Enhance Inbound security and modernize tunnel protocols#6
Conversation
…to Inbounds, modernize tunnel protocols Co-authored-by: Ehsan <1883051+ehsanking@users.noreply.github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7b9a59ee99
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return 'wss'; | ||
| export function getRecommendedTunnelType(): 'hysteria2' | 'reality' | 'wss' | 'grpc' { | ||
| // Hysteria2 is currently the most effective for Iran | ||
| return 'hysteria2'; |
There was a problem hiding this comment.
getRecommendedTunnelType() now defaults new nodes to hysteria2, but the POST validator in app/api/tunnel-nodes/route.ts still only accepts wss|grpc|quic|h2 (TunnelNodeSchema), so creating a node with the default form state immediately fails validation unless the user manually changes the type. This makes the new recommended path non-functional in the current API contract.
Useful? React with 👍 / 👎.
| gost -L "relay+wss://:${mainServer.port}?auth=${authHeader}&path=/ws&cert=/etc/ssl/certs/server.crt&key=/etc/ssl/private/server.key"`; | ||
| [Service] | ||
| Type=simple | ||
| ExecStart=/usr/local/bin/gost -L "relay+wss://:${mainServer.port}?path=/ws&cert=/etc/ssl/certs/server.crt&key=/etc/ssl/private/server.key" |
There was a problem hiding this comment.
The generated WSS/gRPC Gost commands no longer include any auth parameter, so tunnelSecret/node.tunnel_secret is effectively ignored for these tunnel types. In deployments that copy these commands, any client that can reach the listener port can attach without the per-node secret, which is a security regression from the previous behavior.
Useful? React with 👍 / 👎.
| <span className="text-slate-600">{reseller.max_users || 50} users</span> | ||
| </td> | ||
| <td className="px-6 py-4"> | ||
| <span className="text-slate-600">{reseller.allocated_traffic_gb || 500} GB</span> |
There was a problem hiding this comment.
The reseller table renders max_users and allocated_traffic_gb, but /api/users returns quota data as max_connections and traffic_limit_gb; these properties are therefore undefined and the UI falls back to 50 users / 500 GB for most rows. This misreports actual reseller limits and can mislead operators when auditing quotas.
Useful? React with 👍 / 👎.
1 participant
v0 Session