From 8177f6dc667f2edca66073e433baf5cff36cda41 Mon Sep 17 00:00:00 2001 From: lolka1333 Date: Tue, 5 May 2026 18:27:49 +0300 Subject: ws/inbounds: realtime fixes + perf for 10k+ client inbounds (#4123) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ws/inbounds: realtime fixes + perf for 10k+ client inbounds - hub: dedup, throttle, panic-restart, deadlock fix, race tests - client: backoff cap + slow-retry instead of giving up - broadcast: delta-only payload, count-based invalidate fallback - filter: fix empty online list (Inbound has no .id, use dbInbound.toInbound) - perf: O(N²)→O(N) traffic merge, bulk delete, /setEnable endpoint - traffic: monotonic all_time + UI clamp + propagate in delta handler - session: persist on update/logout (fixes logout-after-password-change) - ui: protocol tags flex, traffic bar normalize * Remove hub_test.go file * fix: ws hub, inbound service, and frontend correctness - propagate DelInbound error on disable path in SetInboundEnable - skip empty emails in updateClientTraffics to avoid constraint violations - use consistent IN ? clause, drop redundant ErrRecordNotFound guards - Hub.Unregister: direct removeClient fallback when channel is full - applyClientStatsDelta: O(1) email lookup via per-inbound Map cache - WS payload size check: Blob.size instead of .length for real byte count * fix: chunk large IN ? queries and fix IPv6 same-origin check * fix: chunk large IN ? queries and fix IPv6 same-origin check * fix: unify clientStats cache, throttle clarity, hub constants * fix(ui): align traffic/expiry cell columns across all rows * style(ui): redesign outbounds table for visual consistency * style(ui): redesign routing table for visual consistency * fix: * fix: * fix: * fix: * fix: * fix: font * refactor: simplify outbound tone functions for consistency and maintainability --------- Co-authored-by: lolka1333 --- web/session/session.go | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) (limited to 'web/session') diff --git a/web/session/session.go b/web/session/session.go index 9f7cedde..c171c1d0 100644 --- a/web/session/session.go +++ b/web/session/session.go @@ -7,6 +7,7 @@ import ( "net/http" "github.com/mhsanaei/3x-ui/v2/database/model" + "github.com/mhsanaei/3x-ui/v2/logger" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" @@ -20,14 +21,16 @@ func init() { gob.Register(model.User{}) } -// SetLoginUser stores the authenticated user in the session. -// The user object is serialized and stored for subsequent requests. -func SetLoginUser(c *gin.Context, user *model.User) { +// SetLoginUser stores the authenticated user in the session and persists it. +// gin-contrib/sessions does not auto-save; callers that forget Save() leave +// the cookie out of sync with server state — this helper avoids that pitfall. +func SetLoginUser(c *gin.Context, user *model.User) error { if user == nil { - return + return nil } s := sessions.Default(c) s.Set(loginUserKey, *user) + return s.Save() } // GetLoginUser retrieves the authenticated user from the session. @@ -40,22 +43,26 @@ func GetLoginUser(c *gin.Context) *model.User { } user, ok := obj.(model.User) if !ok { - + // Stale or incompatible session payload — wipe and persist immediately + // so subsequent requests don't keep hitting the same broken cookie. s.Delete(loginUserKey) + if err := s.Save(); err != nil { + logger.Warning("session: failed to drop stale user payload:", err) + } return nil } return &user } // IsLogin checks if a user is currently authenticated in the session. -// Returns true if a valid user session exists, false otherwise. func IsLogin(c *gin.Context) bool { return GetLoginUser(c) != nil } -// ClearSession removes all session data and invalidates the session. -// This effectively logs out the user and clears any stored session information. -func ClearSession(c *gin.Context) { +// ClearSession invalidates the session and tells the browser to drop the cookie. +// The cookie attributes (Path/HttpOnly/SameSite) must mirror those used when +// the cookie was created or browsers will keep it. +func ClearSession(c *gin.Context) error { s := sessions.Default(c) s.Clear() cookiePath := c.GetString("base_path") @@ -68,4 +75,5 @@ func ClearSession(c *gin.Context) { HttpOnly: true, SameSite: http.SameSiteLaxMode, }) + return s.Save() } -- cgit v1.2.3