web/controller/setting.go

package controller

import (
	"errors"
	"strconv"
	"time"

	"github.com/mhsanaei/3x-ui/v3/util/crypto"
	"github.com/mhsanaei/3x-ui/v3/web/entity"
	"github.com/mhsanaei/3x-ui/v3/web/service"
	"github.com/mhsanaei/3x-ui/v3/web/session"

	"github.com/gin-gonic/gin"
)

// updateUserForm represents the form for updating user credentials.
type updateUserForm struct {
	OldUsername string `json:"oldUsername" form:"oldUsername"`
	OldPassword string `json:"oldPassword" form:"oldPassword"`
	NewUsername string `json:"newUsername" form:"newUsername"`
	NewPassword string `json:"newPassword" form:"newPassword"`
}

// SettingController handles settings and user management operations.
type SettingController struct {
	settingService  service.SettingService
	userService     service.UserService
	panelService    service.PanelService
	apiTokenService service.ApiTokenService
}

// NewSettingController creates a new SettingController and initializes its routes.
func NewSettingController(g *gin.RouterGroup) *SettingController {
	a := &SettingController{}
	a.initRouter(g)
	return a
}

// initRouter sets up the routes for settings management.
func (a *SettingController) initRouter(g *gin.RouterGroup) {
	g = g.Group("/setting")

	g.POST("/all", a.getAllSetting)
	g.POST("/defaultSettings", a.getDefaultSettings)
	g.POST("/update", a.updateSetting)
	g.POST("/updateUser", a.updateUser)
	g.POST("/restartPanel", a.restartPanel)
	g.GET("/getDefaultJsonConfig", a.getDefaultXrayConfig)
	g.GET("/apiTokens", a.listApiTokens)
	g.POST("/apiTokens/create", a.createApiToken)
	g.POST("/apiTokens/delete/:id", a.deleteApiToken)
	g.POST("/apiTokens/setEnabled/:id", a.setApiTokenEnabled)
}

// getAllSetting retrieves all current settings.
func (a *SettingController) getAllSetting(c *gin.Context) {
	allSetting, err := a.settingService.GetAllSetting()
	if err != nil {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)
		return
	}
	jsonObj(c, allSetting, nil)
}

// getDefaultSettings retrieves the default settings based on the host.
func (a *SettingController) getDefaultSettings(c *gin.Context) {
	result, err := a.settingService.GetDefaultSettings(c.Request.Host)
	if err != nil {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)
		return
	}
	jsonObj(c, result, nil)
}

// updateSetting updates all settings with the provided data.
func (a *SettingController) updateSetting(c *gin.Context) {
	allSetting := &entity.AllSetting{}
	err := c.ShouldBind(allSetting)
	if err != nil {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
		return
	}
	oldTwoFactor, twoFactorErr := a.settingService.GetTwoFactorEnable()
	err = a.settingService.UpdateAllSetting(allSetting)
	if err == nil && twoFactorErr == nil && !oldTwoFactor && allSetting.TwoFactorEnable {
		if bumpErr := a.userService.BumpLoginEpoch(); bumpErr != nil {
			err = bumpErr
		}
	}
	jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
}

// updateUser updates the current user's username and password.
func (a *SettingController) updateUser(c *gin.Context) {
	form := &updateUserForm{}
	err := c.ShouldBind(form)
	if err != nil {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
		return
	}
	user := session.GetLoginUser(c)
	if user.Username != form.OldUsername || !crypto.CheckPasswordHash(user.Password, form.OldPassword) {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUserError"), errors.New(I18nWeb(c, "pages.settings.toasts.originalUserPassIncorrect")))
		return
	}
	if form.NewUsername == "" || form.NewPassword == "" {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUserError"), errors.New(I18nWeb(c, "pages.settings.toasts.userPassMustBeNotEmpty")))
		return
	}
	err = a.userService.UpdateUser(user.Id, form.NewUsername, form.NewPassword)
	if err == nil {
		user.Username = form.NewUsername
		user.Password, _ = crypto.HashPasswordAsBcrypt(form.NewPassword)
		if saveErr := session.SetLoginUser(c, user); saveErr != nil {
			err = saveErr
		}
	}
	jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUser"), err)
}

// restartPanel restarts the panel service after a delay.
func (a *SettingController) restartPanel(c *gin.Context) {
	err := a.panelService.RestartPanel(time.Second * 3)
	jsonMsg(c, I18nWeb(c, "pages.settings.restartPanelSuccess"), err)
}

// getDefaultXrayConfig retrieves the default Xray configuration.
func (a *SettingController) getDefaultXrayConfig(c *gin.Context) {
	defaultJsonConfig, err := a.settingService.GetDefaultXrayConfig()
	if err != nil {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)
		return
	}
	jsonObj(c, defaultJsonConfig, nil)
}

type apiTokenCreateForm struct {
	Name string `json:"name" form:"name"`
}

type apiTokenEnabledForm struct {
	Enabled bool `json:"enabled" form:"enabled"`
}

func (a *SettingController) listApiTokens(c *gin.Context) {
	rows, err := a.apiTokenService.List()
	if err != nil {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)
		return
	}
	jsonObj(c, rows, nil)
}

func (a *SettingController) createApiToken(c *gin.Context) {
	form := &apiTokenCreateForm{}
	if err := c.ShouldBind(form); err != nil {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
		return
	}
	row, err := a.apiTokenService.Create(form.Name)
	if err != nil {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
		return
	}
	jsonObj(c, row, nil)
}

func (a *SettingController) deleteApiToken(c *gin.Context) {
	id, err := strconv.Atoi(c.Param("id"))
	if err != nil {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
		return
	}
	jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), a.apiTokenService.Delete(id))
}

func (a *SettingController) setApiTokenEnabled(c *gin.Context) {
	id, err := strconv.Atoi(c.Param("id"))
	if err != nil {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
		return
	}
	form := &apiTokenEnabledForm{}
	if bindErr := c.ShouldBind(form); bindErr != nil {
		jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), bindErr)
		return
	}
	jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), a.apiTokenService.SetEnabled(id, form.Enabled))
}
3x-ui 2023-02-09 22:48:06 +03:30			`package controller`

			`import (`
			`"errors"`
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`"strconv"`
3x-ui 2023-02-09 22:48:06 +03:30			`"time"`
Some fixes and improvements (#1997 ) 2024-03-11 01:01:24 +03:30
v3 2026-05-10 02:13:42 +02:00			`"github.com/mhsanaei/3x-ui/v3/util/crypto"`
			`"github.com/mhsanaei/3x-ui/v3/web/entity"`
			`"github.com/mhsanaei/3x-ui/v3/web/service"`
			`"github.com/mhsanaei/3x-ui/v3/web/session"`
alireza 2023-03-17 19:37:49 +03:30
			`"github.com/gin-gonic/gin"`
3x-ui 2023-02-09 22:48:06 +03:30			`)`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// updateUserForm represents the form for updating user credentials.`
3x-ui 2023-02-09 22:48:06 +03:30			`type updateUserForm struct {`
			OldUsername string `json:"oldUsername" form:"oldUsername"`
			OldPassword string `json:"oldPassword" form:"oldPassword"`
			NewUsername string `json:"newUsername" form:"newUsername"`
			NewPassword string `json:"newPassword" form:"newPassword"`
			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// SettingController handles settings and user management operations.`
3x-ui 2023-02-09 22:48:06 +03:30			`type SettingController struct {`
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`settingService service.SettingService`
			`userService service.UserService`
			`panelService service.PanelService`
			`apiTokenService service.ApiTokenService`
3x-ui 2023-02-09 22:48:06 +03:30			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// NewSettingController creates a new SettingController and initializes its routes.`
3x-ui 2023-02-09 22:48:06 +03:30			`func NewSettingController(g gin.RouterGroup) SettingController {`
			`a := &SettingController{}`
			`a.initRouter(g)`
			`return a`
			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// initRouter sets up the routes for settings management.`
3x-ui 2023-02-09 22:48:06 +03:30			`func (a SettingController) initRouter(g gin.RouterGroup) {`
			`g = g.Group("/setting")`

			`g.POST("/all", a.getAllSetting)`
alireza update pack 2023-04-09 23:13:18 +03:30			`g.POST("/defaultSettings", a.getDefaultSettings)`
3x-ui 2023-02-09 22:48:06 +03:30			`g.POST("/update", a.updateSetting)`
			`g.POST("/updateUser", a.updateUser)`
			`g.POST("/restartPanel", a.restartPanel)`
separate xray page #1286 2023-12-04 19:20:46 +01:00			`g.GET("/getDefaultJsonConfig", a.getDefaultXrayConfig)`
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`g.GET("/apiTokens", a.listApiTokens)`
			`g.POST("/apiTokens/create", a.createApiToken)`
			`g.POST("/apiTokens/delete/:id", a.deleteApiToken)`
			`g.POST("/apiTokens/setEnabled/:id", a.setApiTokenEnabled)`
3x-ui 2023-02-09 22:48:06 +03:30			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// getAllSetting retrieves all current settings.`
3x-ui 2023-02-09 22:48:06 +03:30			`func (a SettingController) getAllSetting(c gin.Context) {`
			`allSetting, err := a.settingService.GetAllSetting()`
			`if err != nil {`
rename I18n to I18nWeb 2023-05-21 03:29:27 +04:30			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)`
3x-ui 2023-02-09 22:48:06 +03:30			`return`
			`}`
			`jsonObj(c, allSetting, nil)`
			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// getDefaultSettings retrieves the default settings based on the host.`
alireza update pack 2023-04-09 23:13:18 +03:30			`func (a SettingController) getDefaultSettings(c gin.Context) {`
pagination and sub URI support #1300 2023-12-08 17:18:51 +01:00			`result, err := a.settingService.GetDefaultSettings(c.Request.Host)`
			`if err != nil {`
			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)`
			`return`
[feature] separate subscription service 2023-05-22 18:06:34 +03:30			`}`
alireza update pack 2023-04-09 23:13:18 +03:30			`jsonObj(c, result, nil)`
			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// updateSetting updates all settings with the provided data.`
3x-ui 2023-02-09 22:48:06 +03:30			`func (a SettingController) updateSetting(c gin.Context) {`
			`allSetting := &entity.AllSetting{}`
			`err := c.ShouldBind(allSetting)`
			`if err != nil {`
rename I18n to I18nWeb 2023-05-21 03:29:27 +04:30			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)`
3x-ui 2023-02-09 22:48:06 +03:30			`return`
			`}`
fix(auth): invalidate sessions when 2FA is enabled, fix dev 401 loop 2026-05-13 14:08:16 +02:00			`oldTwoFactor, twoFactorErr := a.settingService.GetTwoFactorEnable()`
3x-ui 2023-02-09 22:48:06 +03:30			`err = a.settingService.UpdateAllSetting(allSetting)`
fix(auth): invalidate sessions when 2FA is enabled, fix dev 401 loop 2026-05-13 14:08:16 +02:00			`if err == nil && twoFactorErr == nil && !oldTwoFactor && allSetting.TwoFactorEnable {`
			`if bumpErr := a.userService.BumpLoginEpoch(); bumpErr != nil {`
			`err = bumpErr`
			`}`
			`}`
rename I18n to I18nWeb 2023-05-21 03:29:27 +04:30			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)`
3x-ui 2023-02-09 22:48:06 +03:30			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// updateUser updates the current user's username and password.`
3x-ui 2023-02-09 22:48:06 +03:30			`func (a SettingController) updateUser(c gin.Context) {`
			`form := &updateUserForm{}`
			`err := c.ShouldBind(form)`
			`if err != nil {`
rename I18n to I18nWeb 2023-05-21 03:29:27 +04:30			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)`
3x-ui 2023-02-09 22:48:06 +03:30			`return`
			`}`
			`user := session.GetLoginUser(c)`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00			`if user.Username != form.OldUsername \|\| !crypto.CheckPasswordHash(user.Password, form.OldPassword) {`
chore: toasts translation refactoring 2025-05-09 10:46:29 +07:00			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUserError"), errors.New(I18nWeb(c, "pages.settings.toasts.originalUserPassIncorrect")))`
3x-ui 2023-02-09 22:48:06 +03:30			`return`
			`}`
			`if form.NewUsername == "" \|\| form.NewPassword == "" {`
chore: toasts translation refactoring 2025-05-09 10:46:29 +07:00			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUserError"), errors.New(I18nWeb(c, "pages.settings.toasts.userPassMustBeNotEmpty")))`
3x-ui 2023-02-09 22:48:06 +03:30			`return`
			`}`
			`err = a.userService.UpdateUser(user.Id, form.NewUsername, form.NewPassword)`
			`if err == nil {`
			`user.Username = form.NewUsername`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00			`user.Password, _ = crypto.HashPasswordAsBcrypt(form.NewPassword)`
ws/inbounds: realtime fixes + perf for 10k+ client inbounds (#4123 ) 2026-05-05 18:27:49 +03:00			`if saveErr := session.SetLoginUser(c, user); saveErr != nil {`
			`err = saveErr`
			`}`
3x-ui 2023-02-09 22:48:06 +03:30			`}`
rename I18n to I18nWeb 2023-05-21 03:29:27 +04:30			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUser"), err)`
3x-ui 2023-02-09 22:48:06 +03:30			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// restartPanel restarts the panel service after a delay.`
3x-ui 2023-02-09 22:48:06 +03:30			`func (a SettingController) restartPanel(c gin.Context) {`
			`err := a.panelService.RestartPanel(time.Second * 3)`
chore: toasts translation refactoring 2025-05-09 10:46:29 +07:00			`jsonMsg(c, I18nWeb(c, "pages.settings.restartPanelSuccess"), err)`
3x-ui 2023-02-09 22:48:06 +03:30			`}`
secret token thanks to @HarlyquinForest 2023-04-21 19:00:14 +03:30
docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// getDefaultXrayConfig retrieves the default Xray configuration.`
separate xray page #1286 2023-12-04 19:20:46 +01:00			`func (a SettingController) getDefaultXrayConfig(c gin.Context) {`
			`defaultJsonConfig, err := a.settingService.GetDefaultXrayConfig()`
			`if err != nil {`
			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)`
			`return`
			`}`
			`jsonObj(c, defaultJsonConfig, nil)`
			`}`
Vue3 migration (#4198 ) 2026-05-09 17:38:48 +02:00
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`type apiTokenCreateForm struct {`
			Name string `json:"name" form:"name"`
			`}`

			`type apiTokenEnabledForm struct {`
			Enabled bool `json:"enabled" form:"enabled"`
			`}`

			`func (a SettingController) listApiTokens(c gin.Context) {`
			`rows, err := a.apiTokenService.List()`
Vue3 migration (#4198 ) 2026-05-09 17:38:48 +02:00			`if err != nil {`
			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)`
			`return`
			`}`
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`jsonObj(c, rows, nil)`
Vue3 migration (#4198 ) 2026-05-09 17:38:48 +02:00			`}`

feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`func (a SettingController) createApiToken(c gin.Context) {`
			`form := &apiTokenCreateForm{}`
			`if err := c.ShouldBind(form); err != nil {`
			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)`
			`return`
			`}`
			`row, err := a.apiTokenService.Create(form.Name)`
Vue3 migration (#4198 ) 2026-05-09 17:38:48 +02:00			`if err != nil {`
			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)`
			`return`
			`}`
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`jsonObj(c, row, nil)`
			`}`

			`func (a SettingController) deleteApiToken(c gin.Context) {`
			`id, err := strconv.Atoi(c.Param("id"))`
			`if err != nil {`
			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)`
			`return`
			`}`
			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), a.apiTokenService.Delete(id))`
			`}`

			`func (a SettingController) setApiTokenEnabled(c gin.Context) {`
			`id, err := strconv.Atoi(c.Param("id"))`
			`if err != nil {`
			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)`
			`return`
			`}`
			`form := &apiTokenEnabledForm{}`
			`if bindErr := c.ShouldBind(form); bindErr != nil {`
			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), bindErr)`
			`return`
			`}`
			`jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), a.apiTokenService.SetEnabled(id, form.Enabled))`
Vue3 migration (#4198 ) 2026-05-09 17:38:48 +02:00			`}`