English](/README.md) | [فارسی](/README.fa_IR.md) | [中文](/README.zh_CN.md) | [Español](/README.es_ES.md) | [Русский](/README.ru_RU.md)

-<p align="center"><a href="#"><img src="./media/3X-UI.png" alt="Image"></a></p>
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="./media/3x-ui-dark.png">
+    <img alt="3x-ui" src="./media/3x-ui-light.png">
+  </picture>
+</p>

 **An Advanced Web Panel • Built on Xray Core**

@@ -14,7 +19,11 @@

 **If this project is helpful to you, you may wish to give it a**:star2:

-<p align="left"><a href="#"><img width="125" src="https://github.com/MHSanaei/3x-ui/assets/115543613/7aa895dd-048a-42e7-989b-afd41a74e2e1" alt="Image"></a></p>
+<p align="left">
+  <a href="https://buymeacoffee.com/mhsanaei" target="_blank">
+    <img src="./media/buymeacoffe.png" alt="Image">
+  </a>
+</p>

 - USDT (TRC20): `TXncxkvhkDWGts487Pjqq1qT9JmwRUz8CC`
 - MATIC (polygon): `0x41C9548675D044c6Bfb425786C765bc37427256A`
@@ -26,12 +35,12 @@
 bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh)
 ```

-## Install Custom Version
+## Install legacy Version (we don't recommend)

-To install your desired version, add the version to the end of the installation command. e.g., ver `v2.3.10`:
+To install your desired version, use following installation command. e.g., ver `v1.7.9`:

 ```
-bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh) v2.3.10
+VERSION=v1.7.9 && bash <(curl -Ls "https://raw.githubusercontent.com/mhsanaei/3x-ui/$VERSION/install.sh") $VERSION
 ```

 ## SSL Certificate
@@ -50,6 +59,8 @@ To manage SSL certificates using ACME:
   - **Get SSL:** Obtain SSL certificates.
   - **Revoke:** Revoke existing SSL certificates.
   - **Force Renew:** Force renewal of SSL certificates.
+   - **Show Existing Domains:** Display all domain certificates available on the server.  
+   - **Set Certificate Paths for the Panel:** Specify the certificate for your domain to be used by the panel. 

 ### Certbot

@@ -165,6 +176,8 @@ systemctl restart x-ui
   docker compose up -d
   ```

+  Add ```--pull always``` flag to make docker automatically recreate container if a newer image is pulled. See https://docs.docker.com/reference/cli/docker/container/run/#pull for more info.
+
   **OR**

   ```sh
@@ -198,21 +211,59 @@ systemctl restart x-ui

 </details>

+## Nginx Settings
+<details>
+  <summary>Click for Reverse Proxy Configuration</summary>
+
+#### Nginx Reverse Proxy
+```nginx
+location / {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range; 
+    proxy_redirect off;
+    proxy_pass http://127.0.0.1:2053;
+}
+```
+
+#### Nginx sub-path
+- Ensure that the "URI Path" in the `/sub` panel settings is the same.
+- The `url` in the panel settings needs to end with `/`.   
+
+```nginx
+location /sub {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range; 
+    proxy_redirect off;
+    proxy_pass http://127.0.0.1:2053;
+}
+```
+</details>

 ## Recommended OS

 - Ubuntu 20.04+
 - Debian 11+
 - CentOS 8+
+- OpenEuler 22.03+
 - Fedora 36+
 - Arch Linux
 - Parch Linux
 - Manjaro
 - Armbian
- AlmaLinux 9+
- Rocky Linux 9+
+- AlmaLinux 8.0+
+- Rocky Linux 8+
 - Oracle Linux 8+
 - OpenSUSE Tubleweed
+- Amazon Linux 2023
+- Windows x64

 ## Supported Architectures and Devices

@@ -239,13 +290,17 @@ Our platform offers compatibility with a diverse range of architectures and devi
 ## Languages

 - English
- Farsi
- Chinese
+- Persian
+- Traditional Chinese
+- Simplified Chinese
+- Japanese
 - Russian
 - Vietnamese
 - Spanish
- Indonesian 
+- Indonesian
 - Ukrainian
+- Turkish
+- Português (Brazil)


 ## Features
@@ -254,7 +309,7 @@ Our platform offers compatibility with a diverse range of architectures and devi
 - Search within all inbounds and clients
 - Dark/Light theme
 - Supports multi-user and multi-protocol
- Supports protocols, including VMess, VLESS, Trojan, Shadowsocks, Dokodemo-door, Socks, HTTP, wireguard
+- Supports protocols, including VMESS, VLESS, Trojan, Shadowsocks, Dokodemo-door, Socks, HTTP, wireguard
 - Supports XTLS native Protocols, including RPRX-Direct, Vision, REALITY
 - Traffic statistics, traffic limit, expiration time limit
 - Customizable Xray configuration templates
@@ -271,11 +326,14 @@ Our platform offers compatibility with a diverse range of architectures and devi
 <details>
  <summary>Click for default settings details</summary>

-### Username & Password & webbasepath:
+### Username, Password, Port, and Web Base Path

-  These will be generated randomly if you skip modifying them.
+If you choose not to modify these settings, they will be generated randomly (this does not apply to Docker).

-  - **Port:** the default port for panel is `2053`
+**Default Settings for Docker:**
+- **Username:** admin
+- **Password:** admin
+- **Port:** 2053

 ### Database Management:

@@ -318,17 +376,6 @@ Our platform offers compatibility with a diverse range of architectures and devi

 WARP is built-in, and no additional installation is required. Simply turn on the necessary configuration in the panel.

-**For versions before `v2.1.0`:**
-
-1. Run the `x-ui` command in the terminal, then choose `WARP Management`.
-2. You will see the following options:
-
-   - **Account Type (free, plus, team):** Choose the appropriate account type.
-   - **Enable/Disable WireProxy:** Toggle WireProxy on or off.
-   - **Uninstall WARP:** Remove the WARP application.
-
-3. Configure the settings as needed in the panel.
-
 </details>

 ## IP Limit
@@ -358,7 +405,7 @@ To enable the IP Limit functionality, you need to install `fail2ban` and its req
   - **Uninstall Fail2ban:** Uninstall Fail2ban with configuration.

 3. Add a path for the access log on the panel by setting `Xray Configs/log/Access log` to `./access.log` then save and restart xray.
-   
+
 - **For versions before `v2.1.3`:**
  - You need to set the access log path manually in your Xray configuration:

@@ -410,19 +457,19 @@ The web panel supports daily traffic, panel login, database backup, system statu
 - Threshold for Expiration time and Traffic to report in advance
 - Support client report menu if client's telegram username added to the user's configurations
 - Support telegram traffic report searched with UUID (VMESS/VLESS) or Password (TROJAN) - anonymously
- Menu based bot
- Search client by email ( only admin )
+- Menu-based bot
+- Search client by email (only admin)
 - Check all inbounds
 - Check server status
 - Check depleted users
 - Receive backup by request and in periodic reports
- Multi language bot
+- Multi-language bot

 ### Setting up Telegram bot

 - Start [Botfather](https://t.me/BotFather) in your Telegram account:
    ![Botfather](./media/botfather.png)
-  
+
 - Create a new Bot using /newbot command: It will ask you 2 questions, A name and a username for your bot. Note that the username has to end with the word "bot".
    ![Create new bot](./media/newbot.png)

@@ -447,6 +494,7 @@ Enter the user ID in input field number 4. The Telegram accounts with this id wi

 #### Usage

+- [API Documentation](https://www.postman.com/hsanaei/3x-ui/collection/q1l5l0u/3x-ui)
 - `/login` with `POST` user data: `{username: '', password: ''}` for login
 - `/panel/api/inbounds` base for following actions:

@@ -455,6 +503,7 @@ Enter the user ID in input field number 4. The Telegram accounts with this id wi
 | `GET`  | `"/list"`                          | Get all inbounds                            |
 | `GET`  | `"/get/:id"`                       | Get inbound with inbound.id                 |
 | `GET`  | `"/getClientTraffics/:email"`      | Get Client Traffics with email              |
+| `GET`  | `"/getClientTrafficsById/:id"`     | Get client's traffic By ID |
 | `GET`  | `"/createbackup"`                  | Telegram bot sends backup to admins         |
 | `POST` | `"/add"`                           | Add inbound                                 |
 | `POST` | `"/del/:id"`                       | Delete Inbound                              |
@@ -476,9 +525,7 @@ Enter the user ID in input field number 4. The Telegram accounts with this id wi
 - `client.password` for TROJAN
 - `client.email` for Shadowsocks

-
- [API Documentation](https://documenter.getpostman.com/view/16802678/2s9YkgD5jm)
- [<img src="https://run.pstmn.io/button.svg" alt="Run In Postman" style="width: 128px; height: 32px;">](https://app.getpostman.com/run-collection/16802678-1a4c9270-ac77-40ed-959a-7aa56dc4a415?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D16802678-1a4c9270-ac77-40ed-959a-7aa56dc4a415%26entityType%3Dcollection%26workspaceId%3D2cd38c01-c851-4a15-a972-f181c23359d9)
+- [<img src="https://run.pstmn.io/button.svg" alt="Run In Postman" style="width: 128px; height: 32px;">](https://app.getpostman.com/run-collection/5146551-dda3cab3-0e33-485f-96f9-d4262f437ac5?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D5146551-dda3cab3-0e33-485f-96f9-d4262f437ac5%26entityType%3Dcollection%26workspaceId%3Dd64f609f-485a-4951-9b8f-876b3f917124)
 </details>

 ## Environment Variables
@@ -506,13 +553,34 @@ XUI_BIN_FOLDER="bin" XUI_DB_FOLDER="/etc/x-ui" go build main.go

 ## Preview

-![1](./media/1.png)
-![2](./media/2.png)
-![3](./media/3.png)
-![4](./media/4.png)
-![5](./media/5.png)
-![6](./media/6.png)
-![7](./media/7.png)
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/01-overview-dark.png">
+  <img alt="3x-ui" src="./media/01-overview-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/02-inbounds-dark.png">
+  <img alt="3x-ui" src="./media/02-inbounds-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/03-add-inbound-dark.png">
+  <img alt="3x-ui" src="./media/03-add-inbound-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/04-add-client-dark.png">
+  <img alt="3x-ui" src="./media/04-add-client-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/05-settings-dark.png">
+  <img alt="3x-ui" src="./media/05-settings-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/06-configs-dark.png">
+  <img alt="3x-ui" src="./media/06-configs-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/07-bot-dark.png">
+  <img alt="3x-ui" src="./media/07-bot-light.png">
+</picture>

 ## A Special Thanks to

@@ -521,8 +589,8 @@ XUI_BIN_FOLDER="bin" XUI_DB_FOLDER="/etc/x-ui" go build main.go
 ## Acknowledgment

 - [Iran v2ray rules](https://github.com/chocolate4u/Iran-v2ray-rules) (License: **GPL-3.0**): _Enhanced v2ray/xray and v2ray/xray-clients routing rules with built-in Iranian domains and a focus on security and adblocking._
- [Vietnam Adblock rules](https://github.com/vuong2023/vn-v2ray-rules) (License: **GPL-3.0**): _A hosted domain hosted in Vietnam and blocklist with the most efficiency for Vietnamese._
+- [Russia v2ray rules](https://github.com/runetfreedom/russia-v2ray-rules-dat) (License: **GPL-3.0**): _This repository contains automatically updated V2Ray routing rules based on data on blocked domains and addresses in Russia._

 ## Stargazers over Time

-[![Stargazers over time](https://starchart.cc/MHSanaei/3x-ui.svg)](https://starchart.cc/MHSanaei/3x-ui)
+[![Stargazers over time](https://starchart.cc/MHSanaei/3x-ui.svg?variant=adaptive)](https://starchart.cc/MHSanaei/3x-ui)
--- a/README.ru_RU.md
+++ b/README.ru_RU.md
@@ -0,0 +1,594 @@
+[English](/README.md) | [فارسی](/README.fa_IR.md) | [中文](/README.zh_CN.md) | [Español](/README.es_ES.md) | [Русский](/README.ru_RU.md)
+
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="./media/3x-ui-dark.png">
+    <img alt="3x-ui" src="./media/3x-ui-light.png">
+  </picture>
+</p>
+
+**Продвинутая веб-панель • Построена на основе Xray Core**
+
+[![](https://img.shields.io/github/v/release/mhsanaei/3x-ui.svg)](https://github.com/MHSanaei/3x-ui/releases)
+[![](https://img.shields.io/github/actions/workflow/status/mhsanaei/3x-ui/release.yml.svg)](#)
+[![GO Version](https://img.shields.io/github/go-mod/go-version/mhsanaei/3x-ui.svg)](#)
+[![Downloads](https://img.shields.io/github/downloads/mhsanaei/3x-ui/total.svg)](#)
+[![License](https://img.shields.io/badge/license-GPL%20V3-blue.svg?longCache=true)](https://www.gnu.org/licenses/gpl-3.0.en.html)
+
+> **Отказ от ответственности:** Этот проект предназначен только для личного обучения и общения. Пожалуйста, не используйте его в незаконных целях и не применяйте в производственной среде.
+
+**Если этот проект оказался полезным для вас, вы можете оценить его, поставив звёздочку** :star2:
+
+<p align="left">
+  <a href="https://buymeacoffee.com/mhsanaei" target="_blank">
+    <img src="./media/buymeacoffe.png" alt="Image">
+  </a>
+</p>
+
+- USDT (TRC20): `TXncxkvhkDWGts487Pjqq1qT9JmwRUz8CC`
+- MATIC (polygon): `0x41C9548675D044c6Bfb425786C765bc37427256A`
+- LTC (Litecoin): `ltc1q2ach7x6d2zq0n4l0t4zl7d7xe2s6fs7a3vspwv`
+
+## Установка и обновление
+
+```
+bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh)
+```
+
+## Установить старую версию (мы не рекомендуем)
+
+Чтобы установить желаемую версию, используйте следующую команду установки. Например, ver `v1.7.9`:
+
+```
+VERSION=v1.7.9 && <(curl -Ls "https://raw.githubusercontent.com/mhsanaei/3x-ui/$VERSION/install.sh") $VERSION
+```
+
+## SSL Сертификат
+
+<details>
+  <summary>Нажмите для получения информации об SSL сертификате</summary>
+
+### ACME
+
+Для управления SSL сертификатами с помощью ACME:
+
+1. Убедитесь, что ваш домен правильно настроен и указывает на сервер.
+2. Выполните команду `x-ui` в терминале, затем выберите `SSL Certificate Management`.
+3. Вам будут предложены следующие опции:
+
+   - **Get SSL:** Получить SSL сертификаты.
+   - **Revoke:** Отозвать существующие SSL сертификаты.
+   - **Force Renew:** Принудительно перевыпустить SSL сертификаты.
+   - **Show Existing Domains:** Отобразить все сертификаты доменов, доступные на сервере.  
+   - **Set Certificate Paths for the Panel:** Укажите сертификат для вашего домена, который будет использоваться панелью.
+
+### Certbot
+
+Для установки и использования Certbot:
+
+```sh
+apt-get install certbot -y
+certbot certonly --standalone --agree-tos --register-unsafely-without-email -d вашдомен.com
+certbot renew --dry-run
+```
+
+### Cloudflare
+
+Скрипт управления включает встроенное приложение для получения SSL сертификата через Cloudflare. Чтобы использовать этот скрипт для запроса сертификата, вам потребуется следующее:
+
+- Email, зарегистрированный в Cloudflare
+- Глобальный API-ключ Cloudflare
+- Доменное имя должно указывать на текущий сервер через Cloudflare
+
+**Как получить глобальный API-ключ Cloudflare:**
+
+1. Выполните команду `x-ui` в терминале, затем выберите `Cloudflare SSL Certificate`.
+2. Перейдите по ссылке: [Cloudflare API Tokens](https://dash.cloudflare.com/profile/api-tokens).
+3. Нажмите на "View Global API Key" (см. скриншот ниже):
+   ![](media/APIKey1.PNG)
+4. Возможно, вам потребуется повторно пройти аутентификацию. После этого ключ API будет отображён (см. скриншот ниже):
+   ![](media/APIKey2.png)
+
+При использовании просто введите ваше `доменное имя`, `email` и `API-ключ`. Схема приведена ниже:
+   ![](media/DetailEnter.png)
+
+</details>
+
+## Ручная установка и обновление
+
+<details>
+  <summary>Нажмите для получения информации о ручной установке</summary>
+
+#### Использование
+
+1. Чтобы скачать последнюю версию архива напрямую на ваш сервер, выполните следующую команду:
+
+```sh
+ARCH=$(uname -m)
+case "${ARCH}" in
+  x86_64 | x64 | amd64) XUI_ARCH="amd64" ;;
+  i*86 | x86) XUI_ARCH="386" ;;
+  armv8* | armv8 | arm64 | aarch64) XUI_ARCH="arm64" ;;
+  armv7* | armv7) XUI_ARCH="armv7" ;;
+  armv6* | armv6) XUI_ARCH="armv6" ;;
+  armv5* | armv5) XUI_ARCH="armv5" ;;
+  s390x) echo 's390x' ;;
+  *) XUI_ARCH="amd64" ;;
+esac
+
+
+wget https://github.com/MHSanaei/3x-ui/releases/latest/download/x-ui-linux-${XUI_ARCH}.tar.gz
+```
+
+2. После загрузки архива выполните следующие команды для установки или обновления x-ui:
+
+```sh
+ARCH=$(uname -m)
+case "${ARCH}" in
+  x86_64 | x64 | amd64) XUI_ARCH="amd64" ;;
+  i*86 | x86) XUI_ARCH="386" ;;
+  armv8* | armv8 | arm64 | aarch64) XUI_ARCH="arm64" ;;
+  armv7* | armv7) XUI_ARCH="armv7" ;;
+  armv6* | armv6) XUI_ARCH="armv6" ;;
+  armv5* | armv5) XUI_ARCH="armv5" ;;
+  s390x) echo 's390x' ;;
+  *) XUI_ARCH="amd64" ;;
+esac
+
+cd /root/
+rm -rf x-ui/ /usr/local/x-ui/ /usr/bin/x-ui
+tar zxvf x-ui-linux-${XUI_ARCH}.tar.gz
+chmod +x x-ui/x-ui x-ui/bin/xray-linux-* x-ui/x-ui.sh
+cp x-ui/x-ui.sh /usr/bin/x-ui
+cp -f x-ui/x-ui.service /etc/systemd/system/
+mv x-ui/ /usr/local/
+systemctl daemon-reload
+systemctl enable x-ui
+systemctl restart x-ui
+```
+
+</details>
+
+## Установка с помощью Docker
+
+<details>
+  <summary>Нажмите для получения информации о Docker</summary>
+
+#### Использование
+
+1. **Установите Docker:**
+
+   ```sh
+   bash <(curl -sSL https://get.docker.com)
+   ```
+
+2. **Склонируйте репозиторий проекта:**
+
+   ```sh
+   git clone https://github.com/MHSanaei/3x-ui.git
+   cd 3x-ui
+   ```
+
+3. **Запустите сервис:**
+
+   ```sh
+   docker compose up -d
+   ```
+
+  Добавьте параметр ```--pull always``` для автоматического обновления контейнера, когда публикуется новый образ. Подробности: https://docs.docker.com/reference/cli/docker/container/run/#pull
+
+   **ИЛИ**
+
+   ```sh
+   docker run -itd \
+      -e XRAY_VMESS_AEAD_FORCED=false \
+      -v $PWD/db/:/etc/x-ui/ \
+      -v $PWD/cert/:/root/cert/ \
+      --network=host \
+      --restart=unless-stopped \
+      --name 3x-ui \
+      ghcr.io/mhsanaei/3x-ui:latest
+   ```
+
+4. **Обновление до последней версии:**
+
+   ```sh
+   cd 3x-ui
+   docker compose down
+   docker compose pull 3x-ui
+   docker compose up -d
+   ```
+
+5. **Удаление 3x-ui из Docker:**
+
+   ```sh
+   docker stop 3x-ui
+   docker rm 3x-ui
+   cd --
+   rm -r 3x-ui
+   ```
+
+</details>
+
+## Настройки Nginx
+<details>
+  <summary>Нажмите чтобы просмотреть конфигурацию обратного прокси-сервера</summary>
+
+#### Обратный прокси-сервер Nginx
+```nginx
+location / {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range; 
+    proxy_redirect off;
+    proxy_pass http://127.0.0.1:2053;
+}
+```
+
+#### Nginx sub-path
+- Убедитесь, что "корневой путь URL адреса панели" в настройках панели и `/sub` совпадают.
+- В настройках панели `url` должен заканчиваться на `/`.    
+
+```nginx
+location /sub {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range; 
+    proxy_redirect off;
+    proxy_pass http://127.0.0.1:2053;
+}
+```
+</details>
+
+## Рекомендуемые ОС
+
+- Ubuntu 20.04+
+- Debian 11+
+- CentOS 8+
+- OpenEuler 22.03+
+- Fedora 36+
+- Arch Linux
+- Parch Linux
+- Manjaro
+- Armbian
+- AlmaLinux 8.0+
+- Rocky Linux 8+
+- Oracle Linux 8+
+- OpenSUSE Tubleweed
+- Amazon Linux 2023
+- Windows x64
+
+## Поддерживаемые архитектуры и устройства
+
+<details>
+  <summary>Нажмите для получения информации о поддерживаемых архитектурах и устройствах</summary>
+
+Наша платформа поддерживает разнообразные архитектуры и устройства, обеспечивая гибкость в различных вычислительных средах. Вот основные архитектуры, которые мы поддерживаем:
+
+- **amd64**: Эта распространенная архитектура является стандартом для персональных компьютеров и серверов, обеспечивая беспроблемную работу большинства современных операционных систем.
+
+- **x86 / i386**: Широко используется в настольных и портативных компьютерах. Эта архитектура имеет широкую поддержку со стороны множества операционных систем и приложений, включая, но не ограничиваясь, Windows, macOS и Linux.
+
+- **armv8 / arm64 / aarch64**: Предназначена для современных мобильных и встроенных устройств, таких как смартфоны и планшеты. Эта архитектура представлена устройствами, такими как Raspberry Pi 4, Raspberry Pi 3, Raspberry Pi Zero 2/Zero 2 W, Orange Pi 3 LTS и другими.
+
+- **armv7 / arm / arm32**: Служит архитектурой для старых мобильных и встроенных устройств, оставаясь широко используемой в таких устройствах, как Orange Pi Zero LTS, Orange Pi PC Plus, Raspberry Pi 2 и других.
+
+- **armv6 / arm / arm32**: Ориентирована на очень старые встроенные устройства, эта архитектура, хотя и менее распространенная, всё ещё используется. Например, такие устройства, как Raspberry Pi 1, Raspberry Pi Zero/Zero W, полагаются на эту архитектуру.
+
+- **armv5 / arm / arm32**: Более старая архитектура, ассоциируемая с ранними встроенными системами, сегодня менее распространена, но всё ещё может быть найдена в устаревших устройствах, таких как ранние версии Raspberry Pi и некоторые старые смартфоны.
+
+- **s390x**: Эта архитектура обычно используется в мейнфреймах IBM и обеспечивает высокую производительность и надежность для корпоративных рабочих нагрузок.
+</details>
+
+## Языки
+
+- English (английский)  
+- Persian (персидский)  
+- Traditional Chinese (традиционный китайский)  
+- Simplified Chinese (упрощенный китайский)  
+- Japanese (японский)  
+- Russian (русский)  
+- Vietnamese (вьетнамский)  
+- Spanish (испанский)  
+- Indonesian (индонезийский)  
+- Ukrainian (украинский)  
+- Turkish (турецкий)  
+- Português (Brazil) (португальский (Бразилия))
+
+## Возможности
+
+- Мониторинг состояния системы
+- Поиск по всем входящим подключениям и клиентам
+- Тёмная/светлая тема
+- Поддержка нескольких пользователей и протоколов
+- Поддержка протоколов, включая VMESS, VLESS, Trojan, Shadowsocks, Dokodemo-door, Socks, HTTP, WireGuard
+- Поддержка протоколов XTLS, включая RPRX-Direct, Vision, REALITY
+- Статистика трафика, ограничение трафика, ограничение по времени истечения
+- Настраиваемые шаблоны конфигурации Xray
+- Поддержка HTTPS доступа к панели (ваше доменное имя + SSL сертификат)
+- Поддержка установки SSL-сертификата в один клик и автоматического перевыпуска
+- Для получения более продвинутых настроек обращайтесь к панели
+- Исправляет маршруты API (настройка пользователя будет создана через API)
+- Поддержка изменения конфигураций по различным элементам, предоставленным в панели
+- Поддержка экспорта/импорта базы данных из панели
+
+## Настройки панели по умолчанию
+
+<details>
+  <summary>Нажмите для получения информации о настройках по умолчанию</summary>
+
+### Имя пользователя, Пароль, Порт и Web Base Path
+
+Если вы не измените эти настройки, они будут сгенерированы случайным образом (это не относится к Docker).
+
+**Настройки по умолчанию для Docker:**
+- **Имя пользователя:** admin
+- **Пароль:** admin
+- **Порт:** 2053
+
+### Управление базой данных:
+
+Вы можете удобно выполнять резервное копирование и восстановление базы данных прямо из панели.
+
+- **Путь к базе данных:**
+  - `/etc/x-ui/x-ui.db`
+
+### Webbasepath
+
+1. **Сбросить webbasepath:**
+   - Откройте терминал.
+   - Выполните команду `x-ui`.
+   - Выберите опцию `Reset Web Base Path`.
+
+2. **Генерация или настройка пути:**
+   - Путь будет сгенерирован случайным образом, или вы можете ввести собственный путь.
+
+3. **Просмотр текущих настроек:**
+   - Чтобы просмотреть текущие настройки, используйте команду `x-ui settings` в терминале или опцию `View Current Settings` в `x-ui`.
+
+### Рекомендации по безопасности:
+- Для повышения безопасности используйте длинное случайное слово в структуре вашего URL.
+
+**Примеры:**
+- `http://ip_адрес:порт/*webbasepath*/panel`
+- `http://домен:порт/*webbasepath*/panel`
+
+</details>
+
+## Настройка WARP
+
+<details>
+  <summary>Нажмите для получения информации о настройке WARP</summary>
+
+#### Использование
+
+**Для версий `v2.1.0` и новее:**
+
+WARP встроен, и дополнительная установка не требуется. Просто включите необходимую конфигурацию в панели.
+
+</details>
+
+## Ограничение IP
+
+<details>
+  <summary>Нажмите для получения информации об ограничении IP</summary>
+
+#### Использование
+
+**Примечание:** Ограничение IP не будет работать корректно при использовании IP Tunnel.
+
+- **Для версий до `v1.6.1`:**
+  - Ограничение IP встроено в панель.
+
+**Для версий `v1.7.0` и новее:**
+
+Чтобы включить функциональность ограничения IP, вам нужно установить `fail2ban` и его необходимые файлы, выполнив следующие шаги:
+
+1. Выполните команду `x-ui` в терминале, затем выберите `IP Limit Management`.
+2. Вам будут предложены следующие опции:
+
+   - **Change Ban Duration:** Отрегулировать длительность блокировок.
+   - **Unban Everyone:** Снять все текущие блокировки.
+   - **Check Logs:** Просмотреть логи.
+   - **Fail2ban Status:** Проверить статус `fail2ban`.
+   - **Restart Fail2ban:** Перезапустить службу `fail2ban`.
+   - **Uninstall Fail2ban:** Удалить Fail2ban с его конфигурацией.
+
+3. Добавьте путь к логам доступа в панели, установив `Xray Configs/log/Access log` в `./access.log`, затем сохраните и перезапустите xray.
+
+- **Для версий до `v2.1.3`:**
+  - Вам нужно вручную установить путь к логам доступа в вашей конфигурации Xray:
+
+    ```sh
+    "log": {
+      "access": "./access.log",
+      "dnsLog": false,
+      "loglevel": "warning"
+    },
+    ```
+
+- **Для версий `v2.1.3` и новее:**
+  - Есть возможность настройки `access.log` непосредственно из панели.
+
+</details>
+
+## Телеграм-бот
+
+<details>
+  <summary>Нажмите для получения информации о телеграм-боте</summary>
+
+#### Использование
+
+Веб-панель поддерживает уведомления и функции, такие как ежедневный трафик, вход в панель, резервное копирование базы данных, состояние системы, информация о клиентах и другие, через телеграм-бота. Чтобы использовать бота, вам нужно настроить параметры, связанные с ботом, в панели, включая:
+
+- Токен Telegram
+- ID чата админа(-ов)
+- Время уведомлений (в синтаксисе cron)
+- Уведомления о дате истечения
+- Уведомления о лимите трафика
+- Резервное копирование базы данных
+- Уведомления о загрузке CPU
+
+**Примеры синтаксиса:**
+
+- `30 * * * * *` - Уведомлять на 30-й секунде каждого часа
+- `0 */10 * * * *` - Уведомлять на первой секунде каждых 10 минут
+- `@hourly` - Ежечасное уведомление
+- `@daily` - Ежедневное уведомление (в 00:00)
+- `@weekly` - Еженедельное уведомление
+- `@every 8h` - Уведомлять каждые 8 часов
+
+### Возможности телеграм-бота
+
+- Периодические отчеты
+- Уведомления о входе
+- Уведомления о пороге загруженности процессора
+- Уведомления о времени истечения и трафике заранее
+- Поддерживает меню отчетов клиента, если имя пользователя телеграм клиента добавлено в конфигурации пользователя
+- Поддержка отчета о трафике через Telegram, поиск по UUID (VMESS/VLESS) или паролю (TROJAN) - анонимно
+- Бот, основанный на меню
+- Поиск клиента по email (только администратор)
+- Проверка всех входящих соединений
+- Проверка состояния сервера
+- Проверка истекших пользователей
+- Получение резервных копий по запросу и в периодических отчётах
+- Многоязычный бот
+
+### Настройка телеграм-бота
+
+- Запустите [Botfather](https://t.me/BotFather) в вашем аккаунте Telegram:
+    ![Botfather](./media/botfather.png)
+
+- Создайте нового бота с помощью команды /newbot: у вас спросят 2 вопроса: отображаемое имя и имя пользователя для вашего бота. Обратите внимание, что имя пользователя должно заканчиваться на слово "bot".
+    ![Создать нового бота](./media/newbot.png)
+
+- Запустите созданного бота. Ссылку на вашего бота можно найти здесь.
+    ![токен](./media/token.png)
+
+- Перейдите в панель и настройте параметры телеграм-бота следующим образом:
+![Настройки панели](./media/panel-bot-config.png)
+
+Введите токен вашего бота в поле ввода номер 3.
+Введите ID пользователя в поле ввода номер 4. Telegram-аккаунты с этим ID будут администраторами бота. (Вы можете ввести несколько ID, разделяя их запятой)
+
+- Как получить ID пользователя Telegram? Используйте этот [бот](https://t.me/useridinfobot). Запустите бота, и он отобразит ваш ID пользователя Telegram.
+![ID пользователя](./media/user-id.png)
+
+</details>
+
+## Маршруты API
+
+<details>
+  <summary>Нажмите для получения информации о маршрутах API</summary>
+
+#### Использование
+
+- [API документация](https://www.postman.com/hsanaei/3x-ui/collection/q1l5l0u/3x-ui)
+- `/login` с `POST`-данными: `{username: '', password: ''}` для входа
+- `/panel/api/inbounds` это базовый путь для следующих действий:
+
+| Метод  | Путь                               | Действие
+| :----: | -----------------------------------| -------------------------------------------
+| `GET`  | `"/list"`                          | Получить все входящие соединения
+| `GET`  | `"/get/:id"`                       | Получить входящее соединение с inbound.id
+| `GET`  | `"/getClientTraffics/:email"`      | Получить трафик клиента по email
+| `GET`  | `"/getClientTrafficsById/:id"`     | Получить трафик клиента по ID
+| `GET`  | `"/createbackup"`                  | Telegram-бот отправит резервную копию администраторам
+| `POST` | `"/add"`                           | Добавить входящее соединение
+| `POST` | `"/del/:id"`                       | Удалить входящее соединение
+| `POST` | `"/update/:id"`                    | Обновить входящее соединение
+| `POST` | `"/clientIps/:email"`              | IP-адрес клиента
+| `POST` | `"/clearClientIps/:email"`         | Очистить IP-адреса клиента
+| `POST` | `"/addClient"`                     | Добавить клиента к входящему соединению
+| `POST` | `"/:id/delClient/:clientId"`       | Удалить клиента по clientId\*
+| `POST` | `"/updateClient/:clientId"`        | Обновить клиента по clientId\*
+| `POST` | `"/:id/resetClientTraffic/:email"` | Сбросить трафик клиента
+| `POST` | `"/resetAllTraffics"`              | Сбросить трафик всех входящих соединений
+| `POST` | `"/resetAllClientTraffics/:id"`    | Сбросить трафик всех клиентов в входящем соединении
+| `POST` | `"/delDepletedClients/:id"`        | Удалить истекших клиентов в входящем соединении (-1: всех)
+| `POST` | `"/onlines"`                       | Получить пользователей, которые находятся онлайн (список email'ов)
+
+\*- Поле `clientId` должно быть заполнено следующим образом:
+
+- `client.id` для VMESS и VLESS
+- `client.password` для TROJAN
+- `client.email` для Shadowsocks
+
+</details>
+
+
+- [<img src="https://run.pstmn.io/button.svg" alt="Run In Postman" style="width: 128px; height: 32px;">](https://app.getpostman.com/run-collection/5146551-dda3cab3-0e33-485f-96f9-d4262f437ac5?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D5146551-dda3cab3-0e33-485f-96f9-d4262f437ac5%26entityType%3Dcollection%26workspaceId%3Dd64f609f-485a-4951-9b8f-876b3f917124)
+</details>
+
+## Переменные среды
+
+<details>
+  <summary>Нажмите для получения информации о переменных среды</summary>
+
+#### Использование
+
+| Переменная       |                      Тип                       | Значение по умолчанию |
+| ---------------- | :------------------------------------------:   | :-------------------- |
+| XUI_LOG_LEVEL    | `"debug"` \| `"info"` \| `"warn"` \| `"error"` | `"info"`             |
+| XUI_DEBUG        |                   `boolean`                    | `false`              |
+| XUI_BIN_FOLDER   |                    `string`                    | `"bin"`              |
+| XUI_DB_FOLDER    |                    `string`                    | `"/etc/x-ui"`        |
+| XUI_LOG_FOLDER   |                    `string`                    | `"/var/log"`         |
+
+Пример:
+
+```sh
+XUI_BIN_FOLDER="bin" XUI_DB_FOLDER="/etc/x-ui" go build main.go
+```
+
+</details>
+
+## Предварительный Просмотр
+
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/01-overview-dark.png">
+  <img alt="3x-ui" src="./media/01-overview-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/02-inbounds-dark.png">
+  <img alt="3x-ui" src="./media/02-inbounds-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/03-add-inbound-dark.png">
+  <img alt="3x-ui" src="./media/03-add-inbound-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/04-add-client-dark.png">
+  <img alt="3x-ui" src="./media/04-add-client-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/05-settings-dark.png">
+  <img alt="3x-ui" src="./media/05-settings-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/06-configs-dark.png">
+  <img alt="3x-ui" src="./media/06-configs-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/07-bot-dark.png">
+  <img alt="3x-ui" src="./media/07-bot-light.png">
+</picture>
+
+## Особая благодарность
+
+- [alireza0](https://github.com/alireza0/)
+
+## Благодарности
+
+- [Iran v2ray rules](https://github.com/chocolate4u/Iran-v2ray-rules) (License: **GPL-3.0**): _Enhanced v2ray/xray and v2ray/xray-clients routing rules with built-in Iranian domains and a focus on security and adblocking._
+- [Russia v2ray rules](https://github.com/runetfreedom/russia-v2ray-rules-dat) (License: **GPL-3.0**): _Этот репозиторий содержит автоматически обновляемые правила маршрутизации V2Ray на основе данных о заблокированных доменах и адресах в России._
+
+## Число звёзд со временем
+
+[![Stargazers over time](https://starchart.cc/MHSanaei/3x-ui.svg?variant=adaptive)](https://starchart.cc/MHSanaei/3x-ui)
--- a/README.zh_CN.md
+++ b/README.zh_CN.md
@@ -1,6 +1,11 @@
-[English](/README.md) | [Chinese](/README.zh.md) | [Español](/README.es_ES.md)
+[English](/README.md) | [فارسی](/README.fa_IR.md) | [中文](/README.zh_CN.md) | [Español](/README.es_ES.md) | [Русский](/README.ru_RU.md)

-<p align="center"><a href="#"><img src="./media/3X-UI.png" alt="Image"></a></p>
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="./media/3x-ui-dark.png">
+    <img alt="3x-ui" src="./media/3x-ui-light.png">
+  </picture>
+</p>

 **一个更好的面板 • 基于Xray Core构建**

@@ -14,7 +19,11 @@

 **如果此项目对你有用，请给一个**:star2:

-<p align="left"><a href="#"><img width="125" src="https://github.com/MHSanaei/3x-ui/assets/115543613/7aa895dd-048a-42e7-989b-afd41a74e2e1" alt="Image"></a></p>
+<p align="left">
+  <a href="https://buymeacoffee.com/mhsanaei" target="_blank">
+    <img src="./media/buymeacoffe.png" alt="Image">
+  </a>
+</p>

 - USDT (TRC20): `TXncxkvhkDWGts487Pjqq1qT9JmwRUz8CC`
 - MATIC (polygon): `0x41C9548675D044c6Bfb425786C765bc37427256A`
@@ -26,38 +35,62 @@
 bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh)
 ```

-## 安装指定版本
+## 安装旧版本 (我们不建议)

-要安装所需的版本，请将该版本添加到安装命令的末尾。 e.g., ver `v2.3.6`:
+要安装您想要的版本，请使用以下安装命令。例如，ver `v1.7.9`:

 ```
-bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh) v2.3.6
+VERSION=v1.7.9 && <(curl -Ls "https://raw.githubusercontent.com/mhsanaei/3x-ui/$VERSION/install.sh") $VERSION
 ```

-## SSL 认证
+### SSL证书

 <details>
-  <summary>点击查看 SSL 认证</summary>
+  <summary>点击查看SSL证书详情</summary>

-### Cloudflare
+### ACME

-管理脚本具有用于 Cloudflare 的内置 SSL 证书应用程序。若要使用此脚本申请证书，需要满足以下条件：
+使用ACME管理SSL证书：

- Cloudflare 邮箱地址
- Cloudflare Global API Key
- 域名已通过 cloudflare 解析到当前服务器
-
-**1:** 在终端中运行`x-ui`， 选择 `Cloudflare SSL Certificate`.
+1. 确保您的域名正确解析到服务器。
+2. 在终端中运行 `x-ui` 命令，然后选择 `SSL证书管理`。
+3. 您将看到以下选项：

+   - **Get SSL:** 获取SSL证书。
+   - **Revoke:** 吊销现有的SSL证书。
+   - **Force Renew:** 强制更新SSL证书。
+   - **Show Existing Domains:** 显示服务器上所有可用的域证书。  
+   - **Set Certificate Paths for the Panel:** 指定用于面板的域证书。

 ### Certbot
-```
+
+安装并使用Certbot：
+
+```sh
 apt-get install certbot -y
 certbot certonly --standalone --agree-tos --register-unsafely-without-email -d yourdomain.com
 certbot renew --dry-run
 ```

-***Tip:*** *管理脚本具有 Certbot 。使用 `x-ui` 命令， 选择 `SSL Certificate Management`.*
+### Cloudflare
+
+管理脚本内置了Cloudflare的SSL证书申请。要使用此脚本申请证书，您需要以下信息：
+
+- Cloudflare注册的电子邮件
+- Cloudflare全局API密钥
+- 域名必须通过Cloudflare解析到当前服务器
+
+**如何获取Cloudflare全局API密钥：**
+
+1. 在终端中运行 `x-ui` 命令，然后选择 `Cloudflare SSL证书`。
+2. 访问链接：[Cloudflare API Tokens](https://dash.cloudflare.com/profile/api-tokens)。
+3. 点击“查看全局API密钥”（参见下图）：
+   ![](media/APIKey1.PNG)
+4. 您可能需要重新验证您的账户。之后将显示API密钥（参见下图）：
+   ![](media/APIKey2.png)
+
+使用时，只需输入您的 `域名`、`电子邮件` 和 `API密钥`。如下图所示：
+   ![](media/DetailEnter.png)

 </details>

@@ -162,7 +195,7 @@ systemctl restart x-ui
    docker compose up -d
   ```

-从Docker中删除3x-ui 
+从Docker中删除3x-ui

   ```sh
    docker stop 3x-ui
@@ -174,18 +207,59 @@ systemctl restart x-ui
 </details>


+## Nginx 设置
+<details>
+  <summary>点击查看 反向代理配置</summary>
+
+#### Nginx反向代理
+```nginx
+location / {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range; 
+    proxy_redirect off;
+    proxy_pass http://127.0.0.1:2053;
+}
+```
+
+#### Nginx子路径
+- 确保 `/sub` 面板设置中的"面板url根路径"一致
+- 面板设置中的 `url` 需要以 `/` 结尾   
+
+```nginx
+location /sub {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range; 
+    proxy_redirect off;
+    proxy_pass http://127.0.0.1:2053;
+}
+```
+</details>
+
 ## 建议使用的操作系统

 - Ubuntu 20.04+
 - Debian 11+
 - CentOS 8+
+- OpenEuler 22.03+
 - Fedora 36+
 - Arch Linux
+- Parch Linux
 - Manjaro
 - Armbian
- AlmaLinux 9+
- Rockylinux 9+
+- AlmaLinux 8.0+
+- Rocky Linux 8+
+- Oracle Linux 8+
 - OpenSUSE Tubleweed
+- Amazon Linux 2023
+- Windows x64

 ## 支持的架构和设备
 <details>
@@ -208,14 +282,18 @@ systemctl restart x-ui

 ## Languages

- English（英语）
- Farsi（伊朗语）
- Chinese（中文）
- Russian（俄语）
- Vietnamese（越南语）
- Spanish（西班牙语）
- Indonesian （印度尼西亚语）
- Ukrainian（乌克兰语）
+- English（英语）  
+- Persian（波斯语）  
+- Traditional Chinese（繁体中文）  
+- Simplified Chinese（简体中文）  
+- Japanese（日语）  
+- Russian（俄语）  
+- Vietnamese（越南语）  
+- Spanish（西班牙语）  
+- Indonesian（印尼语）  
+- Ukrainian（乌克兰语）  
+- Turkish（土耳其语）  
+- Português (Brazil)（葡萄牙语（巴西））


 ## Features
@@ -236,88 +314,103 @@ systemctl restart x-ui
 - 支持从面板导出/导入数据库


-## 默认设置
+## 默认面板设置

 <details>
-  <summary>点击查看 默认设置</summary>
+  <summary>点击查看默认设置详情</summary>

-  ### 信息
+### 用户名、密码、端口和 Web Base Path

+如果您选择不修改这些设置，它们将随机生成（不适用于 Docker）。
+
+**Docker 的默认设置：**
+- **用户名：** admin
+- **密码：** admin
 - **端口：** 2053
- **用户名 & 密码：** 当您跳过设置时，此项会随机生成。
- **数据库路径：**
-  - /etc/x-ui/x-ui.db
- **Xray 配置路径：**
-  - /usr/local/x-ui/bin/config.json
- **面板链接（无SSL）：**
-  - http://ip:2053/panel
-  - http://domain:2053/panel
- **面板链接（有SSL）：**
-  - https://domain:2053/panel
- 
+
+### 数据库管理：
+
+  您可以直接在面板中方便地进行数据库备份和还原。
+
+- **数据库路径:**
+  - `/etc/x-ui/x-ui.db`
+
+### Web 基础路径
+
+1. **重置 Web 基础路径:**
+   - 打开终端。
+   - 运行 `x-ui` 命令。
+   - 选择 `重置 Web 基础路径` 选项。
+
+2. **生成或自定义路径:**
+   - 路径将会随机生成，或者您可以输入自定义路径。
+
+3. **查看当前设置:**
+   - 要查看当前设置，请在终端中使用 `x-ui settings` 命令，或在 `x-ui` 面板中点击 `查看当前设置`。
+
+### 安全建议：
+- 为了提高安全性，建议在URL结构中使用一个长的随机词。
+
+**示例：**
+- `http://ip:port/*webbasepath*/panel`
+- `http://domain:port/*webbasepath*/panel`
+
 </details>

 ## WARP 配置

 <details>
-  <summary>点击查看 WARP 配置</summary>
+  <summary>点击查看 WARP 配置详情</summary>

-#### 使用
+#### 使用方法

-如果要在 v2.1.0 之前使用 WARP 路由，请按照以下步骤操作：
+**对于 `v2.1.0` 及之后的版本：**

-**1.** 在 **SOCKS Proxy Mode** 模式中安装Wrap
-
-   ```sh
-   bash <(curl -sSL https://raw.githubusercontent.com/hamid-gh98/x-ui-scripts/main/install_warp_proxy.sh)
-   ```
-
-**2.** 如果您已经安装了 warp，您可以使用以下命令卸载：
-
-   ```sh
-   warp u
-   ```
-
-**3.** 在面板中打开您需要的配置
-
-   配置:
-
-   - Block Ads
-   - Route Google + Netflix + Spotify + OpenAI (ChatGPT) to WARP
-   - Fix Google 403 error
+WARP 已内置，无需额外安装。只需在面板中开启相关配置即可。

 </details>

 ## IP 限制

 <details>
-  <summary>点击查看 IP 限制</summary>
+  <summary>点击查看 IP 限制详情</summary>

-#### 使用
+#### 使用方法

-**注意：** 使用 IP 隧道时，IP 限制无法正常工作。
+**注意:** 当使用 IP 隧道时，IP 限制将无法正常工作。

- 适用于最高 `v1.6.1` ：
+- **对于 `v1.6.1` 及之前的版本：**
+  - IP 限制功能已内置于面板中。

-  - IP 限制 已被集成在面板中。
+**对于 `v1.7.0` 及更新的版本：**

- 适用于 `v1.7.0` 以及更新的版本：
+要启用 IP 限制功能，您需要安装 `fail2ban` 及其所需的文件，步骤如下：

-  - 要使 IP 限制正常工作，您需要按照以下步骤安装 fail2ban 及其所需的文件：
+1. 在终端中运行 `x-ui` 命令，然后选择 `IP 限制管理`。
+2. 您将看到以下选项：

-    1. 使用面板内置的 `x-ui` 指令
-    2. 选择 `IP Limit Management`.
-    3. 根据您的需要选择合适的选项。
-   
-  - 确保您的 Xray 配置上有 ./access.log 。在 v2.1.3 之后，我们有一个选项。
-  
-  ```sh
+   - **更改封禁时长:** 调整封禁时长。
+   - **解除所有封禁:** 解除当前的所有封禁。
+   - **查看日志:** 查看日志。
+   - **Fail2ban 状态:** 检查 `fail2ban` 的状态。
+   - **重启 Fail2ban:** 重启 `fail2ban` 服务。
+   - **卸载 Fail2ban:** 卸载带有配置的 Fail2ban。
+
+3. 在面板中通过设置 `Xray 配置/log/访问日志` 为 `./access.log` 添加访问日志路径，然后保存并重启 Xray。
+
+- **对于 `v2.1.3` 之前的版本：**
+  - 您需要在 Xray 配置中手动设置访问日志路径：
+
+    ```sh
    "log": {
      "access": "./access.log",
      "dnsLog": false,
      "loglevel": "warning"
    },
-  ```
+    ```
+
+- **对于 `v2.1.3` 及之后的版本：**
+  - 面板中直接提供了配置 `access.log` 的选项。

 </details>

@@ -368,7 +461,7 @@ Web 面板通过 Telegram Bot 支持每日流量、面板登录、数据库备

 - 与 [Botfather](https://t.me/BotFather) 对话：
    ![Botfather](./media/botfather.png)
-  
+
 - 使用 /newbot 创建新机器人：你需要提供机器人名称以及用户名，注意名称中末尾要包含“bot”
    ![创建机器人](./media/newbot.png)

@@ -393,6 +486,7 @@ Web 面板通过 Telegram Bot 支持每日流量、面板登录、数据库备

 #### 使用

+- [API 文档](https://www.postman.com/hsanaei/3x-ui/collection/q1l5l0u/3x-ui)
 - `/login` 使用 `POST` 用户名称 & 密码： `{username: '', password: ''}` 登录
 - `/panel/api/inbounds` 以下操作的基础：

@@ -422,9 +516,7 @@ Web 面板通过 Telegram Bot 支持每日流量、面板登录、数据库备
 - `client.password`  TROJAN
 - `client.email`  Shadowsocks

-
- [API 文档](https://documenter.getpostman.com/view/16802678/2s9YkgD5jm)
- [<img src="https://run.pstmn.io/button.svg" alt="Run In Postman" style="width: 128px; height: 32px;">](https://app.getpostman.com/run-collection/16802678-1a4c9270-ac77-40ed-959a-7aa56dc4a415?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D16802678-1a4c9270-ac77-40ed-959a-7aa56dc4a415%26entityType%3Dcollection%26workspaceId%3D2cd38c01-c851-4a15-a972-f181c23359d9)
+- [<img src="https://run.pstmn.io/button.svg" alt="Run In Postman" style="width: 128px; height: 32px;">](https://app.getpostman.com/run-collection/5146551-dda3cab3-0e33-485f-96f9-d4262f437ac5?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D5146551-dda3cab3-0e33-485f-96f9-d4262f437ac5%26entityType%3Dcollection%26workspaceId%3Dd64f609f-485a-4951-9b8f-876b3f917124)
 </details>

 ## 环境变量
@@ -452,13 +544,34 @@ XUI_BIN_FOLDER="bin" XUI_DB_FOLDER="/etc/x-ui" go build main.go

 ## 预览

-![1](./media/1.png)
-![2](./media/2.png)
-![3](./media/3.png)
-![4](./media/4.png)
-![5](./media/5.png)
-![6](./media/6.png)
-![7](./media/7.png)
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/01-overview-dark.png">
+  <img alt="3x-ui" src="./media/01-overview-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/02-inbounds-dark.png">
+  <img alt="3x-ui" src="./media/02-inbounds-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/03-add-inbound-dark.png">
+  <img alt="3x-ui" src="./media/03-add-inbound-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/04-add-client-dark.png">
+  <img alt="3x-ui" src="./media/04-add-client-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/05-settings-dark.png">
+  <img alt="3x-ui" src="./media/05-settings-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/06-configs-dark.png">
+  <img alt="3x-ui" src="./media/06-configs-light.png">
+</picture>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/07-bot-dark.png">
+  <img alt="3x-ui" src="./media/07-bot-light.png">
+</picture>

 ## 特别感谢

@@ -467,8 +580,8 @@ XUI_BIN_FOLDER="bin" XUI_DB_FOLDER="/etc/x-ui" go build main.go
 ## 致谢

 - [Iran v2ray rules](https://github.com/chocolate4u/Iran-v2ray-rules) (License: **GPL-3.0**): _Enhanced v2ray/xray and v2ray/xray-clients routing rules with built-in Iranian domains and a focus on security and adblocking._
- [Vietnam Adblock rules](https://github.com/vuong2023/vn-v2ray-rules) (License: **GPL-3.0**): _A hosted domain hosted in Vietnam and blocklist with the most efficiency for Vietnamese._
+- [Russia v2ray rules](https://github.com/runetfreedom/russia-v2ray-rules-dat) (License: **GPL-3.0**): _This repository contains automatically updated V2Ray routing rules based on data on blocked domains and addresses in Russia._

 ## Star趋势

-[![Stargazers over time](https://starchart.cc/MHSanaei/3x-ui.svg)](https://starchart.cc/MHSanaei/3x-ui)
+[![Stargazers over time](https://starchart.cc/MHSanaei/3x-ui.svg?variant=adaptive)](https://starchart.cc/MHSanaei/3x-ui)
--- a/config/version
+++ b/config/version
@@ -1 +1 @@
-2.3.10
+2.5.1
--- a/database/db.go
+++ b/database/db.go
@@ -26,20 +26,35 @@ const (
 )

 func initModels() error {
-	models := []interface{}{
+	// Order matters: first create tables without dependencies
+	baseModels := []interface{}{
 		&model.User{},
-		&model.Inbound{},
-		&model.OutboundTraffics{},
 		&model.Setting{},
-		&model.InboundClientIps{},
-		&xray.ClientTraffic{},
 	}
-	for _, model := range models {
+
+	// Migrate base models
+	for _, model := range baseModels {
 		if err := db.AutoMigrate(model); err != nil {
-			log.Printf("Error auto migrating model: %v", err)
+			log.Printf("Error auto migrating base model: %v", err)
 			return err
 		}
 	}
+
+	// Then migrate models with dependencies
+	dependentModels := []interface{}{
+		&model.Inbound{},
+		&model.OutboundTraffics{},
+		&model.InboundClientIps{},
+		&xray.ClientTraffic{},
+	}
+
+	for _, model := range dependentModels {
+		if err := db.AutoMigrate(model); err != nil {
+			log.Printf("Error auto migrating dependent model: %v", err)
+			return err
+		}
+	}
+
 	return nil
 }

@@ -82,9 +97,31 @@ func InitDB(dbPath string) error {
 	}

 	c := &gorm.Config{
-		Logger: gormLogger,
+		Logger:                 gormLogger,
+		SkipDefaultTransaction: true,
+		PrepareStmt:            true,
 	}
-	db, err = gorm.Open(sqlite.Open(dbPath), c)
+
+	dsn := dbPath + "?cache=shared&_journal_mode=WAL&_synchronous=NORMAL"
+	db, err = gorm.Open(sqlite.Open(dsn), c)
+	if err != nil {
+		return err
+	}
+
+	sqlDB, err := db.DB()
+	if err != nil {
+		return err
+	}
+
+	_, err = sqlDB.Exec("PRAGMA cache_size = -64000;")
+	if err != nil {
+		return err
+	}
+	_, err = sqlDB.Exec("PRAGMA temp_store = MEMORY;")
+	if err != nil {
+		return err
+	}
+	_, err = sqlDB.Exec("PRAGMA foreign_keys = ON;")
 	if err != nil {
 		return err
 	}
@@ -101,6 +138,11 @@ func InitDB(dbPath string) error {

 func CloseDB() error {
 	if db != nil {
+
+		if err := Checkpoint(); err != nil {
+			log.Printf("error executing checkpoint: %v", err)
+		}
+
 		sqlDB, err := db.DB()
 		if err != nil {
 			return err
--- a/database/model/model.go
+++ b/database/model/model.go
@@ -10,7 +10,7 @@ import (
 type Protocol string

 const (
-	VMess       Protocol = "vmess"
+	VMESS       Protocol = "vmess"
 	VLESS       Protocol = "vless"
 	DOKODEMO    Protocol = "dokodemo-door"
 	HTTP        Protocol = "http"
@@ -29,14 +29,14 @@ type User struct {

 type Inbound struct {
 	Id          int                  `json:"id" form:"id" gorm:"primaryKey;autoIncrement"`
-	UserId      int                  `json:"-"`
+	UserId      int                  `json:"-" gorm:"index"`
 	Up          int64                `json:"up" form:"up"`
 	Down        int64                `json:"down" form:"down"`
 	Total       int64                `json:"total" form:"total"`
 	Remark      string               `json:"remark" form:"remark"`
 	Enable      bool                 `json:"enable" form:"enable"`
 	ExpiryTime  int64                `json:"expiryTime" form:"expiryTime"`
-	ClientStats []xray.ClientTraffic `gorm:"foreignKey:InboundId;references:Id" json:"clientStats" form:"clientStats"`
+	ClientStats []xray.ClientTraffic `gorm:"foreignKey:InboundId;references:Id;constraint:OnDelete:CASCADE" json:"clientStats"`

 	// config part
 	Listen         string   `json:"listen" form:"listen"`
@@ -46,6 +46,7 @@ type Inbound struct {
 	StreamSettings string   `json:"streamSettings" form:"streamSettings"`
 	Tag            string   `json:"tag" form:"tag" gorm:"unique"`
 	Sniffing       string   `json:"sniffing" form:"sniffing"`
+	Allocate       string   `json:"allocate" form:"allocate"`
 }

 type OutboundTraffics struct {
@@ -75,6 +76,7 @@ func (i *Inbound) GenXrayInboundConfig() *xray.InboundConfig {
 		StreamSettings: json_util.RawMessage(i.StreamSettings),
 		Tag:            i.Tag,
 		Sniffing:       json_util.RawMessage(i.Sniffing),
+		Allocate:       json_util.RawMessage(i.Allocate),
 	}
 }

@@ -86,6 +88,7 @@ type Setting struct {

 type Client struct {
 	ID         string `json:"id"`
+	Security   string `json:"security"`
 	Password   string `json:"password"`
 	Flow       string `json:"flow"`
 	Email      string `json:"email"`
@@ -95,5 +98,6 @@ type Client struct {
 	Enable     bool   `json:"enable" form:"enable"`
 	TgID       int64  `json:"tgId" form:"tgId"`
 	SubID      string `json:"subId" form:"subId"`
+	Comment    string `json:"comment" form:"comment"`
 	Reset      int    `json:"reset" form:"reset"`
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,7 @@ services:
      - $PWD/cert/:/root/cert/
    environment:
      XRAY_VMESS_AEAD_FORCED: "false"
+      X_UI_ENABLE_FAIL2BAN: "true"
    tty: true
    network_mode: host
    restart: unless-stopped
--- a/go.mod
+++ b/go.mod
@@ -1,102 +1,101 @@
 module x-ui

-go 1.22.5
+go 1.23.5

 require (
-	github.com/gin-contrib/gzip v1.0.1
-	github.com/gin-contrib/sessions v1.0.1
+	github.com/gin-contrib/gzip v1.2.2
+	github.com/gin-contrib/sessions v1.0.2
 	github.com/gin-gonic/gin v1.10.0
-	github.com/goccy/go-json v0.10.3
-	github.com/mymmrac/telego v0.31.0
-	github.com/nicksnyder/go-i18n/v2 v2.4.0
+	github.com/goccy/go-json v0.10.5
+	github.com/mymmrac/telego v0.32.0
+	github.com/nicksnyder/go-i18n/v2 v2.5.1
 	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
-	github.com/pelletier/go-toml/v2 v2.2.2
+	github.com/pelletier/go-toml/v2 v2.2.3
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/shirou/gopsutil/v4 v4.24.6
-	github.com/valyala/fasthttp v1.55.0
-	github.com/xtls/xray-core v1.8.21
+	github.com/shirou/gopsutil/v4 v4.25.1
+	github.com/valyala/fasthttp v1.58.0
+	github.com/xtls/xray-core v1.8.25-0.20250130105737-0a8470cb14eb
 	go.uber.org/atomic v1.11.0
-	golang.org/x/text v0.16.0
-	google.golang.org/grpc v1.65.0
-	gorm.io/driver/sqlite v1.5.6
-	gorm.io/gorm v1.25.11
+	golang.org/x/text v0.21.0
+	google.golang.org/grpc v1.70.0
+	gorm.io/driver/sqlite v1.5.7
+	gorm.io/gorm v1.25.12
 )

 require (
-	github.com/andybalholm/brotli v1.1.0 // indirect
-	github.com/bytedance/sonic v1.11.9 // indirect
-	github.com/bytedance/sonic/loader v0.1.1 // indirect
-	github.com/cloudflare/circl v1.3.9 // indirect
-	github.com/cloudwego/base64x v0.1.4 // indirect
-	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 // indirect
-	github.com/fasthttp/router v1.5.2 // indirect
-	github.com/francoispqt/gojay v1.2.13 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
-	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/andybalholm/brotli v1.1.1 // indirect
+	github.com/bytedance/sonic v1.12.8 // indirect
+	github.com/bytedance/sonic/loader v0.2.3 // indirect
+	github.com/cloudflare/circl v1.5.0 // indirect
+	github.com/cloudwego/base64x v0.1.5 // indirect
+	github.com/dgryski/go-metro v0.0.0-20250106013310-edb8663e5e33 // indirect
+	github.com/ebitengine/purego v0.8.2 // indirect
+	github.com/fasthttp/router v1.5.4 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+	github.com/gin-contrib/sse v1.0.0 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.22.0 // indirect
+	github.com/go-playground/validator/v10 v10.24.0 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
-	github.com/google/btree v1.1.2 // indirect
-	github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da // indirect
+	github.com/google/btree v1.1.3 // indirect
+	github.com/google/pprof v0.0.0-20250202011525-fc3143867406 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/gorilla/sessions v1.3.0 // indirect
+	github.com/gorilla/sessions v1.4.0 // indirect
 	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/grbit/go-json v0.11.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.9 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/lufia/plan9stats v0.0.0-20240513124658-fba389f38bae // indirect
+	github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-sqlite3 v1.14.22 // indirect
+	github.com/mattn/go-sqlite3 v1.14.24 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/onsi/ginkgo/v2 v2.19.0 // indirect
-	github.com/pires/go-proxyproto v0.7.0 // indirect
+	github.com/onsi/ginkgo/v2 v2.22.2 // indirect
+	github.com/pires/go-proxyproto v0.8.0 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
-	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/quic-go/quic-go v0.45.1 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/quic-go v0.49.0 // indirect
 	github.com/refraction-networking/utls v1.6.7 // indirect
 	github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect
-	github.com/rogpeppe/go-internal v1.12.0 // indirect
-	github.com/sagernet/sing v0.4.2 // indirect
+	github.com/rogpeppe/go-internal v1.13.1 // indirect
+	github.com/sagernet/sing v0.5.1 // indirect
 	github.com/sagernet/sing-shadowsocks v0.2.7 // indirect
 	github.com/savsgio/gotils v0.0.0-20240704082632-aef3928b8a38 // indirect
 	github.com/seiflotfy/cuckoofilter v0.0.0-20240715131351-a2f2c23f1771 // indirect
-	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/tklauser/go-sysconf v0.3.14 // indirect
-	github.com/tklauser/numcpus v0.8.0 // indirect
+	github.com/tklauser/numcpus v0.9.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fastjson v1.6.4 // indirect
-	github.com/vishvananda/netlink v1.2.1-beta.2.0.20230316163032-ced5aaba43e3 // indirect
-	github.com/vishvananda/netns v0.0.4 // indirect
-	github.com/xtls/reality v0.0.0-20240712055506-48f0b2d5ed6d // indirect
+	github.com/vishvananda/netlink v1.3.0 // indirect
+	github.com/vishvananda/netns v0.0.5 // indirect
+	github.com/xtls/reality v0.0.0-20240909153216-e26ae2305463 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.uber.org/mock v0.4.0 // indirect
+	go.uber.org/mock v0.5.0 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
-	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/crypto v0.25.0 // indirect
-	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/mod v0.19.0 // indirect
-	golang.org/x/net v0.27.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.23.0 // indirect
+	golang.org/x/arch v0.13.0 // indirect
+	golang.org/x/crypto v0.32.0 // indirect
+	golang.org/x/exp v0.0.0-20250128182459-e0ece0dbea4c // indirect
+	golang.org/x/mod v0.22.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/time v0.9.0 // indirect
+	golang.org/x/tools v0.29.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287 // indirect
+	google.golang.org/protobuf v1.36.4 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gvisor.dev/gvisor v0.0.0-20231202080848-1f7806d17489 // indirect
+	gvisor.dev/gvisor v0.0.0-20240320123526-dc6abceb7ff0 // indirect
 	lukechampine.com/blake3 v1.3.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,65 +1,46 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo=
-dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU=
-dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU=
-dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
-dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
-git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
-github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
+github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/OmarTariq612/goech v0.0.0-20240405204721-8e2e1dafd3a0 h1:Wo41lDOevRJSGpevP+8Pk5bANX7fJacO2w04aqLiC5I=
 github.com/OmarTariq612/goech v0.0.0-20240405204721-8e2e1dafd3a0/go.mod h1:FVGavL/QEBQDcBpr3fAojoK17xX5k9bicBphrOpP7uM=
-github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
-github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
-github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
-github.com/bytedance/sonic v1.11.9 h1:LFHENlIY/SLzDWverzdOvgMztTxcfcF+cqNsz9pK5zg=
-github.com/bytedance/sonic v1.11.9/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
-github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
+github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
+github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
+github.com/bytedance/sonic v1.12.8 h1:4xYRVRlXIgvSZ4e8iVTlMF5szgpXd4AfvuWgA8I8lgs=
+github.com/bytedance/sonic v1.12.8/go.mod h1:uVvFidNmlt9+wa31S1urfwwthTWteBgG0hWuoKAXTx8=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE=
-github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
-github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
-github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
-github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/bytedance/sonic/loader v0.2.3 h1:yctD0Q3v2NOGfSWPLPvG2ggA2kV6TS6s4wioyEqssH0=
+github.com/bytedance/sonic/loader v0.2.3/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys=
+github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
+github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
+github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
-github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgryski/go-metro v0.0.0-20200812162917-85c65e2d0165/go.mod h1:c9O8+fpSOX1DM8cPNSkX/qsBWdkD4yd2dpciOWQjpBw=
-github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 h1:y7y0Oa6UawqTFPCDw9JG6pdKt4F9pAhHv0B7FMGaGD0=
-github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140/go.mod h1:c9O8+fpSOX1DM8cPNSkX/qsBWdkD4yd2dpciOWQjpBw=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/fasthttp/router v1.5.2 h1:ckJCCdV7hWkkrMeId3WfEhz+4Gyyf6QPwxi/RHIMZ6I=
-github.com/fasthttp/router v1.5.2/go.mod h1:C8EY53ozOwpONyevc/V7Gr8pqnEjwnkFFqPo1alAGs0=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk=
-github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I=
-github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/dgryski/go-metro v0.0.0-20250106013310-edb8663e5e33 h1:ucRHb6/lvW/+mTEIGbvhcYU3S8+uSNkuMjx/qZFfhtM=
+github.com/dgryski/go-metro v0.0.0-20250106013310-edb8663e5e33/go.mod h1:c9O8+fpSOX1DM8cPNSkX/qsBWdkD4yd2dpciOWQjpBw=
+github.com/ebitengine/purego v0.8.2 h1:jPPGWs2sZ1UgOSgD2bClL0MJIqu58nOmIcBuXr62z1I=
+github.com/ebitengine/purego v0.8.2/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
+github.com/fasthttp/router v1.5.4 h1:oxdThbBwQgsDIYZ3wR1IavsNl6ZS9WdjKukeMikOnC8=
+github.com/fasthttp/router v1.5.4/go.mod h1:3/hysWq6cky7dTfzaaEPZGdptwjwx0qzTgFCKEWRjgc=
+github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
 github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 h1:Arcl6UOIS/kgO2nW3A65HN+7CMjSDP/gofXL4CZt1V4=
 github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I=
-github.com/gin-contrib/gzip v1.0.1 h1:HQ8ENHODeLY7a4g1Au/46Z92bdGFl74OhxcZble9WJE=
-github.com/gin-contrib/gzip v1.0.1/go.mod h1:njt428fdUNRvjuJf16tZMYZ2Yl+WQB53X5wmhDwXvC4=
-github.com/gin-contrib/sessions v1.0.1 h1:3hsJyNs7v7N8OtelFmYXFrulAf6zSR7nW/putcPEHxI=
-github.com/gin-contrib/sessions v1.0.1/go.mod h1:ouxSFM24/OgIud5MJYQJLpy6AwxQ5EYO9yLhbtObGkM=
-github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
-github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-contrib/gzip v1.2.2 h1:iUU/EYCM8ENfkjmZaVrxbjF/ZC267Iqv5S0MMCMEliI=
+github.com/gin-contrib/gzip v1.2.2/go.mod h1:C1a5cacjlDsS20cKnHlZRCPUu57D3qH6B2pV0rl+Y/s=
+github.com/gin-contrib/sessions v1.0.2 h1:UaIjUvTH1cMeOdj3in6dl+Xb6It8RiKRF9Z1anbUyCA=
+github.com/gin-contrib/sessions v1.0.2/go.mod h1:KxKxWqWP5LJVDCInulOl4WbLzK2KSPlLesfZ66wRvMs=
+github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E=
+github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0=
 github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
 github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
-github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
-github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
-github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
 github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
@@ -69,179 +50,114 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
-github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-playground/validator/v10 v10.24.0 h1:KHQckvo8G6hlWnrPX4NJJ+aBfWNAE/HH+qdL2cBpCmg=
+github.com/go-playground/validator/v10 v10.24.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
-github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
-github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/golang/mock v1.7.0-rc.1 h1:YojYx61/OLFsiv6Rw1Z96LpldJIy31o+UHmwAUMJ6/U=
 github.com/golang/mock v1.7.0-rc.1/go.mod h1:s42URUywIqd+OcERslBJvOjepvNymP31m3q8d/GkuRs=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
-github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
-github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da h1:xRmpO92tb8y+Z85iUOMOicpCfaYcv7o3Cg3wKrIpg8g=
-github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
-github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
-github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/google/pprof v0.0.0-20250202011525-fc3143867406 h1:wlQI2cYY0BsWmmPPAnxfQ8SDW0S3Jasn+4B8kXFxprg=
+github.com/google/pprof v0.0.0-20250202011525-fc3143867406/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
 github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
-github.com/gorilla/sessions v1.3.0 h1:XYlkq7KcpOB2ZhHBPv5WpjMIxrQosiZanfoy1HLZFzg=
-github.com/gorilla/sessions v1.3.0/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
+github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
+github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grbit/go-json v0.11.0 h1:bAbyMdYrYl/OjYsSqLH99N2DyQ291mHy726Mx+sYrnc=
 github.com/grbit/go-json v0.11.0/go.mod h1:IYpHsdybQ386+6g3VE6AXQ3uTGa5mquBme5/ZWmtzek=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
-github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
-github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM=
-github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
+github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/lufia/plan9stats v0.0.0-20240513124658-fba389f38bae h1:dIZY4ULFcto4tAFlj1FYZl8ztUZ13bdq+PLY+NOfbyI=
-github.com/lufia/plan9stats v0.0.0-20240513124658-fba389f38bae/go.mod h1:ilwx/Dta8jXAgpFYFvSWEMwxmbWXyiUHkd5FwyKhb5k=
-github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
-github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683 h1:7UMa6KCCMjZEMDtTVdcGu0B1GmmC7QJKiCCjyTAWQy0=
+github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683/go.mod h1:ilwx/Dta8jXAgpFYFvSWEMwxmbWXyiUHkd5FwyKhb5k=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
-github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
-github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs=
-github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ=
+github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
+github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY=
+github.com/miekg/dns v1.1.63/go.mod h1:6NGHfjhpmr5lt3XPLuyfDJi5AXbNIPM9PY6H6sF1Nfs=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/mymmrac/telego v0.31.0 h1:vsN+JCNkh7Z9vfL/2/AHZ2xBsRk2GCMj3zydjCxkgIc=
-github.com/mymmrac/telego v0.31.0/go.mod h1:MuqgVf2xXnIOWZs0prvsp3f4Yss80kCSjVEj4CRl7Ig=
-github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
-github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
-github.com/nicksnyder/go-i18n/v2 v2.4.0 h1:3IcvPOAvnCKwNm0TB0dLDTuawWEj+ax/RERNC+diLMM=
-github.com/nicksnyder/go-i18n/v2 v2.4.0/go.mod h1:nxYSZE9M0bf3Y70gPQjN9ha7XNHX7gMc814+6wVyEI4=
-github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
-github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
-github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
-github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
+github.com/mymmrac/telego v0.32.0 h1:4X8C1l3k+opkk86r95+eQE8DxiS2LYlR61L/G7yreDY=
+github.com/mymmrac/telego v0.32.0/go.mod h1:qS6NaRhJgcuEEBEMVCV79S2xCAuHq9O+ixwfLuRW31M=
+github.com/nicksnyder/go-i18n/v2 v2.5.1 h1:IxtPxYsR9Gp60cGXjfuR/llTqV8aYMsC472zD0D1vHk=
+github.com/nicksnyder/go-i18n/v2 v2.5.1/go.mod h1:DrhgsSDZxoAfvVrBVLXoxZn/pN5TXqaDbq7ju94viiQ=
+github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU=
+github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk=
+github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=
+github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
-github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
-github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
-github.com/pires/go-proxyproto v0.7.0 h1:IukmRewDQFWC7kfnb66CSomk2q/seBuilHBYFwyq0Hs=
-github.com/pires/go-proxyproto v0.7.0/go.mod h1:Vz/1JPY/OACxWGQNIRY2BeyDmpoaWmEP40O9LbuiFR4=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
+github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
+github.com/pires/go-proxyproto v0.8.0 h1:5unRmEAPbHXHuLjDg01CxJWf91cw3lKHc/0xzKpXEe0=
+github.com/pires/go-proxyproto v0.8.0/go.mod h1:iknsfgnH8EkjrMeMyvfKByp9TiBZCKZM0jx2xmKqnVY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
-github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/quic-go/quic-go v0.45.1 h1:tPfeYCk+uZHjmDRwHHQmvHRYL2t44ROTujLeFVBmjCA=
-github.com/quic-go/quic-go v0.45.1/go.mod h1:1dLehS7TIR64+vxGR70GDcatWTOtMX2PUtnKsjbTurI=
+github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/quic-go v0.49.0 h1:w5iJHXwHxs1QxyBv1EHKuC50GX5to8mJAxvtnttJp94=
+github.com/quic-go/quic-go v0.49.0/go.mod h1:s2wDnmCdooUQBmQfpUSTCYBl1/D4FcqbULMMkASvR6s=
 github.com/refraction-networking/utls v1.6.7 h1:zVJ7sP1dJx/WtVuITug3qYUq034cDq9B2MR1K67ULZM=
 github.com/refraction-networking/utls v1.6.7/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
-github.com/sagernet/sing v0.4.2 h1:jzGNJdZVRI0xlAfFugsIQUPvyB9SuWvbJK7zQCXc4QM=
-github.com/sagernet/sing v0.4.2/go.mod h1:ieZHA/+Y9YZfXs2I3WtuwgyCZ6GPsIR7HdKb1SdEnls=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/sagernet/sing v0.5.1 h1:mhL/MZVq0TjuvHcpYcFtmSD1BFOxZ/+8ofbNZcg1k1Y=
+github.com/sagernet/sing v0.5.1/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/sagernet/sing-shadowsocks v0.2.7 h1:zaopR1tbHEw5Nk6FAkM05wCslV6ahVegEZaKMv9ipx8=
 github.com/sagernet/sing-shadowsocks v0.2.7/go.mod h1:0rIKJZBR65Qi0zwdKezt4s57y/Tl1ofkaq6NlkzVuyE=
 github.com/savsgio/gotils v0.0.0-20240704082632-aef3928b8a38 h1:D0vL7YNisV2yqE55+q0lFuGse6U8lxlg7fYTctlT5Gc=
 github.com/savsgio/gotils v0.0.0-20240704082632-aef3928b8a38/go.mod h1:sM7Mt7uEoCeFSCBM+qBrqvEo+/9vdmj19wzp3yzUhmg=
 github.com/seiflotfy/cuckoofilter v0.0.0-20240715131351-a2f2c23f1771 h1:emzAzMZ1L9iaKCTxdy3Em8Wv4ChIAGnfiz18Cda70g4=
 github.com/seiflotfy/cuckoofilter v0.0.0-20240715131351-a2f2c23f1771/go.mod h1:bR6DqgcAl1zTcOX8/pE2Qkj9XO00eCNqmKb7lXP8EAg=
-github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
-github.com/shirou/gopsutil/v4 v4.24.6 h1:9qqCSYF2pgOU+t+NgJtp7Co5+5mHF/HyKBUckySQL64=
-github.com/shirou/gopsutil/v4 v4.24.6/go.mod h1:aoebb2vxetJ/yIDZISmduFvVNPHqXQ9SEJwRXxkf0RA=
-github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
-github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
-github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
-github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
-github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY=
-github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM=
-github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0=
-github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
-github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
-github.com/shurcooL/gofontwoff v0.0.0-20180329035133-29b52fc0a18d/go.mod h1:05UtEgK5zq39gLST6uB0cf3NEHjETfB4Fgr3Gx5R9Vw=
-github.com/shurcooL/gopherjslib v0.0.0-20160914041154-feb6d3990c2c/go.mod h1:8d3azKNyqcHP1GaQE/c6dDgjkgSx2BZ4IoEi4F1reUI=
-github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU=
-github.com/shurcooL/highlight_go v0.0.0-20181028180052-98c3abbbae20/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag=
-github.com/shurcooL/home v0.0.0-20181020052607-80b7ffcb30f9/go.mod h1:+rgNQw2P9ARFAs37qieuu7ohDNQ3gds9msbT2yn85sg=
-github.com/shurcooL/htmlg v0.0.0-20170918183704-d01228ac9e50/go.mod h1:zPn1wHpTIePGnXSHpsVPWEktKXHr6+SS6x/IKRb7cpw=
-github.com/shurcooL/httperror v0.0.0-20170206035902-86b7830d14cc/go.mod h1:aYMfkZ6DWSJPJ6c4Wwz3QtW22G7mf/PEgaB9k/ik5+Y=
-github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
-github.com/shurcooL/httpgzip v0.0.0-20180522190206-b1c53ac65af9/go.mod h1:919LwcH0M7/W4fcZ0/jy0qGght1GIhqyS/EgWGH2j5Q=
-github.com/shurcooL/issues v0.0.0-20181008053335-6292fdc1e191/go.mod h1:e2qWDig5bLteJ4fwvDAc2NHzqFEthkqn7aOZAOpj+PQ=
-github.com/shurcooL/issuesapp v0.0.0-20180602232740-048589ce2241/go.mod h1:NPpHK2TI7iSaM0buivtFUc9offApnI0Alt/K8hcHy0I=
-github.com/shurcooL/notifications v0.0.0-20181007000457-627ab5aea122/go.mod h1:b5uSkrEVM1jQUspwbixRBhaIjIzL2xazXp6kntxYle0=
-github.com/shurcooL/octicon v0.0.0-20181028054416-fa4f57f9efb2/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ=
-github.com/shurcooL/reactions v0.0.0-20181006231557-f2e0b4ca5b82/go.mod h1:TCR1lToEk4d2s07G3XGfz2QrgHXg4RJBvjrOozvoWfk=
-github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4=
-github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw=
-github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
-github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
+github.com/shirou/gopsutil/v4 v4.25.1 h1:QSWkTc+fu9LTAWfkZwZ6j8MSUk4A2LV7rbH0ZqmLjXs=
+github.com/shirou/gopsutil/v4 v4.25.1/go.mod h1:RoUCUpndaJFtT+2zsZzzmhvbfGoDCJ7nFXKJf8GqJbI=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -249,13 +165,12 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tklauser/go-sysconf v0.3.14 h1:g5vzr9iPFFz24v2KZXs/pvpvh8/V9Fw6vQK5ZZb78yU=
 github.com/tklauser/go-sysconf v0.3.14/go.mod h1:1ym4lWMLUOhuBOPGtRcJm7tEGX4SCYNEEEtghGG/8uY=
-github.com/tklauser/numcpus v0.8.0 h1:Mx4Wwe/FjZLeQsK/6kt2EOepwwSl7SmJrK5bV/dXYgY=
-github.com/tklauser/numcpus v0.8.0/go.mod h1:ZJZlAY+dmR4eut8epnzf0u/VwodKmryxR8txiloSqBE=
+github.com/tklauser/numcpus v0.9.0 h1:lmyCHtANi8aRUgkckBgoDk1nHCux3n2cgkJLXdQGPDo=
+github.com/tklauser/numcpus v0.9.0/go.mod h1:SN6Nq1O3VychhC1npsWostA+oW+VOQTxZrS604NSRyI=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
@@ -264,148 +179,90 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF
 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.55.0 h1:Zkefzgt6a7+bVKHnu/YaYSOPfNYNisSVBo/unVCf8k8=
-github.com/valyala/fasthttp v1.55.0/go.mod h1:NkY9JtkrpPKmgwV3HTaS2HWaJss9RSIsRVfcxxoHiOM=
+github.com/valyala/fasthttp v1.58.0 h1:GGB2dWxSbEprU9j0iMJHgdKYJVDyjrOwF9RE59PbRuE=
+github.com/valyala/fasthttp v1.58.0/go.mod h1:SYXvHHaFp7QZHGKSHmoMipInhrI5StHrhDTYVEjK/Kw=
 github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
-github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
-github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
-github.com/vishvananda/netlink v1.2.1-beta.2.0.20230316163032-ced5aaba43e3 h1:tkMT5pTye+1NlKIXETU78NXw0fyjnaNHmJyyLyzw8+U=
-github.com/vishvananda/netlink v1.2.1-beta.2.0.20230316163032-ced5aaba43e3/go.mod h1:cAAsePK2e15YDAMJNyOpGYEWNe4sIghTY7gpz4cX/Ik=
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
+github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk=
+github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
-github.com/xtls/reality v0.0.0-20240712055506-48f0b2d5ed6d h1:+B97uD9uHLgAAulhigmys4BVwZZypzK7gPN3WtpgRJg=
-github.com/xtls/reality v0.0.0-20240712055506-48f0b2d5ed6d/go.mod h1:dm4y/1QwzjGaK17ofi0Vs6NpKAHegZky8qk6J2JJZAE=
-github.com/xtls/xray-core v1.8.21 h1:cNdepud+R9PENKzXlSZsq0je4BWI6liXAuep6CD6xvk=
-github.com/xtls/xray-core v1.8.21/go.mod h1:0CwyMPNA5Cs+ukPXHbYQGgne/ug0PuXOSVqBu7zyXOc=
+github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
+github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
+github.com/xtls/reality v0.0.0-20240909153216-e26ae2305463 h1:g1Cj7d+my6k/HHxLAyxPwyX8i7FGRr6ulBDMkBzg2BM=
+github.com/xtls/reality v0.0.0-20240909153216-e26ae2305463/go.mod h1:BjIOLmkEEtAgloAiVUcYj0Mt+YU00JARZw8AEU0IwAg=
+github.com/xtls/xray-core v1.8.25-0.20250130105737-0a8470cb14eb h1:VBzDZ4XHT9FM0S3qvXp6KuTOk7mXQQm0pjOW0Neeog4=
+github.com/xtls/xray-core v1.8.25-0.20250130105737-0a8470cb14eb/go.mod h1:EKhNEDY/WIB+ylEbVv2pzUaP08W/lt0sYmJQ9FJruko=
+github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
+github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
+go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
+go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
+go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M=
+go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
+go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4=
+go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU=
+go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU=
+go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ=
+go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
+go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
-go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
-go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
+go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
+go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
-golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
-golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
-golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw=
-golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
-golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
-golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/arch v0.13.0 h1:KCkqVVV1kGg0X87TFysjCJ8MxtZEIU4Ja/yXGeoECdA=
+golang.org/x/arch v0.13.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/exp v0.0.0-20250128182459-e0ece0dbea4c h1:KL/ZBHXgKGVmuZBZ01Lt57yE5ws8ZPSkkihmEyq7FXc=
+golang.org/x/exp v0.0.0-20250128182459-e0ece0dbea4c/go.mod h1:tujkw807nyEEAamNbDrEGzRav+ilXA7PCRAd6xsmwiU=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20220804214406-8e32c043e418/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
-golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
+golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE=
+golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
 golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 h1:/jFs0duh4rdb8uIfPMv78iAJGcPKDeqAFnaLBropIC4=
 golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173/go.mod h1:tkCQ4FQXmpAgYVh++1cq16/dH4QJtmvpRv19DWGAHSA=
-google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg=
-google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d h1:JU0iKnSg02Gmb5ZdV8nYsKEKsP6o/FGVWTrw4i1DA9A=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
-google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
-google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
-google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287 h1:J1H9f+LEdWAfHcez/4cvaVBox7cOYT+IU6rgqj5x++8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk=
+google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ=
+google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw=
+google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM=
+google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/driver/sqlite v1.5.6 h1:fO/X46qn5NUEEOZtnjJRWRzZMe8nqJiQ9E+0hi+hKQE=
-gorm.io/driver/sqlite v1.5.6/go.mod h1:U+J8craQU6Fzkcvu8oLeAQmi50TkwPEhHDEjQZXDah4=
-gorm.io/gorm v1.25.11 h1:/Wfyg1B/je1hnDx3sMkX+gAlxrlZpn6X0BXRlwXlvHg=
-gorm.io/gorm v1.25.11/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
-grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
-gvisor.dev/gvisor v0.0.0-20231202080848-1f7806d17489 h1:ze1vwAdliUAr68RQ5NtufWaXaOg8WUO2OACzEV+TNdE=
-gvisor.dev/gvisor v0.0.0-20231202080848-1f7806d17489/go.mod h1:10sU+Uh5KKNv1+2x2A0Gvzt8FjD3ASIhorV3YsauXhk=
-honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+gorm.io/driver/sqlite v1.5.7 h1:8NvsrhP0ifM7LX9G4zPB97NwovUakUxc+2V2uuf3Z1I=
+gorm.io/driver/sqlite v1.5.7/go.mod h1:U+J8craQU6Fzkcvu8oLeAQmi50TkwPEhHDEjQZXDah4=
+gorm.io/gorm v1.25.12 h1:I0u8i2hWQItBq1WfE0o2+WuL9+8L21K9e2HHSTE/0f8=
+gorm.io/gorm v1.25.12/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
+gvisor.dev/gvisor v0.0.0-20240320123526-dc6abceb7ff0 h1:P+U/06iIKPQ3DLcg+zBfSCia1luZ2msPZrJ8jYDFPs0=
+gvisor.dev/gvisor v0.0.0-20240320123526-dc6abceb7ff0/go.mod h1:NQHVAzMwvZ+Qe3ElSiHmq9RUm1MdNHpUZ52fiEqvn+0=
 lukechampine.com/blake3 v1.3.0 h1:sJ3XhFINmHSrYCgl958hscfIa3bw8x4DqMP3u1YvoYE=
 lukechampine.com/blake3 v1.3.0/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
-rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
-sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=
-sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
--- a/install.sh
+++ b/install.sh
@@ -2,6 +2,7 @@

 red='\033[0;31m'
 green='\033[0;32m'
+blue='\033[0;34m'
 yellow='\033[0;33m'
 plain='\033[0m'

@@ -39,43 +40,53 @@ arch() {
 echo "arch: $(arch)"

 os_version=""
-os_version=$(grep -i version_id /etc/os-release | cut -d \" -f2 | cut -d . -f1)
+os_version=$(grep "^VERSION_ID" /etc/os-release | cut -d '=' -f2 | tr -d '"' | tr -d '.')

 if [[ "${release}" == "arch" ]]; then
    echo "Your OS is Arch Linux"
 elif [[ "${release}" == "parch" ]]; then
-    echo "Your OS is Parch linux"
+    echo "Your OS is Parch Linux"
 elif [[ "${release}" == "manjaro" ]]; then
    echo "Your OS is Manjaro"
 elif [[ "${release}" == "armbian" ]]; then
    echo "Your OS is Armbian"
+elif [[ "${release}" == "alpine" ]]; then
+    echo "Your OS is Alpine Linux"
 elif [[ "${release}" == "opensuse-tumbleweed" ]]; then
    echo "Your OS is OpenSUSE Tumbleweed"
+elif [[ "${release}" == "openEuler" ]]; then
+    if [[ ${os_version} -lt 2203 ]]; then
+        echo -e "${red} Please use OpenEuler 22.03 or higher ${plain}\n" && exit 1
+    fi
 elif [[ "${release}" == "centos" ]]; then
    if [[ ${os_version} -lt 8 ]]; then
        echo -e "${red} Please use CentOS 8 or higher ${plain}\n" && exit 1
    fi
 elif [[ "${release}" == "ubuntu" ]]; then
-    if [[ ${os_version} -lt 20 ]]; then
+    if [[ ${os_version} -lt 2004 ]]; then
        echo -e "${red} Please use Ubuntu 20 or higher version!${plain}\n" && exit 1
    fi
 elif [[ "${release}" == "fedora" ]]; then
    if [[ ${os_version} -lt 36 ]]; then
        echo -e "${red} Please use Fedora 36 or higher version!${plain}\n" && exit 1
    fi
+elif [[ "${release}" == "amzn" ]]; then
+    if [[ ${os_version} != "2023" ]]; then
+        echo -e "${red} Please use Amazon Linux 2023!${plain}\n" && exit 1
+    fi
 elif [[ "${release}" == "debian" ]]; then
    if [[ ${os_version} -lt 11 ]]; then
        echo -e "${red} Please use Debian 11 or higher ${plain}\n" && exit 1
    fi
 elif [[ "${release}" == "almalinux" ]]; then
-    if [[ ${os_version} -lt 9 ]]; then
-        echo -e "${red} Please use AlmaLinux 9 or higher ${plain}\n" && exit 1
+    if [[ ${os_version} -lt 80 ]]; then
+        echo -e "${red} Please use AlmaLinux 8.0 or higher ${plain}\n" && exit 1
    fi
 elif [[ "${release}" == "rocky" ]]; then
-    if [[ ${os_version} -lt 9 ]]; then
-        echo -e "${red} Please use Rocky Linux 9 or higher ${plain}\n" && exit 1
+    if [[ ${os_version} -lt 8 ]]; then
+        echo -e "${red} Please use Rocky Linux 8 or higher ${plain}\n" && exit 1
    fi
-elif [[ "${release}" == "oracle" ]]; then
+elif [[ "${release}" == "ol" ]]; then
    if [[ ${os_version} -lt 8 ]]; then
        echo -e "${red} Please use Oracle Linux 8 or higher ${plain}\n" && exit 1
    fi
@@ -85,17 +96,18 @@ else
    echo "- Ubuntu 20.04+"
    echo "- Debian 11+"
    echo "- CentOS 8+"
+    echo "- OpenEuler 22.03+"
    echo "- Fedora 36+"
    echo "- Arch Linux"
    echo "- Parch Linux"
    echo "- Manjaro"
    echo "- Armbian"
-    echo "- AlmaLinux 9+"
-    echo "- Rocky Linux 9+"
+    echo "- AlmaLinux 8.0+"
+    echo "- Rocky Linux 8+"
    echo "- Oracle Linux 8+"
    echo "- OpenSUSE Tumbleweed"
+    echo "- Amazon Linux 2023"
    exit 1
-
 fi

 install_base() {
@@ -103,10 +115,10 @@ install_base() {
    ubuntu | debian | armbian)
        apt-get update && apt-get install -y -q wget curl tar tzdata
        ;;
-    centos | almalinux | rocky | oracle)
+    centos | almalinux | rocky | ol)
        yum -y update && yum install -y -q wget curl tar tzdata
        ;;
-    fedora)
+    fedora | amzn)
        dnf -y update && dnf install -y -q wget curl tar tzdata
        ;;
    arch | manjaro | parch)
@@ -123,48 +135,67 @@ install_base() {

 gen_random_string() {
    local length="$1"
-    local random_string=$(LC_ALL=C tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w "$length" | head -n 1)
+    local random_string=$(LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w "$length" | head -n 1)
    echo "$random_string"
 }

-# This function will be called when user installed x-ui out of security
 config_after_install() {
-    echo -e "${yellow}Install/update finished! For security it's recommended to modify panel settings ${plain}"
-    read -p "Would you like to customize the panel settings? (If not, random settings will be applied) [y/n]: " config_confirm
-    if [[ "${config_confirm}" == "y" || "${config_confirm}" == "Y" ]]; then
-        read -p "Please set up your username: " config_account
-        echo -e "${yellow}Your username will be: ${config_account}${plain}"
-        read -p "Please set up your password: " config_password
-        echo -e "${yellow}Your password will be: ${config_password}${plain}"
-        read -p "Please set up the panel port: " config_port
-        echo -e "${yellow}Your panel port is: ${config_port}${plain}"
-        read -p "Please set up the web base path (ip:port/webbasepath/): " config_webBasePath
-        echo -e "${yellow}Your web base path is: ${config_webBasePath}${plain}"
-        echo -e "${yellow}Initializing, please wait...${plain}"
-        /usr/local/x-ui/x-ui setting -username ${config_account} -password ${config_password}
-        echo -e "${yellow}Account name and password set successfully!${plain}"
-        /usr/local/x-ui/x-ui setting -port ${config_port}
-        echo -e "${yellow}Panel port set successfully!${plain}"
-        /usr/local/x-ui/x-ui setting -webBasePath ${config_webBasePath}
-        echo -e "${yellow}Web base path set successfully!${plain}"
-    else
-        echo -e "${red}Cancel...${plain}"
-        if [[ ! -f "/etc/x-ui/x-ui.db" ]]; then
-            local usernameTemp=$(head -c 6 /dev/urandom | base64)
-            local passwordTemp=$(head -c 6 /dev/urandom | base64)
-            local webBasePathTemp=$(gen_random_string 10)
-            /usr/local/x-ui/x-ui setting -username ${usernameTemp} -password ${passwordTemp} -webBasePath ${webBasePathTemp}
-            echo -e "This is a fresh installation, will generate random login info for security concerns:"
+    local existing_username=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'username: .+' | awk '{print $2}')
+    local existing_password=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'password: .+' | awk '{print $2}')
+    local existing_webBasePath=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}')
+    local existing_port=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}')
+    local server_ip=$(curl -s https://api.ipify.org)
+
+    if [[ ${#existing_webBasePath} -lt 4 ]]; then
+        if [[ "$existing_username" == "admin" && "$existing_password" == "admin" ]]; then
+            local config_webBasePath=$(gen_random_string 15)
+            local config_username=$(gen_random_string 10)
+            local config_password=$(gen_random_string 10)
+
+            read -p "Would you like to customize the Panel Port settings? (If not, a random port will be applied) [y/n]: " config_confirm
+            if [[ "${config_confirm}" == "y" || "${config_confirm}" == "Y" ]]; then
+                read -p "Please set up the panel port: " config_port
+                echo -e "${yellow}Your Panel Port is: ${config_port}${plain}"
+            else
+                local config_port=$(shuf -i 1024-62000 -n 1)
+                echo -e "${yellow}Generated random port: ${config_port}${plain}"
+            fi
+
+            /usr/local/x-ui/x-ui setting -username "${config_username}" -password "${config_password}" -port "${config_port}" -webBasePath "${config_webBasePath}"
+            echo -e "This is a fresh installation, generating random login info for security concerns:"
            echo -e "###############################################"
-            echo -e "${green}Username: ${usernameTemp}${plain}"
-            echo -e "${green}Password: ${passwordTemp}${plain}"
-            echo -e "${green}WebBasePath: ${webBasePathTemp}${plain}"
+            echo -e "${green}Username: ${config_username}${plain}"
+            echo -e "${green}Password: ${config_password}${plain}"
+            echo -e "${green}Port: ${config_port}${plain}"
+            echo -e "${green}WebBasePath: ${config_webBasePath}${plain}"
+            echo -e "${green}Access URL: http://${server_ip}:${config_port}/${config_webBasePath}${plain}"
            echo -e "###############################################"
-            echo -e "${yellow}If you forgot your login info, you can type "x-ui settings" to check after installation${plain}"
+            echo -e "${yellow}If you forgot your login info, you can type 'x-ui settings' to check${plain}"
        else
-            echo -e "${yellow}This is your upgrade, will keep old settings. If you forgot your login info, you can type "x-ui settings" to check${plain}"
+            local config_webBasePath=$(gen_random_string 15)
+            echo -e "${yellow}WebBasePath is missing or too short. Generating a new one...${plain}"
+            /usr/local/x-ui/x-ui setting -webBasePath "${config_webBasePath}"
+            echo -e "${green}New WebBasePath: ${config_webBasePath}${plain}"
+            echo -e "${green}Access URL: http://${server_ip}:${existing_port}/${config_webBasePath}${plain}"
+        fi
+    else
+        if [[ "$existing_username" == "admin" && "$existing_password" == "admin" ]]; then
+            local config_username=$(gen_random_string 10)
+            local config_password=$(gen_random_string 10)
+
+            echo -e "${yellow}Default credentials detected. Security update required...${plain}"
+            /usr/local/x-ui/x-ui setting -username "${config_username}" -password "${config_password}"
+            echo -e "Generated new random login credentials:"
+            echo -e "###############################################"
+            echo -e "${green}Username: ${config_username}${plain}"
+            echo -e "${green}Password: ${config_password}${plain}"
+            echo -e "###############################################"
+            echo -e "${yellow}If you forgot your login info, you can type 'x-ui settings' to check${plain}"
+        else
+            echo -e "${green}Username, Password, and WebBasePath are properly set. Exiting...${plain}"
        fi
    fi
+
    /usr/local/x-ui/x-ui migrate
 }

@@ -172,24 +203,32 @@ install_x-ui() {
    cd /usr/local/

    if [ $# == 0 ]; then
-        last_version=$(curl -Ls "https://api.github.com/repos/MHSanaei/3x-ui/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
-        if [[ ! -n "$last_version" ]]; then
-            echo -e "${red}Failed to fetch x-ui version, it maybe due to Github API restrictions, please try it later${plain}"
+        tag_version=$(curl -Ls "https://api.github.com/repos/MHSanaei/3x-ui/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+        if [[ ! -n "$tag_version" ]]; then
+            echo -e "${red}Failed to fetch x-ui version, it may be due to GitHub API restrictions, please try it later${plain}"
            exit 1
        fi
-        echo -e "Got x-ui latest version: ${last_version}, beginning the installation..."
-        wget -N --no-check-certificate -O /usr/local/x-ui-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${last_version}/x-ui-linux-$(arch).tar.gz
+        echo -e "Got x-ui latest version: ${tag_version}, beginning the installation..."
+        wget -N --no-check-certificate -O /usr/local/x-ui-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz
        if [[ $? -ne 0 ]]; then
-            echo -e "${red}Downloading x-ui failed, please be sure that your server can access Github ${plain}"
+            echo -e "${red}Downloading x-ui failed, please be sure that your server can access GitHub ${plain}"
            exit 1
        fi
    else
-        last_version=$1
-        url="https://github.com/MHSanaei/3x-ui/releases/download/${last_version}/x-ui-linux-$(arch).tar.gz"
+        tag_version=$1
+        tag_version_numeric=${tag_version#v}
+        min_version="2.3.5"
+
+        if [[ "$(printf '%s\n' "$min_version" "$tag_version_numeric" | sort -V | head -n1)" != "$min_version" ]]; then
+            echo -e "${red}Please use a newer version (at least v2.3.5). Exiting installation.${plain}"
+            exit 1
+        fi
+
+        url="https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz"
        echo -e "Beginning to install x-ui $1"
        wget -N --no-check-certificate -O /usr/local/x-ui-linux-$(arch).tar.gz ${url}
        if [[ $? -ne 0 ]]; then
-            echo -e "${red}Download x-ui $1 failed,please check the version exists ${plain}"
+            echo -e "${red}Download x-ui $1 failed, please check if the version exists ${plain}"
            exit 1
        fi
    fi
@@ -220,28 +259,28 @@ install_x-ui() {
    systemctl daemon-reload
    systemctl enable x-ui
    systemctl start x-ui
-    echo -e "${green}x-ui ${last_version}${plain} installation finished, it is running now..."
+    echo -e "${green}x-ui ${tag_version}${plain} installation finished, it is running now..."
    echo -e ""
-    echo -e "x-ui control menu usages: "
-    echo -e "----------------------------------------------"
-    echo -e "SUBCOMMANDS:"
-    echo -e "x-ui              - Admin Management Script"
-    echo -e "x-ui start        - Start"
-    echo -e "x-ui stop         - Stop"
-    echo -e "x-ui restart      - Restart"
-    echo -e "x-ui status       - Current Status"
-    echo -e "x-ui settings     - Current Settings"
-    echo -e "x-ui enable       - Enable Autostart on OS Startup"
-    echo -e "x-ui disable      - Disable Autostart on OS Startup"
-    echo -e "x-ui log          - Check logs"
-    echo -e "x-ui banlog       - Check Fail2ban ban logs"
-    echo -e "x-ui update       - Update"
-    echo -e "x-ui custom       - custom version"
-    echo -e "x-ui install      - Install"
-    echo -e "x-ui uninstall    - Uninstall"
-    echo -e "----------------------------------------------"
+    echo -e "┌───────────────────────────────────────────────────────┐
+│  ${blue}x-ui control menu usages (subcommands):${plain}              │
+│                                                       │
+│  ${blue}x-ui${plain}              - Admin Management Script          │
+│  ${blue}x-ui start${plain}        - Start                            │
+│  ${blue}x-ui stop${plain}         - Stop                             │
+│  ${blue}x-ui restart${plain}      - Restart                          │
+│  ${blue}x-ui status${plain}       - Current Status                   │
+│  ${blue}x-ui settings${plain}     - Current Settings                 │
+│  ${blue}x-ui enable${plain}       - Enable Autostart on OS Startup   │
+│  ${blue}x-ui disable${plain}      - Disable Autostart on OS Startup  │
+│  ${blue}x-ui log${plain}          - Check logs                       │
+│  ${blue}x-ui banlog${plain}       - Check Fail2ban ban logs          │
+│  ${blue}x-ui update${plain}       - Update                           │
+│  ${blue}x-ui legacy${plain}       - legacy version                   │
+│  ${blue}x-ui install${plain}      - Install                          │
+│  ${blue}x-ui uninstall${plain}    - Uninstall                        │
+└───────────────────────────────────────────────────────┘"
 }

 echo -e "${green}Running...${plain}"
 install_base
-install_x-ui $1
+install_x-ui $1
--- a/main.go
+++ b/main.go
@@ -73,11 +73,11 @@ func runWebServer() {

 			err := server.Stop()
 			if err != nil {
-				logger.Warning("Error stopping web server:", err)
+				logger.Debug("Error stopping web server:", err)
 			}
 			err = subServer.Stop()
 			if err != nil {
-				logger.Warning("Error stopping sub server:", err)
+				logger.Debug("Error stopping sub server:", err)
 			}

 			server = web.NewServer()
@@ -136,6 +136,15 @@ func showSetting(show bool) {
 			fmt.Println("get webBasePath failed, error info:", err)
 		}

+		certFile, err := settingService.GetCertFile()
+		if err != nil {
+			fmt.Println("get cert file failed, error info:", err)
+		}
+		keyFile, err := settingService.GetKeyFile()
+		if err != nil {
+			fmt.Println("get key file failed, error info:", err)
+		}
+
 		userService := service.UserService{}
 		userModel, err := userService.GetFirstUser()
 		if err != nil {
@@ -149,14 +158,15 @@ func showSetting(show bool) {
 		}

 		fmt.Println("current panel settings as follows:")
+		if certFile == "" || keyFile == "" {
+			fmt.Println("Warning: Panel is not secure with SSL")
+		} else {
+			fmt.Println("Panel is secure with SSL")
+		}
 		fmt.Println("username:", username)
 		fmt.Println("password:", userpasswd)
 		fmt.Println("port:", port)
-		if webBasePath != "" {
-			fmt.Println("webBasePath:", webBasePath)
-		} else {
-			fmt.Println("webBasePath is not set")
-		}
+		fmt.Println("webBasePath:", webBasePath)
 	}
 }

@@ -216,7 +226,7 @@ func updateTgbotSetting(tgBotToken string, tgBotChatid string, tgBotRuntime stri
 	}
 }

-func updateSetting(port int, username string, password string, webBasePath string) {
+func updateSetting(port int, username string, password string, webBasePath string, listenIP string) {
 	err := database.InitDB(config.GetDBPath())
 	if err != nil {
 		fmt.Println("Database initialization failed:", err)
@@ -252,6 +262,15 @@ func updateSetting(port int, username string, password string, webBasePath strin
 			fmt.Println("Base URI path set successfully")
 		}
 	}
+
+	if listenIP != "" {
+		err := settingService.SetListen(listenIP)
+		if err != nil {
+			fmt.Println("Failed to set listen IP:", err)
+		} else {
+			fmt.Printf("listen %v set successfully", listenIP)
+		}
+	}
 }

 func updateCert(publicKey string, privateKey string) {
@@ -281,6 +300,37 @@ func updateCert(publicKey string, privateKey string) {
 	}
 }

+func GetCertificate(getCert bool) {
+	if getCert {
+		settingService := service.SettingService{}
+		certFile, err := settingService.GetCertFile()
+		if err != nil {
+			fmt.Println("get cert file failed, error info:", err)
+		}
+		keyFile, err := settingService.GetKeyFile()
+		if err != nil {
+			fmt.Println("get key file failed, error info:", err)
+		}
+
+		fmt.Println("cert:", certFile)
+		fmt.Println("key:", keyFile)
+	}
+}
+
+func GetListenIP(getListen bool) {
+	if getListen {
+
+		settingService := service.SettingService{}
+		ListenIP, err := settingService.GetListen()
+		if err != nil {
+			log.Printf("Failed to retrieve listen IP: %v", err)
+			return
+		}
+
+		fmt.Println("listenIP:", ListenIP)
+	}
+}
+
 func migrateDb() {
 	inboundService := service.InboundService{}

@@ -339,6 +389,8 @@ func main() {
 	var username string
 	var password string
 	var webBasePath string
+	var listenIP string
+	var getListen bool
 	var webCertFile string
 	var webKeyFile string
 	var tgbottoken string
@@ -347,6 +399,7 @@ func main() {
 	var tgbotRuntime string
 	var reset bool
 	var show bool
+	var getCert bool
 	var remove_secret bool
 	settingCmd.BoolVar(&reset, "reset", false, "Reset all settings")
 	settingCmd.BoolVar(&show, "show", false, "Display current settings")
@@ -355,6 +408,9 @@ func main() {
 	settingCmd.StringVar(&username, "username", "", "Set login username")
 	settingCmd.StringVar(&password, "password", "", "Set login password")
 	settingCmd.StringVar(&webBasePath, "webBasePath", "", "Set base path for Panel")
+	settingCmd.StringVar(&listenIP, "listenIP", "", "set panel listenIP IP")
+	settingCmd.BoolVar(&getListen, "getListen", false, "Display current panel listenIP IP")
+	settingCmd.BoolVar(&getCert, "getCert", false, "Display current certificate settings")
 	settingCmd.StringVar(&webCertFile, "webCert", "", "Set path to public key file for panel")
 	settingCmd.StringVar(&webKeyFile, "webCertKey", "", "Set path to private key file for panel")
 	settingCmd.StringVar(&tgbottoken, "tgbottoken", "", "Set token for Telegram bot")
@@ -397,11 +453,17 @@ func main() {
 		if reset {
 			resetSetting()
 		} else {
-			updateSetting(port, username, password, webBasePath)
+			updateSetting(port, username, password, webBasePath, listenIP)
 		}
 		if show {
 			showSetting(show)
 		}
+		if getListen {
+			GetListenIP(getListen)
+		}
+		if getCert {
+			GetCertificate(getCert)
+		}
 		if (tgbottoken != "") || (tgbotchatid != "") || (tgbotRuntime != "") {
 			updateTgbotSetting(tgbottoken, tgbotchatid, tgbotRuntime)
 		}
@@ -422,7 +484,6 @@ func main() {
 		} else {
 			updateCert(webCertFile, webKeyFile)
 		}
-
 	default:
 		fmt.Println("Invalid subcommands")
 		fmt.Println()
--- a/media/01-overview-dark.png
+++ b/media/01-overview-dark.png
--- a/media/01-overview-light.png
+++ b/media/01-overview-light.png
--- a/media/02-inbounds-dark.png
+++ b/media/02-inbounds-dark.png
--- a/media/02-inbounds-light.png
+++ b/media/02-inbounds-light.png
--- a/media/03-add-inbound-dark.png
+++ b/media/03-add-inbound-dark.png
--- a/media/03-add-inbound-light.png
+++ b/media/03-add-inbound-light.png
--- a/media/04-add-client-dark.png
+++ b/media/04-add-client-dark.png
--- a/media/04-add-client-light.png
+++ b/media/04-add-client-light.png
--- a/media/05-settings-dark.png
+++ b/media/05-settings-dark.png
--- a/media/05-settings-light.png
+++ b/media/05-settings-light.png
--- a/media/06-configs-dark.png
+++ b/media/06-configs-dark.png
--- a/media/06-configs-light.png
+++ b/media/06-configs-light.png
--- a/media/07-bot-dark.png
+++ b/media/07-bot-dark.png
--- a/media/07-bot-light.png
+++ b/media/07-bot-light.png
--- a/media/1.png
+++ b/media/1.png
--- a/media/2.png
+++ b/media/2.png
--- a/media/3.png
+++ b/media/3.png
--- a/media/3x-ui-dark.png
+++ b/media/3x-ui-dark.png
--- a/media/3x-ui-light.png
+++ b/media/3x-ui-light.png
--- a/media/4.png
+++ b/media/4.png
--- a/media/5.png
+++ b/media/5.png
--- a/media/6.png
+++ b/media/6.png
--- a/media/7.png
+++ b/media/7.png
--- a/media/buymeacoffe.png
+++ b/media/buymeacoffe.png
--- a/sub/default.json
+++ b/sub/default.json
@@ -23,6 +23,7 @@
        "destOverride": [
          "http",
          "tls",
+          "quic",
          "fakedns"
        ],
        "enabled": true
@@ -46,7 +47,9 @@
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
-        "domainStrategy": "UseIP"
+        "domainStrategy": "AsIs",
+        "redirect": "",
+        "noises": []
      }
    },
    {
--- a/sub/sub.go
+++ b/sub/sub.go
@@ -92,6 +92,11 @@ func (s *Server) initRouter() (*gin.Engine, error) {
 		SubJsonFragment = ""
 	}

+	SubJsonNoises, err := s.settingService.GetSubJsonNoises()
+	if err != nil {
+		SubJsonNoises = ""
+	}
+
 	SubJsonMux, err := s.settingService.GetSubJsonMux()
 	if err != nil {
 		SubJsonMux = ""
@@ -106,7 +111,7 @@ func (s *Server) initRouter() (*gin.Engine, error) {

 	s.sub = NewSUBController(
 		g, LinksPath, JsonPath, Encrypt, ShowInfo, RemarkModel, SubUpdates,
-		SubJsonFragment, SubJsonMux, SubJsonRules)
+		SubJsonFragment, SubJsonNoises, SubJsonMux, SubJsonRules)

 	return engine, nil
 }
--- a/sub/subController.go
+++ b/sub/subController.go
@@ -3,6 +3,7 @@ package sub
 import (
 	"encoding/base64"
 	"net"
+	"strings"

 	"github.com/gin-gonic/gin"
 )
@@ -26,6 +27,7 @@ func NewSUBController(
 	rModel string,
 	update string,
 	jsonFragment string,
+	jsonNoise string,
 	jsonMux string,
 	jsonRules string,
 ) *SUBController {
@@ -37,7 +39,7 @@ func NewSUBController(
 		updateInterval: update,

 		subService:     sub,
-		subJsonService: NewSubJsonService(jsonFragment, jsonMux, jsonRules, sub),
+		subJsonService: NewSubJsonService(jsonFragment, jsonNoise, jsonMux, jsonRules, sub),
 	}
 	a.initRouter(g)
 	return a
@@ -54,7 +56,10 @@ func (a *SUBController) initRouter(g *gin.RouterGroup) {

 func (a *SUBController) subs(c *gin.Context) {
 	subId := c.Param("subid")
-	host := c.GetHeader("X-Forwarded-Host")
+	var host string
+	if h, err := getHostFromXFH(c.GetHeader("X-Forwarded-Host")); err == nil {
+		host = h
+	}
 	if host == "" {
 		host = c.GetHeader("X-Real-IP")
 	}
@@ -89,7 +94,10 @@ func (a *SUBController) subs(c *gin.Context) {

 func (a *SUBController) subJsons(c *gin.Context) {
 	subId := c.Param("subid")
-	host := c.GetHeader("X-Forwarded-Host")
+	var host string
+	if h, err := getHostFromXFH(c.GetHeader("X-Forwarded-Host")); err == nil {
+		host = h
+	}
 	if host == "" {
 		host = c.GetHeader("X-Real-IP")
 	}
@@ -113,3 +121,14 @@ func (a *SUBController) subJsons(c *gin.Context) {
 		c.String(200, jsonSub)
 	}
 }
+
+func getHostFromXFH(s string) (string, error) {
+	if strings.Contains(s, ":") {
+		realHost, _, err := net.SplitHostPort(s)
+		if err != nil {
+			return "", err
+		}
+		return realHost, nil
+	}
+	return s, nil
+}
--- a/sub/subJsonService.go
+++ b/sub/subJsonService.go
@@ -21,13 +21,14 @@ type SubJsonService struct {
 	configJson       map[string]interface{}
 	defaultOutbounds []json_util.RawMessage
 	fragment         string
+	noises           string
 	mux              string

 	inboundService service.InboundService
 	SubService     *SubService
 }

-func NewSubJsonService(fragment string, mux string, rules string, subService *SubService) *SubJsonService {
+func NewSubJsonService(fragment string, noises string, mux string, rules string, subService *SubService) *SubJsonService {
 	var configJson map[string]interface{}
 	var defaultOutbounds []json_util.RawMessage
 	json.Unmarshal([]byte(defaultJson), &configJson)
@@ -52,10 +53,15 @@ func NewSubJsonService(fragment string, mux string, rules string, subService *Su
 		defaultOutbounds = append(defaultOutbounds, json_util.RawMessage(fragment))
 	}

+	if noises != "" {
+		defaultOutbounds = append(defaultOutbounds, json_util.RawMessage(noises))
+	}
+
 	return &SubJsonService{
 		configJson:       configJson,
 		defaultOutbounds: defaultOutbounds,
 		fragment:         fragment,
+		noises:           noises,
 		mux:              mux,
 		SubService:       subService,
 	}
@@ -211,7 +217,7 @@ func (s *SubJsonService) streamData(stream string) map[string]interface{} {
 	delete(streamSettings, "sockopt")

 	if s.fragment != "" {
-		streamSettings["sockopt"] = json_util.RawMessage(`{"dialerProxy": "fragment", "tcpKeepAliveIdle": 100, "tcpMptcp": true, "tcpNoDelay": true}`)
+		streamSettings["sockopt"] = json_util.RawMessage(`{"dialerProxy": "fragment", "tcpKeepAliveIdle": 100, "tcpMptcp": true, "penetrate": true}`)
 	}

 	// remove proxy protocol
@@ -282,6 +288,9 @@ func (s *SubJsonService) genVnext(inbound *model.Inbound, streamSettings json_ut

 	usersData[0].ID = client.ID
 	usersData[0].Level = 8
+	if inbound.Protocol == model.VMESS {
+		usersData[0].Security = client.Security
+	}
 	if inbound.Protocol == model.VLESS {
 		usersData[0].Flow = client.Flow
 		usersData[0].Encryption = "none"
@@ -371,6 +380,7 @@ type UserVnext struct {
 	Encryption string `json:"encryption,omitempty"`
 	Flow       string `json:"flow,omitempty"`
 	ID         string `json:"id"`
+	Security   string `json:"security,omitempty"`
 	Level      int    `json:"level"`
 }

--- a/sub/subService.go
+++ b/sub/subService.go
@@ -168,7 +168,7 @@ func (s *SubService) getLink(inbound *model.Inbound, email string) string {
 }

 func (s *SubService) genVmessLink(inbound *model.Inbound, email string) string {
-	if inbound.Protocol != model.VMess {
+	if inbound.Protocol != model.VMESS {
 		return ""
 	}
 	obj := map[string]interface{}{
@@ -208,17 +208,6 @@ func (s *SubService) genVmessLink(inbound *model.Inbound, email string) string {
 			headers, _ := ws["headers"].(map[string]interface{})
 			obj["host"] = searchHost(headers)
 		}
-	case "http":
-		obj["net"] = "h2"
-		http, _ := stream["httpSettings"].(map[string]interface{})
-		obj["path"], _ = http["path"].(string)
-		obj["host"] = searchHost(http)
-	case "quic":
-		quic, _ := stream["quicSettings"].(map[string]interface{})
-		header := quic["header"].(map[string]interface{})
-		obj["type"], _ = header["type"].(string)
-		obj["host"], _ = quic["security"].(string)
-		obj["path"], _ = quic["key"].(string)
 	case "grpc":
 		grpc, _ := stream["grpcSettings"].(map[string]interface{})
 		obj["path"] = grpc["serviceName"].(string)
@@ -235,15 +224,16 @@ func (s *SubService) genVmessLink(inbound *model.Inbound, email string) string {
 			headers, _ := httpupgrade["headers"].(map[string]interface{})
 			obj["host"] = searchHost(headers)
 		}
-	case "splithttp":
-		splithttp, _ := stream["splithttpSettings"].(map[string]interface{})
-		obj["path"] = splithttp["path"].(string)
-		if host, ok := splithttp["host"].(string); ok && len(host) > 0 {
+	case "xhttp":
+		xhttp, _ := stream["xhttpSettings"].(map[string]interface{})
+		obj["path"] = xhttp["path"].(string)
+		if host, ok := xhttp["host"].(string); ok && len(host) > 0 {
 			obj["host"] = host
 		} else {
-			headers, _ := splithttp["headers"].(map[string]interface{})
+			headers, _ := xhttp["headers"].(map[string]interface{})
 			obj["host"] = searchHost(headers)
 		}
+		obj["mode"] = xhttp["mode"].(string)
 	}
 	security, _ := stream["security"].(string)
 	obj["tls"] = security
@@ -281,6 +271,7 @@ func (s *SubService) genVmessLink(inbound *model.Inbound, email string) string {
 		}
 	}
 	obj["id"] = clients[clientIndex].ID
+	obj["scy"] = clients[clientIndex].Security

 	externalProxies, _ := stream["externalProxy"].([]interface{})

@@ -365,16 +356,6 @@ func (s *SubService) genVlessLink(inbound *model.Inbound, email string) string {
 			headers, _ := ws["headers"].(map[string]interface{})
 			params["host"] = searchHost(headers)
 		}
-	case "http":
-		http, _ := stream["httpSettings"].(map[string]interface{})
-		params["path"] = http["path"].(string)
-		params["host"] = searchHost(http)
-	case "quic":
-		quic, _ := stream["quicSettings"].(map[string]interface{})
-		params["quicSecurity"] = quic["security"].(string)
-		params["key"] = quic["key"].(string)
-		header := quic["header"].(map[string]interface{})
-		params["headerType"] = header["type"].(string)
 	case "grpc":
 		grpc, _ := stream["grpcSettings"].(map[string]interface{})
 		params["serviceName"] = grpc["serviceName"].(string)
@@ -391,15 +372,16 @@ func (s *SubService) genVlessLink(inbound *model.Inbound, email string) string {
 			headers, _ := httpupgrade["headers"].(map[string]interface{})
 			params["host"] = searchHost(headers)
 		}
-	case "splithttp":
-		splithttp, _ := stream["splithttpSettings"].(map[string]interface{})
-		params["path"] = splithttp["path"].(string)
-		if host, ok := splithttp["host"].(string); ok && len(host) > 0 {
+	case "xhttp":
+		xhttp, _ := stream["xhttpSettings"].(map[string]interface{})
+		params["path"] = xhttp["path"].(string)
+		if host, ok := xhttp["host"].(string); ok && len(host) > 0 {
 			params["host"] = host
 		} else {
-			headers, _ := splithttp["headers"].(map[string]interface{})
+			headers, _ := xhttp["headers"].(map[string]interface{})
 			params["host"] = searchHost(headers)
 		}
+		params["mode"] = xhttp["mode"].(string)
 	}
 	security, _ := stream["security"].(string)
 	if security == "tls" {
@@ -463,38 +445,7 @@ func (s *SubService) genVlessLink(inbound *model.Inbound, email string) string {
 		}
 	}

-	if security == "xtls" {
-		params["security"] = "xtls"
-		xtlsSetting, _ := stream["xtlsSettings"].(map[string]interface{})
-		alpns, _ := xtlsSetting["alpn"].([]interface{})
-		var alpn []string
-		for _, a := range alpns {
-			alpn = append(alpn, a.(string))
-		}
-		if len(alpn) > 0 {
-			params["alpn"] = strings.Join(alpn, ",")
-		}
-		if sniValue, ok := searchKey(xtlsSetting, "serverName"); ok {
-			params["sni"], _ = sniValue.(string)
-		}
-		xtlsSettings, _ := searchKey(xtlsSetting, "settings")
-		if xtlsSetting != nil {
-			if fpValue, ok := searchKey(xtlsSettings, "fingerprint"); ok {
-				params["fp"], _ = fpValue.(string)
-			}
-			if insecure, ok := searchKey(xtlsSettings, "allowInsecure"); ok {
-				if insecure.(bool) {
-					params["allowInsecure"] = "1"
-				}
-			}
-		}
-
-		if streamNetwork == "tcp" && len(clients[clientIndex].Flow) > 0 {
-			params["flow"] = clients[clientIndex].Flow
-		}
-	}
-
-	if security != "tls" && security != "reality" && security != "xtls" {
+	if security != "tls" && security != "reality" {
 		params["security"] = "none"
 	}

@@ -599,16 +550,6 @@ func (s *SubService) genTrojanLink(inbound *model.Inbound, email string) string
 			headers, _ := ws["headers"].(map[string]interface{})
 			params["host"] = searchHost(headers)
 		}
-	case "http":
-		http, _ := stream["httpSettings"].(map[string]interface{})
-		params["path"] = http["path"].(string)
-		params["host"] = searchHost(http)
-	case "quic":
-		quic, _ := stream["quicSettings"].(map[string]interface{})
-		params["quicSecurity"] = quic["security"].(string)
-		params["key"] = quic["key"].(string)
-		header := quic["header"].(map[string]interface{})
-		params["headerType"] = header["type"].(string)
 	case "grpc":
 		grpc, _ := stream["grpcSettings"].(map[string]interface{})
 		params["serviceName"] = grpc["serviceName"].(string)
@@ -625,15 +566,16 @@ func (s *SubService) genTrojanLink(inbound *model.Inbound, email string) string
 			headers, _ := httpupgrade["headers"].(map[string]interface{})
 			params["host"] = searchHost(headers)
 		}
-	case "splithttp":
-		splithttp, _ := stream["splithttpSettings"].(map[string]interface{})
-		params["path"] = splithttp["path"].(string)
-		if host, ok := splithttp["host"].(string); ok && len(host) > 0 {
+	case "xhttp":
+		xhttp, _ := stream["xhttpSettings"].(map[string]interface{})
+		params["path"] = xhttp["path"].(string)
+		if host, ok := xhttp["host"].(string); ok && len(host) > 0 {
 			params["host"] = host
 		} else {
-			headers, _ := splithttp["headers"].(map[string]interface{})
+			headers, _ := xhttp["headers"].(map[string]interface{})
 			params["host"] = searchHost(headers)
 		}
+		params["mode"] = xhttp["mode"].(string)
 	}
 	security, _ := stream["security"].(string)
 	if security == "tls" {
@@ -693,39 +635,7 @@ func (s *SubService) genTrojanLink(inbound *model.Inbound, email string) string
 		}
 	}

-	if security == "xtls" {
-		params["security"] = "xtls"
-		xtlsSetting, _ := stream["xtlsSettings"].(map[string]interface{})
-		alpns, _ := xtlsSetting["alpn"].([]interface{})
-		var alpn []string
-		for _, a := range alpns {
-			alpn = append(alpn, a.(string))
-		}
-		if len(alpn) > 0 {
-			params["alpn"] = strings.Join(alpn, ",")
-		}
-		if sniValue, ok := searchKey(xtlsSetting, "serverName"); ok {
-			params["sni"], _ = sniValue.(string)
-		}
-
-		xtlsSettings, _ := searchKey(xtlsSetting, "settings")
-		if xtlsSetting != nil {
-			if fpValue, ok := searchKey(xtlsSettings, "fingerprint"); ok {
-				params["fp"], _ = fpValue.(string)
-			}
-			if insecure, ok := searchKey(xtlsSettings, "allowInsecure"); ok {
-				if insecure.(bool) {
-					params["allowInsecure"] = "1"
-				}
-			}
-		}
-
-		if streamNetwork == "tcp" && len(clients[clientIndex].Flow) > 0 {
-			params["flow"] = clients[clientIndex].Flow
-		}
-	}
-
-	if security != "tls" && security != "reality" && security != "xtls" {
+	if security != "tls" && security != "reality" {
 		params["security"] = "none"
 	}

@@ -834,16 +744,6 @@ func (s *SubService) genShadowsocksLink(inbound *model.Inbound, email string) st
 			headers, _ := ws["headers"].(map[string]interface{})
 			params["host"] = searchHost(headers)
 		}
-	case "http":
-		http, _ := stream["httpSettings"].(map[string]interface{})
-		params["path"] = http["path"].(string)
-		params["host"] = searchHost(http)
-	case "quic":
-		quic, _ := stream["quicSettings"].(map[string]interface{})
-		params["quicSecurity"] = quic["security"].(string)
-		params["key"] = quic["key"].(string)
-		header := quic["header"].(map[string]interface{})
-		params["headerType"] = header["type"].(string)
 	case "grpc":
 		grpc, _ := stream["grpcSettings"].(map[string]interface{})
 		params["serviceName"] = grpc["serviceName"].(string)
@@ -860,15 +760,16 @@ func (s *SubService) genShadowsocksLink(inbound *model.Inbound, email string) st
 			headers, _ := httpupgrade["headers"].(map[string]interface{})
 			params["host"] = searchHost(headers)
 		}
-	case "splithttp":
-		splithttp, _ := stream["splithttpSettings"].(map[string]interface{})
-		params["path"] = splithttp["path"].(string)
-		if host, ok := splithttp["host"].(string); ok && len(host) > 0 {
+	case "xhttp":
+		xhttp, _ := stream["xhttpSettings"].(map[string]interface{})
+		params["path"] = xhttp["path"].(string)
+		if host, ok := xhttp["host"].(string); ok && len(host) > 0 {
 			params["host"] = host
 		} else {
-			headers, _ := splithttp["headers"].(map[string]interface{})
+			headers, _ := xhttp["headers"].(map[string]interface{})
 			params["host"] = searchHost(headers)
 		}
+		params["mode"] = xhttp["mode"].(string)
 	}

 	security, _ := stream["security"].(string)
--- a/util/common/format.go
+++ b/util/common/format.go
@@ -4,18 +4,14 @@ import (
 	"fmt"
 )

-func FormatTraffic(trafficBytes int64) (size string) {
-	if trafficBytes < 1024 {
-		return fmt.Sprintf("%.2fB", float64(trafficBytes)/float64(1))
-	} else if trafficBytes < (1024 * 1024) {
-		return fmt.Sprintf("%.2fKB", float64(trafficBytes)/float64(1024))
-	} else if trafficBytes < (1024 * 1024 * 1024) {
-		return fmt.Sprintf("%.2fMB", float64(trafficBytes)/float64(1024*1024))
-	} else if trafficBytes < (1024 * 1024 * 1024 * 1024) {
-		return fmt.Sprintf("%.2fGB", float64(trafficBytes)/float64(1024*1024*1024))
-	} else if trafficBytes < (1024 * 1024 * 1024 * 1024 * 1024) {
-		return fmt.Sprintf("%.2fTB", float64(trafficBytes)/float64(1024*1024*1024*1024))
-	} else {
-		return fmt.Sprintf("%.2fEB", float64(trafficBytes)/float64(1024*1024*1024*1024*1024))
+func FormatTraffic(trafficBytes int64) string {
+	units := []string{"B", "KB", "MB", "GB", "TB", "PB"}
+	unitIndex := 0
+	size := float64(trafficBytes)
+
+	for size >= 1024 && unitIndex < len(units)-1 {
+		size /= 1024
+		unitIndex++
 	}
+	return fmt.Sprintf("%.2f%s", size, units[unitIndex])
 }
--- a/web/assets/axios/axios.min.js
+++ b/web/assets/axios/axios.min.js
--- a/web/assets/codemirror/hint/javascript-hint.js
+++ b/web/assets/codemirror/hint/javascript-hint.js
@@ -63,7 +63,7 @@
    return scriptHint(editor, javascriptKeywords,
                      function (e, cur) {return e.getTokenAt(cur);},
                      options);
-  };
+  }
  CodeMirror.registerHelper("hint", "javascript", javascriptHint);

  function getCoffeeScriptToken(editor, cur) {
--- a/web/assets/codemirror/javascript.js
+++ b/web/assets/codemirror/javascript.js
@@ -362,7 +362,7 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) {
      if (type == wanted) return cont();
      else if (wanted == ";" || type == "}" || type == ")" || type == "]") return pass();
      else return cont(exp);
-    };
+    }
    return exp;
  }

--- a/web/assets/codemirror/lint/lint.css
+++ b/web/assets/codemirror/lint/lint.css
@@ -6,7 +6,7 @@
 .CodeMirror-lint-tooltip {
  background-color: #ffd;
  border: 1px solid black;
-  border-radius: 4px 4px 4px 4px;
+  border-radius: 4px;
  color: black;
  font-family: monospace;
  font-size: 10pt;
--- a/web/assets/css/custom.min.css
+++ b/web/assets/css/custom.min.css
--- a/web/assets/js/langs.js
+++ b/web/assets/js/langs.js
@@ -1,83 +1,103 @@
 const supportLangs = [
-    {
-        name: 'English',
-        value: 'en-US',
-        icon: '🇺🇸',
-    },
-    {
-        name: 'فارسی',
-        value: 'fa-IR',
-        icon: '🇮🇷',
-    },
-    {
-        name: '汉语',
-        value: 'zh-Hans',
-        icon: '🇨🇳',
-    },
-    {
-        name: 'Русский',
-        value: 'ru-RU',
-        icon: '🇷🇺',
-    },
-    {
-        name: 'Tiếng Việt',
-        value: 'vi-VN',
-        icon: '🇻🇳',
-    },
-    {
-        name: 'Español',
-        value: 'es-ES',
-        icon: '🇪🇸',
-    },
-    {
-        name: 'Indonesian',
-        value: 'id-ID',
-        icon: '🇮🇩',
-    },
-    {
-        name: 'Український',
-        value: 'uk-UA',
-        icon: '🇺🇦',
-    },
+	{
+		name: "English",
+		value: "en-US",
+		icon: "🇺🇸",
+	},
+	{
+		name: "فارسی",
+		value: "fa-IR",
+		icon: "🇮🇷",
+	},
+	{
+		name: "简体中文",
+		value: "zh-CN",
+		icon: "🇨🇳",
+	},
+	{
+		name: "繁體中文",
+		value: "zh-TW",
+		icon: "🇹🇼",
+	},
+	{
+		name: "日本語",
+		value: "ja-JP",
+		icon: "🇯🇵",
+	},
+	{
+		name: "Русский",
+		value: "ru-RU",
+		icon: "🇷🇺",
+	},
+	{
+		name: "Tiếng Việt",
+		value: "vi-VN",
+		icon: "🇻🇳",
+	},
+	{
+		name: "Español",
+		value: "es-ES",
+		icon: "🇪🇸",
+	},
+	{
+		name: "Indonesian",
+		value: "id-ID",
+		icon: "🇮🇩",
+	},
+	{
+		name: "Український",
+		value: "uk-UA",
+		icon: "🇺🇦",
+	},
+	{
+		name: "Türkçe",
+		value: "tr-TR",
+		icon: "🇹🇷",
+	},
+	{
+		name: "Português",
+		value: "pt-BR",
+		icon: "🇧🇷",
+	},
 ];

 function getLang() {
-    let lang = getCookie('lang');
+	let lang = getCookie("lang");

-    if (!lang) {
-        if (window.navigator) {
-            lang = window.navigator.language || window.navigator.userLanguage;
+	if (!lang) {
+		if (window.navigator) {
+			lang = window.navigator.language || window.navigator.userLanguage;

-            if (isSupportLang(lang)) {
-                setCookie('lang', lang, 150);
-            } else {
-                setCookie('lang', 'en-US', 150);
-                window.location.reload();
-            }
-        } else {
-            setCookie('lang', 'en-US', 150);
-            window.location.reload();
-        }
-    }
+			if (isSupportLang(lang)) {
+				setCookie("lang", lang, 150);
+			} else {
+				setCookie("lang", "en-US", 150);
+				window.location.reload();
+			}
+		} else {
+			setCookie("lang", "en-US", 150);
+			window.location.reload();
+		}
+	}

-    return lang;
+	return lang;
 }

 function setLang(lang) {
-    if (!isSupportLang(lang)) {
-        lang = 'en-US';
-    }
+	if (!isSupportLang(lang)) {
+		lang = "en-US";
+	}

-    setCookie('lang', lang, 150);
-    window.location.reload();
+	setCookie("lang", lang, 150);
+	window.location.reload();
 }

 function isSupportLang(lang) {
-    for (l of supportLangs) {
-        if (l.value === lang) {
-            return true;
-        }
-    }
+	for (l of supportLangs) {
+		if (l.value === lang) {
+			return true;
+		}
+	}

-    return false;
+	return false;
 }
--- a/web/assets/js/model/dbinbound.js
+++ b/web/assets/js/model/dbinbound.js
@@ -140,9 +140,9 @@ class DBInbound {
                return false;
        }
    }
-    
-	genInboundLinks(remarkModel) {
+
+    genInboundLinks(remarkModel) {
        const inbound = this.toInbound();
-        return inbound.genInboundLinks(this.remark,remarkModel);
+        return inbound.genInboundLinks(this.remark, remarkModel);
    }
 }
--- a/web/assets/js/model/inbound.js
+++ b/web/assets/js/model/inbound.js
--- a/web/assets/js/model/outbound.js
+++ b/web/assets/js/model/outbound.js
@@ -39,6 +39,7 @@ const UTLS_FINGERPRINT = {
    UTLS_QQ: "qq",
    UTLS_RANDOM: "random",
    UTLS_RANDOMIZED: "randomized",
+    UTLS_UNSAFE: "unsafe",
 };

 const ALPN_OPTION = {
@@ -69,12 +70,31 @@ const WireguardDomainStrategy = [
    "ForceIPv6v4"
 ];

+const USERS_SECURITY = {
+    AES_128_GCM: "aes-128-gcm",
+    CHACHA20_POLY1305: "chacha20-poly1305",
+    AUTO: "auto",
+    NONE: "none",
+    ZERO: "zero",
+};
+
+const MODE_OPTION = {
+    AUTO: "auto",
+    PACKET_UP: "packet-up",
+    STREAM_UP: "stream-up",
+    STREAM_ONE: "stream-one",
+};
+
 Object.freeze(Protocols);
 Object.freeze(SSMethods);
 Object.freeze(TLS_FLOW_CONTROL);
+Object.freeze(UTLS_FINGERPRINT);
 Object.freeze(ALPN_OPTION);
 Object.freeze(OutboundDomainStrategies);
 Object.freeze(WireguardDomainStrategy);
+Object.freeze(USERS_SECURITY);
+Object.freeze(MODE_OPTION);
+

 class CommonClass {

@@ -90,30 +110,30 @@ class CommonClass {
        return this;
    }

-    toString(format=true) {
+    toString(format = true) {
        return format ? JSON.stringify(this.toJson(), null, 2) : JSON.stringify(this.toJson());
    }
 }

 class TcpStreamSettings extends CommonClass {
-    constructor(type='none', host, path) {
+    constructor(type = 'none', host, path) {
        super();
        this.type = type;
        this.host = host;
        this.path = path;
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        let header = json.header;
        if (!header) return new TcpStreamSettings();
-        if(header.type == 'http' && header.request){
+        if (header.type == 'http' && header.request) {
            return new TcpStreamSettings(
                header.type,
                header.request.headers.Host.join(','),
                header.request.path.join(','),
            );
        }
-        return new TcpStreamSettings(header.type,'','');
+        return new TcpStreamSettings(header.type, '', '');
    }

    toJson() {
@@ -132,15 +152,17 @@ class TcpStreamSettings extends CommonClass {
 }

 class KcpStreamSettings extends CommonClass {
-    constructor(mtu=1350, tti=20,
-                uplinkCapacity=5,
-                downlinkCapacity=20,
-                congestion=false,
-                readBufferSize=2,
-                writeBufferSize=2,
-                type='none',
-                seed='',
-                ) {
+    constructor(
+        mtu = 1350,
+        tti = 50,
+        uplinkCapacity = 5,
+        downlinkCapacity = 20,
+        congestion = false,
+        readBufferSize = 2,
+        writeBufferSize = 2,
+        type = 'none',
+        seed = '',
+    ) {
        super();
        this.mtu = mtu;
        this.tti = tti;
@@ -153,7 +175,7 @@ class KcpStreamSettings extends CommonClass {
        this.seed = seed;
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        return new KcpStreamSettings(
            json.mtu,
            json.tti,
@@ -185,16 +207,23 @@ class KcpStreamSettings extends CommonClass {
 }

 class WsStreamSettings extends CommonClass {
-    constructor(path='/', host='') {
+    constructor(
+        path = '/', 
+        host = '',
+        heartbeatPeriod = 0,
+
+    ) {
        super();
        this.path = path;
        this.host = host;
+        this.heartbeatPeriod = heartbeatPeriod;
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        return new WsStreamSettings(
            json.path,
            json.host,
+            json.heartbeatPeriod,
        );
    }

@@ -202,70 +231,25 @@ class WsStreamSettings extends CommonClass {
        return {
            path: this.path,
            host: this.host,
+            heartbeatPeriod: this.heartbeatPeriod
        };
    }
 }

-class HttpStreamSettings extends CommonClass {
-    constructor(path='/', host='') {
-        super();
-        this.path = path;
-        this.host = host;
-    }
-
-    static fromJson(json={}) {
-        return new HttpStreamSettings(
-            json.path,
-            json.host ? json.host.join(',') : '',
-        );
-    }
-
-    toJson() {
-        return {
-            path: this.path,
-            host: ObjectUtil.isEmpty(this.host) ? [''] : this.host.split(','),
-        }
-    }
-}
-
-class QuicStreamSettings extends CommonClass {
-    constructor(security='none',
-                key='', type='none') {
-        super();
-        this.security = security;
-        this.key = key;
-        this.type = type;
-    }
-
-    static fromJson(json={}) {
-        return new QuicStreamSettings(
-            json.security,
-            json.key,
-            json.header ? json.header.type : 'none',
-        );
-    }
-
-    toJson() {
-        return {
-            security: this.security,
-            key: this.key,
-            header: {
-                type: this.type,
-            }
-        }
-    }
-}
-
 class GrpcStreamSettings extends CommonClass {
-    constructor(serviceName="", authority="", multiMode=false) {
+    constructor(
+        serviceName = "",
+        authority = "",
+        multiMode = false
+    ) {
        super();
        this.serviceName = serviceName;
        this.authority = authority;
        this.multiMode = multiMode;
    }

-    static fromJson(json={}) {
-        return new GrpcStreamSettings(json.serviceName, json.authority, json.multiMode );
+    static fromJson(json = {}) {
+        return new GrpcStreamSettings(json.serviceName, json.authority, json.multiMode);
    }

    toJson() {
@@ -278,13 +262,13 @@ class GrpcStreamSettings extends CommonClass {
 }

 class HttpUpgradeStreamSettings extends CommonClass {
-    constructor(path='/', host='') {
+    constructor(path = '/', host = '') {
        super();
        this.path = path;
        this.host = host;
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        return new HttpUpgradeStreamSettings(
            json.path,
            json.host,
@@ -299,17 +283,39 @@ class HttpUpgradeStreamSettings extends CommonClass {
    }
 }

-class SplitHTTPStreamSettings extends CommonClass {
-    constructor(path='/', host='') {
+class xHTTPStreamSettings extends CommonClass {
+    constructor(
+        path = '/',
+        host = '',
+        mode = '',
+        noGRPCHeader = false,
+        scMinPostsIntervalMs = "30",
+        xmux = {
+            maxConcurrency: "16-32",
+            maxConnections: 0,
+            cMaxReuseTimes: 0,
+            hMaxRequestTimes: "600-900",
+            hMaxReusableSecs: "1800-3000",
+            hKeepAlivePeriod: 0,
+        },
+    ) {
        super();
        this.path = path;
        this.host = host;
+        this.mode = mode;
+        this.noGRPCHeader = noGRPCHeader;
+        this.scMinPostsIntervalMs = scMinPostsIntervalMs;
+        this.xmux = xmux;
    }

-    static fromJson(json={}) {
-        return new SplitHTTPStreamSettings(
+    static fromJson(json = {}) {
+        return new xHTTPStreamSettings(
            json.path,
            json.host,
+            json.mode,
+            json.noGRPCHeader,
+            json.scMinPostsIntervalMs,
+            json.xmux
        );
    }

@@ -317,15 +323,28 @@ class SplitHTTPStreamSettings extends CommonClass {
        return {
            path: this.path,
            host: this.host,
+            mode: this.mode,
+            noGRPCHeader: this.noGRPCHeader,
+            scMinPostsIntervalMs: this.scMinPostsIntervalMs,
+            xmux: {
+                maxConcurrency: this.xmux.maxConcurrency,
+                maxConnections: this.xmux.maxConnections,
+                cMaxReuseTimes: this.xmux.cMaxReuseTimes,
+                hMaxRequestTimes: this.xmux.hMaxRequestTimes,
+                hMaxReusableSecs: this.xmux.hMaxReusableSecs,
+                hKeepAlivePeriod: this.xmux.hKeepAlivePeriod,
+            },
        };
    }
 }

 class TlsStreamSettings extends CommonClass {
-    constructor(serverName='',
-                alpn=[],
-                fingerprint = '',
-                allowInsecure = false) {
+    constructor(
+        serverName = '',
+        alpn = [],
+        fingerprint = '',
+        allowInsecure = false
+    ) {
        super();
        this.serverName = serverName;
        this.alpn = alpn;
@@ -333,7 +352,7 @@ class TlsStreamSettings extends CommonClass {
        this.allowInsecure = allowInsecure;
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        return new TlsStreamSettings(
            json.serverName,
            json.alpn,
@@ -353,7 +372,13 @@ class TlsStreamSettings extends CommonClass {
 }

 class RealityStreamSettings extends CommonClass {
-    constructor(publicKey = '', fingerprint = '', serverName = '', shortId = '', spiderX = '/') {
+    constructor(
+        publicKey = '',
+        fingerprint = '',
+        serverName = '',
+        shortId = '',
+        spiderX = '/'
+    ) {
        super();
        this.publicKey = publicKey;
        this.fingerprint = fingerprint;
@@ -381,13 +406,19 @@ class RealityStreamSettings extends CommonClass {
    }
 };
 class SockoptStreamSettings extends CommonClass {
-    constructor(dialerProxy = "", tcpFastOpen = false, tcpKeepAliveInterval = 0, tcpMptcp = false, tcpNoDelay = false) {
+    constructor(
+        dialerProxy = "",
+        tcpFastOpen = false,
+        tcpKeepAliveInterval = 0,
+        tcpMptcp = false,
+        penetrate = false
+    ) {
        super();
        this.dialerProxy = dialerProxy;
        this.tcpFastOpen = tcpFastOpen;
        this.tcpKeepAliveInterval = tcpKeepAliveInterval;
        this.tcpMptcp = tcpMptcp;
-        this.tcpNoDelay = tcpNoDelay;
+        this.penetrate = penetrate;
    }

    static fromJson(json = {}) {
@@ -397,7 +428,7 @@ class SockoptStreamSettings extends CommonClass {
            json.tcpFastOpen,
            json.tcpKeepAliveInterval,
            json.tcpMptcp,
-            json.tcpNoDelay,
+            json.penetrate,
        );
    }

@@ -407,26 +438,25 @@ class SockoptStreamSettings extends CommonClass {
            tcpFastOpen: this.tcpFastOpen,
            tcpKeepAliveInterval: this.tcpKeepAliveInterval,
            tcpMptcp: this.tcpMptcp,
-            tcpNoDelay: this.tcpNoDelay,
+            penetrate: this.penetrate,
        };
    }
 }

 class StreamSettings extends CommonClass {
-    constructor(network='tcp',
-                security='none',
-                tlsSettings=new TlsStreamSettings(),
-                realitySettings = new RealityStreamSettings(),
-                tcpSettings=new TcpStreamSettings(),
-                kcpSettings=new KcpStreamSettings(),
-                wsSettings=new WsStreamSettings(),
-                httpSettings=new HttpStreamSettings(),
-                quicSettings=new QuicStreamSettings(),
-                grpcSettings=new GrpcStreamSettings(),
-                httpupgradeSettings=new HttpUpgradeStreamSettings(),
-                splithttpSettings=new SplitHTTPStreamSettings(),
-                sockopt = undefined,
-                ) {
+    constructor(
+        network = 'tcp',
+        security = 'none',
+        tlsSettings = new TlsStreamSettings(),
+        realitySettings = new RealityStreamSettings(),
+        tcpSettings = new TcpStreamSettings(),
+        kcpSettings = new KcpStreamSettings(),
+        wsSettings = new WsStreamSettings(),
+        grpcSettings = new GrpcStreamSettings(),
+        httpupgradeSettings = new HttpUpgradeStreamSettings(),
+        xhttpSettings = new xHTTPStreamSettings(),
+        sockopt = undefined,
+    ) {
        super();
        this.network = network;
        this.security = security;
@@ -435,14 +465,12 @@ class StreamSettings extends CommonClass {
        this.tcp = tcpSettings;
        this.kcp = kcpSettings;
        this.ws = wsSettings;
-        this.http = httpSettings;
-        this.quic = quicSettings;
        this.grpc = grpcSettings;
        this.httpupgrade = httpupgradeSettings;
-        this.splithttp = splithttpSettings;
+        this.xhttp = xhttpSettings;
        this.sockopt = sockopt;
    }
-    
+
    get isTls() {
        return this.security === 'tls';
    }
@@ -459,7 +487,7 @@ class StreamSettings extends CommonClass {
        this.sockopt = value ? new SockoptStreamSettings() : undefined;
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        return new StreamSettings(
            json.network,
            json.security,
@@ -468,11 +496,9 @@ class StreamSettings extends CommonClass {
            TcpStreamSettings.fromJson(json.tcpSettings),
            KcpStreamSettings.fromJson(json.kcpSettings),
            WsStreamSettings.fromJson(json.wsSettings),
-            HttpStreamSettings.fromJson(json.httpSettings),
-            QuicStreamSettings.fromJson(json.quicSettings),
            GrpcStreamSettings.fromJson(json.grpcSettings),
            HttpUpgradeStreamSettings.fromJson(json.httpupgradeSettings),
-            SplitHTTPStreamSettings.fromJson(json.splithttpSettings),
+            xHTTPStreamSettings.fromJson(json.xhttpSettings),
            SockoptStreamSettings.fromJson(json.sockopt),
        );
    }
@@ -487,11 +513,9 @@ class StreamSettings extends CommonClass {
            tcpSettings: network === 'tcp' ? this.tcp.toJson() : undefined,
            kcpSettings: network === 'kcp' ? this.kcp.toJson() : undefined,
            wsSettings: network === 'ws' ? this.ws.toJson() : undefined,
-            httpSettings: network === 'http' ? this.http.toJson() : undefined,
-            quicSettings: network === 'quic' ? this.quic.toJson() : undefined,
            grpcSettings: network === 'grpc' ? this.grpc.toJson() : undefined,
            httpupgradeSettings: network === 'httpupgrade' ? this.httpupgrade.toJson() : undefined,
-            splithttpSettings: network === 'splithttp' ? this.splithttp.toJson() : undefined,
+            xhttpSettings: network === 'xhttp' ? this.xhttp.toJson() : undefined,
            sockopt: this.sockopt != undefined ? this.sockopt.toJson() : undefined,
        };
    }
@@ -528,9 +552,9 @@ class Mux extends CommonClass {

 class Outbound extends CommonClass {
    constructor(
-        tag='',
-        protocol=Protocols.VMess,
-        settings=null,
+        tag = '',
+        protocol = Protocols.VLESS,
+        settings = null,
        streamSettings = new StreamSettings(),
        sendThrough,
        mux = new Mux(),
@@ -556,7 +580,7 @@ class Outbound extends CommonClass {

    canEnableTls() {
        if (![Protocols.VMess, Protocols.VLESS, Protocols.Trojan, Protocols.Shadowsocks].includes(this.protocol)) return false;
-        return ["tcp", "ws", "http", "quic", "grpc", "httpupgrade" , "splithttp"].includes(this.stream.network);
+        return ["tcp", "ws", "http", "grpc", "httpupgrade", "xhttp"].includes(this.stream.network);
    }

    //this is used for xtls-rprx-vision
@@ -569,7 +593,7 @@ class Outbound extends CommonClass {

    canEnableReality() {
        if (![Protocols.VLESS, Protocols.Trojan].includes(this.protocol)) return false;
-        return ["tcp", "http", "grpc"].includes(this.stream.network);
+        return ["tcp", "http", "grpc", "xhttp"].includes(this.stream.network);
    }

    canEnableStream() {
@@ -577,7 +601,7 @@ class Outbound extends CommonClass {
    }

    canEnableMux() {
-        if (this.settings.flow && this.settings.flow != ''){
+        if (this.settings.flow && this.settings.flow != '') {
            this.mux.enabled = false;
            return false;
        }
@@ -608,7 +632,7 @@ class Outbound extends CommonClass {
        return [Protocols.Socks, Protocols.HTTP].includes(this.protocol);
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        return new Outbound(
            json.tag,
            json.protocol,
@@ -639,8 +663,8 @@ class Outbound extends CommonClass {

    static fromLink(link) {
        data = link.split('://');
-        if(data.length !=2) return null;
-        switch(data[0].toLowerCase()){
+        if (data.length != 2) return null;
+        switch (data[0].toLowerCase()) {
            case Protocols.VMess:
                return this.fromVmessLink(JSON.parse(Base64.decode(data[1])));
            case Protocols.VLESS:
@@ -652,7 +676,7 @@ class Outbound extends CommonClass {
        }
    }

-    static fromVmessLink(json={}){
+    static fromVmessLink(json = {}) {
        let stream = new StreamSettings(json.net, json.tls);

        let network = json.net;
@@ -666,26 +690,16 @@ class Outbound extends CommonClass {
            stream.type = json.type;
            stream.seed = json.path;
        } else if (network === 'ws') {
-            stream.ws = new WsStreamSettings(json.path,json.host);
-        } else if (network === 'http' || network == 'h2') {
-            stream.network = 'http'
-            stream.http = new HttpStreamSettings(
-                json.path,
-                json.host);
-        } else if (network === 'quic') {
-            stream.quic = new QuicStreamSettings(
-                json.host ? json.host : 'none',
-                json.path,
-                json.type ? json.type : 'none');
+            stream.ws = new WsStreamSettings(json.path, json.host);
        } else if (network === 'grpc') {
            stream.grpc = new GrpcStreamSettings(json.path, json.authority, json.type == 'multi');
        } else if (network === 'httpupgrade') {
-            stream.httpupgrade = new HttpUpgradeStreamSettings(json.path,json.host);
-        } else if (network === 'splithttp') {
-            stream.splithttp = new SplitHTTPStreamSettings(json.path,json.host);
+            stream.httpupgrade = new HttpUpgradeStreamSettings(json.path, json.host);
+        } else if (network === 'xhttp') {
+            stream.xhttp = new xHTTPStreamSettings(json.path, json.host, json.mode);
        }

-        if(json.tls && json.tls == 'tls'){
+        if (json.tls && json.tls == 'tls') {
            stream.tls = new TlsStreamSettings(
                json.sni,
                json.alpn ? json.alpn.split(',') : [],
@@ -695,10 +709,10 @@ class Outbound extends CommonClass {

        const port = json.port * 1;

-        return new Outbound(json.ps, Protocols.VMess, new Outbound.VmessSettings(json.add, port, json.id), stream);
+        return new Outbound(json.ps, Protocols.VMess, new Outbound.VmessSettings(json.add, port, json.id, json.scy), stream);
    }

-    static fromParamLink(link){
+    static fromParamLink(link) {
        const url = new URL(link);
        let type = url.searchParams.get('type') ?? 'tcp';
        let security = url.searchParams.get('security') ?? 'none';
@@ -707,6 +721,7 @@ class Outbound extends CommonClass {
        let headerType = url.searchParams.get('headerType') ?? undefined;
        let host = url.searchParams.get('host') ?? undefined;
        let path = url.searchParams.get('path') ?? undefined;
+        let mode = url.searchParams.get('mode') ?? undefined;

        if (type === 'tcp' || type === 'none') {
            stream.tcp = new TcpStreamSettings(headerType ?? 'none', host, path);
@@ -715,39 +730,32 @@ class Outbound extends CommonClass {
            stream.kcp.type = headerType ?? 'none';
            stream.kcp.seed = path;
        } else if (type === 'ws') {
-            stream.ws = new WsStreamSettings(path,host);
-        } else if (type === 'http' || type == 'h2') {
-            stream.http = new HttpStreamSettings(path,host);
-        } else if (type === 'quic') {
-            stream.quic = new QuicStreamSettings(
-                url.searchParams.get('quicSecurity') ?? 'none',
-                url.searchParams.get('key') ?? '',
-                headerType ?? 'none');
+            stream.ws = new WsStreamSettings(path, host);
        } else if (type === 'grpc') {
            stream.grpc = new GrpcStreamSettings(
                url.searchParams.get('serviceName') ?? '',
                url.searchParams.get('authority') ?? '',
                url.searchParams.get('mode') == 'multi');
        } else if (type === 'httpupgrade') {
-            stream.httpupgrade = new HttpUpgradeStreamSettings(path,host);
-        } else if (type === 'splithttp') {
-            stream.splithttp = new SplitHTTPStreamSettings(path,host);
+            stream.httpupgrade = new HttpUpgradeStreamSettings(path, host);
+        } else if (type === 'xhttp') {
+            stream.xhttp = new xHTTPStreamSettings(path, host, mode);
        }

-        if(security == 'tls'){
-            let fp=url.searchParams.get('fp') ?? 'none';
-            let alpn=url.searchParams.get('alpn');
-            let allowInsecure=url.searchParams.get('allowInsecure');
-            let sni=url.searchParams.get('sni') ?? '';
+        if (security == 'tls') {
+            let fp = url.searchParams.get('fp') ?? 'none';
+            let alpn = url.searchParams.get('alpn');
+            let allowInsecure = url.searchParams.get('allowInsecure');
+            let sni = url.searchParams.get('sni') ?? '';
            stream.tls = new TlsStreamSettings(sni, alpn ? alpn.split(',') : [], fp, allowInsecure == 1);
        }

-        if(security == 'reality'){
-            let pbk=url.searchParams.get('pbk');
-            let fp=url.searchParams.get('fp');
-            let sni=url.searchParams.get('sni') ?? '';
-            let sid=url.searchParams.get('sid') ?? '';
-            let spx=url.searchParams.get('spx') ?? '';
+        if (security == 'reality') {
+            let pbk = url.searchParams.get('pbk');
+            let fp = url.searchParams.get('fp');
+            let sni = url.searchParams.get('sni') ?? '';
+            let sid = url.searchParams.get('sid') ?? '';
+            let spx = url.searchParams.get('spx') ?? '';
            stream.reality = new RealityStreamSettings(pbk, fp, sni, sid, spx);
        }

@@ -755,14 +763,14 @@ class Outbound extends CommonClass {
        const match = link.match(regex);

        if (!match) return null;
-        let [, protocol, userData, address, port, ] = match;
+        let [, protocol, userData, address, port,] = match;
        port *= 1;
-        if(protocol == 'ss') {
+        if (protocol == 'ss') {
            protocol = 'shadowsocks';
            userData = atob(userData).split(':');
        }
        var settings;
-        switch(protocol){
+        switch (protocol) {
            case Protocols.VLESS:
                settings = new Outbound.VLESSSettings(address, port, userData, url.searchParams.get('flow') ?? '');
                break;
@@ -770,7 +778,7 @@ class Outbound extends CommonClass {
                settings = new Outbound.TrojanSettings(address, port, userData);
                break;
            case Protocols.Shadowsocks:
-                let method = userData.splice(0,1)[0];
+                let method = userData.splice(0, 1)[0];
                settings = new Outbound.ShadowsocksSettings(address, port, userData.join(":"), method, true);
                break;
            default:
@@ -826,35 +834,59 @@ Outbound.Settings = class extends CommonClass {
    }
 };
 Outbound.FreedomSettings = class extends CommonClass {
-    constructor(domainStrategy='', fragment={}) {
+    constructor(
+        domainStrategy = '',
+        redirect = '',
+        fragment = {},
+        noises = []
+    ) {
        super();
        this.domainStrategy = domainStrategy;
+        this.redirect = redirect;
        this.fragment = fragment;
+        this.noises = noises;
    }

-    static fromJson(json={}) {
+    addNoise() {
+        this.noises.push(new Outbound.FreedomSettings.Noise());
+    }
+
+    delNoise(index) {
+        this.noises.splice(index, 1);
+    }
+
+    static fromJson(json = {}) {
        return new Outbound.FreedomSettings(
            json.domainStrategy,
+            json.redirect,
            json.fragment ? Outbound.FreedomSettings.Fragment.fromJson(json.fragment) : undefined,
+            json.noises ? json.noises.map(noise => Outbound.FreedomSettings.Noise.fromJson(noise)) : undefined,
        );
    }

    toJson() {
        return {
            domainStrategy: ObjectUtil.isEmpty(this.domainStrategy) ? undefined : this.domainStrategy,
+            redirect: ObjectUtil.isEmpty(this.redirect) ? undefined: this.redirect,
            fragment: Object.keys(this.fragment).length === 0 ? undefined : this.fragment,
+            noises: this.noises.length === 0 ? undefined : Outbound.FreedomSettings.Noise.toJsonArray(this.noises),
        };
    }
 };
+
 Outbound.FreedomSettings.Fragment = class extends CommonClass {
-    constructor(packets='1-3',length='',interval=''){
+    constructor(
+        packets = '1-3',
+        length = '',
+        interval = ''
+    ) {
        super();
        this.packets = packets;
        this.length = length;
        this.interval = interval;
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        return new Outbound.FreedomSettings.Fragment(
            json.packets,
            json.length,
@@ -862,13 +894,43 @@ Outbound.FreedomSettings.Fragment = class extends CommonClass {
        );
    }
 };
+
+Outbound.FreedomSettings.Noise = class extends CommonClass {
+    constructor(
+        type = 'rand',
+        packet = '10-20',
+        delay = '10-16'
+    ) {
+        super();
+        this.type = type;
+        this.packet = packet;
+        this.delay = delay;
+    }
+
+    static fromJson(json = {}) {
+        return new Outbound.FreedomSettings.Noise(
+            json.type,
+            json.packet,
+            json.delay,
+        );
+    }
+
+    toJson() {
+        return {
+            type: this.type,
+            packet: this.packet,
+            delay: this.delay,
+        };
+    }
+};
+
 Outbound.BlackholeSettings = class extends CommonClass {
    constructor(type) {
        super();
        this.type = type;
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        return new Outbound.BlackholeSettings(
            json.response ? json.response.type : undefined,
        );
@@ -876,40 +938,52 @@ Outbound.BlackholeSettings = class extends CommonClass {

    toJson() {
        return {
-            response: ObjectUtil.isEmpty(this.type) ? undefined : {type: this.type},
+            response: ObjectUtil.isEmpty(this.type) ? undefined : { type: this.type },
        };
    }
 };
 Outbound.DNSSettings = class extends CommonClass {
-    constructor(network='udp', address='1.1.1.1', port=53) {
+    constructor(
+        network = 'udp',
+        address = '',
+        port = 53,
+        nonIPQuery = 'drop',
+        blockTypes = []
+    ) {
        super();
        this.network = network;
        this.address = address;
        this.port = port;
+        this.nonIPQuery = nonIPQuery;
+        this.blockTypes = blockTypes;
    }

-    static fromJson(json={}){
+    static fromJson(json = {}) {
        return new Outbound.DNSSettings(
            json.network,
            json.address,
            json.port,
+            json.nonIPQuery,
+            json.blockTypes,
        );
    }
 };
 Outbound.VmessSettings = class extends CommonClass {
-    constructor(address, port, id) {
+    constructor(address, port, id, security) {
        super();
        this.address = address;
        this.port = port;
        this.id = id;
+        this.security = security;
    }

-    static fromJson(json={}) {
-        if(ObjectUtil.isArrEmpty(json.vnext)) return new Outbound.VmessSettings();
+    static fromJson(json = {}) {
+        if (ObjectUtil.isArrEmpty(json.vnext)) return new Outbound.VmessSettings();
        return new Outbound.VmessSettings(
            json.vnext[0].address,
            json.vnext[0].port,
            json.vnext[0].users[0].id,
+            json.vnext[0].users[0].security,
        );
    }

@@ -918,13 +992,13 @@ Outbound.VmessSettings = class extends CommonClass {
            vnext: [{
                address: this.address,
                port: this.port,
-                users: [{id: this.id}],
+                users: [{ id: this.id, security: this.security }],
            }],
        };
    }
 };
 Outbound.VLESSSettings = class extends CommonClass {
-    constructor(address, port, id, flow, encryption='none') {
+    constructor(address, port, id, flow, encryption = 'none') {
        super();
        this.address = address;
        this.port = port;
@@ -933,8 +1007,8 @@ Outbound.VLESSSettings = class extends CommonClass {
        this.encryption = encryption
    }

-    static fromJson(json={}) {
-        if(ObjectUtil.isArrEmpty(json.vnext)) return new Outbound.VLESSSettings();
+    static fromJson(json = {}) {
+        if (ObjectUtil.isArrEmpty(json.vnext)) return new Outbound.VLESSSettings();
        return new Outbound.VLESSSettings(
            json.vnext[0].address,
            json.vnext[0].port,
@@ -949,7 +1023,7 @@ Outbound.VLESSSettings = class extends CommonClass {
            vnext: [{
                address: this.address,
                port: this.port,
-                users: [{id: this.id, flow: this.flow, encryption: 'none',}],
+                users: [{ id: this.id, flow: this.flow, encryption: 'none', }],
            }],
        };
    }
@@ -962,8 +1036,8 @@ Outbound.TrojanSettings = class extends CommonClass {
        this.password = password;
    }

-    static fromJson(json={}) {
-        if(ObjectUtil.isArrEmpty(json.servers)) return new Outbound.TrojanSettings();
+    static fromJson(json = {}) {
+        if (ObjectUtil.isArrEmpty(json.servers)) return new Outbound.TrojanSettings();
        return new Outbound.TrojanSettings(
            json.servers[0].address,
            json.servers[0].port,
@@ -992,9 +1066,9 @@ Outbound.ShadowsocksSettings = class extends CommonClass {
        this.UoTVersion = UoTVersion;
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        let servers = json.servers;
-        if(ObjectUtil.isArrEmpty(servers)) servers=[{}];
+        if (ObjectUtil.isArrEmpty(servers)) servers = [{}];
        return new Outbound.ShadowsocksSettings(
            servers[0].address,
            servers[0].port,
@@ -1028,9 +1102,9 @@ Outbound.SocksSettings = class extends CommonClass {
        this.pass = pass;
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        let servers = json.servers;
-        if(ObjectUtil.isArrEmpty(servers)) servers=[{users: [{}]}];
+        if (ObjectUtil.isArrEmpty(servers)) servers = [{ users: [{}] }];
        return new Outbound.SocksSettings(
            servers[0].address,
            servers[0].port,
@@ -1044,7 +1118,7 @@ Outbound.SocksSettings = class extends CommonClass {
            servers: [{
                address: this.address,
                port: this.port,
-                users: ObjectUtil.isEmpty(this.user) ? [] : [{user: this.user, pass: this.pass}],
+                users: ObjectUtil.isEmpty(this.user) ? [] : [{ user: this.user, pass: this.pass }],
            }],
        };
    }
@@ -1058,9 +1132,9 @@ Outbound.HttpSettings = class extends CommonClass {
        this.pass = pass;
    }

-    static fromJson(json={}) {
+    static fromJson(json = {}) {
        let servers = json.servers;
-        if(ObjectUtil.isArrEmpty(servers)) servers=[{users: [{}]}];
+        if (ObjectUtil.isArrEmpty(servers)) servers = [{ users: [{}] }];
        return new Outbound.HttpSettings(
            servers[0].address,
            servers[0].port,
@@ -1074,7 +1148,7 @@ Outbound.HttpSettings = class extends CommonClass {
            servers: [{
                address: this.address,
                port: this.port,
-                users: ObjectUtil.isEmpty(this.user) ? [] : [{user: this.user, pass: this.pass}],
+                users: ObjectUtil.isEmpty(this.user) ? [] : [{ user: this.user, pass: this.pass }],
            }],
        };
    }
@@ -1082,19 +1156,25 @@ Outbound.HttpSettings = class extends CommonClass {

 Outbound.WireguardSettings = class extends CommonClass {
    constructor(
-            mtu=1420, secretKey='',
-            address=[''], workers=2, domainStrategy='', reserved='',
-            peers=[new Outbound.WireguardSettings.Peer()], kernelMode=false) {
+        mtu = 1420,
+        secretKey = '',
+        address = [''],
+        workers = 2,
+        domainStrategy = '',
+        reserved = '',
+        peers = [new Outbound.WireguardSettings.Peer()],
+        noKernelTun = false,
+    ) {
        super();
        this.mtu = mtu;
        this.secretKey = secretKey;
-        this.pubKey = secretKey.length>0 ? Wireguard.generateKeypair(secretKey).publicKey : '';
-        this.address = address instanceof Array ? address.join(',') : address;
+        this.pubKey = secretKey.length > 0 ? Wireguard.generateKeypair(secretKey).publicKey : '';
+        this.address = Array.isArray(address) ? address.join(',') : address;
        this.workers = workers;
        this.domainStrategy = domainStrategy;
-        this.reserved = reserved instanceof Array ? reserved.join(',') : reserved;
+        this.reserved = Array.isArray(reserved) ? reserved.join(',') : reserved;
        this.peers = peers;
-        this.kernelMode = kernelMode;
+        this.noKernelTun = noKernelTun;
    }

    addPeer() {
@@ -1105,7 +1185,7 @@ Outbound.WireguardSettings = class extends CommonClass {
        this.peers.splice(index, 1);
    }

-    static fromJson(json={}){
+    static fromJson(json = {}) {
        return new Outbound.WireguardSettings(
            json.mtu,
            json.secretKey,
@@ -1114,26 +1194,32 @@ Outbound.WireguardSettings = class extends CommonClass {
            json.domainStrategy,
            json.reserved,
            json.peers.map(peer => Outbound.WireguardSettings.Peer.fromJson(peer)),
-            json.kernelMode,
+            json.noKernelTun,
        );
    }

    toJson() {
        return {
-            mtu: this.mtu?? undefined,
+            mtu: this.mtu ?? undefined,
            secretKey: this.secretKey,
            address: this.address ? this.address.split(",") : [],
-            workers: this.workers?? undefined,
+            workers: this.workers ?? undefined,
            domainStrategy: WireguardDomainStrategy.includes(this.domainStrategy) ? this.domainStrategy : undefined,
            reserved: this.reserved ? this.reserved.split(",").map(Number) : undefined,
            peers: Outbound.WireguardSettings.Peer.toJsonArray(this.peers),
-            kernelMode: this.kernelMode,
+            noKernelTun: this.noKernelTun,
        };
    }
 };

 Outbound.WireguardSettings.Peer = class extends CommonClass {
-    constructor(publicKey='', psk='', allowedIPs=['0.0.0.0/0','::/0'], endpoint='', keepAlive=0) {
+    constructor(
+        publicKey = '',
+        psk = '',
+        allowedIPs = ['0.0.0.0/0', '::/0'],
+        endpoint = '',
+        keepAlive = 0
+    ) {
        super();
        this.publicKey = publicKey;
        this.psk = psk;
@@ -1142,7 +1228,7 @@ Outbound.WireguardSettings.Peer = class extends CommonClass {
        this.keepAlive = keepAlive;
    }

-    static fromJson(json={}){
+    static fromJson(json = {}) {
        return new Outbound.WireguardSettings.Peer(
            json.publicKey,
            json.preSharedKey,
@@ -1155,10 +1241,10 @@ Outbound.WireguardSettings.Peer = class extends CommonClass {
    toJson() {
        return {
            publicKey: this.publicKey,
-            preSharedKey: this.psk.length>0 ? this.psk : undefined,
+            preSharedKey: this.psk.length > 0 ? this.psk : undefined,
            allowedIPs: this.allowedIPs ? this.allowedIPs : undefined,
            endpoint: this.endpoint,
-            keepAlive: this.keepAlive?? undefined,
+            keepAlive: this.keepAlive ?? undefined,
        };
    }
 };
--- a/web/assets/js/model/setting.js
+++ b/web/assets/js/model/setting.js
@@ -7,41 +7,44 @@ class AllSetting {
        this.webCertFile = "";
        this.webKeyFile = "";
        this.webBasePath = "/";
-        this.sessionMaxAge = "";
+        this.sessionMaxAge = 60;
        this.pageSize = 50;
-        this.expireDiff = "";
-        this.trafficDiff = "";
+        this.expireDiff = 0;
+        this.trafficDiff = 0;
        this.remarkModel = "-ieo";
        this.datepicker = "gregorian";
        this.tgBotEnable = false;
        this.tgBotToken = "";
        this.tgBotProxy = "";
+        this.tgBotAPIServer = "";
        this.tgBotChatId = "";
        this.tgRunTime = "@daily";
        this.tgBotBackup = false;
-        this.tgBotLoginNotify = false;
-        this.tgCpu = "";
+        this.tgBotLoginNotify = true;
+        this.tgCpu = 80;
        this.tgLang = "en-US";
        this.xrayTemplateConfig = "";
        this.secretEnable = false;
        this.subEnable = false;
+        this.subSyncEnable = true;
        this.subListen = "";
-        this.subPort = "2096";
+        this.subPort = 2096;
        this.subPath = "/sub/";
        this.subJsonPath = "/json/";
        this.subDomain = "";
        this.subCertFile = "";
        this.subKeyFile = "";
-        this.subUpdates = 0;
+        this.subUpdates = 12;
        this.subEncrypt = true;
-        this.subShowInfo = false;
+        this.subShowInfo = true;
        this.subURI = "";
        this.subJsonURI = "";
        this.subJsonFragment = "";
+        this.subJsonNoises = "";
        this.subJsonMux = "";
        this.subJsonRules = "";

-        this.timeLocation = "Asia/Tehran";
+        this.timeLocation = "Local";

        if (data == null) {
            return
--- a/web/assets/js/util/common.js
+++ b/web/assets/js/util/common.js
@@ -5,9 +5,9 @@ const ONE_TB = ONE_GB * 1024;
 const ONE_PB = ONE_TB * 1024;

 function sizeFormat(size) {
-    if (size < 0) {
-        return "0 B";
-    } else if (size < ONE_KB) {
+    if (size <= 0) return "0 B";
+
+    if (size < ONE_KB) {
        return size.toFixed(0) + " B";
    } else if (size < ONE_MB) {
        return (size / ONE_KB).toFixed(2) + " KB";
@@ -59,7 +59,7 @@ function formatSecond(second) {
        return (second / 3600).toFixed(0) + 'h';
    } else {
        day = Math.floor(second / 3600 / 24);
-        remain = ((second/3600) - (day*24)).toFixed(0);
+        remain = ((second / 3600) - (day * 24)).toFixed(0);
        return day + 'd' + (remain > 0 ? ' ' + remain + 'h' : '');
    }
 }
@@ -149,7 +149,7 @@ function userExpiryColor(threshold, client, isDark = false) {
        return isDark ? '#2c3950' : '#bcbcbc';
    }
    now = new Date().getTime(),
-    expiry = client.expiryTime;
+        expiry = client.expiryTime;
    switch (true) {
        case expiry === null:
            return "#7a316f"; // purple
--- a/web/assets/js/util/utils.js
+++ b/web/assets/js/util/utils.js
@@ -16,6 +16,9 @@ class HttpUtil {
    }

    static _respToMsg(resp) {
+        if (!resp || !resp.data) {
+            return new Msg(false, 'No response data');
+        }
        const { data } = resp;
        if (data == null) {
            return new Msg(true);
@@ -34,7 +37,7 @@ class HttpUtil {
            return msg;
        } catch (error) {
            console.error('GET request failed:', error);
-            const errorMsg = new Msg(false, error.response?.data?.message || error.message);
+            const errorMsg = new Msg(false, error.response?.data?.message || error.message || 'Request failed');
            this._handleMsg(errorMsg);
            return errorMsg;
        }
@@ -48,7 +51,7 @@ class HttpUtil {
            return msg;
        } catch (error) {
            console.error('POST request failed:', error);
-            const errorMsg = new Msg(false, error.response?.data?.message || error.message);
+            const errorMsg = new Msg(false, error.response?.data?.message || error.message || 'Request failed');
            this._handleMsg(errorMsg);
            return errorMsg;
        }
@@ -67,6 +70,41 @@ class HttpUtil {
        }
        return msg;
    }
+
+    static async jsonPost(url, data) {
+        let msg;
+        try {
+            const requestOptions = {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify(data),
+            };
+            const resp = await fetch(basePath + url.replace(/^\/+|\/+$/g, ''), requestOptions);
+            const response = await resp.json();
+
+            msg = this._respToMsg({data : response});
+        } catch (e) {
+            msg = new Msg(false, e.toString());
+        }
+        this._handleMsg(msg);
+        return msg;
+    }
+
+    static async postWithModalJson(url, data, modal) {
+        if (modal) {
+            modal.loading(true);
+        }
+        const msg = await this.jsonPost(url, data);
+        if (modal) {
+            modal.loading(false);
+            if (msg instanceof Msg && msg.success) {
+                modal.close();
+            }
+        }
+        return msg;
+    }
 }

 class PromiseUtil {
@@ -96,12 +134,22 @@ class RandomUtil {
        return str;
    }

-    static randomShortId() {
-        let str = '';
-        for (let i = 0; i < 8; ++i) {
-            str += seq[this.randomInt(16)];
+    static randomShortIds() {
+        const lengths = [2, 4, 6, 8, 10, 12, 14, 16];
+        for (let i = lengths.length - 1; i > 0; i--) {
+            const j = Math.floor(Math.random() * (i + 1));
+            [lengths[i], lengths[j]] = [lengths[j], lengths[i]];
        }
-        return str;
+
+        let shortIds = [];
+        for (let length of lengths) {
+            let shortId = '';
+            for (let i = 0; i < length; i++) {
+                shortId += seq[this.randomInt(16)];
+            }
+            shortIds.push(shortId);
+        }
+        return shortIds.join(',');
    }

    static randomLowerAndNum(len) {
@@ -281,172 +329,172 @@ class ObjectUtil {
 }

 class Wireguard {
-	static gf(init) {
-		var r = new Float64Array(16);
-		if (init) {
-			for (var i = 0; i < init.length; ++i)
-				r[i] = init[i];
-		}
-		return r;
-	}
+    static gf(init) {
+        var r = new Float64Array(16);
+        if (init) {
+            for (var i = 0; i < init.length; ++i)
+                r[i] = init[i];
+        }
+        return r;
+    }

-	static pack(o, n) {
-		var b, m = this.gf(), t = this.gf();
-		for (var i = 0; i < 16; ++i)
-			t[i] = n[i];
-		this.carry(t);
-		this.carry(t);
-		this.carry(t);
-		for (var j = 0; j < 2; ++j) {
-			m[0] = t[0] - 0xffed;
-			for (var i = 1; i < 15; ++i) {
-				m[i] = t[i] - 0xffff - ((m[i - 1] >> 16) & 1);
-				m[i - 1] &= 0xffff;
-			}
-			m[15] = t[15] - 0x7fff - ((m[14] >> 16) & 1);
-			b = (m[15] >> 16) & 1;
-			m[14] &= 0xffff;
-			this.cswap(t, m, 1 - b);
-		}
-		for (var i = 0; i < 16; ++i) {
-			o[2 * i] = t[i] & 0xff;
-			o[2 * i + 1] = t[i] >> 8;
-		}
-	}
+    static pack(o, n) {
+        var b, m = this.gf(), t = this.gf();
+        for (var i = 0; i < 16; ++i)
+            t[i] = n[i];
+        this.carry(t);
+        this.carry(t);
+        this.carry(t);
+        for (var j = 0; j < 2; ++j) {
+            m[0] = t[0] - 0xffed;
+            for (var i = 1; i < 15; ++i) {
+                m[i] = t[i] - 0xffff - ((m[i - 1] >> 16) & 1);
+                m[i - 1] &= 0xffff;
+            }
+            m[15] = t[15] - 0x7fff - ((m[14] >> 16) & 1);
+            b = (m[15] >> 16) & 1;
+            m[14] &= 0xffff;
+            this.cswap(t, m, 1 - b);
+        }
+        for (var i = 0; i < 16; ++i) {
+            o[2 * i] = t[i] & 0xff;
+            o[2 * i + 1] = t[i] >> 8;
+        }
+    }

-	static carry(o) {
-		var c;
-		for (var i = 0; i < 16; ++i) {
-			o[(i + 1) % 16] += (i < 15 ? 1 : 38) * Math.floor(o[i] / 65536);
-			o[i] &= 0xffff;
-		}
-	}
+    static carry(o) {
+        var c;
+        for (var i = 0; i < 16; ++i) {
+            o[(i + 1) % 16] += (i < 15 ? 1 : 38) * Math.floor(o[i] / 65536);
+            o[i] &= 0xffff;
+        }
+    }

-	static cswap(p, q, b) {
-		var t, c = ~(b - 1);
-		for (var i = 0; i < 16; ++i) {
-			t = c & (p[i] ^ q[i]);
-			p[i] ^= t;
-			q[i] ^= t;
-		}
-	}
+    static cswap(p, q, b) {
+        var t, c = ~(b - 1);
+        for (var i = 0; i < 16; ++i) {
+            t = c & (p[i] ^ q[i]);
+            p[i] ^= t;
+            q[i] ^= t;
+        }
+    }

-	static add(o, a, b) {
-		for (var i = 0; i < 16; ++i)
-			o[i] = (a[i] + b[i]) | 0;
-	}
+    static add(o, a, b) {
+        for (var i = 0; i < 16; ++i)
+            o[i] = (a[i] + b[i]) | 0;
+    }

-	static subtract(o, a, b) {
-		for (var i = 0; i < 16; ++i)
-			o[i] = (a[i] - b[i]) | 0;
-	}
+    static subtract(o, a, b) {
+        for (var i = 0; i < 16; ++i)
+            o[i] = (a[i] - b[i]) | 0;
+    }

-	static multmod(o, a, b) {
-		var t = new Float64Array(31);
-		for (var i = 0; i < 16; ++i) {
-			for (var j = 0; j < 16; ++j)
-				t[i + j] += a[i] * b[j];
-		}
-		for (var i = 0; i < 15; ++i)
-			t[i] += 38 * t[i + 16];
-		for (var i = 0; i < 16; ++i)
-			o[i] = t[i];
-		this.carry(o);
-		this.carry(o);
-	}
+    static multmod(o, a, b) {
+        var t = new Float64Array(31);
+        for (var i = 0; i < 16; ++i) {
+            for (var j = 0; j < 16; ++j)
+                t[i + j] += a[i] * b[j];
+        }
+        for (var i = 0; i < 15; ++i)
+            t[i] += 38 * t[i + 16];
+        for (var i = 0; i < 16; ++i)
+            o[i] = t[i];
+        this.carry(o);
+        this.carry(o);
+    }

-	static invert(o, i) {
-		var c = this.gf();
-		for (var a = 0; a < 16; ++a)
-			c[a] = i[a];
-		for (var a = 253; a >= 0; --a) {
-			this.multmod(c, c, c);
-			if (a !== 2 && a !== 4)
+    static invert(o, i) {
+        var c = this.gf();
+        for (var a = 0; a < 16; ++a)
+            c[a] = i[a];
+        for (var a = 253; a >= 0; --a) {
+            this.multmod(c, c, c);
+            if (a !== 2 && a !== 4)
                this.multmod(c, c, i);
-		}
-		for (var a = 0; a < 16; ++a)
-			o[a] = c[a];
-	}
+        }
+        for (var a = 0; a < 16; ++a)
+            o[a] = c[a];
+    }

-	static clamp(z) {
-		z[31] = (z[31] & 127) | 64;
-		z[0] &= 248;
-	}
+    static clamp(z) {
+        z[31] = (z[31] & 127) | 64;
+        z[0] &= 248;
+    }

-	static generatePublicKey(privateKey) {
-		var r, z = new Uint8Array(32);
-		var a = this.gf([1]),
-			b = this.gf([9]),
-			c = this.gf(),
-			d = this.gf([1]),
-			e = this.gf(),
-			f = this.gf(),
-			_121665 = this.gf([0xdb41, 1]),
-			_9 = this.gf([9]);
-		for (var i = 0; i < 32; ++i)
-			z[i] = privateKey[i];
-		this.clamp(z);
-		for (var i = 254; i >= 0; --i) {
-			r = (z[i >>> 3] >>> (i & 7)) & 1;
-			this.cswap(a, b, r);
-			this.cswap(c, d, r);
-			this.add(e, a, c);
-			this.subtract(a, a, c);
-			this.add(c, b, d);
-			this.subtract(b, b, d);
-			this.multmod(d, e, e);
-			this.multmod(f, a, a);
-			this.multmod(a, c, a);
-			this.multmod(c, b, e);
-			this.add(e, a, c);
-			this.subtract(a, a, c);
-			this.multmod(b, a, a);
-			this.subtract(c, d, f);
-			this.multmod(a, c, _121665);
-			this.add(a, a, d);
-			this.multmod(c, c, a);
-			this.multmod(a, d, f);
-			this.multmod(d, b, _9);
-			this.multmod(b, e, e);
-			this.cswap(a, b, r);
-			this.cswap(c, d, r);
-		}
-		this.invert(c, c);
-		this.multmod(a, a, c);
-		this.pack(z, a);
-		return z;
-	}
+    static generatePublicKey(privateKey) {
+        var r, z = new Uint8Array(32);
+        var a = this.gf([1]),
+            b = this.gf([9]),
+            c = this.gf(),
+            d = this.gf([1]),
+            e = this.gf(),
+            f = this.gf(),
+            _121665 = this.gf([0xdb41, 1]),
+            _9 = this.gf([9]);
+        for (var i = 0; i < 32; ++i)
+            z[i] = privateKey[i];
+        this.clamp(z);
+        for (var i = 254; i >= 0; --i) {
+            r = (z[i >>> 3] >>> (i & 7)) & 1;
+            this.cswap(a, b, r);
+            this.cswap(c, d, r);
+            this.add(e, a, c);
+            this.subtract(a, a, c);
+            this.add(c, b, d);
+            this.subtract(b, b, d);
+            this.multmod(d, e, e);
+            this.multmod(f, a, a);
+            this.multmod(a, c, a);
+            this.multmod(c, b, e);
+            this.add(e, a, c);
+            this.subtract(a, a, c);
+            this.multmod(b, a, a);
+            this.subtract(c, d, f);
+            this.multmod(a, c, _121665);
+            this.add(a, a, d);
+            this.multmod(c, c, a);
+            this.multmod(a, d, f);
+            this.multmod(d, b, _9);
+            this.multmod(b, e, e);
+            this.cswap(a, b, r);
+            this.cswap(c, d, r);
+        }
+        this.invert(c, c);
+        this.multmod(a, a, c);
+        this.pack(z, a);
+        return z;
+    }

-	static generatePresharedKey() {
-		var privateKey = new Uint8Array(32);
-		window.crypto.getRandomValues(privateKey);
-		return privateKey;
-	}
+    static generatePresharedKey() {
+        var privateKey = new Uint8Array(32);
+        window.crypto.getRandomValues(privateKey);
+        return privateKey;
+    }

-	static generatePrivateKey() {
-		var privateKey = this.generatePresharedKey();
-		this.clamp(privateKey);
-		return privateKey;
-	}
+    static generatePrivateKey() {
+        var privateKey = this.generatePresharedKey();
+        this.clamp(privateKey);
+        return privateKey;
+    }

-	static encodeBase64(dest, src) {
-		var input = Uint8Array.from([(src[0] >> 2) & 63, ((src[0] << 4) | (src[1] >> 4)) & 63, ((src[1] << 2) | (src[2] >> 6)) & 63, src[2] & 63]);
-		for (var i = 0; i < 4; ++i)
-			dest[i] = input[i] + 65 +
-			(((25 - input[i]) >> 8) & 6) -
-			(((51 - input[i]) >> 8) & 75) -
-			(((61 - input[i]) >> 8) & 15) +
-			(((62 - input[i]) >> 8) & 3);
-	}
+    static encodeBase64(dest, src) {
+        var input = Uint8Array.from([(src[0] >> 2) & 63, ((src[0] << 4) | (src[1] >> 4)) & 63, ((src[1] << 2) | (src[2] >> 6)) & 63, src[2] & 63]);
+        for (var i = 0; i < 4; ++i)
+            dest[i] = input[i] + 65 +
+                (((25 - input[i]) >> 8) & 6) -
+                (((51 - input[i]) >> 8) & 75) -
+                (((61 - input[i]) >> 8) & 15) +
+                (((62 - input[i]) >> 8) & 3);
+    }

-	static keyToBase64(key) {
-		var i, base64 = new Uint8Array(44);
-		for (i = 0; i < 32 / 3; ++i)
+    static keyToBase64(key) {
+        var i, base64 = new Uint8Array(44);
+        for (i = 0; i < 32 / 3; ++i)
            this.encodeBase64(base64.subarray(i * 4), key.subarray(i * 3));
        this.encodeBase64(base64.subarray(i * 4), Uint8Array.from([key[i * 3 + 0], key[i * 3 + 1], 0]));
-		base64[43] = 61;
-		return String.fromCharCode.apply(null, base64);
-	}
+        base64[43] = 61;
+        return String.fromCharCode.apply(null, base64);
+    }

    static keyFromBase64(encoded) {
        const binaryStr = atob(encoded);
@@ -457,12 +505,12 @@ class Wireguard {
        return bytes;
    }

-	static generateKeypair(secretKey='') {
-        var privateKey = secretKey.length>0 ? this.keyFromBase64(secretKey) : this.generatePrivateKey();
+    static generateKeypair(secretKey = '') {
+        var privateKey = secretKey.length > 0 ? this.keyFromBase64(secretKey) : this.generatePrivateKey();
        var publicKey = this.generatePublicKey(privateKey);
        return {
            publicKey: this.keyToBase64(publicKey),
-            privateKey: secretKey.length>0 ? secretKey : this.keyToBase64(privateKey)
+            privateKey: secretKey.length > 0 ? secretKey : this.keyToBase64(privateKey)
        };
    }
 }
--- a/web/assets/moment/moment.min.js
+++ b/web/assets/moment/moment.min.js
--- a/web/controller/api.go
+++ b/web/controller/api.go
@@ -33,6 +33,7 @@ func (a *APIController) initRouter(g *gin.RouterGroup) {
 		{"GET", "/list", a.inboundController.getInbounds},
 		{"GET", "/get/:id", a.inboundController.getInbound},
 		{"GET", "/getClientTraffics/:email", a.inboundController.getClientTraffics},
+		{"GET", "/getClientTrafficsById/:id", a.inboundController.getClientTrafficsById},
 		{"POST", "/add", a.inboundController.addInbound},
 		{"POST", "/del/:id", a.inboundController.delInbound},
 		{"POST", "/update/:id", a.inboundController.updateInbound},
--- a/web/controller/inbound.go
+++ b/web/controller/inbound.go
@@ -1,10 +1,10 @@
 package controller

 import (
+    "errors"
 	"encoding/json"
 	"fmt"
 	"strconv"
-
 	"x-ui/database/model"
 	"x-ui/web/service"
 	"x-ui/web/session"
@@ -33,9 +33,13 @@ func (a *InboundController) initRouter(g *gin.RouterGroup) {
 	g.POST("/clientIps/:email", a.getClientIps)
 	g.POST("/clearClientIps/:email", a.clearClientIps)
 	g.POST("/addClient", a.addInboundClient)
+	g.POST("/addGroupClient", a.addGroupInboundClient)
 	g.POST("/:id/delClient/:clientId", a.delInboundClient)
+	g.POST("/delGroupClients", a.delGroupClients)
 	g.POST("/updateClient/:clientId", a.updateInboundClient)
+	g.POST("/updateClients", a.updateGroupInboundClient)
 	g.POST("/:id/resetClientTraffic/:email", a.resetClientTraffic)
+	g.POST("/resetGroupClientTraffic", a.resetGroupClientTraffic)
 	g.POST("/resetAllTraffics", a.resetAllTraffics)
 	g.POST("/resetAllClientTraffics/:id", a.resetAllClientTraffics)
 	g.POST("/delDepletedClients/:id", a.delDepletedClients)
@@ -77,6 +81,16 @@ func (a *InboundController) getClientTraffics(c *gin.Context) {
 	jsonObj(c, clientTraffics, nil)
 }

+func (a *InboundController) getClientTrafficsById(c *gin.Context) {
+	id := c.Param("id")
+	clientTraffics, err := a.inboundService.GetClientTrafficByID(id)
+	if err != nil {
+		jsonMsg(c, "Error getting traffics", err)
+		return
+	}
+	jsonObj(c, clientTraffics, nil)
+}
+
 func (a *InboundController) addInbound(c *gin.Context) {
 	inbound := &model.Inbound{}
 	err := c.ShouldBind(inbound)
@@ -180,6 +194,34 @@ func (a *InboundController) addInboundClient(c *gin.Context) {
 	}
 }

+func (a *InboundController) addGroupInboundClient(c *gin.Context) {
+	var requestData []model.Inbound
+
+    err := c.ShouldBindJSON(&requestData)
+
+    if err != nil {
+        jsonMsg(c, I18nWeb(c, "pages.inbounds.update"), err)
+        return
+    }
+
+    needRestart := true
+
+    for _, data := range requestData {
+
+        needRestart, err = a.inboundService.AddInboundClient(&data)
+        if err != nil {
+            jsonMsg(c, "Something went wrong!", err)
+            return
+        }
+    }
+
+    jsonMsg(c, "Client(s) added", nil)
+    if err == nil && needRestart {
+        a.xrayService.SetToNeedRestart()
+    }
+
+}
+
 func (a *InboundController) delInboundClient(c *gin.Context) {
 	id, err := strconv.Atoi(c.Param("id"))
 	if err != nil {
@@ -201,6 +243,38 @@ func (a *InboundController) delInboundClient(c *gin.Context) {
 	}
 }

+func (a *InboundController) delGroupClients(c *gin.Context) {
+	var requestData []struct {
+        InboundID int `json:"inboundId"`
+        ClientID  string `json:"clientId"`
+    }
+
+    if err := c.ShouldBindJSON(&requestData); err != nil {
+        jsonMsg(c, "Invalid request data", err)
+        return
+    }
+
+    needRestart := false
+
+    for _, req := range requestData {
+        needRestartTmp, err := a.inboundService.DelInboundClient(req.InboundID, req.ClientID)
+        if err != nil {
+            jsonMsg(c, "Failed to delete client", err)
+            return
+        }
+
+        if needRestartTmp {
+            needRestart = true
+        }
+    }
+
+    jsonMsg(c, "Clients deleted successfully", nil)
+
+    if needRestart {
+		a.xrayService.SetToNeedRestart()
+    }
+}
+
 func (a *InboundController) updateInboundClient(c *gin.Context) {
 	clientId := c.Param("clientId")

@@ -224,6 +298,56 @@ func (a *InboundController) updateInboundClient(c *gin.Context) {
 	}
 }

+func (a *InboundController) updateGroupInboundClient(c *gin.Context) {
+    var requestData []map[string]interface{}
+
+    if err := c.ShouldBindJSON(&requestData); err != nil {
+        jsonMsg(c, I18nWeb(c, "pages.inbounds.update"), err)
+        return
+    }
+
+    needRestart := false
+
+    for _, item := range requestData {
+
+        inboundMap, ok := item["inbound"].(map[string]interface{})
+        if !ok {
+            jsonMsg(c, "Something went wrong!", errors.New("Failed to convert 'inbound' to map"))
+            return
+        }
+
+        clientId, ok := item["clientId"].(string)
+        if !ok {
+            jsonMsg(c, "Something went wrong!", errors.New("Failed to convert 'clientId' to string"))
+            return
+        }
+
+        inboundJSON, err := json.Marshal(inboundMap)
+        if err != nil {
+            jsonMsg(c, "Something went wrong!", err)
+            return
+        }
+
+        var inboundModel model.Inbound
+        if err := json.Unmarshal(inboundJSON, &inboundModel); err != nil {
+            jsonMsg(c, "Something went wrong!", err)
+            return
+        }
+
+        if restart, err := a.inboundService.UpdateInboundClient(&inboundModel, clientId); err != nil {
+            jsonMsg(c, "Something went wrong!", err)
+            return
+        } else {
+            needRestart = needRestart || restart
+        }
+    }
+
+    jsonMsg(c, "Client updated", nil)
+    if needRestart {
+        a.xrayService.SetToNeedRestart()
+    }
+}
+
 func (a *InboundController) resetClientTraffic(c *gin.Context) {
 	id, err := strconv.Atoi(c.Param("id"))
 	if err != nil {
@@ -243,6 +367,44 @@ func (a *InboundController) resetClientTraffic(c *gin.Context) {
 	}
 }

+func (a *InboundController) resetGroupClientTraffic(c *gin.Context) {
+	var requestData []struct {
+		InboundID int    `json:"inboundId"` // Map JSON "inboundId" to struct field "InboundID"
+		Email     string `json:"email"`    // Map JSON "email" to struct field "Email"
+	}
+
+	// Parse JSON body directly using ShouldBindJSON
+	if err := c.ShouldBindJSON(&requestData); err != nil {
+		jsonMsg(c, "Invalid request data", err)
+		return
+	}
+
+	needRestart := false
+
+	// Process each request data
+	for _, req := range requestData {
+		needRestartTmp, err := a.inboundService.ResetClientTraffic(req.InboundID, req.Email)
+		if err != nil {
+			jsonMsg(c, "Failed to reset client traffic", err)
+			return
+		}
+
+		// If any request requires a restart, set needRestart to true
+		if needRestartTmp {
+			needRestart = true
+		}
+	}
+
+	// Send response back to the client
+	jsonMsg(c, "Traffic reset for all clients", nil)
+
+	// Restart the service if required
+	if needRestart {
+		a.xrayService.SetToNeedRestart()
+	}
+}
+
+
 func (a *InboundController) resetAllTraffics(c *gin.Context) {
 	err := a.inboundService.ResetAllTraffics()
 	if err != nil {
--- a/web/controller/index.go
+++ b/web/controller/index.go
@@ -9,6 +9,7 @@ import (
 	"x-ui/web/service"
 	"x-ui/web/session"

+	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 )

@@ -49,8 +50,8 @@ func (a *IndexController) index(c *gin.Context) {

 func (a *IndexController) login(c *gin.Context) {
 	var form LoginForm
-	err := c.ShouldBind(&form)
-	if err != nil {
+
+	if err := c.ShouldBind(&form); err != nil {
 		pureJsonMsg(c, http.StatusOK, false, I18nWeb(c, "pages.login.toasts.invalidFormData"))
 		return
 	}
@@ -68,31 +69,31 @@ func (a *IndexController) login(c *gin.Context) {
 	safeUser := template.HTMLEscapeString(form.Username)
 	safePass := template.HTMLEscapeString(form.Password)
 	safeSecret := template.HTMLEscapeString(form.LoginSecret)
+
 	if user == nil {
-		logger.Warningf("wrong username or password or secret: \"%s\" \"%s\" \"%s\"", safeUser, safePass, safeSecret)
+		logger.Warningf("wrong username: \"%s\", password: \"%s\", secret: \"%s\", IP: \"%s\"", safeUser, safePass, safeSecret, getRemoteIp(c))
 		a.tgbot.UserLoginNotify(safeUser, safePass, getRemoteIp(c), timeStr, 0)
 		pureJsonMsg(c, http.StatusOK, false, I18nWeb(c, "pages.login.toasts.wrongUsernameOrPassword"))
 		return
-	} else {
-		logger.Infof("%s logged in successfully, Ip Address: %s\n", safeUser, getRemoteIp(c))
-		a.tgbot.UserLoginNotify(safeUser, ``, getRemoteIp(c), timeStr, 1)
 	}

+	logger.Infof("%s logged in successfully, Ip Address: %s\n", safeUser, getRemoteIp(c))
+	a.tgbot.UserLoginNotify(safeUser, ``, getRemoteIp(c), timeStr, 1)
+
 	sessionMaxAge, err := a.settingService.GetSessionMaxAge()
 	if err != nil {
 		logger.Warning("Unable to get session's max age from DB")
 	}

-	if sessionMaxAge > 0 {
-		err = session.SetMaxAge(c, sessionMaxAge*60)
-		if err != nil {
-			logger.Warning("Unable to set session's max age")
-		}
+	session.SetMaxAge(c, sessionMaxAge*60)
+	session.SetLoginUser(c, user)
+	if err := sessions.Default(c).Save(); err != nil {
+		logger.Warning("Unable to save session: ", err)
+		return
 	}

-	err = session.SetLoginUser(c, user)
-	logger.Infof("%s logged in successfully", user.Username)
-	jsonMsg(c, I18nWeb(c, "pages.login.toasts.successLogin"), err)
+	logger.Infof("%s logged in successfully", safeUser)
+	jsonMsg(c, I18nWeb(c, "pages.login.toasts.successLogin"), nil)
 }

 func (a *IndexController) logout(c *gin.Context) {
@@ -101,6 +102,9 @@ func (a *IndexController) logout(c *gin.Context) {
 		logger.Infof("%s logged out successfully", user.Username)
 	}
 	session.ClearSession(c)
+	if err := sessions.Default(c).Save(); err != nil {
+		logger.Warning("Unable to save session after clearing:", err)
+	}
 	c.Redirect(http.StatusTemporaryRedirect, c.GetString("base_path"))
 }

--- a/web/controller/util.go
+++ b/web/controller/util.go
@@ -42,12 +42,12 @@ func jsonMsgObj(c *gin.Context, msg string, obj interface{}, err error) {
 	if err == nil {
 		m.Success = true
 		if msg != "" {
-			m.Msg = msg + I18nWeb(c, "success")
+			m.Msg = msg + " " + I18nWeb(c, "success")
 		}
 	} else {
 		m.Success = false
-		m.Msg = msg + I18nWeb(c, "fail") + ": " + err.Error()
-		logger.Warning(msg+I18nWeb(c, "fail")+": ", err)
+		m.Msg = msg + " " + I18nWeb(c, "fail") + ": " + err.Error()
+		logger.Warning(msg+" "+I18nWeb(c, "fail")+": ", err)
 	}
 	c.JSON(http.StatusOK, m)
 }
--- a/web/entity/entity.go
+++ b/web/entity/entity.go
@@ -30,6 +30,7 @@ type AllSetting struct {
 	TgBotEnable      bool   `json:"tgBotEnable" form:"tgBotEnable"`
 	TgBotToken       string `json:"tgBotToken" form:"tgBotToken"`
 	TgBotProxy       string `json:"tgBotProxy" form:"tgBotProxy"`
+	TgBotAPIServer   string `json:"tgBotAPIServer" form:"tgBotAPIServer"`
 	TgBotChatId      string `json:"tgBotChatId" form:"tgBotChatId"`
 	TgRunTime        string `json:"tgRunTime" form:"tgRunTime"`
 	TgBotBackup      bool   `json:"tgBotBackup" form:"tgBotBackup"`
@@ -39,6 +40,7 @@ type AllSetting struct {
 	TimeLocation     string `json:"timeLocation" form:"timeLocation"`
 	SecretEnable     bool   `json:"secretEnable" form:"secretEnable"`
 	SubEnable        bool   `json:"subEnable" form:"subEnable"`
+	SubSyncEnable    bool   `json:"subSyncEnable" form:"subSyncEnable"`
 	SubListen        string `json:"subListen" form:"subListen"`
 	SubPort          int    `json:"subPort" form:"subPort"`
 	SubPath          string `json:"subPath" form:"subPath"`
@@ -52,6 +54,7 @@ type AllSetting struct {
 	SubJsonPath      string `json:"subJsonPath" form:"subJsonPath"`
 	SubJsonURI       string `json:"subJsonURI" form:"subJsonURI"`
 	SubJsonFragment  string `json:"subJsonFragment" form:"subJsonFragment"`
+	SubJsonNoises    string `json:"subJsonNoises" form:"subJsonNoises"`
 	SubJsonMux       string `json:"subJsonMux" form:"subJsonMux"`
 	SubJsonRules     string `json:"subJsonRules" form:"subJsonRules"`
 	Datepicker       string `json:"datepicker" form:"datepicker"`
--- a/web/html/common/qrcode_modal.html
+++ b/web/html/common/qrcode_modal.html
@@ -23,13 +23,15 @@
        </tr-qr-bg>
      </tr-qr-box>
    </template>
-    <template v-for="(row, index) in qrModal.qrcodes">
-      <tr-qr-box class="qr-box">
-        <a-tag color="green" class="qr-tag"><span>[[ row.remark ]]</span></a-tag>
-        <tr-qr-bg class="qr-bg">
-          <canvas @click="copyToClipboard('qrCode-'+index, row.link)" :id="'qrCode-'+index" class="qr-cv"></canvas>
-        </tr-qr-bg>
-      </tr-qr-box>
+    <template v-if="!isJustSub">
+        <template v-for="(row, index) in qrModal.qrcodes">
+          <tr-qr-box class="qr-box">
+            <a-tag color="green" class="qr-tag"><span>[[ row.remark ]]</span></a-tag>
+            <tr-qr-bg class="qr-bg">
+              <canvas @click="copyToClipboard('qrCode-'+index, row.link)" :id="'qrCode-'+index" class="qr-cv"></canvas>
+            </tr-qr-bg>
+          </tr-qr-box>
+        </template>
    </template>
  </tr-qr-modal>
 </a-modal>
@@ -43,12 +45,14 @@
    qrcodes: [],
    clipboard: null,
    visible: false,
+    isJustSub: false,
    subId: '',
-    show: function(title = '', dbInbound, client) {
+    show: function(title = '', dbInbound, client, isJustSub = false) {
      this.title = title;
      this.dbInbound = dbInbound;
      this.inbound = dbInbound.toInbound();
      this.client = client;
+      this.isJustSub = isJustSub;
      this.subId = '';
      this.qrcodes = [];
      if (this.inbound.protocol == Protocols.WIREGUARD) {
@@ -76,7 +80,9 @@
    delimiters: ['[[', ']]'],
    el: '#qrcode-modal',
    data: {
-      qrModal: qrModal,
+      qrModal: qrModal,get isJustSub(){
+               return qrModal.isJustSub
+            }
    },
    methods: {
      copyToClipboard(elementId, content) {
--- a/web/html/login.html
+++ b/web/html/login.html
@@ -416,19 +416,19 @@
              <a-col span="24">
                <a-form>
                  <a-form-item>
-                    <a-input autocomplete="username" v-model.trim="user.username" placeholder='{{ i18n "username" }}'
+                    <a-input autocomplete="username" name="username" v-model.trim="user.username" placeholder='{{ i18n "username" }}'
                             @keydown.enter.native="login" autofocus>
                      <a-icon slot="prefix" type="user" style="font-size: 16px;"></a-icon>
                    </a-input>
                  </a-form-item>
                  <a-form-item>
-                    <password-input autocomplete="current-password" icon="lock" v-model.trim="user.password"
+                    <password-input autocomplete="password" name="password" icon="lock" v-model.trim="user.password"
                                    placeholder='{{ i18n "password" }}'
                                    @keydown.enter.native="login">
                    </password-input>
                  </a-form-item>
                  <a-form-item v-if="secretEnable">
-                    <password-input autocomplete="secret" icon="key" v-model.trim="user.loginSecret"
+                    <password-input autocomplete="secret" name="secret" icon="key" v-model.trim="user.loginSecret"
                                    placeholder='{{ i18n "secretToken" }}'
                                    @keydown.enter.native="login">
                    </password-input>
@@ -449,7 +449,7 @@
                    <a-row justify="center" class="centered">
                      <a-col :span="24">
                        <a-select ref="selectLang" v-model="lang"
-                                  @change="setLang(lang)" style="width: 150px;"
+                                  @change="setLang(lang)" style="width: 200px;"
                                  :dropdown-class-name="themeSwitcher.currentTheme">
                          <a-select-option :value="l.value" label="English" v-for="l in supportLangs">
                            <span role="img" aria-label="l.name" v-text="l.icon"></span>
--- a/web/html/xui/client_bulk_modal.html
+++ b/web/html/xui/client_bulk_modal.html
@@ -14,10 +14,10 @@
            </a-select>
        </a-form-item>
        <a-form-item label='{{ i18n "pages.client.first" }}' v-if="clientsBulkModal.emailMethod>1">
-            <a-input-number v-model="clientsBulkModal.firstNum" :min="1"></a-input-number>
+            <a-input-number v-model.number="clientsBulkModal.firstNum" :min="1"></a-input-number>
        </a-form-item>
        <a-form-item label='{{ i18n "pages.client.last" }}' v-if="clientsBulkModal.emailMethod>1">
-            <a-input-number v-model="clientsBulkModal.lastNum" :min="clientsBulkModal.firstNum"></a-input-number>
+            <a-input-number v-model.number="clientsBulkModal.lastNum" :min="clientsBulkModal.firstNum"></a-input-number>
        </a-form-item>
        <a-form-item label='{{ i18n "pages.client.prefix" }}' v-if="clientsBulkModal.emailMethod>0">
            <a-input v-model.trim="clientsBulkModal.emailPrefix"></a-input>
@@ -26,7 +26,12 @@
            <a-input v-model.trim="clientsBulkModal.emailPostfix"></a-input>
        </a-form-item>
        <a-form-item label='{{ i18n "pages.client.clientCount" }}' v-if="clientsBulkModal.emailMethod < 2">
-            <a-input-number v-model="clientsBulkModal.quantity" :min="1" :max="100"></a-input-number>
+            <a-input-number v-model.number="clientsBulkModal.quantity" :min="1" :max="100"></a-input-number>
+        </a-form-item>
+        <a-form-item label='{{ i18n "security" }}' v-if="inbound.protocol === Protocols.VMESS">
+            <a-select v-model="clientsBulkModal.security" :dropdown-class-name="themeSwitcher.currentTheme">
+                <a-select-option v-for="key in USERS_SECURITY" :value="key">[[ key ]]</a-select-option>
+            </a-select>
        </a-form-item>
        <a-form-item label='Flow' v-if="clientsBulkModal.inbound.canEnableTlsFlow()">
            <a-select v-model="clientsBulkModal.flow" :dropdown-class-name="themeSwitcher.currentTheme">
@@ -34,12 +39,6 @@
                <a-select-option v-for="key in TLS_FLOW_CONTROL" :value="key">[[ key ]]</a-select-option>
            </a-select>
        </a-form-item>
-        <a-form-item label='Flow' v-if="clientsBulkModal.inbound.xtls">
-            <a-select v-model="clientsBulkModal.flow" :dropdown-class-name="themeSwitcher.currentTheme">
-                <a-select-option value="" selected>{{ i18n "none" }}</a-select-option>
-                <a-select-option v-for="key in XTLS_FLOW_CONTROL" :value="key">[[ key ]]</a-select-option>
-            </a-select>
-        </a-form-item>
        <a-form-item v-if="app.subSettings.enable">
            <template slot="label">
                <a-tooltip>
@@ -62,7 +61,7 @@
                    <a-icon type="question-circle"></a-icon>
                </a-tooltip>
            </template>
-            <a-input-number style="width: 50%" v-model="clientsBulkModal.tgId" min="0"></a-input-number>
+            <a-input-number style="width: 50%" v-model.number="clientsBulkModal.tgId" min="0"></a-input-number>
        </a-form-item>
        <a-form-item v-if="app.ipLimitEnable">
            <template slot="label">
@@ -74,7 +73,7 @@
                    <a-icon type="question-circle"></a-icon>
                </a-tooltip>
            </template>
-            <a-input-number v-model="clientsBulkModal.limitIp" min="0"></a-input-number>
+            <a-input-number v-model.number="clientsBulkModal.limitIp" min="0"></a-input-number>
        </a-form-item>
        <a-form-item>
            <template slot="label">
@@ -86,7 +85,7 @@
                    <a-icon type="question-circle"></a-icon>
                </a-tooltip>
            </template>
-            <a-input-number v-model="clientsBulkModal.totalGB" :min="0"></a-input-number>
+            <a-input-number v-model.number="clientsBulkModal.totalGB" :min="0"></a-input-number>
        </a-form-item>
        <a-form-item label='{{ i18n "pages.client.delayedStart" }}'>
            <a-switch v-model="clientsBulkModal.delayedStart" @click="clientsBulkModal.expiryTime=0"></a-switch>
@@ -146,6 +145,7 @@
        emailPostfix: "",
        subId: "",
        tgId: '',
+        security: "auto",
        flow: "",
        delayedStart: false,
        reset: 0,
@@ -168,15 +168,13 @@
                newClient.email += useNum ? prefix + i.toString() + postfix : prefix + postfix;
                if (clientsBulkModal.subId.length > 0) newClient.subId = clientsBulkModal.subId;
                newClient.tgId = clientsBulkModal.tgId;
+                newClient.security = clientsBulkModal.security;
                newClient.limitIp = clientsBulkModal.limitIp;
                newClient._totalGB = clientsBulkModal.totalGB;
                newClient._expiryTime = clientsBulkModal.expiryTime;
                if (clientsBulkModal.inbound.canEnableTlsFlow()) {
                    newClient.flow = clientsBulkModal.flow;
                }
-                if (clientsBulkModal.inbound.xtls) {
-                    newClient.flow = clientsBulkModal.flow;
-                }
                newClient.reset = clientsBulkModal.reset;
                clients.push(newClient);
            }
@@ -203,6 +201,7 @@
            this.emailPostfix = "";
            this.subId = "";
            this.tgId = '';
+            this.security = "auto";
            this.flow = "";
            this.dbInbound = new DBInbound(dbInbound);
            this.inbound = dbInbound.toInbound();
@@ -211,7 +210,7 @@
        },
        newClient(protocol) {
            switch (protocol) {
-                case Protocols.VMESS: return new Inbound.VmessSettings.Vmess();
+                case Protocols.VMESS: return new Inbound.VmessSettings.VMESS();
                case Protocols.VLESS: return new Inbound.VLESSSettings.VLESS();
                case Protocols.TROJAN: return new Inbound.TrojanSettings.Trojan();
                case Protocols.SHADOWSOCKS: return new Inbound.ShadowsocksSettings.Shadowsocks(clientsBulkModal.inbound.settings.shadowsockses[0].method);
--- a/web/html/xui/client_modal.html
+++ b/web/html/xui/client_modal.html
@@ -16,7 +16,16 @@
        title: '',
        okText: '',
        isEdit: false,
+        group: {
+            canGroup: true,
+            isGroup: false,
+            currentClient: null,
+            inbounds: [],
+            clients: [],
+            editIds: []
+        },
        dbInbound: new DBInbound(),
+        dbInbounds: null,
        inbound: new Inbound(),
        clients: [],
        clientStats: [],
@@ -25,33 +34,126 @@
        clientIps: null,
        delayedStart: false,
        ok() {
-            if (clientModal.isEdit) {
-                ObjectUtil.execute(clientModal.confirm, clientModalApp.client, clientModal.dbInbound.id, clientModal.oldClientId);
+            if (app.subSettings.enable && clientModal.group.isGroup && clientModal.group.canGroup) {
+                const currentClient = clientModal.group.currentClient;
+                const { limitIp, comment, totalGB, expiryTime, reset, enable, subId, tgId, flow } = currentClient;
+                const uniqueEmails = clientModalApp.makeGroupEmailsUnique(clientModal.dbInbounds, currentClient.email, clientModal.group.clients);
+
+                clientModal.group.clients.forEach((client, index) => {
+                    client.email = uniqueEmails[index];
+                    client.limitIp = limitIp;
+                    client.comment = comment;
+                    client.totalGB = totalGB;
+                    client.expiryTime = expiryTime;
+                    client.reset = reset;
+                    client.enable = enable;
+
+                    if (subId) {
+                        client.subId = subId;
+                    }
+                    if (tgId) {
+                        client.tgId = tgId;
+                    }
+                    if (flow) {
+                        client.flow = flow;
+                    }
+                });
+
+                if (clientModal.isEdit) {
+                    ObjectUtil.execute(clientModal.confirm, clientModal.group.clients, clientModal.group.inbounds, clientModal.group.editIds);
+                } else {
+                    ObjectUtil.execute(clientModal.confirm, clientModal.group.clients, clientModal.group.inbounds);
+                }
            } else {
-                ObjectUtil.execute(clientModal.confirm, clientModalApp.client, clientModal.dbInbound.id);
+                if (clientModal.isEdit) {
+                    ObjectUtil.execute(clientModal.confirm, clientModalApp.client, clientModal.dbInbound.id, clientModal.oldClientId);
+                } else {
+                    ObjectUtil.execute(clientModal.confirm, clientModalApp.client, clientModal.dbInbound.id);
+                }
            }
        },
-        show({ title = '', okText = '{{ i18n "sure" }}', index = null, dbInbound = null, confirm = () => { }, isEdit = false }) {
+        show({
+                 title = '',
+                 okText = '{{ i18n "sure" }}',
+                 index = null,
+                 dbInbound = null,
+                 dbInbounds = null,
+                 confirm = () => {
+                 },
+                 isEdit = false
+             }) {
+            this.group = {
+                canGroup: true,
+                isGroup: false,
+                currentClient: null,
+                inbounds: [],
+                clients: [],
+                editIds: []
+            }
+            this.dbInbounds = dbInbounds;
            this.visible = true;
            this.title = title;
            this.okText = okText;
            this.isEdit = isEdit;
-            this.dbInbound = new DBInbound(dbInbound);
-            this.inbound = dbInbound.toInbound();
-            this.clients = this.inbound.clients;
-            this.index = index === null ? this.clients.length : index;
-            this.delayedStart = false;
-            if (isEdit) {
-                if (this.clients[index].expiryTime < 0) {
-                    this.delayedStart = true;
+            if (app.subSettings.enable && dbInbounds !== null && Array.isArray(dbInbounds)) {
+                if (isEdit) {
+                    this.showProcess(dbInbound, index);
+                    let processSingleEdit = true
+                    if (this.group.canGroup) {
+                        this.group.currentClient = this.clients[this.index]
+                        const response = app.getSubGroupClients(dbInbounds, this.group.currentClient)
+                        if (response.clients.length > 1) {
+                            this.group.isGroup = true;
+                            this.group.inbounds = response.inbounds
+                            this.group.clients = response.clients
+                            this.group.editIds = response.editIds
+                            if (this.clients[index].expiryTime < 0) {
+                                this.delayedStart = true;
+                            }
+                            processSingleEdit = false
+                        }
+                    }
+                    if (processSingleEdit) {
+                        this.singleEditClientProcess(index)
+                    }
+                } else {
+                    this.group.isGroup = true;
+                    dbInbounds.forEach((dbInboundItem) => {
+                        this.showProcess(dbInboundItem);
+                        if (this.dbInbound.isMultiUser()) {
+                            this.addClient(this.inbound.protocol, this.clients);
+                            this.group.inbounds.push(dbInboundItem.id)
+                            this.group.clients.push(this.clients[this.index])
+                        }
+                    })
+                    this.group.currentClient = this.clients[this.index]
                }
-                this.oldClientId = this.getClientId(dbInbound.protocol, clients[index]);
            } else {
-                this.addClient(this.inbound.protocol, this.clients);
+                this.showProcess(dbInbound, index);
+                if (isEdit) {
+                    this.singleEditClientProcess(index)
+                } else {
+                    this.addClient(this.inbound.protocol, this.clients);
+                }
            }
            this.clientStats = this.dbInbound.clientStats.find(row => row.email === this.clients[this.index].email);
            this.confirm = confirm;
-        },  
+        },
+        showProcess(dbInbound, index = null) {
+            this.dbInbound = new DBInbound(dbInbound);
+            this.inbound = dbInbound.toInbound();
+            if (this.dbInbound.isMultiUser()) {
+                this.clients = this.inbound.clients;
+                this.index = index === null ? this.clients.length : index;
+                this.delayedStart = false;
+            }
+        },
+        singleEditClientProcess(index) {
+            if (this.clients[index].expiryTime < 0) {
+                this.delayedStart = true;
+            }
+            this.oldClientId = this.getClientId(this.dbInbound.protocol, this.clients[index]);
+        },
        getClientId(protocol, client) {
            switch (protocol) {
                case Protocols.TROJAN: return client.password;
@@ -61,7 +163,7 @@
        },
        addClient(protocol, clients) {
            switch (protocol) {
-                case Protocols.VMESS: return clients.push(new Inbound.VmessSettings.Vmess());
+                case Protocols.VMESS: return clients.push(new Inbound.VmessSettings.VMESS());
                case Protocols.VLESS: return clients.push(new Inbound.VLESSSettings.VLESS());
                case Protocols.TROJAN: return clients.push(new Inbound.TrojanSettings.Trojan());
                case Protocols.SHADOWSOCKS: return clients.push(new Inbound.ShadowsocksSettings.Shadowsocks(clients[0].method));
@@ -72,7 +174,7 @@
            clientModal.visible = false;
            clientModal.loading(false);
        },
-        loading(loading=true) {
+        loading(loading = true) {
            clientModal.confirmLoading = loading;
        },
    };
@@ -94,6 +196,18 @@
            get isEdit() {
                return this.clientModal.isEdit;
            },
+            get isGroup() {
+                return this.clientModal.group.isGroup;
+            },
+            get isGroupEdit() {
+                return this.clientModal.group.canGroup;
+            },
+            set isGroupEdit(value) {
+                this.clientModal.group.canGroup = value;
+                if (!value) {
+                    this.clientModal.singleEditClientProcess(this.clientModal.index)
+                }
+            },
            get datepicker() {
                return app.datepicker;
            },
@@ -120,6 +234,36 @@
            },
        },
        methods: {
+            makeGroupEmailsUnique(dbInbounds, baseEmail, groupClients) {
+                // Extract the base part of the email (before the "__" if present)
+                const match = baseEmail.match(/^(.*?)__/);
+                const base = match ? match[1] : baseEmail;
+
+                // Generate initial emails for each client in the group
+                const generatedEmails = groupClients.map((_, index) => `${base}__${index + 1}`);
+
+                // Function to check if an email already exists in dbInbounds but belongs to a different subId
+                const isDuplicate = (emailToCheck, clientSubId) => {
+                    return dbInbounds.some((dbInbound) => {
+                        const settings = JSON.parse(dbInbound.settings);
+                        const clients = settings && settings.clients ? settings.clients : [];
+                        return clients.some(client => client.email === emailToCheck && client.subId !== clientSubId);
+                    });
+                };
+
+                // Check if any of the generated emails are duplicates
+                const hasDuplicates = generatedEmails.some((email, index) => {
+                    return isDuplicate(email, groupClients[index].subId);
+                });
+
+                // If duplicates exist, add a random string to the base email to ensure uniqueness
+                if (hasDuplicates) {
+                    const randomString = `-${RandomUtil.randomLowerAndNum(4)}`;
+                    return groupClients.map((_, index) => `${base}${randomString}__${index + 1}`);
+                }
+
+                return generatedEmails;
+            },
            async getDBClientIps(email) {
                const msg = await HttpUtil.post(`/panel/inbound/clientIps/${email}`);
                if (!msg.success) {
@@ -147,7 +291,22 @@
                } catch (error) {
                }
            },
-            resetClientTraffic(email, dbInboundId, iconElement) {
+            async resetClientTrafficHandler(client, dbInboundId, clients = []) {
+                if (clients.length > 0) {
+                    const resetRequests = clients
+                        .filter(client => {
+                            const inbound = clientModal.dbInbounds.find(inbound => inbound.id === client.inboundId);
+                            return inbound && app.hasClientStats(inbound, client.email);
+                        }).map(client => ({ inboundId: client.inboundId, email: client.email}));
+
+                    return HttpUtil.postWithModalJson('/panel/inbound/resetGroupClientTraffic', resetRequests, null)
+                } else {
+                    return HttpUtil.postWithModal('/panel/inbound/' + dbInboundId + '/resetClientTraffic/' + client.email)
+                }
+            },
+            resetClientTraffic(client, dbInboundId, iconElement) {
+                const subGroup = app.subSettings.enable && clientModal.group.isGroup && clientModal.group.canGroup && clientModal.dbInbounds && clientModal.dbInbounds.length > 0 ? app.getSubGroupClients(clientModal.dbInbounds, client) : [];
+                const clients = subGroup && subGroup.clients && subGroup.clients.length > 1 ? subGroup.clients : [];
                this.$confirm({
                    title: '{{ i18n "pages.inbounds.resetTraffic"}}',
                    content: '{{ i18n "pages.inbounds.resetTrafficContent"}}',
@@ -156,8 +315,8 @@
                    cancelText: '{{ i18n "cancel"}}',
                    onOk: async () => {
                        iconElement.disabled = true;
-                        const msg = await HttpUtil.postWithModal('/panel/inbound/' + dbInboundId + '/resetClientTraffic/' + email);
-                        if (msg.success) {
+                        const msg = await this.resetClientTrafficHandler(client, dbInboundId, clients);
+                        if (msg && msg.success) {
                            this.clientModal.clientStats.up = 0;
                            this.clientModal.clientStats.down = 0;
                        }
--- a/web/html/xui/component/password.html
+++ b/web/html/xui/component/password.html
@@ -1,8 +1,10 @@
 {{define "component/passwordInput"}}
 <template>
    <a-input :value="value" :type="showPassword ? 'text' : 'password'"
-            :placeholder="placeholder"
-            @input="$emit('input', $event.target.value)">
+             :placeholder="placeholder"
+             :autocomplete="autocomplete"
+             :name="name"
+             @input="$emit('input', $event.target.value)">
        <template v-if="icon" #prefix>
            <a-icon :type="icon" style="font-size: 16px;" />
        </template>
@@ -18,7 +20,7 @@
 {{define "component/password"}}
 <script>
  Vue.component('password-input', {
-    props: ["title", "value", "placeholder", "icon"],
+    props: ["title", "value", "placeholder", "icon", "autocomplete", "name"],
    template: `{{template "component/passwordInput"}}`,
    data() {
      return {
--- a/web/html/xui/dns_modal.html
+++ b/web/html/xui/dns_modal.html
@@ -1,5 +1,7 @@
 {{define "dnsModal"}}
-<a-modal id="dns-modal" v-model="dnsModal.visible" :title="dnsModal.title" @ok="dnsModal.ok" :closable="true" :mask-closable="false" :ok-text="dnsModal.okText" cancel-text='{{ i18n "close" }}' :class="themeSwitcher.currentTheme">
+<a-modal id="dns-modal" v-model="dnsModal.visible" :title="dnsModal.title" @ok="dnsModal.ok" :closable="true"
+  :mask-closable="false" :ok-text="dnsModal.okText" cancel-text='{{ i18n "close" }}'
+  :class="themeSwitcher.currentTheme">
  <a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
    <a-form-item label='{{ i18n "pages.xray.outbound.address" }}'>
      <a-input v-model.trim="dnsModal.dnsServer.address"></a-input>
@@ -8,18 +10,29 @@
      <a-button icon="plus" size="small" type="primary" @click="dnsModal.dnsServer.domains.push('')"></a-button>
      <template v-for="(domain, index) in dnsModal.dnsServer.domains">
        <a-input v-model.trim="dnsModal.dnsServer.domains[index]">
-          <a-button icon="minus" size="small" slot="addonAfter" @click="dnsModal.dnsServer.domains.splice(index,1)"></a-button>
+          <a-button icon="minus" size="small" slot="addonAfter"
+            @click="dnsModal.dnsServer.domains.splice(index,1)"></a-button>
        </a-input>
      </template>
    </a-form-item>
    <a-form-item label='{{ i18n "pages.xray.dns.strategy" }}' v-if="isAdvanced">
-      <a-select v-model="dnsModal.dnsServer.queryStrategy" style="width: 100%" :dropdown-class-name="themeSwitcher.currentTheme">
+      <a-select v-model="dnsModal.dnsServer.queryStrategy" style="width: 100%"
+        :dropdown-class-name="themeSwitcher.currentTheme">
        <a-select-option :value="l" :label="l" v-for="l in ['UseIP', 'UseIPv4', 'UseIPv6']"> [[ l ]] </a-select-option>
      </a-select>
    </a-form-item>
    <a-form-item label='Skip Fallback' v-if="isAdvanced">
      <a-switch v-model="dnsModal.dnsServer.skipFallback"></a-switch>
    </a-form-item>
+    <a-form-item label='{{ i18n "pages.xray.dns.expectIPs"}}'>
+      <a-button icon="plus" size="small" type="primary" @click="dnsModal.dnsServer.expectIPs.push('')"></a-button>
+      <template v-for="(domain, index) in dnsModal.dnsServer.expectIPs">
+        <a-input v-model.trim="dnsModal.dnsServer.expectIPs[index]">
+          <a-button icon="minus" size="small" slot="addonAfter"
+            @click="dnsModal.dnsServer.expectIPs.splice(index,1)"></a-button>
+        </a-input>
+      </template>
+    </a-form-item>
  </a-form>
 </a-modal>
 <script>
@@ -32,20 +45,24 @@
    dnsServer: {
      address: "localhost",
      domains: [],
+      expectIPs: [],
      queryStrategy: 'UseIP',
      skipFallback: true,
    },
    ok() {
      domains = dnsModal.dnsServer.domains.filter(d => d.length > 0);
+      expectIPs = dnsModal.dnsServer.expectIPs.filter(ip => ip.length > 0);
      dnsModal.dnsServer.domains = domains;
-      newDnsServer = domains.length > 0 ? dnsModal.dnsServer : dnsModal.dnsServer.address;
+      dnsModal.dnsServer.expectIPs = expectIPs;
+      newDnsServer = (domains.length > 0 || expectIPs.length > 0) ? dnsModal.dnsServer : dnsModal.dnsServer.address;
      ObjectUtil.execute(dnsModal.confirm, newDnsServer);
    },
+
    show({
      title = '',
      okText = '{{ i18n "confirm" }}',
      dnsServer,
-      confirm = (dnsServer) => {},
+      confirm = (dnsServer) => { },
      isEdit = false
    }) {
      this.title = title;
@@ -59,6 +76,7 @@
          this.dnsServer = {
            address: dnsServer ?? "",
            domains: [],
+            expectIPs: [],
            queryStrategy: 'UseIP',
            skipFallback: true,
          }
@@ -67,6 +85,7 @@
        this.dnsServer = {
          address: "localhost",
          domains: [],
+          expectIPs: [],
          queryStrategy: 'UseIP',
          skipFallback: true,
        }
@@ -85,8 +104,8 @@
    },
    computed: {
      isAdvanced: {
-        get: function() {
-          return dnsModal.dnsServer.domains.length > 0
+        get: function () {
+          return dnsModal.dnsServer.domains.length > 0;
        }
      }
    }
--- a/web/html/xui/fakedns_modal.html
+++ b/web/html/xui/fakedns_modal.html
@@ -7,7 +7,7 @@
            <a-input v-model.trim="fakednsModal.fakeDns.ipPool"></a-input>
        </a-form-item>
        <a-form-item label='{{ i18n "pages.xray.fakedns.poolSize" }}'>
-          <a-input-number style="width: 100%;" type="number" min="1" v-model.trim="fakednsModal.fakeDns.poolSize"></a-input-number>
+          <a-input-number v-model.number="fakednsModal.fakeDns.poolSize" :min="1"></a-input-number>
        </a-form-item>
    </a-form>
 </a-modal>
--- a/web/html/xui/form/allocate.html
+++ b/web/html/xui/form/allocate.html
@@ -0,0 +1,15 @@
+{{define "form/allocate"}}
+<a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
+    <a-form-item label='Strategy'>
+      <a-select v-model="inbound.allocate.strategy" :dropdown-class-name="themeSwitcher.currentTheme">
+        <a-select-option v-for="s in ['always','random']" :value="s">[[ s ]]</a-select-option>
+      </a-select>
+    </a-form-item>
+    <a-form-item label='Refresh'>
+      <a-input-number v-model.number="inbound.allocate.refresh" min="0"></a-input-number>
+    </a-form-item>
+    <a-form-item label='Concurrency'>
+      <a-input-number v-model.number="inbound.allocate.concurrency" min="0"></a-input-number>
+    </a-form-item>
+</a-form>
+{{end}}
--- a/web/html/xui/form/client.html
+++ b/web/html/xui/form/client.html
@@ -3,6 +3,18 @@
    <a-form-item label='{{ i18n "pages.inbounds.enable" }}'>
        <a-switch v-model="client.enable"></a-switch>
    </a-form-item>
+    <a-form-item v-if="isEdit && app.subSettings.enable && isGroup">
+        <template slot="label">
+            <a-tooltip>
+                <template slot="title">
+                    <span>{{ i18n "pages.client.isGroupEditDesc" }}</span>
+                </template>
+                {{ i18n "pages.client.isGroupEdit" }}
+                <a-icon type="question-circle"></a-icon>
+            </a-tooltip>
+        </template>
+        <a-switch v-model="isGroupEdit"></a-switch>
+    </a-form-item>
    <a-form-item>
        <template slot="label">
            <a-tooltip>
@@ -39,6 +51,11 @@
        </template>
        <a-input v-model.trim="client.id"></a-input>
    </a-form-item>
+    <a-form-item v-if="inbound.protocol === Protocols.VMESS" label='{{ i18n "security" }}'>
+        <a-select v-model="client.security" :dropdown-class-name="themeSwitcher.currentTheme">
+            <a-select-option v-for="key in USERS_SECURITY" :value="key">[[ key ]]</a-select-option>
+        </a-select>
+    </a-form-item>
    <a-form-item v-if="client.email && app.subSettings.enable">
        <template slot="label">
            <a-tooltip>
@@ -57,11 +74,14 @@
                <template slot="title">
                    <span>{{ i18n "pages.inbounds.telegramDesc" }}</span>
                </template>
-                Telegram ID
+                Telegram ChatID
                <a-icon type="question-circle"></a-icon>
            </a-tooltip>
        </template>
-        <a-input-number style="width: 50%" v-model="client.tgId" min="0"></a-input-number>
+        <a-input-number style="width: 50%" v-model.number="client.tgId" min="0"></a-input-number>
+    </a-form-item>
+    <a-form-item v-if="client.email" label='{{ i18n "comment" }}'>
+        <a-input v-model.trim="client.comment"></a-input>
    </a-form-item>
    <a-form-item v-if="app.ipLimitEnable">
        <template slot="label">
@@ -73,7 +93,7 @@
                <a-icon type="question-circle"></a-icon>
            </a-tooltip>
        </template>
-        <a-input-number v-model="client.limitIp" min="0"></a-input-number>
+        <a-input-number v-model.number="client.limitIp" min="0"></a-input-number>
    </a-form-item>
    <a-form-item v-if="app.ipLimitEnable && client.limitIp > 0 && client.email && isEdit">
        <template slot="label">
@@ -99,12 +119,6 @@
            </a-textarea>
        </a-form>
    </a-form-item>
-    <a-form-item v-if="inbound.xtls" label='Flow'>
-        <a-select v-model="client.flow" :dropdown-class-name="themeSwitcher.currentTheme">
-            <a-select-option value="" selected>{{ i18n "none" }}</a-select-option>
-            <a-select-option v-for="key in XTLS_FLOW_CONTROL" :value="key">[[ key ]]</a-select-option>
-        </a-select>
-    </a-form-item>
    <a-form-item v-if="inbound.canEnableTlsFlow()" label='Flow'>
        <a-select v-model="client.flow" :dropdown-class-name="themeSwitcher.currentTheme">
            <a-select-option value="" selected>{{ i18n "none" }}</a-select-option>
@@ -121,7 +135,7 @@
                <a-icon type="question-circle"></a-icon>
            </a-tooltip>
        </template>
-        <a-input-number v-model="client._totalGB" :min="0"></a-input-number>
+        <a-input-number v-model.number="client._totalGB" :min="0"></a-input-number>
    </a-form-item>
    <a-form-item v-if="isEdit && clientStats" label='{{ i18n "usage" }}'>
        <a-tag :color="clientUsageColor(clientStats, app.trafficDiff)">
@@ -132,7 +146,7 @@
        <a-tooltip>
            <template slot="title">{{ i18n "pages.inbounds.resetTraffic" }}</template>
            <a-icon type="retweet"
-                @click="resetClientTraffic(client.email,clientStats.inboundId,$event.target)"
+                @click="resetClientTraffic(client,clientStats.inboundId,$event.target)"
                v-if="client.email.length > 0"></a-icon>
        </a-tooltip>
    </a-form-item>
--- a/web/html/xui/form/inbound.html
+++ b/web/html/xui/form/inbound.html
@@ -41,7 +41,7 @@
                <a-icon type="question-circle"></a-icon>
            </a-tooltip>
        </template>
-        <a-input-number v-model="dbInbound.totalGB" :min="0"></a-input-number>
+        <a-input-number v-model.number="dbInbound.totalGB" :min="0"></a-input-number>
    </a-form-item>

    <a-form-item>
@@ -115,7 +115,19 @@
 </template>

 <!-- sniffing -->
-<template>
-    {{template "form/sniffing"}}
-</template>
+<a-collapse>
+    <a-collapse-panel header='Sniffing'>
+        {{template "form/sniffing"}}
+    </a-collapse-panel>
+</a-collapse>
+
+<!-- allocate -->
+<!-- Temporarily disabled until we accepts range for port allocation
+<a-collapse>
+    <a-collapse-panel header='Allocate'>
+        {{template "form/allocate"}}
+    </a-collapse-panel>
+</a-collapse>
+-->
+
 {{end}}
--- a/web/html/xui/form/outbound.html
+++ b/web/html/xui/form/outbound.html
@@ -22,8 +22,13 @@
            <a-select-option v-for="s in OutboundDomainStrategies" :value="s">[[ s ]]</a-select-option>
          </a-select>
        </a-form-item>
+        <a-form-item label='Redirect'>
+          <a-input v-model="outbound.settings.redirect"></a-input>
+        </a-form-item>
        <a-form-item label='Fragment'>
-          <a-switch :checked="Object.keys(outbound.settings.fragment).length >0" @change="checked => outbound.settings.fragment = checked ? new Outbound.FreedomSettings.Fragment() : {}"></a-switch>
+          <a-switch :checked="Object.keys(outbound.settings.fragment).length >0"
+            @change="checked => outbound.settings.fragment = checked ? new Outbound.FreedomSettings.Fragment() : {}">
+          </a-switch>
        </a-form-item>
        <template v-if="Object.keys(outbound.settings.fragment).length >0">
          <a-form-item label='Packets'>
@@ -38,6 +43,40 @@
            <a-input v-model.trim="outbound.settings.fragment.interval"></a-input>
          </a-form-item>
        </template>
+
+        <!-- Switch for Noises -->
+        <a-form-item label='Noises'>
+          <a-switch :checked="outbound.settings.noises.length > 0"
+            @change="checked => outbound.settings.noises = checked ? [new Outbound.FreedomSettings.Noise()] : []">
+          </a-switch>
+        </a-form-item>
+
+        <!-- Add Noise Button -->
+        <template v-if="outbound.settings.noises.length > 0">
+          <a-form-item label="Noises">
+            <a-button icon="plus" type="primary" size="small" @click="outbound.settings.addNoise()"></a-button>
+          </a-form-item>
+        
+        <!-- Noise Configurations -->
+          <a-form v-for="(noise, index) in outbound.settings.noises" :key="index" :colon="false" :label-col="{ md: {span:8} }"
+            :wrapper-col="{ md: {span:14} }">
+            <a-divider style="margin:0;"> Noise [[ index + 1 ]]
+              <a-icon v-if="outbound.settings.noises.length > 1" type="delete" @click="() => outbound.settings.delNoise(index)"
+                style="color: rgb(255, 77, 79); cursor: pointer;"></a-icon>
+            </a-divider>
+            <a-form-item label='Type'>
+              <a-select v-model="noise.type" :dropdown-class-name="themeSwitcher.currentTheme">
+                <a-select-option v-for="s in ['rand','base64','str']" :value="s">[[ s ]]</a-select-option>
+              </a-select>
+            </a-form-item>
+            <a-form-item label='Packet'>
+              <a-input v-model.trim="noise.packet"></a-input>
+            </a-form-item>
+            <a-form-item label='Delay'>
+              <a-input v-model.trim="noise.delay"></a-input>
+            </a-form-item>
+          </a-form>
+        </template>
      </template>

      <!-- blackhole settings -->
@@ -56,6 +95,14 @@
            <a-select-option v-for="s in ['udp','tcp']" :value="s">[[ s ]]</a-select-option>
          </a-select>
        </a-form-item>
+        <a-form-item label='non-IP queries'>
+          <a-select v-model="outbound.settings.nonIPQuery" :dropdown-class-name="themeSwitcher.currentTheme">
+            <a-select-option v-for="s in ['drop','skip']" :value="s">[[ s ]]</a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item v-if="outbound.settings.nonIPQuery === 'skip'" label='Block Types' >
+          <a-input v-model.number="outbound.settings.blockTypes"></a-input>
+        </a-form-item>
      </template>

      <!-- wireguard settings -->
@@ -95,13 +142,13 @@
          </a-select>
        </a-form-item>
        <a-form-item label='MTU'>
-          <a-input-number v-model.number="outbound.settings.mtu"></a-input-number>
+          <a-input-number v-model.number="outbound.settings.mtu" min="0"></a-input-number>
        </a-form-item>
        <a-form-item label='Workers'>
-          <a-input-number min="0" v-model.number="outbound.settings.workers"></a-input-number>
+          <a-input-number v-model.number="outbound.settings.workers" min="0"></a-input-number>
        </a-form-item>
-        <a-form-item label='Kernel Mode'>
-          <a-switch v-model="outbound.settings.kernelMode"></a-switch>
+        <a-form-item label='No Kernel Tun'>
+          <a-switch v-model="outbound.settings.noKernelTun"></a-switch>
        </a-form-item>
        <a-form-item>
          <template slot="label">
@@ -161,6 +208,15 @@
          <a-input v-model.trim="outbound.settings.id"></a-input>
        </a-form-item>

+        <!-- vmess settings -->
+        <template v-if="outbound.protocol === Protocols.VMess">
+          <a-form-item label='Security'>
+            <a-select v-model="outbound.settings.security" :dropdown-class-name="themeSwitcher.currentTheme">
+              <a-select-option v-for="key in USERS_SECURITY" :value="key">[[ key ]]</a-select-option>
+            </a-select>
+          </a-form-item>
+        </template>
+
        <!-- vless settings -->
        <template v-if="outbound.canEnableTlsFlow()">
          <a-form-item label='Flow'>
@@ -211,14 +267,12 @@
      <template v-if="outbound.canEnableStream()">
        <a-form-item label='{{ i18n "transmission" }}'>
          <a-select v-model="outbound.stream.network" @change="streamNetworkChange" :dropdown-class-name="themeSwitcher.currentTheme">
-            <a-select-option value="tcp">TCP</a-select-option>
+            <a-select-option value="tcp">TCP (RAW)</a-select-option>
            <a-select-option value="kcp">mKCP</a-select-option>
            <a-select-option value="ws">WebSocket</a-select-option>
-            <a-select-option value="http">H2</a-select-option>
-            <a-select-option value="quic">QUIC</a-select-option>
            <a-select-option value="grpc">gRPC</a-select-option>
            <a-select-option value="httpupgrade">HTTPUpgrade</a-select-option>
-            <a-select-option value="splithttp">SplitHTTP</a-select-option>
+            <a-select-option value="xhttp">XHTTP</a-select-option>
          </a-select>
        </a-form-item>
        <template v-if="outbound.stream.network === 'tcp'">
@@ -252,25 +306,25 @@
            <a-input v-model="outbound.stream.kcp.seed"></a-input>
          </a-form-item>
          <a-form-item label='MTU'>
-            <a-input-number v-model.number="outbound.stream.kcp.mtu"></a-input-number>
+            <a-input-number v-model.number="outbound.stream.kcp.mtu" min="0"></a-input-number>
          </a-form-item>
          <a-form-item label='TTI (ms)'>
-            <a-input-number v-model.number="outbound.stream.kcp.tti"></a-input-number>
+            <a-input-number v-model.number="outbound.stream.kcp.tti" min="0"></a-input-number>
          </a-form-item>
          <a-form-item label='Uplink (MB/s)'>
-            <a-input-number v-model.number="outbound.stream.kcp.upCap"></a-input-number>
+            <a-input-number v-model.number="outbound.stream.kcp.upCap" min="0"></a-input-number>
          </a-form-item>
          <a-form-item label='Downlink (MB/s)'>
-            <a-input-number v-model.number="outbound.stream.kcp.downCap"></a-input-number>
+            <a-input-number v-model.number="outbound.stream.kcp.downCap" min="0"></a-input-number>
          </a-form-item>
          <a-form-item label='Congestion'>
            <a-switch v-model="outbound.stream.kcp.congestion"></a-switch>
          </a-form-item>
          <a-form-item label='Read Buffer (MB)'>
-            <a-input-number v-model.number="outbound.stream.kcp.readBuffer"></a-input-number>
+            <a-input-number v-model.number="outbound.stream.kcp.readBuffer" min="0"></a-input-number>
          </a-form-item>
          <a-form-item label='Write Buffer (MB)'>
-            <a-input-number v-model.number="outbound.stream.kcp.writeBuffer"></a-input-number>
+            <a-input-number v-model.number="outbound.stream.kcp.writeBuffer" min="0"></a-input-number>
          </a-form-item>
        </template>

@@ -282,42 +336,11 @@
          <a-form-item label='{{ i18n "path" }}'>
            <a-input v-model.trim="outbound.stream.ws.path"></a-input>
          </a-form-item>
-        </template>
-
-        <!-- http -->
-        <template v-if="outbound.stream.network === 'http'">
-          <a-form-item label='{{ i18n "host" }}'>
-            <a-input v-model.trim="outbound.stream.http.host"></a-input>
-          </a-form-item>
-          <a-form-item label='{{ i18n "path" }}'>
-            <a-input v-model.trim="outbound.stream.http.path"></a-input>
+          <a-form-item label='Heartbeat Period'>
+            <a-input-number v-model.number="outbound.stream.ws.heartbeatPeriod" :min="0"></a-input-number>
          </a-form-item>
        </template>
-
-        <!-- quic -->
-        <template v-if="outbound.stream.network === 'quic'">
-          <a-form-item label='{{ i18n "pages.inbounds.stream.quic.encryption" }}'>
-            <a-select v-model="outbound.stream.quic.security" :dropdown-class-name="themeSwitcher.currentTheme">
-              <a-select-option value="none">None</a-select-option>
-              <a-select-option value="aes-128-gcm">AES-128-GCM</a-select-option>
-              <a-select-option value="chacha20-poly1305">CHACHA20-POLY1305</a-select-option>
-            </a-select>
-          </a-form-item>
-          <a-form-item label='{{ i18n "password" }}'>
-            <a-input v-model.trim="outbound.stream.quic.key"></a-input>
-          </a-form-item>
-          <a-form-item label='{{ i18n "camouflage" }}'>
-            <a-select v-model="outbound.stream.quic.type" :dropdown-class-name="themeSwitcher.currentTheme">
-              <a-select-option value="none">None</a-select-option>
-              <a-select-option value="srtp">SRTP</a-select-option>
-              <a-select-option value="utp">uTP</a-select-option>
-              <a-select-option value="wechat-video">WeChat</a-select-option>
-              <a-select-option value="dtls">DTLS 1.2</a-select-option>
-              <a-select-option value="wireguard">WireGuard</a-select-option>
-            </a-select>
-          </a-form-item>
-        </template>
-
+        
        <!-- grpc -->
        <template v-if="outbound.stream.network === 'grpc'">
          <a-form-item label='Service Name'>
@@ -341,13 +364,42 @@
          </a-form-item>
        </template>

-        <!-- splithttp -->
-        <template v-if="outbound.stream.network === 'splithttp'">
+        <!-- xhttp -->
+        <template v-if="outbound.stream.network === 'xhttp'">
          <a-form-item label='{{ i18n "host" }}'>
-            <a-input v-model="outbound.stream.splithttp.host"></a-input>
+            <a-input v-model="outbound.stream.xhttp.host"></a-input>
          </a-form-item>
          <a-form-item label='{{ i18n "path" }}'>
-            <a-input v-model.trim="outbound.stream.splithttp.path"></a-input>
+            <a-input v-model.trim="outbound.stream.xhttp.path"></a-input>
+          </a-form-item>
+          <a-form-item label='Mode'>
+            <a-select v-model="outbound.stream.xhttp.mode" :dropdown-class-name="themeSwitcher.currentTheme">
+              <a-select-option v-for="key in MODE_OPTION" :value="key">[[ key ]]</a-select-option>
+            </a-select>
+          </a-form-item>
+          <a-form-item label="No gRPC Header" v-if="outbound.stream.xhttp.mode === 'stream-up' || outbound.stream.xhttp.mode === 'stream-one'">
+            <a-switch v-model="outbound.stream.xhttp.noGRPCHeader"></a-switch>
+          </a-form-item>
+          <a-form-item label="Min Upload Interval (Ms)" v-if="outbound.stream.xhttp.mode === 'packet-up'">
+            <a-input v-model.trim="outbound.stream.xhttp.scMinPostsIntervalMs"></a-input>
+          </a-form-item>
+          <a-form-item label="Max Concurrency" v-if="!outbound.stream.xhttp.xmux.maxConnections">
+            <a-input v-model="outbound.stream.xhttp.xmux.maxConcurrency"></a-input>
+          </a-form-item>
+          <a-form-item label="Max Connections" v-if="!outbound.stream.xhttp.xmux.maxConcurrency">
+            <a-input v-model="outbound.stream.xhttp.xmux.maxConnections"></a-input>
+          </a-form-item>
+          <a-form-item label="Max Reuse Times">
+            <a-input v-model="outbound.stream.xhttp.xmux.cMaxReuseTimes"></a-input>
+          </a-form-item>
+          <a-form-item label="Max Request Times">
+            <a-input v-model="outbound.stream.xhttp.xmux.hMaxRequestTimes"></a-input>
+          </a-form-item>
+          <a-form-item label="Max Reusable Secs">
+            <a-input v-model="outbound.stream.xhttp.xmux.hMaxReusableSecs"></a-input>
+          </a-form-item>
+          <a-form-item label='Keep Alive Period'>
+            <a-input-number v-model.number="outbound.stream.xhttp.xmux.hKeepAlivePeriod"></a-input-number>
          </a-form-item>
        </template>
      </template>
@@ -417,13 +469,13 @@
          <a-switch v-model="outbound.stream.sockopt.tcpFastOpen"></a-switch>
        </a-form-item>
        <a-form-item label="Keep Alive Interval">
-          <a-input-number v-model="outbound.stream.sockopt.tcpKeepAliveInterval" :min="0"></a-input-number>
+          <a-input-number v-model.number="outbound.stream.sockopt.tcpKeepAliveInterval" :min="0"></a-input-number>
        </a-form-item>
        <a-form-item label="Multipath TCP">
          <a-switch v-model.trim="outbound.stream.sockopt.tcpMptcp"></a-switch>
-      </a-form-item>
-        <a-form-item label="TCP No-Delay">
-          <a-switch v-model="outbound.stream.sockopt.tcpNoDelay"></a-switch>
+        </a-form-item>
+        <a-form-item label="Penetrate">
+          <a-switch v-model="outbound.stream.sockopt.penetrate"></a-switch>
        </a-form-item>
      </template>

@@ -434,10 +486,10 @@
        </a-form-item>
        <template v-if="outbound.mux.enabled">
          <a-form-item label="Concurrency">
-            <a-input-number v-model="outbound.mux.concurrency" :min="-1" :max="1024"></a-input-number>
+            <a-input-number v-model.number="outbound.mux.concurrency" :min="-1" :max="1024"></a-input-number>
          </a-form-item>
          <a-form-item label="xudp Concurrency">
-            <a-input-number v-model="outbound.mux.xudpConcurrency" :min="-1" :max="1024"></a-input-number>
+            <a-input-number v-model.number="outbound.mux.xudpConcurrency" :min="-1" :max="1024"></a-input-number>
          </a-form-item>
          <a-form-item label="xudp UDP 443">
            <a-select v-model="outbound.mux.xudpProxyUDP443" :dropdown-class-name="themeSwitcher.currentTheme">
--- a/web/html/xui/form/protocol/dokodemo.html
+++ b/web/html/xui/form/protocol/dokodemo.html
@@ -16,8 +16,5 @@
    <a-form-item label='Follow Redirect'>
        <a-switch v-model="inbound.settings.followRedirect"></a-switch>
    </a-form-item>
-    <a-form-item label='Timeout'>
-        <a-input-number v-model.number="inbound.settings.timeout" :min="0"></a-input-number>
-    </a-form-item>
 </a-form>
 {{end}}
--- a/web/html/xui/form/protocol/http.html
+++ b/web/html/xui/form/protocol/http.html
@@ -19,5 +19,8 @@
      </template>
    </a-input>
  </a-input-group>
+  <a-form-item label="Allow Transparent">
+    <a-switch v-model="inbound.settings.allowTransparent" />
+  </a-form-item>
 </a-form>
 {{end}}
--- a/web/html/xui/form/protocol/shadowsocks.html
+++ b/web/html/xui/form/protocol/shadowsocks.html
@@ -43,5 +43,8 @@
            <a-select-option value="udp">UDP</a-select-option>
        </a-select>
    </a-form-item>
+    <a-form-item label='ivCheck'>
+        <a-switch v-model="inbound.settings.ivCheck"></a-switch>
+    </a-form-item>
 </a-form>
 {{end}}
--- a/web/html/xui/form/protocol/trojan.html
+++ b/web/html/xui/form/protocol/trojan.html
@@ -18,7 +18,7 @@
    </table>
  </a-collapse-panel>
 </a-collapse>
-<template v-if="inbound.isTcp && !inbound.stream.isReality">
+<template v-if="inbound.isTcp">
  <a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
    <a-form-item label="Fallbacks">
      <a-button icon="plus" type="primary" size="small" @click="inbound.settings.addFallback()"></a-button>
@@ -42,7 +42,7 @@
      <a-input v-model="fallback.dest"></a-input>
    </a-form-item>
    <a-form-item label='xVer'>
-      <a-input-number v-model="fallback.xver" :min="0" :max="2"></a-input-number>
+      <a-input-number v-model.number="fallback.xver" :min="0" :max="2"></a-input-number>
    </a-form-item>
  </a-form>
  <a-divider style="margin:5px 0;"></a-divider>
--- a/web/html/xui/form/protocol/vless.html
+++ b/web/html/xui/form/protocol/vless.html
@@ -9,18 +9,16 @@
    <table width="100%">
      <tr class="client-table-header">
        <th>{{ i18n "pages.inbounds.email" }}</th>
-        <th>Flow</th>
        <th>ID</th>
      </tr>
      <tr v-for="(client, index) in inbound.settings.vlesses" :class="index % 2 == 1 ? 'client-table-odd-row' : ''">
        <td>[[ client.email ]]</td>
-        <td>[[ client.flow ]]</td>
        <td>[[ client.id ]]</td>
      </tr>
    </table>
  </a-collapse-panel>
 </a-collapse>
-<template v-if="inbound.isTcp && !inbound.stream.isReality">
+<template v-if="inbound.isTcp">
  <a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
    <a-form-item label="Fallbacks">
      <a-button icon="plus" type="primary" size="small" @click="inbound.settings.addFallback()"></a-button>
@@ -44,7 +42,7 @@
      <a-input v-model="fallback.dest"></a-input>
    </a-form-item>
    <a-form-item label='xVer'>
-      <a-input-number v-model="fallback.xver" :min="0" :max="2"></a-input-number>
+      <a-input-number v-model.number="fallback.xver" :min="0" :max="2"></a-input-number>
    </a-form-item>
  </a-form>
  <a-divider style="margin:5px 0;"></a-divider>
--- a/web/html/xui/form/protocol/vmess.html
+++ b/web/html/xui/form/protocol/vmess.html
@@ -10,10 +10,12 @@
            <tr class="client-table-header">
                <th>{{ i18n "pages.inbounds.email" }}</th>
                <th>ID</th>
+                <th>{{ i18n "security" }}</th>
            </tr>
            <tr v-for="(client, index) in inbound.settings.vmesses" :class="index % 2 == 1 ? 'client-table-odd-row' : ''">
                <td>[[ client.email ]]</td>
                <td>[[ client.id ]]</td>
+                <td>[[ client.security ]]</td>
            </tr>
        </table>
    </a-collapse-panel>
--- a/web/html/xui/form/protocol/wireguard.html
+++ b/web/html/xui/form/protocol/wireguard.html
@@ -18,8 +18,8 @@
  <a-form-item label='MTU'>
    <a-input-number v-model.number="inbound.settings.mtu"></a-input-number>
  </a-form-item>
-  <a-form-item label='Kernel Mode'>
-    <a-switch v-model="inbound.settings.kernelMode"></a-switch>
+  <a-form-item label='No Kernel Tun'>
+    <a-switch v-model="inbound.settings.noKernelTun"></a-switch>
  </a-form-item>
  <a-form-item label="Peers">
    <a-button icon="plus" type="primary" size="small" @click="inbound.settings.addPeer()"></a-button>
--- a/web/html/xui/form/reality_settings.html
+++ b/web/html/xui/form/reality_settings.html
@@ -0,0 +1,56 @@
+{{define "form/realitySettings"}}
+<template>
+    <a-form-item label='Show'>
+        <a-switch v-model="inbound.stream.reality.show"></a-switch>
+    </a-form-item>
+    <a-form-item label='Xver'>
+        <a-input-number v-model.number="inbound.stream.reality.xver" :min="0"></a-input-number>
+    </a-form-item>
+    <a-form-item label='uTLS'>
+        <a-select v-model="inbound.stream.reality.settings.fingerprint" style="width: 50%"
+            :dropdown-class-name="themeSwitcher.currentTheme">
+            <a-select-option v-for="key in UTLS_FINGERPRINT" :value="key">[[ key ]]</a-select-option>
+        </a-select>
+    </a-form-item>
+    <a-form-item label='Dest (Target)'>
+        <a-input v-model.trim="inbound.stream.reality.dest"></a-input>
+    </a-form-item>
+    <a-form-item label='SNI'>
+        <a-input v-model.trim="inbound.stream.reality.serverNames"></a-input>
+    </a-form-item>
+    <a-form-item label='Max Time Diff (ms)'>
+        <a-input-number v-model.number="inbound.stream.reality.maxTimediff" :min="0"></a-input-number>
+    </a-form-item>
+    <!-- we also have this but i think it's not necessary
+    <a-form-item label='Min Client'>
+        <a-input v-model.trim="inbound.stream.reality.minClient"></a-input>
+    </a-form-item>
+    <a-form-item label='Max Client'>
+        <a-input v-model.trim="inbound.stream.reality.maxClient"></a-input>
+    </a-form-item>
+    -->
+    <a-form-item>
+        <template slot="label">
+            <a-tooltip>
+                <template slot="title">
+                    <span>{{ i18n "reset" }}</span>
+                </template> Short IDs <a-icon @click="inbound.stream.reality.shortIds = RandomUtil.randomShortIds()"
+                    type="sync"></a-icon>
+            </a-tooltip>
+        </template>
+        <a-input v-model.trim="inbound.stream.reality.shortIds"></a-input>
+    </a-form-item>
+    <a-form-item label='SpiderX'>
+        <a-input v-model.trim="inbound.stream.reality.settings.spiderX"></a-input>
+    </a-form-item>
+    <a-form-item label='{{ i18n "pages.inbounds.privatekey" }}'>
+        <a-input v-model.trim="inbound.stream.reality.privateKey"></a-input>
+    </a-form-item>
+    <a-form-item label='{{ i18n "pages.inbounds.publicKey" }}'>
+        <a-input v-model.trim="inbound.stream.reality.settings.publicKey"></a-input>
+    </a-form-item>
+    <a-form-item label=" ">
+        <a-button type="primary" icon="import" @click="getNewX25519Cert">Get New Cert</a-button>
+    </a-form-item>
+</template>
+{{end}}
--- a/web/html/xui/form/sniffing.html
+++ b/web/html/xui/form/sniffing.html
@@ -1,9 +1,8 @@
 {{define "form/sniffing"}}
-<a-divider style="margin:5px 0 0;"></a-divider>
 <a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
  <a-form-item>
    <span slot="label">
-        Sniffing
+      {{ i18n "enabled" }}
        <a-tooltip>
            <template slot="title">
                <span>{{ i18n "pages.inbounds.noRecommendKeepDefault" }}</span>
--- a/web/html/xui/form/stream/stream_http.html
+++ b/web/html/xui/form/stream/stream_http.html
@@ -1,17 +0,0 @@
-{{define "form/streamHTTP"}}
-<a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
-  <a-form-item label='{{ i18n "path" }}'>
-    <a-input v-model.trim="inbound.stream.http.path"></a-input>
-  </a-form-item>
-  <a-form-item>
-    <template slot="label">{{ i18n "host" }}
-      <a-button icon="plus" size="small" @click="inbound.stream.http.addHost()"></a-button>
-    </template>
-    <template v-for="(host, index) in inbound.stream.http.host">
-      <a-input v-model.trim="inbound.stream.http.host[index]">
-        <a-button icon="minus" size="small" slot="addonAfter" @click="inbound.stream.http.removeHost(index)" v-if="inbound.stream.http.host.length>1"></a-button>
-      </a-input>
-    </template>
-  </a-form-item>
-</a-form>
-{{end}}
--- a/web/html/xui/form/stream/stream_httpupgrade.html
+++ b/web/html/xui/form/stream/stream_httpupgrade.html
@@ -10,7 +10,7 @@
    <a-input v-model.trim="inbound.stream.httpupgrade.path"></a-input>
  </a-form-item>
  <a-form-item label='{{ i18n "pages.inbounds.stream.tcp.requestHeader" }}'>
-    <a-button icon="plus" size="small" @click="inbound.stream.httpupgrade.addHeader('host', '')"></a-button>
+    <a-button icon="plus" size="small" @click="inbound.stream.httpupgrade.addHeader('', '')"></a-button>
  </a-form-item>
  <a-form-item :wrapper-col="{span:24}">
    <a-input-group compact v-for="(header, index) in inbound.stream.httpupgrade.headers">
--- a/web/html/xui/form/stream/stream_quic.html
+++ b/web/html/xui/form/stream/stream_quic.html
@@ -1,33 +0,0 @@
-{{define "form/streamQUIC"}}
-<a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
-    <a-form-item label='{{ i18n "pages.inbounds.stream.quic.encryption" }}'>
-        <a-select v-model="inbound.stream.quic.security" :dropdown-class-name="themeSwitcher.currentTheme">
-            <a-select-option value="none">None</a-select-option>
-            <a-select-option value="aes-128-gcm">AES-128-GCM</a-select-option>
-            <a-select-option value="chacha20-poly1305">CHACHA20-POLY1305</a-select-option>
-        </a-select>
-    </a-form-item>
-    <a-form-item>
-        <template slot="label">
-            <a-tooltip>
-                <template slot="title">
-                    <span>{{ i18n "reset" }}</span>
-                </template>
-                {{ i18n "password" }}
-                <a-icon @click="inbound.stream.quic.key = RandomUtil.randomSeq(10)"type="sync"> </a-icon>
-            </a-tooltip>
-        </template>
-        <a-input v-model.trim="inbound.stream.quic.key"></a-input>
-    </a-form-item>
-    <a-form-item label='{{ i18n "camouflage" }}'>
-        <a-select v-model="inbound.stream.quic.type" style="width: 50%" :dropdown-class-name="themeSwitcher.currentTheme">
-            <a-select-option value="none">None</a-select-option>
-            <a-select-option value="srtp">SRTP</a-select-option>
-            <a-select-option value="utp">uTP</a-select-option>
-            <a-select-option value="wechat-video">WeChat</a-select-option>
-            <a-select-option value="dtls">DTLS 1.2</a-select-option>
-            <a-select-option value="wireguard">WireGuard</a-select-option>
-        </a-select>
-    </a-form-item>
-</a-form>
-{{end}}
--- a/web/html/xui/form/stream/stream_settings.html
+++ b/web/html/xui/form/stream/stream_settings.html
@@ -4,14 +4,12 @@
    <a-form-item label='{{ i18n "transmission" }}'>
        <a-select v-model="inbound.stream.network" style="width: 75%" @change="streamNetworkChange"
            :dropdown-class-name="themeSwitcher.currentTheme">
-            <a-select-option value="tcp">TCP</a-select-option>
+            <a-select-option value="tcp">TCP (RAW)</a-select-option>
            <a-select-option value="kcp">mKCP</a-select-option>
            <a-select-option value="ws">WebSocket</a-select-option>
-            <a-select-option value="http">H2</a-select-option>
-            <a-select-option value="quic">QUIC</a-select-option>
            <a-select-option value="grpc">gRPC</a-select-option>
            <a-select-option value="httpupgrade">HTTPUpgrade</a-select-option>
-            <a-select-option value="splithttp">SplitHTTP</a-select-option>
+            <a-select-option value="xhttp">XHTTP</a-select-option>
        </a-select>
    </a-form-item>
 </a-form>
@@ -31,16 +29,6 @@
    {{template "form/streamWS"}}
 </template>

-<!-- http -->
-<template v-if="inbound.stream.network === 'http'">
-    {{template "form/streamHTTP"}}
-</template>
-
-<!-- quic -->
-<template v-if="inbound.stream.network === 'quic'">
-    {{template "form/streamQUIC"}}
-</template>
-
 <!-- grpc -->
 <template v-if="inbound.stream.network === 'grpc'">
    {{template "form/streamGRPC"}}
@@ -51,9 +39,9 @@
    {{template "form/streamHTTPUpgrade"}}
 </template>

-<!-- splithttp -->
-<template v-if="inbound.stream.network === 'splithttp'">
-    {{template "form/streamSplitHTTP"}}
+<!-- xhttp -->
+<template v-if="inbound.stream.network === 'xhttp'">
+    {{template "form/streamXHTTP"}}
 </template>

 <!-- sockopt -->
--- a/web/html/xui/form/stream/stream_sockopt.html
+++ b/web/html/xui/form/stream/stream_sockopt.html
@@ -6,22 +6,22 @@
    </a-form-item>
    <template v-if="inbound.stream.sockoptSwitch">
        <a-form-item label="Route Mark">
-            <a-input-number v-model="inbound.stream.sockopt.mark" :min="0"></a-input-number>
+            <a-input-number v-model.number="inbound.stream.sockopt.mark" :min="0"></a-input-number>
        </a-form-item>
        <a-form-item label="TCP Keep Alive Interval">
-            <a-input-number v-model="inbound.stream.sockopt.tcpKeepAliveInterval" :min="0"></a-input-number>
+            <a-input-number v-model.number="inbound.stream.sockopt.tcpKeepAliveInterval" :min="0"></a-input-number>
        </a-form-item>
        <a-form-item label="TCP Keep Alive Idle">
-            <a-input-number v-model="inbound.stream.sockopt.tcpKeepAliveIdle" :min="0"></a-input-number>
+            <a-input-number v-model.number="inbound.stream.sockopt.tcpKeepAliveIdle" :min="0"></a-input-number>
        </a-form-item>
        <a-form-item label="TCP Max Seg">
-            <a-input-number v-model="inbound.stream.sockopt.tcpMaxSeg" :min="0"></a-input-number>
+            <a-input-number v-model.number="inbound.stream.sockopt.tcpMaxSeg" :min="0"></a-input-number>
        </a-form-item>
        <a-form-item label="TCP User Timeout">
-            <a-input-number v-model="inbound.stream.sockopt.tcpUserTimeout" :min="0"></a-input-number>
+            <a-input-number v-model.number="inbound.stream.sockopt.tcpUserTimeout" :min="0"></a-input-number>
        </a-form-item>
        <a-form-item label="TCP Window Clamp">
-            <a-input-number v-model="inbound.stream.sockopt.tcpWindowClamp" :min="0"></a-input-number>
+            <a-input-number v-model.number="inbound.stream.sockopt.tcpWindowClamp" :min="0"></a-input-number>
        </a-form-item>
        <a-form-item label="Proxy Protocol">
            <a-switch v-model="inbound.stream.sockopt.acceptProxyProtocol"></a-switch>
@@ -32,8 +32,8 @@
        <a-form-item label="Multipath TCP">
            <a-switch v-model.trim="inbound.stream.sockopt.tcpMptcp"></a-switch>
        </a-form-item>
-        <a-form-item label="TCP No-Delay">
-            <a-switch v-model.trim="inbound.stream.sockopt.tcpNoDelay"></a-switch>
+        <a-form-item label="Penetrate">
+            <a-switch v-model.trim="inbound.stream.sockopt.penetrate"></a-switch>
        </a-form-item>
        <a-form-item label="V6 Only">
            <a-switch v-model.trim="inbound.stream.sockopt.V6Only"></a-switch>
--- a/web/html/xui/form/stream/stream_splithttp.html
+++ b/web/html/xui/form/stream/stream_splithttp.html
@@ -1,29 +0,0 @@
-{{define "form/streamSplitHTTP"}}
-<a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
-    <a-form-item label='{{ i18n "host" }}'>
-        <a-input v-model.trim="inbound.stream.splithttp.host"></a-input>
-    </a-form-item>
-    <a-form-item label='{{ i18n "path" }}'>
-      <a-input v-model.trim="inbound.stream.splithttp.path"></a-input>
-    </a-form-item>
-    <a-form-item label='{{ i18n "pages.inbounds.stream.tcp.requestHeader" }}'>
-      <a-button icon="plus" size="small" @click="inbound.stream.splithttp.addHeader('host', '')"></a-button>
-    </a-form-item>
-    <a-form-item :wrapper-col="{span:24}">
-        <a-input-group compact v-for="(header, index) in inbound.stream.splithttp.headers">
-            <a-input style="width: 50%" v-model.trim="header.name" placeholder='{{ i18n "pages.inbounds.stream.general.name"}}'>
-                <template slot="addonBefore" style="margin: 0;">[[ index+1 ]]</template>
-            </a-input>
-            <a-input style="width: 50%" v-model.trim="header.value" placeholder='{{ i18n "pages.inbounds.stream.general.value" }}'>
-                <a-button slot="addonAfter" size="small" @click="inbound.stream.splithttp.removeHeader(index)">-</a-button>
-            </a-input>
-        </a-input-group>
-    </a-form-item>
-    <a-form-item label="Max Upload Size (Byte)">
-        <a-input-number v-model="inbound.stream.splithttp.maxUploadSize" :min="0"></a-input-number>
-    </a-form-item>
-    <a-form-item label="Max Concurrent Upload">
-        <a-input-number v-model="inbound.stream.splithttp.maxConcurrentUploads" :min="0"></a-input-number>
-    </a-form-item>
-</a-form>
-{{end}}
--- a/web/html/xui/form/stream/stream_ws.html
+++ b/web/html/xui/form/stream/stream_ws.html
@@ -9,8 +9,11 @@
  <a-form-item label='{{ i18n "path" }}'>
    <a-input v-model.trim="inbound.stream.ws.path"></a-input>
  </a-form-item>
+  <a-form-item label='Heartbeat Period'>
+    <a-input-number v-model.number="inbound.stream.ws.heartbeatPeriod" :min="0"></a-input-number>
+  </a-form-item>
  <a-form-item label='{{ i18n "pages.inbounds.stream.tcp.requestHeader" }}'>
-    <a-button icon="plus" size="small" @click="inbound.stream.ws.addHeader('host', '')"></a-button>
+    <a-button icon="plus" size="small" @click="inbound.stream.ws.addHeader('', '')"></a-button>
  </a-form-item>
  <a-form-item :wrapper-col="{span:24}">
    <a-input-group compact v-for="(header, index) in inbound.stream.ws.headers">
--- a/web/html/xui/form/stream/stream_xhttp.html
+++ b/web/html/xui/form/stream/stream_xhttp.html
@@ -0,0 +1,46 @@
+{{define "form/streamXHTTP"}}
+<a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
+    <a-form-item label='{{ i18n "host" }}'>
+        <a-input v-model.trim="inbound.stream.xhttp.host"></a-input>
+    </a-form-item>
+    <a-form-item label='{{ i18n "path" }}'>
+        <a-input v-model.trim="inbound.stream.xhttp.path"></a-input>
+    </a-form-item>
+    <a-form-item label='{{ i18n "pages.inbounds.stream.tcp.requestHeader" }}'>
+        <a-button icon="plus" size="small" @click="inbound.stream.xhttp.addHeader('', '')"></a-button>
+    </a-form-item>
+    <a-form-item :wrapper-col="{span:24}">
+        <a-input-group compact v-for="(header, index) in inbound.stream.xhttp.headers">
+            <a-input style="width: 50%" v-model.trim="header.name"
+                placeholder='{{ i18n "pages.inbounds.stream.general.name"}}'>
+                <template slot="addonBefore" style="margin: 0;">[[ index+1 ]]</template>
+            </a-input>
+            <a-input style="width: 50%" v-model.trim="header.value"
+                placeholder='{{ i18n "pages.inbounds.stream.general.value" }}'>
+                <a-button icon="minus" slot="addonAfter" size="small" @click="inbound.stream.xhttp.removeHeader(index)"></a-button>
+            </a-input>
+        </a-input-group>
+    </a-form-item>
+    <a-form-item label='Mode'>
+        <a-select v-model="inbound.stream.xhttp.mode" style="width: 50%"
+            :dropdown-class-name="themeSwitcher.currentTheme">
+            <a-select-option v-for="key in MODE_OPTION" :value="key">[[ key ]]</a-select-option>
+        </a-select>
+    </a-form-item>
+    <a-form-item label="Max Buffered Upload" v-if="inbound.stream.xhttp.mode === 'packet-up'">
+        <a-input-number v-model.number="inbound.stream.xhttp.scMaxBufferedPosts"></a-input-number>
+    </a-form-item>
+    <a-form-item label="Max Upload Size (Byte)" v-if="inbound.stream.xhttp.mode === 'packet-up'">
+        <a-input v-model.trim="inbound.stream.xhttp.scMaxEachPostBytes"></a-input>
+    </a-form-item>
+    <a-form-item label="Stream-Up Server" v-if="inbound.stream.xhttp.mode === 'stream-up'">
+        <a-input v-model.trim="inbound.stream.xhttp.scStreamUpServerSecs"></a-input>
+    </a-form-item>
+    <a-form-item label="Padding Bytes">
+        <a-input v-model.trim="inbound.stream.xhttp.xPaddingBytes"></a-input>
+    </a-form-item>
+    <a-form-item label="No SSE Header">
+        <a-switch v-model="inbound.stream.xhttp.noSSEHeader"></a-switch>
+    </a-form-item>
+</a-form>
+{{end}}
--- a/web/html/xui/form/tls_settings.html
+++ b/web/html/xui/form/tls_settings.html
@@ -5,18 +5,7 @@
  <a-form-item label='{{ i18n "security" }}'>
    <a-radio-group v-model="inbound.stream.security" button-style="solid">
      <a-radio-button value="none">{{ i18n "none" }}</a-radio-button>
-      <a-tooltip>
-        <template slot="title">
-          <span>{{ i18n "pages.inbounds.xtlsDesc" }}</span>
-        </template>
-        <a-radio-button v-if="inbound.canEnableXtls()" value="xtls">XTLS</a-radio-button>
-      </a-tooltip>
-      <a-tooltip>
-        <template slot="title">
-          <span>{{ i18n "pages.inbounds.realityDesc" }}</span>
-        </template>
-        <a-radio-button v-if="inbound.canEnableReality()" value="reality">REALITY</a-radio-button>
-      </a-tooltip>
+      <a-radio-button v-if="inbound.canEnableReality()" value="reality">Reality</a-radio-button>
      <a-radio-button value="tls">TLS</a-radio-button>
    </a-radio-group>
  </a-form-item>
@@ -34,16 +23,19 @@
    </a-form-item>
    <a-form-item label="Min/Max Version">
      <a-input-group compact>
-        <a-select v-model="inbound.stream.tls.minVersion" style="width: 50%" :dropdown-class-name="themeSwitcher.currentTheme">
+        <a-select v-model="inbound.stream.tls.minVersion" style="width: 50%"
+          :dropdown-class-name="themeSwitcher.currentTheme">
          <a-select-option v-for="key in TLS_VERSION_OPTION" :value="key">[[ key ]]</a-select-option>
        </a-select>
-        <a-select v-model="inbound.stream.tls.maxVersion" style="width: 50%" :dropdown-class-name="themeSwitcher.currentTheme">
+        <a-select v-model="inbound.stream.tls.maxVersion" style="width: 50%"
+          :dropdown-class-name="themeSwitcher.currentTheme">
          <a-select-option v-for="key in TLS_VERSION_OPTION" :value="key">[[ key ]]</a-select-option>
        </a-select>
      </a-input-group>
    </a-form-item>
    <a-form-item label="uTLS">
-      <a-select v-model="inbound.stream.tls.settings.fingerprint" style="width: 50%" :dropdown-class-name="themeSwitcher.currentTheme">
+      <a-select v-model="inbound.stream.tls.settings.fingerprint" style="width: 50%"
+        :dropdown-class-name="themeSwitcher.currentTheme">
        <a-select-option value=''>None</a-select-option>
        <a-select-option v-for="key in UTLS_FINGERPRINT" :value="key">[[ key ]]</a-select-option>
      </a-select>
@@ -60,10 +52,13 @@
      <a-switch v-model="inbound.stream.tls.rejectUnknownSni"></a-switch>
    </a-form-item>
    <a-form-item label="Disable System Root">
-      <a-switch v-model="inbound.stream.tls.settings.disableSystemRoot"></a-switch>
+      <a-switch v-model="inbound.stream.tls.disableSystemRoot"></a-switch>
    </a-form-item>
    <a-form-item label="Session Resumption">
-      <a-switch v-model="inbound.stream.tls.settings.enableSessionResumption"></a-switch>
+      <a-switch v-model="inbound.stream.tls.enableSessionResumption"></a-switch>
+    </a-form-item>
+    <a-form-item label="Server Name To Verify">
+      <a-input v-model.trim="inbound.stream.tls.serverNameToVerify"></a-input>
    </a-form-item>
    <template v-for="cert,index in inbound.stream.tls.certs">
      <a-form-item label='{{ i18n "certificate" }}'>
@@ -71,8 +66,10 @@
          <a-radio-button :value="true">{{ i18n "pages.inbounds.certificatePath" }}</a-radio-button>
          <a-radio-button :value="false">{{ i18n "pages.inbounds.certificateContent" }}</a-radio-button>
        </a-radio-group>
-        <a-button icon="plus" v-if="index === 0" type="primary" size="small" @click="inbound.stream.tls.addCert()" style="margin-left: 10px"></a-button>
-        <a-button icon="minus" v-if="inbound.stream.tls.certs.length>1" type="primary" size="small" @click="inbound.stream.tls.removeCert(index)" style="margin-left: 10px"></a-button>
+        <a-button icon="plus" v-if="index === 0" type="primary" size="small" @click="inbound.stream.tls.addCert()"
+          style="margin-left: 10px"></a-button>
+        <a-button icon="minus" v-if="inbound.stream.tls.certs.length>1" type="primary" size="small"
+          @click="inbound.stream.tls.removeCert(index)" style="margin-left: 10px"></a-button>
      </a-form-item>
      <template v-if="cert.useFile">
        <a-form-item label='{{ i18n "pages.inbounds.publicKey" }}'>
@@ -82,7 +79,8 @@
          <a-input v-model.trim="cert.keyFile"></a-input>
        </a-form-item>
        <a-form-item label=" ">
-          <a-button type="primary" icon="import" @click="setDefaultCertData(index)">{{ i18n "pages.inbounds.setDefaultCert" }}</a-button>
+          <a-button type="primary" icon="import" @click="setDefaultCertData(index)">
+            {{ i18n "pages.inbounds.setDefaultCert" }}</a-button>
        </a-form-item>
      </template>
      <template v-else>
@@ -104,105 +102,15 @@
          <a-select-option v-for="key in USAGE_OPTION" :value="key">[[ key ]]</a-select-option>
        </a-select>
      </a-form-item>
-    </template>
-  </template>
-
-  <!-- xtls settings -->
-  <template v-else-if="inbound.xtls">
-    <a-form-item label="SNI" placeholder="Server Name Indication">
-      <a-input v-model.trim="inbound.stream.xtls.sni"></a-input>
-    </a-form-item>
-    <a-form-item label="ALPN">
-      <a-select mode="multiple" :dropdown-class-name="themeSwitcher.currentTheme" v-model="inbound.stream.xtls.alpn">
-        <a-select-option v-for="alpn in ALPN_OPTION" :value="alpn">[[ alpn ]]</a-select-option>
-      </a-select>
-    </a-form-item>
-    <a-form-item label="Allow Insecure">
-      <a-switch v-model="inbound.stream.xtls.settings.allowInsecure"></a-switch>
-    </a-form-item>
-    <template v-for="cert,index in inbound.stream.xtls.certs">
-      <a-form-item label='{{ i18n "certificate" }}'>
-        <a-radio-group v-model="cert.useFile" button-style="solid">
-          <a-radio-button :value="true">{{ i18n "pages.inbounds.certificatePath" }}</a-radio-button>
-          <a-radio-button :value="false">{{ i18n "pages.inbounds.certificateContent" }}</a-radio-button>
-        </a-radio-group>
-        <a-button icon="plus" v-if="index === 0" type="primary" size="small" @click="inbound.stream.xtls.addCert()" style="margin-left: 10px"></a-button>
-        <a-button icon="minus" v-if="inbound.stream.xtls.certs.length>1" type="primary" size="small" @click="inbound.stream.xtls.removeCert(index)" style="margin-left: 10px"></a-button>
-      </a-form-item>
-      <template v-if="cert.useFile">
-        <a-form-item label='{{ i18n "pages.inbounds.publicKey" }}'>
-          <a-input v-model.trim="cert.certFile"></a-input>
-        </a-form-item>
-        <a-form-item label='{{ i18n "pages.inbounds.privatekey" }}'>
-          <a-input v-model.trim="cert.keyFile"></a-input>
-        </a-form-item>
-        <a-form-item label=" ">
-          <a-button type="primary" icon="import" @click="setDefaultCertXtls(index)">{{ i18n "pages.inbounds.setDefaultCert" }}</a-button>
-        </a-form-item>
-      </template>
-      <template v-else>
-        <a-form-item label='{{ i18n "pages.inbounds.publicKey" }}'>
-          <a-input type="textarea" :rows="3" v-model="cert.cert"></a-input>
-        </a-form-item>
-        <a-form-item label='{{ i18n "pages.inbounds.privatekey" }}'>
-          <a-input type="textarea" :rows="3" v-model="cert.key"></a-input>
-        </a-form-item>
-      </template>
-      <a-form-item label='OCSP stapling'>
-        <a-input-number v-model.number="cert.ocspStapling" :min="0"></a-input-number>
-      </a-form-item>
-      <a-form-item label="One Time Loading">
-        <a-switch v-model="cert.oneTimeLoading"></a-switch>
-      </a-form-item>
-      <a-form-item label='Usage Option'>
-        <a-select v-model="cert.usage" style="width: 50%" :dropdown-class-name="themeSwitcher.currentTheme">
-          <a-select-option v-for="key in USAGE_OPTION" :value="key">[[ key ]]</a-select-option>
-        </a-select>
+      <a-form-item label="Build Chain" v-if="cert.usage === 'issue'">
+        <a-switch v-model="cert.buildChain"></a-switch>
      </a-form-item>
    </template>
  </template>

  <!-- reality settings -->
  <template v-if="inbound.stream.isReality">
-    <a-form-item label='Show'>
-      <a-switch v-model="inbound.stream.reality.show"></a-switch>
-    </a-form-item>
-    <a-form-item label='Xver'>
-      <a-input-number v-model.number="inbound.stream.reality.xver" :min="0"></a-input-number>
-    </a-form-item>
-    <a-form-item label='uTLS'>
-      <a-select v-model="inbound.stream.reality.settings.fingerprint" style="width: 50%" :dropdown-class-name="themeSwitcher.currentTheme">
-        <a-select-option v-for="key in UTLS_FINGERPRINT" :value="key">[[ key ]]</a-select-option>
-      </a-select>
-    </a-form-item>
-    <a-form-item label='Dest'>
-      <a-input v-model.trim="inbound.stream.reality.dest"></a-input>
-    </a-form-item>
-    <a-form-item label='SNI'>
-      <a-input v-model.trim="inbound.stream.reality.serverNames"></a-input>
-    </a-form-item>
-    <a-form-item>
-      <template slot="label">
-        <a-tooltip>
-          <template slot="title">
-            <span>{{ i18n "reset" }}</span>
-          </template> Short ID <a-icon @click="inbound.stream.reality.shortIds = RandomUtil.randomShortId()" type="sync"></a-icon>
-        </a-tooltip>
-      </template>
-      <a-input v-model.trim="inbound.stream.reality.shortIds"></a-input>
-    </a-form-item>
-    <a-form-item label='SpiderX'>
-      <a-input v-model.trim="inbound.stream.reality.settings.spiderX"></a-input>
-    </a-form-item>
-    <a-form-item label='{{ i18n "pages.inbounds.privatekey" }}'>
-      <a-input v-model.trim="inbound.stream.reality.privateKey"></a-input>
-    </a-form-item>
-    <a-form-item label='{{ i18n "pages.inbounds.publicKey" }}'>
-      <a-input v-model.trim="inbound.stream.reality.settings.publicKey"></a-input>
-    </a-form-item>
-    <a-form-item label=" ">
-      <a-button type="primary" icon="import" @click="getNewX25519Cert">Get New Cert</a-button>
-    </a-form-item>
+    {{template "form/realitySettings"}}
  </template>
 </a-form>
-{{end}}
+{{end}}
--- a/web/html/xui/inbound_client_table.html
+++ b/web/html/xui/inbound_client_table.html
@@ -12,7 +12,7 @@
    <template slot="title">{{ i18n "info" }}</template>
    <a-icon style="font-size: 24px;" class="normal-icon" type="info-circle" @click="showInfo(record.id,client);"></a-icon>
  </a-tooltip>
-  <a-tooltip>
+  <a-tooltip v-if="hasClientStats(record, client.email)">
    <template slot="title">{{ i18n "pages.inbounds.resetTraffic" }}</template>
    <a-popconfirm @confirm="resetClientTraffic(client,record.id,false)" title='{{ i18n "pages.inbounds.resetTrafficContent"}}' :overlay-class-name="themeSwitcher.currentTheme" ok-text='{{ i18n "reset"}}' cancel-text='{{ i18n "cancel"}}'>
      <a-icon slot="icon" type="question-circle-o" :style="themeSwitcher.isDarkTheme ? 'color: var(--color-primary-100)' : 'color: var(--color-primary-100)'"></a-icon>
--- a/web/html/xui/inbound_info_modal.html
+++ b/web/html/xui/inbound_info_modal.html
@@ -34,7 +34,7 @@
              <a-tag color="green">[[ inbound.network ]]</a-tag>
            </td>
          </tr>
-          <template v-if="inbound.isTcp || inbound.isWs || inbound.isH2 || inbound.isHttpupgrade || inbound.isSplithttp">
+          <template v-if="inbound.isTcp || inbound.isWs || inbound.isHttpupgrade || inbound.isXHTTP">
            <tr>
              <td>{{ i18n "host" }}</td>
              <td v-if="inbound.host">
@@ -58,23 +58,11 @@
              </td>
            </tr>
          </template>
-          <template v-if="inbound.isQuic">
+          <template v-if="inbound.isXHTTP">
            <tr>
-              <td>quic {{ i18n "encryption" }}</td>
+              <td>Mode</td>
              <td>
-                <a-tag>[[ inbound.quicSecurity ]]</a-tag>
-              </td>
-            </tr>
-            <tr>
-              <td>quic {{ i18n "password" }}</td>
-              <td>
-                <a-tag>[[ inbound.quicKey ]]</a-tag>
-              </td>
-            </tr>
-            <tr>
-              <td>quic {{ i18n "camouflage" }}</td>
-              <td>
-                <a-tag>[[ inbound.quicType ]]</a-tag>
+                <a-tag>[[ inbound.stream.xhttp.mode ]]</a-tag>
              </td>
            </tr>
          </template>
@@ -159,16 +147,13 @@
            <a-tag>[[ infoModal.clientSettings.id ]]</a-tag>
          </td>
        </tr>
-        <tr v-if="infoModal.inbound.canEnableTlsFlow()">
-          <td>Flow</td>
-          <td v-if="infoModal.clientSettings.flow">
-            <a-tag>[[ infoModal.clientSettings.flow ]]</a-tag>
-          </td>
-          <td v-else>
-            <a-tag color="orange">{{ i18n "none" }}</a-tag>
+        <tr v-if="dbInbound.isVMess">
+          <td>{{ i18n "security" }}</td>
+          <td>
+            <a-tag>[[ infoModal.clientSettings.security ]]</a-tag>
          </td>
        </tr>
-        <tr v-if="infoModal.inbound.xtls">
+        <tr v-if="infoModal.inbound.canEnableTlsFlow()">
          <td>Flow</td>
          <td v-if="infoModal.clientSettings.flow">
            <a-tag>[[ infoModal.clientSettings.flow ]]</a-tag>
@@ -200,6 +185,33 @@
            <a-tag>↑ [[ sizeFormat(infoModal.clientStats.up) ]] / [[ sizeFormat(infoModal.clientStats.down) ]] ↓</a-tag>
          </td>
        </tr>
+        <tr v-if="infoModal.clientSettings.comment">
+          <td>{{ i18n "comment" }}</td>
+          <td>
+            <a-tooltip :title="[[ infoModal.clientSettings.comment  ]]">
+              <a-tag class="info-large-tag">[[ infoModal.clientSettings.comment ]]</a-tag>
+            </a-tooltip>
+          </td>
+        </tr>
+        <tr v-if="app.ipLimitEnable">
+          <td>{{ i18n "pages.inbounds.IPLimit" }}</td>
+          <td>
+            <a-tag>[[ infoModal.clientSettings.limitIp ]]</a-tag>
+          </td>
+        </tr>
+        <tr v-if="app.ipLimitEnable">
+          <td>{{ i18n "pages.inbounds.IPLimitlog" }}</td>
+          <td>
+            <a-tag>[[ infoModal.clientIps ]]</a-tag>
+            <a-icon type="sync" :spin="refreshing" @click="refreshIPs" style="margin: 0 5px;"></a-icon>
+            <a-tooltip :title="[[ dbInbound.address ]]">
+              <template slot="title">
+                <span>{{ i18n "pages.inbounds.IPLimitlogclear" }}</span>
+              </template>
+              <a-icon type="delete" @click="clearClientIps"></a-icon>
+            </a-tooltip>
+          </td>
+        </tr>
      </table>
      <table style="display: inline-table; margin-block: 10px; width: 100%; text-align: center;">
        <tr>
@@ -384,8 +396,8 @@
          <td>[[ inbound.settings.mtu ]]</td>
        </tr>
        <tr>
-          <td>Kernel Mode</td>
-          <td>[[ inbound.settings.kernelMode ]]</td>
+          <td>No Kernel Tun</td>
+          <td>[[ inbound.settings.noKernelTun ]]</td>
        </tr>
        <template v-for="(peer, index) in inbound.settings.peers">
          <tr>
@@ -415,7 +427,7 @@
          </tr>
          <tr>
            <td colspan="2">
-              <tr-info-row v-for="(link,index) in infoModal.links" class="tr-info-row">
+              <tr-info-row class="tr-info-row">
                <tr-info-title class="tr-info-title">
                  <a-tag color="blue">Config</a-tag>
                  <a-tooltip title='{{ i18n "copy" }}'>
@@ -432,6 +444,18 @@
    </template>
 </a-modal>
 <script>
+  function refreshIPs(email) {
+    return HttpUtil.post(`/panel/inbound/clientIps/${email}`).then((msg) => {
+      if (msg.success) {
+        try {
+          return JSON.parse(msg.obj).join(', ');
+        } catch (e) {
+          return msg.obj;
+        }
+      }
+    });
+  }
+
  const infoModal = {
    visible: false,
    inbound: new Inbound(),
@@ -446,6 +470,7 @@
    isExpired: false,
    subLink: '',
    subJsonLink: '',
+    clientIps: '',
    show(dbInbound, index) {
      this.index = index;
      this.inbound = dbInbound.toInbound();
@@ -453,6 +478,12 @@
      this.clientSettings = this.inbound.clients ? this.inbound.clients[index] : null;
      this.isExpired = this.inbound.clients ? this.inbound.isExpiry(index) : this.dbInbound.isExpiry;
      this.clientStats = this.inbound.clients ? this.dbInbound.clientStats.find(row => row.email === this.clientSettings.email) : [];
+
+      if (app.ipLimitEnable && this.clientSettings.limitIp) {
+        refreshIPs(this.clientStats.email).then((ips) => {
+          this.clientIps = ips;
+        })
+      }
      if (this.inbound.protocol == Protocols.WIREGUARD) {
        this.links = this.inbound.genInboundLinks(dbInbound.remark).split('\r\n')
      } else {
@@ -481,6 +512,7 @@
    el: '#inbound-info-modal',
    data: {
      infoModal,
+      refreshing: false,
      get dbInbound() {
        return this.infoModal.dbInbound;
      },
@@ -517,6 +549,26 @@
        remained = this.infoModal.clientStats.total - this.infoModal.clientStats.up - this.infoModal.clientStats.down;
        return remained > 0 ? sizeFormat(remained) : '-';
      },
+      refreshIPs() {
+        this.refreshing = true;
+        refreshIPs(this.infoModal.clientStats.email)
+          .then((ips) => {
+            this.infoModal.clientIps = ips;
+          })
+          .finally(() => {
+            this.refreshing = false;
+          });
+      },
+      clearClientIps() {
+        HttpUtil.post(`/panel/inbound/clearClientIps/${this.infoModal.clientStats.email}`)
+          .then((msg) => {
+            if (!msg.success) {
+              return;
+            }
+            this.infoModal.clientIps = 'No IP Record';
+          })
+          .catch(() => {});
+      },
    },
  });
 </script>
--- a/web/html/xui/inbound_modal.html
+++ b/web/html/xui/inbound_modal.html
@@ -14,6 +14,7 @@
        confirmLoading: false,
        okText: '{{ i18n "sure" }}',
        isEdit: false,
+        isGroup: false,
        confirm: null,
        inbound: new Inbound(),
        dbInbound: new DBInbound(),
@@ -61,6 +62,9 @@
            get isEdit() {
                return inModal.isEdit;
            },
+            get isGroup() {
+                return inModal.isGroup;
+            },
            get client() {
                return inModal.inbound.clients[0];
            },
@@ -102,11 +106,6 @@
                        client.flow = "";
                    });
                }
-                if ((this.inModal.inbound.protocol == Protocols.VLESS || this.inModal.inbound.protocol == Protocols.TROJAN) && !inModal.inbound.xtls) {
-                    this.inModal.inbound.settings.vlesses.forEach(client => {
-                        client.flow = "";
-                    });
-                }
            },
            SSMethodChange() {
                if (this.inModal.inbound.isSSMultiUser) {
@@ -132,10 +131,6 @@
                inModal.inbound.stream.tls.certs[index].certFile = app.defaultCert;
                inModal.inbound.stream.tls.certs[index].keyFile = app.defaultKey;
            },
-            setDefaultCertXtls(index) {
-                inModal.inbound.stream.xtls.certs[index].certFile = app.defaultCert;
-                inModal.inbound.stream.xtls.certs[index].keyFile = app.defaultKey;
-            },
            async getNewX25519Cert() {
                inModal.loading(true);
                const msg = await HttpUtil.post('/server/getNewX25519Cert');
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .3.10
 .5.1