v1.3.6

Bump actions/setup-go from 5 to 6

.github/FUNDING.yml

@@ -1 +1 @@
-buy_me_a_coffee: alireza7
+github: alireza0

.github/workflows/docker.yml

@@ -6,15 +6,39 @@ on:
   workflow_dispatch:
 
 jobs:
-  build:
+  frontend-build:
     runs-on: ubuntu-22.04
-
     steps:
       - name: Checkout repository
-      uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           submodules: recursive
+      - name: Set up Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: 20
+      - name: Install dependencies and build frontend
+        run: |
+          cd frontend
+          npm install
+          npm run build
+      - name: Upload frontend build artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: frontend-dist
+          path: frontend/dist/
 
+  build:
+    needs: frontend-build
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v5.0.0
+    - name: Download frontend build artifact
+      uses: actions/download-artifact@v5
+      with:
+        name: frontend-dist
+        path: frontend_dist
     - name: Docker meta
       id: meta
       uses: docker/metadata-action@v5
@@ -26,31 +50,39 @@ jobs:
           type=ref,event=branch
           type=ref,event=tag
           type=pep440,pattern={{version}}
-
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
-
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
-
+      with:
+        install: true
+        buildkitd-flags: --debug
+    - name: Cache Docker layers
+      uses: actions/cache@v4
+      with:
+        path: /tmp/.buildx-cache
+        key: ${{ runner.os }}-buildx-${{ github.sha }}
+        restore-keys: |
+          ${{ runner.os }}-buildx-
     - name: Login to Docker Hub
       uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKER_HUB_USERNAME }}
         password: ${{ secrets.DOCKER_HUB_TOKEN }}
-
     - name: Login to GHCR
       uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.repository_owner }}
         password: ${{ secrets.GITHUB_TOKEN }}
-
     - name: Build and push
       uses: docker/build-push-action@v6
       with:
         context: .
+        file: Dockerfile.frontend-artifact
         push: true
-        platforms: linux/amd64, linux/arm64/v8, linux/arm/v7, linux/arm/v6, linux/386
+        platforms: linux/amd64, linux/386, linux/arm64/v8, linux/arm/v7, linux/arm/v6
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache,mode=max

.github/workflows/release.yml

@@ -1,13 +1,23 @@
 name: Release S-UI
 
 on:
-  push:
-    tags:
-      - "*"
   workflow_dispatch:
+  release:
+    types: [published]
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/release.yml'
+      - 'frontend/**'
+      - '**.sh'
+      - '**.go'
+      - 'go.mod'
+      - 'go.sum'
+      - 's-ui.service'
 
 jobs:
-  build:
+  build-linux:
     strategy:
       matrix:
         platform:
@@ -18,42 +28,26 @@ jobs:
           - armv5
           - 386
           - s390x
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           submodules: recursive
+          fetch-depth: 0
 
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           cache: false
           go-version-file: go.mod
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
           node-version: '22'
           registry-url: 'https://registry.npmjs.org'
 
-      - name: Install dependencies
-        run: |
-          sudo apt-get update
-          if [ "${{ matrix.platform }}" == "arm64" ]; then
-            sudo apt install gcc-aarch64-linux-gnu
-          elif [ "${{ matrix.platform }}" == "armv7" ]; then
-            sudo apt install gcc-arm-linux-gnueabihf
-          elif [ "${{ matrix.platform }}" == "armv6" ]; then
-            sudo apt install gcc-arm-linux-gnueabihf
-          elif [ "${{ matrix.platform }}" == "armv5" ]; then
-            sudo apt install gcc-arm-linux-gnueabi
-          elif [ "${{ matrix.platform }}" == "386" ]; then
-            sudo apt install gcc-i686-linux-gnu
-          elif [ "${{ matrix.platform }}" == "s390x" ]; then
-            sudo apt install gcc-s390x-linux-gnu
-          fi
-
       - name: Build frontend
         run: |
           cd frontend
@@ -68,31 +62,34 @@ jobs:
           export CGO_ENABLED=1
           export GOOS=linux
           export GOARCH=${{ matrix.platform }}
-          if [ "${{ matrix.platform }}" == "arm64" ]; then
-            export GOARCH=arm64
-            export CC=aarch64-linux-gnu-gcc
-          elif [ "${{ matrix.platform }}" == "armv7" ]; then
-            export GOARCH=arm
-            export GOARM=7
-            export CC=arm-linux-gnueabihf-gcc
-          elif [ "${{ matrix.platform }}" == "armv6" ]; then
-            export GOARCH=arm
-            export GOARM=6
-            export CC=arm-linux-gnueabihf-gcc
-          elif [ "${{ matrix.platform }}" == "armv5" ]; then
-            export GOARCH=arm
-            export GOARM=5
-            export CC=arm-linux-gnueabi-gcc
-          elif [ "${{ matrix.platform }}" == "386" ]; then
-            export GOARCH=386
-            export CC=i686-linux-gnu-gcc
-          elif [ "${{ matrix.platform }}" == "s390x" ]; then
-            export GOARCH=s390x
-            export CC=s390x-linux-gnu-gcc
-          fi
+          # Use Bootlin prebuilt cross-toolchains (musl 1.2.5 in stable series)
+          case "${{ matrix.platform }}" in
+            amd64) BOOTLIN_ARCH="x86-64" ;;
+            arm64) BOOTLIN_ARCH="aarch64" ;;
+            armv7) BOOTLIN_ARCH="armv7-eabihf"; export GOARCH=arm GOARM=7 ;;
+            armv6) BOOTLIN_ARCH="armv6-eabihf"; export GOARCH=arm GOARM=6 ;;
+            armv5) BOOTLIN_ARCH="armv5-eabi"; export GOARCH=arm GOARM=5 ;;
+            386) BOOTLIN_ARCH="x86-i686" ;;
+            s390x) BOOTLIN_ARCH="s390x-z13" ;;
+          esac
+          echo "Resolving Bootlin musl toolchain for arch=$BOOTLIN_ARCH (platform=${{ matrix.platform }})"
+          TARBALL_BASE="https://toolchains.bootlin.com/downloads/releases/toolchains/$BOOTLIN_ARCH/tarballs/"
+          TARBALL_URL=$(curl -fsSL "$TARBALL_BASE" | grep -oE "${BOOTLIN_ARCH}--musl--stable-[^\"]+\\.tar\\.xz" | sort -r | head -n1)
+          [ -z "$TARBALL_URL" ] && { echo "Failed to locate Bootlin musl toolchain for arch=$BOOTLIN_ARCH" >&2; exit 1; }
+          echo "Downloading: $TARBALL_URL"
+          cd /tmp
+          curl -fL -sS -o "$(basename "$TARBALL_URL")" "$TARBALL_BASE/$TARBALL_URL"
+          tar -xf "$(basename "$TARBALL_URL")"
+          TOOLCHAIN_DIR=$(find . -maxdepth 1 -type d -name "${BOOTLIN_ARCH}--musl--stable-*" | head -n1)
+          export PATH="$(realpath "$TOOLCHAIN_DIR")/bin:$PATH"
+          export CC=$(realpath "$(find "$TOOLCHAIN_DIR/bin" -name '*-gcc.br_real' -type f -executable | head -n1)")
+          [ -z "$CC" ] && { echo "No gcc.br_real found in $TOOLCHAIN_DIR/bin" >&2; exit 1; }
+          cd -
 
           ### Build s-ui
-          go build -ldflags="-w -s" -tags "with_quic,with_grpc,with_utls,with_acme,with_gvisor" -o sui main.go
+          go build -ldflags="-w -s -linkmode external -extldflags '-static'" -tags "with_quic,with_grpc,with_utls,with_acme,with_gvisor" -o sui main.go
+          file sui
+          ldd sui || echo "Static binary confirmed"
 
           mkdir s-ui
           cp sui s-ui/
@@ -102,8 +99,16 @@ jobs:
       - name: Package
         run: tar -zcvf s-ui-linux-${{ matrix.platform }}.tar.gz s-ui
 
-      - name: Upload
+      - name: Upload files to Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: s-ui-linux-${{ matrix.platform }}
+          path: ./s-ui-linux-${{ matrix.platform }}.tar.gz
+          retention-days: 30
+
+      - name: Upload to Release
         uses: svenstaro/upload-release-action@v2
+        if: github.event_name == 'release' && github.event.action == 'published'
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           tag: ${{ github.ref }}

.github/workflows/windows.yml

@@ -0,0 +1,171 @@
+name: Build S-UI for Windows
+
+on:
+  workflow_dispatch:
+  release:
+    types: [published]
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/windows.yml'
+      - 'frontend/**'
+      - '**.go'
+      - 'go.mod'
+      - 'go.sum'
+      - 'windows/**'
+
+jobs:
+  build-windows:    
+    runs-on: windows-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5.0.0
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          cache: false
+          go-version-file: go.mod
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: '22'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Install zip for Windows
+        shell: powershell
+        run: |
+          # Install Chocolatey if not available
+          if (!(Get-Command choco -ErrorAction SilentlyContinue)) {
+            Set-ExecutionPolicy Bypass -Scope Process -Force
+            [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
+            iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
+          }
+          # Install zip
+          choco install zip -y
+
+      - name: Build frontend
+        shell: bash
+        run: |
+          cd frontend
+          npm install
+          npm run build
+          cd ..
+          mv frontend/dist web/html
+          rm -fr frontend
+
+      - name: Build s-ui
+        shell: bash
+        run: |
+          export CGO_ENABLED=1
+          export GOOS=windows
+          export GOARCH=amd64
+          
+          echo "Building for Windows amd64"
+          go version
+          
+          ### Build s-ui
+          go build -ldflags="-w -s" -tags "with_quic,with_grpc,with_utls,with_acme,with_gvisor" -o sui.exe main.go
+          file sui.exe
+          
+          mkdir s-ui-windows
+          cp sui.exe s-ui-windows/
+          cp -r windows/* s-ui-windows/
+
+      - name: Package
+        shell: bash
+        run: |
+          zip -r "s-ui-windows-amd64.zip" s-ui-windows
+
+      - name: Upload files to Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: s-ui-windows-amd64
+          path: ./s-ui-windows-amd64.zip
+          retention-days: 30
+
+      - name: Upload to Release
+        uses: svenstaro/upload-release-action@v2
+        if: github.event_name == 'release' && github.event.action == 'published'
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ github.ref }}
+          file: s-ui-windows-amd64.zip
+          asset_name: s-ui-windows-amd64.zip
+          prerelease: true
+          overwrite: true
+
+  build-windows-arm64:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5.0.0
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          cache: false
+          go-version-file: go.mod
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: '22'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Build frontend
+        run: |
+          cd frontend
+          npm install
+          npm run build
+          cd ..
+          mv frontend/dist web/html
+          rm -fr frontend
+
+      - name: Build s-ui for ARM64
+        run: |
+          export CGO_ENABLED=0
+          export GOOS=windows
+          export GOARCH=arm64
+          
+          echo "Building for Windows ARM64 (32-bit)"
+          go version
+          go env GOOS GOARCH
+          
+          ### Build s-ui without CGO for ARM64
+          go build -ldflags="-w -s" -tags "with_quic,with_grpc,with_utls,with_acme,with_gvisor" -o sui.exe main.go
+          file sui.exe
+          
+          mkdir s-ui-windows
+          cp sui.exe s-ui-windows/
+          cp -r windows/* s-ui-windows/
+
+      - name: Package ARM64
+        run: |
+          zip -r "s-ui-windows-arm64.zip" s-ui-windows
+
+      - name: Upload ARM64 files to Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: s-ui-windows-arm64
+          path: ./s-ui-windows-arm64.zip
+          retention-days: 30
+
+      - name: Upload ARM64 to Release
+        uses: svenstaro/upload-release-action@v2
+        if: github.event_name == 'release' && github.event.action == 'published'
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ github.ref }}
+          file: s-ui-windows-arm64.zip
+          asset_name: s-ui-windows-arm64.zip
+          prerelease: true
+          overwrite: true

.gitignore

@@ -20,6 +20,14 @@ frontend/
 *.log*
 .cache
 
+# Windows build artifacts
+*.exe
+*.zip
+s-ui-windows/
+sui-*.exe
+sui-*.zip
+windows/sui-*.exe
+
 # Editor directories and files
 .idea
 .vscode

Dockerfile

@@ -3,7 +3,7 @@ WORKDIR /app
 COPY frontend/ ./
 RUN npm install && npm run build
 
-FROM golang:1.24-alpine AS backend-builder
+FROM golang:1.25-alpine AS backend-builder
 WORKDIR /app
 ARG TARGETARCH
 ENV CGO_ENABLED=1

Dockerfile.frontend-artifact

@@ -0,0 +1,36 @@
+FROM golang:1.25-alpine AS backend-builder
+WORKDIR /app
+ARG TARGETARCH
+ENV CGO_ENABLED=1
+ENV CGO_CFLAGS="-D_LARGEFILE64_SOURCE"
+ENV GOARCH=$TARGETARCH
+
+RUN apk update && apk add --no-cache \
+    gcc \
+    musl-dev \
+    libc-dev \
+    make \
+    git \
+    wget \
+    unzip \
+    bash
+
+ENV CC=gcc
+
+COPY . .
+# Copy pre-built frontend files from a known location (provided by workflow artifact)
+COPY frontend_dist/ /app/web/html/
+
+RUN go build -ldflags="-w -s" \
+    -tags "with_quic,with_grpc,with_utls,with_acme,with_gvisor" \
+    -o sui main.go
+
+FROM --platform=$TARGETPLATFORM alpine
+LABEL org.opencontainers.image.authors="alireza7@gmail.com"
+ENV TZ=Asia/Tehran
+WORKDIR /app
+RUN apk add --no-cache --update ca-certificates tzdata
+COPY --from=backend-builder /app/sui /app/
+COPY entrypoint.sh /app/
+VOLUME [ "s-ui" ]
+ENTRYPOINT [ "./entrypoint.sh" ] 

README.md

@@ -27,6 +27,13 @@
 | Dark/Light Theme                       | :heavy_check_mark: |
 | API Interface                          | :heavy_check_mark: |
 
+## Supported Platforms
+| Platform | Architecture | Status |
+|----------|--------------|---------|
+| Linux    | amd64, arm64, armv7, armv6, armv5, 386, s390x | ✅ Supported |
+| Windows  | amd64, 386, arm64 | ✅ Supported |
+| macOS    | amd64, arm64 | 🚧 Experimental |
+
 ## Screenshots
 
 !["Main"](https://github.com/alireza0/s-ui-frontend/raw/main/media/main.png)
@@ -46,10 +53,17 @@
 
 ## Install & Upgrade to Latest Version
 
+### Linux/macOS
 ```sh
 bash <(curl -Ls https://raw.githubusercontent.com/alireza0/s-ui/master/install.sh)
 ```
 
+### Windows
+1. Download the latest Windows release from [GitHub Releases](https://github.com/alireza0/s-ui/releases/latest)
+2. Extract the ZIP file
+3. Run `install-windows.bat` as Administrator
+4. Follow the installation wizard
+
 ## Install legacy Version
 
 **Step 1:** To install your desired legacy version, add the version to the end of the installation command. e.g., ver `1.0.0`:
@@ -60,6 +74,7 @@ VERSION=1.0.0 && bash <(curl -Ls https://raw.githubusercontent.com/alireza0/s-ui
 
 ## Manual installation
 
+### Linux/macOS
 1. Get the latest version of S-UI based on your OS/Architecture from GitHub: [https://github.com/alireza0/s-ui/releases/latest](https://github.com/alireza0/s-ui/releases/latest)
 2. **OPTIONAL** Get the latest version of `s-ui.sh` [https://raw.githubusercontent.com/alireza0/s-ui/master/s-ui.sh](https://raw.githubusercontent.com/alireza0/s-ui/master/s-ui.sh)
 3. **OPTIONAL** Copy `s-ui.sh` to /usr/bin/ and run `chmod +x /usr/bin/s-ui`.
@@ -68,6 +83,14 @@ VERSION=1.0.0 && bash <(curl -Ls https://raw.githubusercontent.com/alireza0/s-ui
 6. Enable autostart and start S-UI service using `systemctl enable s-ui --now`
 7. Start sing-box service using `systemctl enable sing-box --now`
 
+### Windows
+1. Get the latest Windows version from GitHub: [https://github.com/alireza0/s-ui/releases/latest](https://github.com/alireza0/s-ui/releases/latest)
+2. Download the appropriate Windows package (e.g., `s-ui-windows-amd64.zip`)
+3. Extract the ZIP file to a directory of your choice
+4. Run `install-windows.bat` as Administrator
+5. Follow the installation wizard
+6. Access the panel at http://localhost:2095/app
+
 ## Uninstall S-UI
 
 ```sh
@@ -111,7 +134,7 @@ docker compose up -d
 mkdir s-ui && cd s-ui
 docker run -itd \
     -p 2095:2095 -p 2096:2096 -p 443:443 -p 80:80 \
-    -v $PWD/db/:/usr/local/s-ui/db/ \
+    -v $PWD/db/:/app/db/ \
     -v $PWD/cert/:/root/cert/ \
     --name s-ui --restart=unless-stopped \
     alireza7/s-ui:latest
@@ -194,21 +217,6 @@ To run backend (from root folder of repository):
 - HTTPS for secure access to the web panel and subscription service (self-provided domain + SSL certificate)
 - Dark/Light theme
 
-## Recommended OS
-
-- Ubuntu 20.04+
-- Debian 11+
-- CentOS 8+
-- Fedora 36+
-- Arch Linux
-- Parch Linux
-- Manjaro
-- Armbian
-- AlmaLinux 9+
-- Rocky Linux 9+
-- Oracle Linux 8+
-- OpenSUSE Tubleweed
-
 ## Environment Variables
 
 <details>

api/apiHandler.go

@@ -68,7 +68,7 @@ func (a *APIHandler) getHandler(c *gin.Context) {
 		a.ApiService.Logout(c)
 	case "load":
 		a.ApiService.LoadData(c)
-	case "inbounds", "outbounds", "endpoints", "tls", "clients", "config":
+	case "inbounds", "outbounds", "endpoints", "services", "tls", "clients", "config":
 		err := a.ApiService.LoadPartialData(c, []string{action})
 		if err != nil {
 			jsonMsg(c, action, err)

api/apiService.go

@@ -7,7 +7,6 @@ import (
 	"s-ui/service"
 	"s-ui/util"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/gin-gonic/gin"
@@ -86,7 +85,11 @@ func (a *ApiService) getData(c *gin.Context) (interface{}, error) {
 		if err != nil {
 			return "", err
 		}
-		subURI, err := a.SettingService.GetFinalSubURI(strings.Split(c.Request.Host, ":")[0])
+		subURI, err := a.SettingService.GetFinalSubURI(getHostname(c))
+		if err != nil {
+			return "", err
+		}
+		trafficAge, err := a.SettingService.GetTrafficAge()
 		if err != nil {
 			return "", err
 		}
@@ -98,6 +101,7 @@ func (a *ApiService) getData(c *gin.Context) (interface{}, error) {
 		data["endpoints"] = endpoints
 		data["services"] = services
 		data["subURI"] = subURI
+		data["enableTraffic"] = trafficAge > 0
 		data["onlines"] = onlines
 	} else {
 		data["onlines"] = onlines

api/apiV2Handler.go

@@ -61,7 +61,7 @@ func (a *APIv2Handler) getHandler(c *gin.Context) {
 	switch action {
 	case "load":
 		a.ApiService.LoadData(c)
-	case "inbounds", "outbounds", "endpoints", "tls", "clients", "config":
+	case "inbounds", "outbounds", "endpoints", "services", "tls", "clients", "config":
 		err := a.ApiService.LoadPartialData(c, []string{action})
 		if err != nil {
 			jsonMsg(c, action, err)

api/utils.go

@@ -29,8 +29,11 @@ func getRemoteIp(c *gin.Context) string {
 
 func getHostname(c *gin.Context) string {
 	host := c.Request.Host
-	if colonIndex := strings.LastIndex(host, ":"); colonIndex != -1 {
+	if strings.Contains(host, ":") {
 		host, _, _ = net.SplitHostPort(c.Request.Host)
+		if strings.Contains(host, ":") {
+			host = "[" + host + "]"
+		}
 	}
 	return host
 }

config/config.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 )
 
@@ -51,9 +52,13 @@ func GetDBFolderPath() string {
 	if dbFolderPath == "" {
 		dir, err := filepath.Abs(filepath.Dir(os.Args[0]))
 		if err != nil {
+			// Cross-platform fallback path
+			if runtime.GOOS == "windows" {
+				return "C:\\Program Files\\s-ui\\db"
+			}
 			return "/usr/local/s-ui/db"
 		}
-		dbFolderPath = dir + "/db"
+		dbFolderPath = filepath.Join(dir, "db")
 	}
 	return dbFolderPath
 }

config/version

@@ -1 +1 @@
-1.3.0-beta.4
+1.3.6

core/box.go

@@ -49,6 +49,7 @@ type Box struct {
 	connection      *route.ConnectionManager
 	router          *route.Router
 	internalService []adapter.LifecycleService
+	statsTracker    *StatsTracker
 	connTracker     *ConnTracker
 	done            chan struct{}
 }
@@ -302,15 +303,15 @@ func NewBox(options Options) (*Box, error) {
 			return nil, common.NewError("initialize service["+F.ToString(i)+"]"+tag, err)
 		}
 	}
-	outboundManager.Initialize(sbCommon.Must1(
-		direct.NewOutbound(
+	outboundManager.Initialize(func() (adapter.Outbound, error) {
+		return direct.NewOutbound(
 			ctx,
 			router,
 			logFactory.NewLogger("outbound/direct"),
 			"direct",
 			option.DirectOutboundOptions{},
-		),
-	))
+		)
+	})
 	dnsTransportManager.Initialize(sbCommon.Must1(
 		local.NewTransport(
 			ctx,
@@ -324,6 +325,10 @@ func NewBox(options Options) (*Box, error) {
 			return nil, common.NewError("initialize platform interface", err)
 		}
 	}
+	if statsTracker == nil {
+		statsTracker = NewStatsTracker()
+	}
+	router.AppendTracker(statsTracker)
 	if connTracker == nil {
 		connTracker = NewConnTracker()
 	}
@@ -387,6 +392,7 @@ func NewBox(options Options) (*Box, error) {
 		logFactory:      logFactory,
 		logger:          logFactory.Logger(),
 		internalService: internalServices,
+		statsTracker:    statsTracker,
 		connTracker:     connTracker,
 		done:            make(chan struct{}),
 	}, nil
@@ -530,6 +536,10 @@ func (s *Box) Endpoint() adapter.EndpointManager {
 	return s.endpoint
 }
 
+func (s *Box) StatsTracker() *StatsTracker {
+	return s.statsTracker
+}
+
 func (s *Box) ConnTracker() *ConnTracker {
 	return s.connTracker
 }

core/main.go

@@ -22,6 +22,7 @@ var (
 	service_manager  adapter.ServiceManager
 	endpoint_manager adapter.EndpointManager
 	router           adapter.Router
+	statsTracker     *StatsTracker
 	connTracker      *ConnTracker
 	factory          log.Factory
 )

core/protocol/hysteria/inbound.go

@@ -1,182 +0,0 @@
-package hysteria
-
-import (
-	"context"
-	"net"
-	"time"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/adapter/inbound"
-	"github.com/sagernet/sing-box/common/listener"
-	"github.com/sagernet/sing-box/common/tls"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-quic/hysteria"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/auth"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-)
-
-func RegisterInbound(registry *inbound.Registry) {
-	inbound.Register[option.HysteriaInboundOptions](registry, C.TypeHysteria, NewInbound)
-}
-
-type Inbound struct {
-	inbound.Adapter
-	router       adapter.Router
-	logger       log.ContextLogger
-	listener     *listener.Listener
-	tlsConfig    tls.ServerConfig
-	service      *hysteria.Service[int]
-	userNameList []string
-}
-
-func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.HysteriaInboundOptions) (adapter.Inbound, error) {
-	options.UDPFragmentDefault = true
-	if options.TLS == nil || !options.TLS.Enabled {
-		return nil, C.ErrTLSRequired
-	}
-	tlsConfig, err := tls.NewServer(ctx, logger, common.PtrValueOrDefault(options.TLS))
-	if err != nil {
-		return nil, err
-	}
-	inbound := &Inbound{
-		Adapter: inbound.NewAdapter(C.TypeHysteria, tag),
-		router:  router,
-		logger:  logger,
-		listener: listener.New(listener.Options{
-			Context: ctx,
-			Logger:  logger,
-			Listen:  options.ListenOptions,
-		}),
-		tlsConfig: tlsConfig,
-	}
-	var sendBps, receiveBps uint64
-	if options.Up.Value() > 0 {
-		sendBps = options.Up.Value()
-	} else {
-		sendBps = uint64(options.UpMbps) * hysteria.MbpsToBps
-	}
-	if options.Down.Value() > 0 {
-		receiveBps = options.Down.Value()
-	} else {
-		receiveBps = uint64(options.DownMbps) * hysteria.MbpsToBps
-	}
-	var udpTimeout time.Duration
-	if options.UDPTimeout != 0 {
-		udpTimeout = time.Duration(options.UDPTimeout)
-	} else {
-		udpTimeout = C.UDPTimeout
-	}
-	service, err := hysteria.NewService[int](hysteria.ServiceOptions{
-		Context:       ctx,
-		Logger:        logger,
-		SendBPS:       sendBps,
-		ReceiveBPS:    receiveBps,
-		XPlusPassword: options.Obfs,
-		TLSConfig:     tlsConfig,
-		UDPTimeout:    udpTimeout,
-		Handler:       inbound,
-
-		// Legacy options
-
-		ConnReceiveWindow:   options.ReceiveWindowConn,
-		StreamReceiveWindow: options.ReceiveWindowClient,
-		MaxIncomingStreams:  int64(options.MaxConnClient),
-		DisableMTUDiscovery: options.DisableMTUDiscovery,
-	})
-	if err != nil {
-		return nil, err
-	}
-	userList := make([]int, 0, len(options.Users))
-	userNameList := make([]string, 0, len(options.Users))
-	userPasswordList := make([]string, 0, len(options.Users))
-	for index, user := range options.Users {
-		userList = append(userList, index)
-		userNameList = append(userNameList, user.Name)
-		var password string
-		if user.AuthString != "" {
-			password = user.AuthString
-		} else {
-			password = string(user.Auth)
-		}
-		userPasswordList = append(userPasswordList, password)
-	}
-	service.UpdateUsers(userList, userPasswordList)
-	inbound.service = service
-	inbound.userNameList = userNameList
-	return inbound, nil
-}
-
-func (h *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
-	ctx = log.ContextWithNewID(ctx)
-	var metadata adapter.InboundContext
-	metadata.Inbound = h.Tag()
-	metadata.InboundType = h.Type()
-	//nolint:staticcheck
-	metadata.InboundDetour = h.listener.ListenOptions().Detour
-	//nolint:staticcheck
-	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
-	metadata.OriginDestination = h.listener.UDPAddr()
-	metadata.Source = source
-	metadata.Destination = destination
-	h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source)
-	userID, _ := auth.UserFromContext[int](ctx)
-	if userName := h.userNameList[userID]; userName != "" {
-		metadata.User = userName
-		h.logger.InfoContext(ctx, "[", userName, "] inbound connection to ", metadata.Destination)
-	} else {
-		h.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination)
-	}
-	h.router.RouteConnectionEx(ctx, conn, metadata, onClose)
-}
-
-func (h *Inbound) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
-	ctx = log.ContextWithNewID(ctx)
-	var metadata adapter.InboundContext
-	metadata.Inbound = h.Tag()
-	metadata.InboundType = h.Type()
-	//nolint:staticcheck
-	metadata.InboundDetour = h.listener.ListenOptions().Detour
-	//nolint:staticcheck
-	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
-	metadata.OriginDestination = h.listener.UDPAddr()
-	metadata.Source = source
-	metadata.Destination = destination
-	h.logger.InfoContext(ctx, "inbound packet connection from ", metadata.Source)
-	userID, _ := auth.UserFromContext[int](ctx)
-	if userName := h.userNameList[userID]; userName != "" {
-		metadata.User = userName
-		h.logger.InfoContext(ctx, "[", userName, "] inbound packet connection to ", metadata.Destination)
-	} else {
-		h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination)
-	}
-	h.router.RoutePacketConnectionEx(ctx, conn, metadata, onClose)
-}
-
-func (h *Inbound) Start(stage adapter.StartStage) error {
-	if stage != adapter.StartStateStart {
-		return nil
-	}
-	if h.tlsConfig != nil {
-		err := h.tlsConfig.Start()
-		if err != nil {
-			return err
-		}
-	}
-	packetConn, err := h.listener.ListenUDP()
-	if err != nil {
-		return err
-	}
-	return h.service.Start(packetConn)
-}
-
-func (h *Inbound) Close() error {
-	return common.Close(
-		h.listener,
-		h.tlsConfig,
-		common.PtrOrNil(h.service),
-	)
-}

core/protocol/hysteria/outbound.go

@@ -1,126 +0,0 @@
-package hysteria
-
-import (
-	"context"
-	"net"
-	"os"
-	"time"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/adapter/outbound"
-	"github.com/sagernet/sing-box/common/dialer"
-	"github.com/sagernet/sing-box/common/tls"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-box/protocol/tuic"
-	"github.com/sagernet/sing-quic/hysteria"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/bufio"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/logger"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-)
-
-func RegisterOutbound(registry *outbound.Registry) {
-	outbound.Register[option.HysteriaOutboundOptions](registry, C.TypeHysteria, NewOutbound)
-}
-
-var (
-	_ adapter.Outbound                = (*tuic.Outbound)(nil)
-	_ adapter.InterfaceUpdateListener = (*tuic.Outbound)(nil)
-)
-
-type Outbound struct {
-	outbound.Adapter
-	logger logger.ContextLogger
-	client *hysteria.Client
-}
-
-func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.HysteriaOutboundOptions) (adapter.Outbound, error) {
-	options.UDPFragmentDefault = true
-	if options.TLS == nil || !options.TLS.Enabled {
-		return nil, C.ErrTLSRequired
-	}
-	tlsConfig, err := tls.NewClient(ctx, options.Server, common.PtrValueOrDefault(options.TLS))
-	if err != nil {
-		return nil, err
-	}
-	outboundDialer, err := dialer.New(ctx, options.DialerOptions, options.ServerIsDomain())
-	if err != nil {
-		return nil, err
-	}
-	networkList := options.Network.Build()
-	var password string
-	if options.AuthString != "" {
-		password = options.AuthString
-	} else {
-		password = string(options.Auth)
-	}
-	var sendBps, receiveBps uint64
-	if options.Up.Value() > 0 {
-		sendBps = options.Up.Value()
-	} else {
-		sendBps = uint64(options.UpMbps) * hysteria.MbpsToBps
-	}
-	if options.Down.Value() > 0 {
-		receiveBps = options.Down.Value()
-	} else {
-		receiveBps = uint64(options.DownMbps) * hysteria.MbpsToBps
-	}
-	client, err := hysteria.NewClient(hysteria.ClientOptions{
-		Context:             ctx,
-		Dialer:              outboundDialer,
-		Logger:              logger,
-		ServerAddress:       options.ServerOptions.Build(),
-		ServerPorts:         options.ServerPorts,
-		HopInterval:         time.Duration(options.HopInterval),
-		SendBPS:             sendBps,
-		ReceiveBPS:          receiveBps,
-		XPlusPassword:       options.Obfs,
-		Password:            password,
-		TLSConfig:           tlsConfig,
-		UDPDisabled:         !common.Contains(networkList, N.NetworkUDP),
-		ConnReceiveWindow:   options.ReceiveWindowConn,
-		StreamReceiveWindow: options.ReceiveWindow,
-		DisableMTUDiscovery: options.DisableMTUDiscovery,
-	})
-	if err != nil {
-		return nil, err
-	}
-	return &Outbound{
-		Adapter: outbound.NewAdapterWithDialerOptions(C.TypeHysteria, tag, networkList, options.DialerOptions),
-		logger:  logger,
-		client:  client,
-	}, nil
-}
-
-func (h *Outbound) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	switch N.NetworkName(network) {
-	case N.NetworkTCP:
-		h.logger.InfoContext(ctx, "outbound connection to ", destination)
-		return h.client.DialConn(ctx, destination)
-	case N.NetworkUDP:
-		conn, err := h.ListenPacket(ctx, destination)
-		if err != nil {
-			return nil, err
-		}
-		return bufio.NewBindPacketConn(conn, destination), nil
-	default:
-		return nil, E.New("unsupported network: ", network)
-	}
-}
-
-func (h *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
-	h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
-	return h.client.ListenPacket(ctx, destination)
-}
-
-func (h *Outbound) InterfaceUpdated() {
-	h.client.CloseWithError(E.New("network changed"))
-}
-
-func (h *Outbound) Close() error {
-	return h.client.CloseWithError(os.ErrClosed)
-}

core/protocol/hysteria/users.go

@@ -1,28 +0,0 @@
-package hysteria
-
-import (
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/option"
-)
-
-func (h *Inbound) UpdateUsers(users []option.HysteriaUser) error {
-	h.Close()
-	userList := make([]int, 0, len(users))
-	userNameList := make([]string, 0, len(users))
-	userPasswordList := make([]string, 0, len(users))
-	for index, user := range users {
-		userList = append(userList, index)
-		userNameList = append(userNameList, user.Name)
-		var password string
-		if user.AuthString != "" {
-			password = user.AuthString
-		} else {
-			password = string(user.Auth)
-		}
-		userPasswordList = append(userPasswordList, password)
-	}
-	h.service.UpdateUsers(userList, userPasswordList)
-	h.userNameList = userNameList
-	h.Start(adapter.StartStateStart)
-	return nil
-}

core/protocol/hysteria2/inbound.go

@@ -1,215 +0,0 @@
-package hysteria2
-
-import (
-	"context"
-	"net"
-	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"time"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/adapter/inbound"
-	"github.com/sagernet/sing-box/common/listener"
-	"github.com/sagernet/sing-box/common/tls"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-quic/hysteria"
-	"github.com/sagernet/sing-quic/hysteria2"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/auth"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-)
-
-func RegisterInbound(registry *inbound.Registry) {
-	inbound.Register[option.Hysteria2InboundOptions](registry, C.TypeHysteria2, NewInbound)
-}
-
-type Inbound struct {
-	inbound.Adapter
-	router       adapter.Router
-	logger       log.ContextLogger
-	listener     *listener.Listener
-	tlsConfig    tls.ServerConfig
-	service      *hysteria2.Service[int]
-	userNameList []string
-}
-
-func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.Hysteria2InboundOptions) (adapter.Inbound, error) {
-	options.UDPFragmentDefault = true
-	if options.TLS == nil || !options.TLS.Enabled {
-		return nil, C.ErrTLSRequired
-	}
-	tlsConfig, err := tls.NewServer(ctx, logger, common.PtrValueOrDefault(options.TLS))
-	if err != nil {
-		return nil, err
-	}
-	var salamanderPassword string
-	if options.Obfs != nil {
-		if options.Obfs.Password == "" {
-			return nil, E.New("missing obfs password")
-		}
-		switch options.Obfs.Type {
-		case hysteria2.ObfsTypeSalamander:
-			salamanderPassword = options.Obfs.Password
-		default:
-			return nil, E.New("unknown obfs type: ", options.Obfs.Type)
-		}
-	}
-	var masqueradeHandler http.Handler
-	if options.Masquerade != nil && options.Masquerade.Type != "" {
-		switch options.Masquerade.Type {
-		case C.Hysterai2MasqueradeTypeFile:
-			masqueradeHandler = http.FileServer(http.Dir(options.Masquerade.FileOptions.Directory))
-		case C.Hysterai2MasqueradeTypeProxy:
-			masqueradeURL, err := url.Parse(options.Masquerade.ProxyOptions.URL)
-			if err != nil {
-				return nil, E.Cause(err, "parse masquerade URL")
-			}
-			masqueradeHandler = &httputil.ReverseProxy{
-				Rewrite: func(r *httputil.ProxyRequest) {
-					r.SetURL(masqueradeURL)
-					if !options.Masquerade.ProxyOptions.RewriteHost {
-						r.Out.Host = r.In.Host
-					}
-				},
-				ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
-					w.WriteHeader(http.StatusBadGateway)
-				},
-			}
-		case C.Hysterai2MasqueradeTypeString:
-			masqueradeHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				if options.Masquerade.StringOptions.StatusCode != 0 {
-					w.WriteHeader(options.Masquerade.StringOptions.StatusCode)
-				}
-				for key, values := range options.Masquerade.StringOptions.Headers {
-					for _, value := range values {
-						w.Header().Add(key, value)
-					}
-				}
-				w.Write([]byte(options.Masquerade.StringOptions.Content))
-			})
-		default:
-			return nil, E.New("unknown masquerade type: ", options.Masquerade.Type)
-		}
-	}
-	inbound := &Inbound{
-		Adapter: inbound.NewAdapter(C.TypeHysteria2, tag),
-		router:  router,
-		logger:  logger,
-		listener: listener.New(listener.Options{
-			Context: ctx,
-			Logger:  logger,
-			Listen:  options.ListenOptions,
-		}),
-		tlsConfig: tlsConfig,
-	}
-	var udpTimeout time.Duration
-	if options.UDPTimeout != 0 {
-		udpTimeout = time.Duration(options.UDPTimeout)
-	} else {
-		udpTimeout = C.UDPTimeout
-	}
-	service, err := hysteria2.NewService[int](hysteria2.ServiceOptions{
-		Context:               ctx,
-		Logger:                logger,
-		BrutalDebug:           options.BrutalDebug,
-		SendBPS:               uint64(options.UpMbps * hysteria.MbpsToBps),
-		ReceiveBPS:            uint64(options.DownMbps * hysteria.MbpsToBps),
-		SalamanderPassword:    salamanderPassword,
-		TLSConfig:             tlsConfig,
-		IgnoreClientBandwidth: options.IgnoreClientBandwidth,
-		UDPTimeout:            udpTimeout,
-		Handler:               inbound,
-		MasqueradeHandler:     masqueradeHandler,
-	})
-	if err != nil {
-		return nil, err
-	}
-	userList := make([]int, 0, len(options.Users))
-	userNameList := make([]string, 0, len(options.Users))
-	userPasswordList := make([]string, 0, len(options.Users))
-	for index, user := range options.Users {
-		userList = append(userList, index)
-		userNameList = append(userNameList, user.Name)
-		userPasswordList = append(userPasswordList, user.Password)
-	}
-	service.UpdateUsers(userList, userPasswordList)
-	inbound.service = service
-	inbound.userNameList = userNameList
-	return inbound, nil
-}
-
-func (h *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
-	ctx = log.ContextWithNewID(ctx)
-	var metadata adapter.InboundContext
-	metadata.Inbound = h.Tag()
-	metadata.InboundType = h.Type()
-	//nolint:staticcheck
-	metadata.InboundDetour = h.listener.ListenOptions().Detour
-	//nolint:staticcheck
-	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
-	metadata.OriginDestination = h.listener.UDPAddr()
-	metadata.Source = source
-	metadata.Destination = destination
-	h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source)
-	userID, _ := auth.UserFromContext[int](ctx)
-	if userName := h.userNameList[userID]; userName != "" {
-		metadata.User = userName
-		h.logger.InfoContext(ctx, "[", userName, "] inbound connection to ", metadata.Destination)
-	} else {
-		h.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination)
-	}
-	h.router.RouteConnectionEx(ctx, conn, metadata, onClose)
-}
-
-func (h *Inbound) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
-	ctx = log.ContextWithNewID(ctx)
-	var metadata adapter.InboundContext
-	metadata.Inbound = h.Tag()
-	metadata.InboundType = h.Type()
-	//nolint:staticcheck
-	metadata.InboundDetour = h.listener.ListenOptions().Detour
-	//nolint:staticcheck
-	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
-	metadata.OriginDestination = h.listener.UDPAddr()
-	metadata.Source = source
-	metadata.Destination = destination
-	h.logger.InfoContext(ctx, "inbound packet connection from ", metadata.Source)
-	userID, _ := auth.UserFromContext[int](ctx)
-	if userName := h.userNameList[userID]; userName != "" {
-		metadata.User = userName
-		h.logger.InfoContext(ctx, "[", userName, "] inbound packet connection to ", metadata.Destination)
-	} else {
-		h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination)
-	}
-	h.router.RoutePacketConnectionEx(ctx, conn, metadata, onClose)
-}
-
-func (h *Inbound) Start(stage adapter.StartStage) error {
-	if stage != adapter.StartStateStart {
-		return nil
-	}
-	if h.tlsConfig != nil {
-		err := h.tlsConfig.Start()
-		if err != nil {
-			return err
-		}
-	}
-	packetConn, err := h.listener.ListenUDP()
-	if err != nil {
-		return err
-	}
-	return h.service.Start(packetConn)
-}
-
-func (h *Inbound) Close() error {
-	return common.Close(
-		h.listener,
-		h.tlsConfig,
-		common.PtrOrNil(h.service),
-	)
-}

core/protocol/hysteria2/outbound.go

@@ -1,120 +0,0 @@
-package hysteria2
-
-import (
-	"context"
-	"net"
-	"os"
-	"time"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/adapter/outbound"
-	"github.com/sagernet/sing-box/common/dialer"
-	"github.com/sagernet/sing-box/common/tls"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-box/protocol/tuic"
-	"github.com/sagernet/sing-quic/hysteria"
-	"github.com/sagernet/sing-quic/hysteria2"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/bufio"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/logger"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-)
-
-func RegisterOutbound(registry *outbound.Registry) {
-	outbound.Register[option.Hysteria2OutboundOptions](registry, C.TypeHysteria2, NewOutbound)
-}
-
-var (
-	_ adapter.Outbound                = (*tuic.Outbound)(nil)
-	_ adapter.InterfaceUpdateListener = (*tuic.Outbound)(nil)
-)
-
-type Outbound struct {
-	outbound.Adapter
-	logger logger.ContextLogger
-	client *hysteria2.Client
-}
-
-func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.Hysteria2OutboundOptions) (adapter.Outbound, error) {
-	options.UDPFragmentDefault = true
-	if options.TLS == nil || !options.TLS.Enabled {
-		return nil, C.ErrTLSRequired
-	}
-	tlsConfig, err := tls.NewClient(ctx, options.Server, common.PtrValueOrDefault(options.TLS))
-	if err != nil {
-		return nil, err
-	}
-	var salamanderPassword string
-	if options.Obfs != nil {
-		if options.Obfs.Password == "" {
-			return nil, E.New("missing obfs password")
-		}
-		switch options.Obfs.Type {
-		case hysteria2.ObfsTypeSalamander:
-			salamanderPassword = options.Obfs.Password
-		default:
-			return nil, E.New("unknown obfs type: ", options.Obfs.Type)
-		}
-	}
-	outboundDialer, err := dialer.New(ctx, options.DialerOptions, options.ServerIsDomain())
-	if err != nil {
-		return nil, err
-	}
-	networkList := options.Network.Build()
-	client, err := hysteria2.NewClient(hysteria2.ClientOptions{
-		Context:            ctx,
-		Dialer:             outboundDialer,
-		Logger:             logger,
-		BrutalDebug:        options.BrutalDebug,
-		ServerAddress:      options.ServerOptions.Build(),
-		ServerPorts:        options.ServerPorts,
-		HopInterval:        time.Duration(options.HopInterval),
-		SendBPS:            uint64(options.UpMbps * hysteria.MbpsToBps),
-		ReceiveBPS:         uint64(options.DownMbps * hysteria.MbpsToBps),
-		SalamanderPassword: salamanderPassword,
-		Password:           options.Password,
-		TLSConfig:          tlsConfig,
-		UDPDisabled:        !common.Contains(networkList, N.NetworkUDP),
-	})
-	if err != nil {
-		return nil, err
-	}
-	return &Outbound{
-		Adapter: outbound.NewAdapterWithDialerOptions(C.TypeHysteria2, tag, networkList, options.DialerOptions),
-		logger:  logger,
-		client:  client,
-	}, nil
-}
-
-func (h *Outbound) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	switch N.NetworkName(network) {
-	case N.NetworkTCP:
-		h.logger.InfoContext(ctx, "outbound connection to ", destination)
-		return h.client.DialConn(ctx, destination)
-	case N.NetworkUDP:
-		conn, err := h.ListenPacket(ctx, destination)
-		if err != nil {
-			return nil, err
-		}
-		return bufio.NewBindPacketConn(conn, destination), nil
-	default:
-		return nil, E.New("unsupported network: ", network)
-	}
-}
-
-func (h *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
-	h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
-	return h.client.ListenPacket(ctx)
-}
-
-func (h *Outbound) InterfaceUpdated() {
-	h.client.CloseWithError(E.New("network changed"))
-}
-
-func (h *Outbound) Close() error {
-	return h.client.CloseWithError(os.ErrClosed)
-}

core/protocol/hysteria2/users.go

@@ -1,22 +0,0 @@
-package hysteria2
-
-import (
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/option"
-)
-
-func (h *Inbound) UpdateUsers(users []option.Hysteria2User) error {
-	h.Close()
-	userList := make([]int, 0, len(users))
-	userNameList := make([]string, 0, len(users))
-	userPasswordList := make([]string, 0, len(users))
-	for index, user := range users {
-		userList = append(userList, index)
-		userNameList = append(userNameList, user.Name)
-		userPasswordList = append(userPasswordList, user.Password)
-	}
-	h.service.UpdateUsers(userList, userPasswordList)
-	h.userNameList = userNameList
-	h.Start(adapter.StartStateStart)
-	return nil
-}

core/register.go

@@ -1,9 +1,6 @@
 package core
 
 import (
-	"s-ui/core/protocol/hysteria"
-	"s-ui/core/protocol/hysteria2"
-
 	"github.com/sagernet/sing-box/adapter/endpoint"
 	"github.com/sagernet/sing-box/adapter/inbound"
 	"github.com/sagernet/sing-box/adapter/outbound"
@@ -21,6 +18,8 @@ import (
 	protocolDNS "github.com/sagernet/sing-box/protocol/dns"
 	"github.com/sagernet/sing-box/protocol/group"
 	"github.com/sagernet/sing-box/protocol/http"
+	"github.com/sagernet/sing-box/protocol/hysteria"
+	"github.com/sagernet/sing-box/protocol/hysteria2"
 	"github.com/sagernet/sing-box/protocol/mixed"
 	"github.com/sagernet/sing-box/protocol/naive"
 	_ "github.com/sagernet/sing-box/protocol/naive/quic"

core/tracker_conn.go

@@ -0,0 +1,136 @@
+package core
+
+import (
+	"context"
+	"net"
+	"sync"
+
+	"github.com/gofrs/uuid/v5"
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing/common/network"
+)
+
+type ConnectionInfo struct {
+	ID         string
+	Conn       net.Conn
+	PacketConn network.PacketConn
+	Inbound    string
+	Type       string // "tcp" or "udp"
+}
+
+type ConnTracker struct {
+	access      sync.Mutex
+	connections map[string]*ConnectionInfo
+}
+
+func NewConnTracker() *ConnTracker {
+	return &ConnTracker{
+		connections: make(map[string]*ConnectionInfo),
+	}
+}
+
+func (c *ConnTracker) generateConnectionID() string {
+	return uuid.Must(uuid.NewV4()).String()
+}
+
+func (c *ConnTracker) RoutedConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, matchedRule adapter.Rule, matchOutbound adapter.Outbound) net.Conn {
+	connID := c.generateConnectionID()
+	connInfo := &ConnectionInfo{
+		ID:      connID,
+		Conn:    conn,
+		Inbound: metadata.Inbound,
+		Type:    "tcp",
+	}
+
+	c.trackConnection(connID, connInfo)
+
+	return c.createWrappedConn(conn, connID)
+}
+
+func (c *ConnTracker) RoutedPacketConnection(ctx context.Context, conn network.PacketConn, metadata adapter.InboundContext, matchedRule adapter.Rule, matchOutbound adapter.Outbound) network.PacketConn {
+	connID := c.generateConnectionID()
+	connInfo := &ConnectionInfo{
+		ID:         connID,
+		PacketConn: conn,
+		Inbound:    metadata.Inbound,
+		Type:       "udp",
+	}
+
+	c.trackConnection(connID, connInfo)
+
+	return c.createWrappedPacketConn(conn, connID)
+}
+
+func (c *ConnTracker) CloseConnByInbound(inbound string) int {
+	c.access.Lock()
+	defer c.access.Unlock()
+
+	closedCount := 0
+	for connID, connInfo := range c.connections {
+		if connInfo.Inbound == inbound {
+			if connInfo.Conn != nil {
+				connInfo.Conn.Close()
+			}
+			if connInfo.PacketConn != nil {
+				connInfo.PacketConn.Close()
+			}
+			delete(c.connections, connID)
+			closedCount++
+		}
+	}
+	return closedCount
+}
+
+func (c *ConnTracker) trackConnection(connID string, connInfo *ConnectionInfo) {
+	c.access.Lock()
+	defer c.access.Unlock()
+	c.connections[connID] = connInfo
+}
+
+func (c *ConnTracker) untrackConnection(connID string) {
+	c.access.Lock()
+	defer c.access.Unlock()
+	delete(c.connections, connID)
+}
+
+func (c *ConnTracker) createWrappedConn(conn net.Conn, connID string) *wrappedConn {
+	return &wrappedConn{
+		Conn:   conn,
+		connID: connID,
+	}
+}
+
+func (c *ConnTracker) createWrappedPacketConn(conn network.PacketConn, connID string) *wrappedPacketConn {
+	return &wrappedPacketConn{
+		PacketConn: conn,
+		connID:     connID,
+	}
+}
+
+type wrappedConn struct {
+	net.Conn
+	connID string
+}
+
+func (w *wrappedConn) Close() error {
+	connTracker.untrackConnection(w.connID)
+	return w.Conn.Close()
+}
+
+func (w *wrappedConn) Upstream() any {
+	return w.Conn
+}
+
+type wrappedPacketConn struct {
+	network.PacketConn
+	connID string
+}
+
+func (w *wrappedPacketConn) Close() error {
+	connTracker.untrackConnection(w.connID)
+	return w.PacketConn.Close()
+}
+
+func (w *wrappedPacketConn) Upstream() any {
+	return w.PacketConn
+}

core/tracker_stats.go

@@ -18,27 +18,27 @@ type Counter struct {
 	write *atomic.Int64
 }
 
-type ConnTracker struct {
+type StatsTracker struct {
 	access    sync.Mutex
-	createdAt time.Time
 	inbounds  map[string]Counter
 	outbounds map[string]Counter
 	users     map[string]Counter
 }
 
-func NewConnTracker() *ConnTracker {
-	return &ConnTracker{
-		createdAt: time.Now(),
+func NewStatsTracker() *StatsTracker {
+	return &StatsTracker{
 		inbounds:  make(map[string]Counter),
 		outbounds: make(map[string]Counter),
 		users:     make(map[string]Counter),
 	}
 }
 
-func (c *ConnTracker) getReadCounters(inbound string, outbound string, user string) ([]*atomic.Int64, []*atomic.Int64) {
+func (c *StatsTracker) getReadCounters(inbound string, outbound string, user string) ([]*atomic.Int64, []*atomic.Int64) {
 	var readCounter []*atomic.Int64
 	var writeCounter []*atomic.Int64
 	c.access.Lock()
+	defer c.access.Unlock()
+
 	if inbound != "" {
 		readCounter = append(readCounter, c.loadOrCreateCounter(&c.inbounds, inbound).read)
 		writeCounter = append(writeCounter, c.inbounds[inbound].write)
@@ -51,11 +51,10 @@ func (c *ConnTracker) getReadCounters(inbound string, outbound string, user stri
 		readCounter = append(readCounter, c.loadOrCreateCounter(&c.users, user).read)
 		writeCounter = append(writeCounter, c.users[user].write)
 	}
-	c.access.Unlock()
 	return readCounter, writeCounter
 }
 
-func (c *ConnTracker) loadOrCreateCounter(obj *map[string]Counter, name string) Counter {
+func (c *StatsTracker) loadOrCreateCounter(obj *map[string]Counter, name string) Counter {
 	counter, loaded := (*obj)[name]
 	if loaded {
 		return counter
@@ -65,17 +64,17 @@ func (c *ConnTracker) loadOrCreateCounter(obj *map[string]Counter, name string)
 	return counter
 }
 
-func (c *ConnTracker) RoutedConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, matchedRule adapter.Rule, matchOutbound adapter.Outbound) net.Conn {
+func (c *StatsTracker) RoutedConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, matchedRule adapter.Rule, matchOutbound adapter.Outbound) net.Conn {
 	readCounter, writeCounter := c.getReadCounters(metadata.Inbound, matchOutbound.Tag(), metadata.User)
 	return bufio.NewInt64CounterConn(conn, readCounter, writeCounter)
 }
 
-func (c *ConnTracker) RoutedPacketConnection(ctx context.Context, conn network.PacketConn, metadata adapter.InboundContext, matchedRule adapter.Rule, matchOutbound adapter.Outbound) network.PacketConn {
+func (c *StatsTracker) RoutedPacketConnection(ctx context.Context, conn network.PacketConn, metadata adapter.InboundContext, matchedRule adapter.Rule, matchOutbound adapter.Outbound) network.PacketConn {
 	readCounter, writeCounter := c.getReadCounters(metadata.Inbound, matchOutbound.Tag(), metadata.User)
-	return bufio.NewInt64CounterPacketConn(conn, readCounter, writeCounter)
+	return bufio.NewInt64CounterPacketConn(conn, readCounter, nil, writeCounter, nil)
 }
 
-func (c *ConnTracker) GetStats() *[]model.Stats {
+func (c *StatsTracker) GetStats() *[]model.Stats {
 	c.access.Lock()
 	defer c.access.Unlock()
 

cronjob/cronJob.go

@@ -20,11 +20,13 @@ func (c *CronJob) Start(loc *time.Location, trafficAge int) error {
 
 	go func() {
 		// Start stats job
-		c.cron.AddJob("@every 10s", NewStatsJob())
+		c.cron.AddJob("@every 10s", NewStatsJob(trafficAge > 0))
 		// Start expiry job
 		c.cron.AddJob("@every 1m", NewDepleteJob())
 		// Start deleting old stats
+		if trafficAge > 0 {
 			c.cron.AddJob("@daily", NewDelStatsJob(trafficAge))
+		}
 		// Start core if it is not running
 		c.cron.AddJob("@every 5s", NewCheckCoreJob())
 	}()

cronjob/depleteJob.go

@@ -22,7 +22,7 @@ func (s *DepleteJob) Run() {
 		return
 	}
 	if len(inboundIds) > 0 {
-		err := s.InboundService.UpdateUsers(database.GetDB(), inboundIds)
+		err := s.InboundService.RestartInbounds(database.GetDB(), inboundIds)
 		if err != nil {
 			logger.Error("unable to restart inbounds: ", err)
 		}

cronjob/statsJob.go

@@ -7,14 +7,17 @@ import (
 
 type StatsJob struct {
 	service.StatsService
+	enableTraffic bool
 }
 
-func NewStatsJob() *StatsJob {
-	return &StatsJob{}
+func NewStatsJob(saveTraffic bool) *StatsJob {
+	return &StatsJob{
+		enableTraffic: saveTraffic,
+	}
 }
 
 func (s *StatsJob) Run() {
-	err := s.StatsService.SaveStats()
+	err := s.StatsService.SaveStats(s.enableTraffic)
 	if err != nil {
 		logger.Warning("Get stats failed: ", err)
 		return

database/backup.go

@@ -7,6 +7,7 @@ import (
 	"mime/multipart"
 	"os"
 	"path/filepath"
+	"runtime"
 	"s-ui/cmd/migration"
 	"s-ui/config"
 	"s-ui/database/model"
@@ -287,7 +288,11 @@ func SendSighup() error {
 	// Send SIGHUP to the current process
 	go func() {
 		time.Sleep(3 * time.Second)
-		err := process.Signal(syscall.SIGHUP)
+		if runtime.GOOS == "windows" {
+			err = process.Kill()
+		} else {
+			err = process.Signal(syscall.SIGHUP)
+		}
 		if err != nil {
 			logger.Error("send signal SIGHUP failed:", err)
 		}

go.mod

@@ -1,22 +1,22 @@
 module s-ui
 
-go 1.24.4
+go 1.25.1
 
 require (
 	github.com/gin-contrib/gzip v1.2.3
 	github.com/gin-contrib/sessions v1.0.4
 	github.com/gin-gonic/gin v1.10.1
+	github.com/gofrs/uuid/v5 v5.3.2
 	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/sagernet/sing v0.6.12-0.20250704043954-da981379f151
-	github.com/sagernet/sing-box v1.12.0-beta.33
+	github.com/sagernet/sing v0.7.10
+	github.com/sagernet/sing-box v1.12.8
 	github.com/sagernet/sing-dns v0.4.6
-	github.com/sagernet/sing-quic v0.5.0-beta.3
-	github.com/shirou/gopsutil/v4 v4.25.6
+	github.com/shirou/gopsutil/v4 v4.25.8
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10
 	gopkg.in/yaml.v3 v3.0.1
 	gorm.io/driver/sqlite v1.6.0
-	gorm.io/gorm v1.30.0
+	gorm.io/gorm v1.31.0
 )
 
 require (
@@ -31,9 +31,8 @@ require (
 	github.com/bytedance/sonic/loader v0.3.0 // indirect
 	github.com/caddyserver/certmagic v0.23.0 // indirect
 	github.com/caddyserver/zerossl v0.1.3 // indirect
-	github.com/cloudflare/circl v1.6.1 // indirect
 	github.com/cloudwego/base64x v0.1.5 // indirect
-	github.com/coder/websocket v1.8.12 // indirect
+	github.com/coder/websocket v1.8.13 // indirect
 	github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6 // indirect
 	github.com/cretz/bine v0.2.0 // indirect
 	github.com/dblohm7/wingoes v0.0.0-20240119213807-a09d6be7affa // indirect
@@ -55,14 +54,13 @@ require (
 	github.com/gobwas/pool v0.2.1 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466 // indirect
-	github.com/gofrs/uuid/v5 v5.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
-	github.com/gorilla/csrf v1.7.3-0.20250123201450-9dd6af1f6d30 // indirect
+	github.com/gorilla/csrf v1.7.3 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/sessions v1.4.0 // indirect
 	github.com/hashicorp/yamux v0.1.2 // indirect
@@ -77,21 +75,21 @@ require (
 	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/libdns/alidns v1.0.4-libdns.v1.beta1 // indirect
-	github.com/libdns/cloudflare v0.2.2-0.20250430151523-b46a2b0885f6 // indirect
-	github.com/libdns/libdns v1.0.0-beta.1 // indirect
+	github.com/libdns/alidns v1.0.5-libdns.v1.beta1 // indirect
+	github.com/libdns/cloudflare v0.2.2-0.20250708034226-c574dccb31a6 // indirect
+	github.com/libdns/libdns v1.1.0 // indirect
 	github.com/logrusorgru/aurora v2.0.3+incompatible // indirect
 	github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-sqlite3 v1.14.28 // indirect
+	github.com/mattn/go-sqlite3 v1.14.30 // indirect
 	github.com/mdlayher/genetlink v1.3.2 // indirect
 	github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42 // indirect
 	github.com/mdlayher/sdnotify v1.0.0 // indirect
 	github.com/mdlayher/socket v0.5.1 // indirect
-	github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422 // indirect
-	github.com/metacubex/utls v1.7.0-alpha.3 // indirect
+	github.com/metacubex/tfo-go v0.0.0-20250516165257-e29c16ae41d4 // indirect
+	github.com/metacubex/utls v1.8.0 // indirect
 	github.com/mholt/acmez/v3 v3.1.2 // indirect
-	github.com/miekg/dns v1.1.66 // indirect
+	github.com/miekg/dns v1.1.67 // indirect
 	github.com/mitchellh/go-ps v1.0.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -108,14 +106,15 @@ require (
 	github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a // indirect
 	github.com/sagernet/nftables v0.3.0-beta.4 // indirect
 	github.com/sagernet/quic-go v0.52.0-beta.1 // indirect
-	github.com/sagernet/sing-mux v0.3.2 // indirect
+	github.com/sagernet/sing-mux v0.3.3 // indirect
+	github.com/sagernet/sing-quic v0.5.2-0.20250909083218-00a55617c0fb // indirect
 	github.com/sagernet/sing-shadowsocks v0.2.8 // indirect
 	github.com/sagernet/sing-shadowsocks2 v0.2.1 // indirect
 	github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11 // indirect
-	github.com/sagernet/sing-tun v0.6.10-0.20250703121732-a0881ada3251 // indirect
-	github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88 // indirect
+	github.com/sagernet/sing-tun v0.7.2 // indirect
+	github.com/sagernet/sing-vmess v0.2.7 // indirect
 	github.com/sagernet/smux v1.5.34-mod.2 // indirect
-	github.com/sagernet/tailscale v1.80.3-mod.5 // indirect
+	github.com/sagernet/tailscale v1.80.3-sing-box-1.12-mod.1 // indirect
 	github.com/sagernet/wireguard-go v0.0.1-beta.7 // indirect
 	github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 // indirect
 	github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e // indirect
@@ -140,21 +139,21 @@ require (
 	go.uber.org/zap/exp v0.3.0 // indirect
 	go4.org/mem v0.0.0-20240501181205-ae6ca9944745 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
-	golang.org/x/arch v0.18.0 // indirect
-	golang.org/x/crypto v0.39.0 // indirect
+	golang.org/x/arch v0.20.0 // indirect
+	golang.org/x/crypto v0.41.0 // indirect
 	golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 // indirect
-	golang.org/x/mod v0.25.0 // indirect
-	golang.org/x/net v0.41.0 // indirect
-	golang.org/x/sync v0.15.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/term v0.32.0 // indirect
-	golang.org/x/text v0.26.0 // indirect
+	golang.org/x/mod v0.27.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/term v0.34.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
-	golang.org/x/tools v0.33.0 // indirect
+	golang.org/x/tools v0.36.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
-	google.golang.org/grpc v1.72.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect
+	google.golang.org/grpc v1.73.0 // indirect
 	google.golang.org/protobuf v1.36.6 // indirect
 	lukechampine.com/blake3 v1.4.1 // indirect
 )

go.sum

@@ -8,19 +8,13 @@ github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7V
 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
 github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
-github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
-github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
 github.com/anytls/sing-anytls v0.0.8 h1:1u/fnH1HoeeMV5mX7/eUOjLBvPdkd1UJRmXiRi6Vymc=
 github.com/anytls/sing-anytls v0.0.8/go.mod h1:7rjN6IukwysmdusYsrV51Fgu1uW6vsrdd6ctjnEAln8=
 github.com/bits-and-blooms/bitset v1.13.0 h1:bAQ9OPNFYbGHV6Nez0tmNI0RiEu7/hxlYJRUA0wFAVE=
 github.com/bits-and-blooms/bitset v1.13.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
-github.com/bits-and-blooms/bitset v1.22.0 h1:Tquv9S8+SGaS3EhyA+up3FXzmkhxPGjQQCkcs2uw7w4=
-github.com/bits-and-blooms/bitset v1.22.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/bytedance/sonic v1.13.3 h1:MS8gmaH16Gtirygw7jV91pDCN33NyMrPbN7qiYhEsF0=
 github.com/bytedance/sonic v1.13.3/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
-github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
 github.com/bytedance/sonic/loader v0.3.0 h1:dskwH8edlzNMctoruo8FPTJDF3vLtDT0sXZwvZJyqeA=
 github.com/bytedance/sonic/loader v0.3.0/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
 github.com/caddyserver/certmagic v0.23.0 h1:CfpZ/50jMfG4+1J/u2LV6piJq4HOfO6ppOnOf7DkFEU=
@@ -29,18 +23,13 @@ github.com/caddyserver/zerossl v0.1.3 h1:onS+pxp3M8HnHpN5MMbOMyNjmTheJyWRaZYwn+Y
 github.com/caddyserver/zerossl v0.1.3/go.mod h1:CxA0acn7oEGO6//4rtrRjYgEoa4MFw/XofZnrYwGqG4=
 github.com/cilium/ebpf v0.15.0 h1:7NxJhNiBT3NG8pZJ3c+yfrVdHY8ScgKD27sScgjLMMk=
 github.com/cilium/ebpf v0.15.0/go.mod h1:DHp1WyrLeiBh19Cf/tfiSMhqheEiK8fXFZ4No0P1Hso=
-github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
-github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
 github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
-github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
-github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
+github.com/coder/websocket v1.8.13 h1:f3QZdXy7uGVz+4uCJy2nTZyM0yTBj8yANEHhqlXZ9FE=
 github.com/coder/websocket v1.8.13/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
 github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6 h1:8h5+bWd7R6AYUslN6c6iuZWTKsKxUFDlpnmilO6R2n0=
 github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
-github.com/coreos/go-iptables v0.8.0 h1:MPc2P89IhuVpLI7ETL/2tx3XZ61VeICZjYqDEgNsPRc=
-github.com/coreos/go-iptables v0.8.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/cretz/bine v0.2.0 h1:8GiDRGlTgz+o8H9DSnsl+5MeBK4HsExxgl6WgzOCuZo=
 github.com/cretz/bine v0.2.0/go.mod h1:WU4o9QR9wWp8AVKtTM1XD5vUHkEqnf2vVSo6dBqbetI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -49,26 +38,18 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dblohm7/wingoes v0.0.0-20240119213807-a09d6be7affa h1:h8TfIT1xc8FWbwwpmHn1J5i43Y0uZP97GqasGCzSRJk=
 github.com/dblohm7/wingoes v0.0.0-20240119213807-a09d6be7affa/go.mod h1:Nx87SkVqTKd8UtT+xu7sM/l+LgXs6c0aHrlKusR+2EQ=
-github.com/dblohm7/wingoes v0.0.0-20250611174154-e3e096948d18 h1:1+ezXI2ZjiS8zenp08GFowF3zkVQ4j8/CPaALxqCBq0=
-github.com/dblohm7/wingoes v0.0.0-20250611174154-e3e096948d18/go.mod h1:SUxUaAK/0UG5lYyZR1L1nC4AaYYvSSYTWQSH3FPcxKU=
 github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e h1:vUmf0yezR0y7jJ5pceLHthLaYf4bA5T14B6q39S4q2Q=
 github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e/go.mod h1:YTIHhz/QFSYnu/EhlF2SpU2Uk+32abacUYA5ZPljz1A=
 github.com/ebitengine/purego v0.8.4 h1:CF7LEKg5FFOsASUj0+QwaXf8Ht6TlFxg09+S9wz0omw=
 github.com/ebitengine/purego v0.8.4/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
-github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
-github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
 github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
 github.com/gaissmai/bart v0.11.1 h1:5Uv5XwsaFBRo4E5VBcb9TzY8B7zxFf+U7isDxqOrRfc=
 github.com/gaissmai/bart v0.11.1/go.mod h1:KHeYECXQiBjTzQz/om2tqn3sZF1J7hw9m6z41ftj3fg=
-github.com/gaissmai/bart v0.20.5 h1:ehoWZWQ7j//qt0K0Zs4i9hpoPpbgqsMQiR8W2QPJh+c=
-github.com/gaissmai/bart v0.20.5/go.mod h1:cEed+ge8dalcbpi8wtS9x9m2hn/fNJH5suhdGQOHnYk=
 github.com/gin-contrib/gzip v1.2.3 h1:dAhT722RuEG330ce2agAs75z7yB+NKvX/ZM1r8w0u2U=
 github.com/gin-contrib/gzip v1.2.3/go.mod h1:ad72i4Bzmaypk8M762gNXa2wkxxjbz0icRNnuLJ9a/c=
 github.com/gin-contrib/sessions v1.0.4 h1:ha6CNdpYiTOK/hTp05miJLbpTSNfOnFg5Jm2kbcqy8U=
@@ -85,8 +66,6 @@ github.com/go-chi/render v1.0.3 h1:AsXqd2a1/INaIfUSKq3G5uA8weYx20FOsM7uSoCyyt4=
 github.com/go-chi/render v1.0.3/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0=
 github.com/go-json-experiment/json v0.0.0-20250103232110-6a9a0fde9288 h1:KbX3Z3CgiYlbaavUq3Cj9/MjpO+88S7/AGXzynVDv84=
 github.com/go-json-experiment/json v0.0.0-20250103232110-6a9a0fde9288/go.mod h1:BWmvoE1Xia34f3l/ibJweyhrT+aROb/FQ6d+37F0e2s=
-github.com/go-json-experiment/json v0.0.0-20250709061156-d2cd4771eb1b h1:LzDYmjwGnnbVLXEuoe/Lw7hwbEXvi1A3BcUNkTxuCGU=
-github.com/go-json-experiment/json v0.0.0-20250709061156-d2cd4771eb1b/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
@@ -114,8 +93,6 @@ github.com/gofrs/uuid/v5 v5.3.2 h1:2jfO8j3XgSwlz/wHqemAEugfnTlikAYHhnqQ8Xh4fE0=
 github.com/gofrs/uuid/v5 v5.3.2/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
-github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
@@ -127,14 +104,10 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806 h1:wG8RYIyctLhdFk6Vl1yPGtSRtwGpVkWyZww1OCil2MI=
 github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806/go.mod h1:Beg6V6zZ3oEn0JuiUQ4wqwuyqqzasOltcoXPtgLbFp4=
-github.com/google/nftables v0.3.0 h1:bkyZ0cbpVeMHXOrtlFc8ISmfVqq5gPJukoYieyVmITg=
-github.com/google/nftables v0.3.0/go.mod h1:BCp9FsrbF1Fn/Yu6CLUc9GGZFw/+hsxfluNXXmxBfRM=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
 github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
-github.com/gorilla/csrf v1.7.3-0.20250123201450-9dd6af1f6d30 h1:fiJdrgVBkjZ5B1HJ2WQwNOaXB+QyYcNXTA3t1XYLz0M=
-github.com/gorilla/csrf v1.7.3-0.20250123201450-9dd6af1f6d30/go.mod h1:F1Fj3KG23WYHE6gozCmBAezKookxbIvUJT+121wTuLk=
 github.com/gorilla/csrf v1.7.3 h1:BHWt6FTLZAb2HtWT5KDBf6qgpZzvtbp9QWDRKZMXJC0=
 github.com/gorilla/csrf v1.7.3/go.mod h1:F1Fj3KG23WYHE6gozCmBAezKookxbIvUJT+121wTuLk=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
@@ -147,8 +120,6 @@ github.com/hdevalence/ed25519consensus v0.2.0 h1:37ICyZqdyj0lAZ8P4D1d1id3HqbbG1N
 github.com/hdevalence/ed25519consensus v0.2.0/go.mod h1:w3BHWjwJbFU29IRHL1Iqkw3sus+7FctEyM4RqDxYNzo=
 github.com/illarion/gonotify/v2 v2.0.3 h1:B6+SKPo/0Sw8cRJh1aLzNEeNVFfzE3c6N+o+vyxM+9A=
 github.com/illarion/gonotify/v2 v2.0.3/go.mod h1:38oIJTgFqupkEydkkClkbL6i5lXV/bxdH9do5TALPEE=
-github.com/illarion/gonotify/v2 v2.0.8 h1:O0yBj5bFQPYSnhhLt1wshtPrhA5s6YJdfG0seZY4Hog=
-github.com/illarion/gonotify/v2 v2.0.8/go.mod h1:38oIJTgFqupkEydkkClkbL6i5lXV/bxdH9do5TALPEE=
 github.com/insomniacslk/dhcp v0.0.0-20250417080101-5f8cf70e8c5f h1:dd33oobuIv9PcBVqvbEiCXEbNTomOHyj3WFuC5YiPRU=
 github.com/insomniacslk/dhcp v0.0.0-20250417080101-5f8cf70e8c5f/go.mod h1:zhFlBeJssZ1YBCMZ5Lzu1pX4vhftDvU10WUVb1uXKtM=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
@@ -157,8 +128,6 @@ github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jsimonetti/rtnetlink v1.4.0 h1:Z1BF0fRgcETPEa0Kt0MRk3yV5+kF1FWTni6KUFKrq2I=
 github.com/jsimonetti/rtnetlink v1.4.0/go.mod h1:5W1jDvWdnthFJ7fxYX1GMK07BUpI4oskfOqvPteYS6E=
-github.com/jsimonetti/rtnetlink v1.4.2 h1:Df9w9TZ3npHTyDn0Ev9e1uzmN2odmXd0QX+J5GTEn90=
-github.com/jsimonetti/rtnetlink v1.4.2/go.mod h1:92s6LJdE+1iOrw+F2/RO7LYI2Qd8pPpFNNUYW06gcoM=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
@@ -166,21 +135,15 @@ github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYW
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
 github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
-github.com/klauspost/cpuid/v2 v2.2.11 h1:0OwqZRYI2rFrjS4kvkDnqJkKHdHaRnCm68/DY4OxRzU=
-github.com/klauspost/cpuid/v2 v2.2.11/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a h1:+RR6SqnTkDLWyICxS1xpjCi/3dhyV+TgZwA6Ww3KncQ=
 github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a/go.mod h1:YTtCCM3ryyfiu4F7t8HQ1mxvp1UBdWM2r6Xa+nGWvDk=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/libdns/alidns v1.0.4-libdns.v1.beta1 h1:ods22gD4PcT0g4qRX77ucykjz7Rppnkz3vQoxDbbKTM=
-github.com/libdns/alidns v1.0.4-libdns.v1.beta1/go.mod h1:ystHmPwcGoWjPrGpensQSMY9VoCx4cpR2hXNlwk9H/g=
-github.com/libdns/alidns v1.0.4 h1:Rc3Yy2SzMoho+3q3+fNy9vOVr2h9dcL8OLTgNKgxYbU=
-github.com/libdns/alidns v1.0.4/go.mod h1:e18uAG6GanfRhcJj6/tps2rCMzQJaYVcGKT+ELjdjGE=
-github.com/libdns/cloudflare v0.2.2-0.20250430151523-b46a2b0885f6 h1:0dlpPjNr8TaYZbkpwCiee4udBNrYrWG8EZPYEbjHEn8=
-github.com/libdns/cloudflare v0.2.2-0.20250430151523-b46a2b0885f6/go.mod h1:Aq4IXdjalB6mD0ELvKqJiIGim8zSC6mlIshRPMOAb5w=
-github.com/libdns/libdns v0.2.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
-github.com/libdns/libdns v1.0.0-beta.1 h1:KIf4wLfsrEpXpZ3vmc/poM8zCATXT2klbdPe6hyOBjQ=
+github.com/libdns/alidns v1.0.5-libdns.v1.beta1 h1:txHK7UxDed3WFBDjrTZPuMn8X+WmhjBTTAMW5xdy5pQ=
+github.com/libdns/alidns v1.0.5-libdns.v1.beta1/go.mod h1:ystHmPwcGoWjPrGpensQSMY9VoCx4cpR2hXNlwk9H/g=
+github.com/libdns/cloudflare v0.2.2-0.20250708034226-c574dccb31a6 h1:3MGrVWs2COjMkQR17oUw1zMIPbm2YAzxDC3oGVZvQs8=
+github.com/libdns/cloudflare v0.2.2-0.20250708034226-c574dccb31a6/go.mod h1:w9uTmRCDlAoafAsTPnn2nJ0XHK/eaUMh86DUk8BWi60=
 github.com/libdns/libdns v1.0.0-beta.1/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
 github.com/libdns/libdns v1.1.0 h1:9ze/tWvt7Df6sbhOJRB8jT33GHEHpEQXdtkE3hPthbU=
 github.com/libdns/libdns v1.1.0/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
@@ -190,8 +153,8 @@ github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 h1:PpXWgLPs+Fqr32
 github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-sqlite3 v1.14.28 h1:ThEiQrnbtumT+QMknw63Befp/ce/nUPgBPMlRFEum7A=
-github.com/mattn/go-sqlite3 v1.14.28/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.30 h1:bVreufq3EAIG1Quvws73du3/QgdeZ3myglJlrzSYYCY=
+github.com/mattn/go-sqlite3 v1.14.30/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw=
 github.com/mdlayher/genetlink v1.3.2/go.mod h1:tcC3pkCrPUGIKKsCsp0B3AdaaKuHtaxoJRz3cc+528o=
 github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42 h1:A1Cq6Ysb0GM0tpKMbdCXCIfBclan4oHk1Jb+Hrejirg=
@@ -200,18 +163,14 @@ github.com/mdlayher/sdnotify v1.0.0 h1:Ma9XeLVN/l0qpyx1tNeMSeTjCPH6NtuD6/N9XdTlQ
 github.com/mdlayher/sdnotify v1.0.0/go.mod h1:HQUmpM4XgYkhDLtd+Uad8ZFK1T9D5+pNxnXQjCeJlGE=
 github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos=
 github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ=
-github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422 h1:zGeQt3UyNydIVrMRB97AA5WsYEau/TyCnRtTf1yUmJY=
-github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422/go.mod h1:l9oLnLoEXyGZ5RVLsh7QCC5XsouTUyKk4F2nLm2DHLw=
 github.com/metacubex/tfo-go v0.0.0-20250516165257-e29c16ae41d4 h1:j1VRTiC9JLR4nUbSikx9OGdu/3AgFDqgcLj4GoqyQkc=
 github.com/metacubex/tfo-go v0.0.0-20250516165257-e29c16ae41d4/go.mod h1:l9oLnLoEXyGZ5RVLsh7QCC5XsouTUyKk4F2nLm2DHLw=
-github.com/metacubex/utls v1.7.0-alpha.3 h1:cp1cEMUnoifiWrGHRzo+nCwPRveN9yPD8QaRFmfcYxA=
-github.com/metacubex/utls v1.7.0-alpha.3/go.mod h1:oknYT0qTOwE4hjPmZOEpzVdefnW7bAdGLvZcqmk4TLU=
-github.com/metacubex/utls v1.7.3 h1:yDcMEWojFh+t8rU9X0HPcZDPAoFze/rIIyssqivzj8A=
-github.com/metacubex/utls v1.7.3/go.mod h1:oknYT0qTOwE4hjPmZOEpzVdefnW7bAdGLvZcqmk4TLU=
+github.com/metacubex/utls v1.8.0 h1:mSYi6FMnmc5riARl5UZDmWVy710z+P5b7xuGW0lV9ac=
+github.com/metacubex/utls v1.8.0/go.mod h1:FdjYzVfCtgtna19hX0ER1Xsa5uJInwdQ4IcaaI98lEQ=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=
 github.com/mholt/acmez/v3 v3.1.2/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
-github.com/miekg/dns v1.1.66 h1:FeZXOS3VCVsKnEAd+wBkjMC3D2K+ww66Cq3VnCINuJE=
-github.com/miekg/dns v1.1.66/go.mod h1:jGFzBsSNbJw6z1HYut1RKBKHA9PBdxeHrZG8J+gC2WE=
+github.com/miekg/dns v1.1.67 h1:kg0EHj0G4bfT5/oOys6HhZw4vmMlnoZ+gDu8tJ/AlI0=
+github.com/miekg/dns v1.1.67/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
 github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
 github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -255,38 +214,36 @@ github.com/sagernet/nftables v0.3.0-beta.4/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/l
 github.com/sagernet/quic-go v0.52.0-beta.1 h1:hWkojLg64zjV+MJOvJU/kOeWndm3tiEfBLx5foisszs=
 github.com/sagernet/quic-go v0.52.0-beta.1/go.mod h1:OV+V5kEBb8kJS7k29MzDu6oj9GyMc7HA07sE1tedxz4=
 github.com/sagernet/sing v0.6.9/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
-github.com/sagernet/sing v0.6.12-0.20250704043954-da981379f151 h1:UCiQ1d/t5Y9uKAL9ir3i06+ClqS93OGGG8oqB82RMCE=
-github.com/sagernet/sing v0.6.12-0.20250704043954-da981379f151/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
-github.com/sagernet/sing-box v1.12.0-beta.33 h1:1NUC3YxqD+T5aDBgE2za47oSB611yhm0jbtmRTtE4CU=
-github.com/sagernet/sing-box v1.12.0-beta.33/go.mod h1:i04KkLfwxQEM5sUdgm+Yoi8K8GtK44094a3fYAR6acg=
-github.com/sagernet/sing-dns v0.4.5 h1:D9REN14qx2FTrZRBrtFLL99f2CuFzQ9S7mIf8uV5hZI=
-github.com/sagernet/sing-dns v0.4.5/go.mod h1:dweQs54ng2YGzoJfz+F9dGuDNdP5pJ3PLeggnK5VWc8=
+github.com/sagernet/sing v0.7.10 h1:2yPhZFx+EkyHPH8hXNezgyRSHyGY12CboId7CtwLROw=
+github.com/sagernet/sing v0.7.10/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing-box v1.12.8 h1:XnDRmD5tT5PsBPvMQ6zmLtbAKD3/l/6mHUfCJYa+L2g=
+github.com/sagernet/sing-box v1.12.8/go.mod h1:HRB+cgvwOMnoNmVhJm2DoFQPbJvDSRDaLonaMlT4tjo=
 github.com/sagernet/sing-dns v0.4.6 h1:mjZC0o6d5sQ1sraoOBbK3G3apCbuL8wWYwu2RNu5rbM=
 github.com/sagernet/sing-dns v0.4.6/go.mod h1:dweQs54ng2YGzoJfz+F9dGuDNdP5pJ3PLeggnK5VWc8=
-github.com/sagernet/sing-mux v0.3.2 h1:meZVFiiStvHThb/trcpAkCrmtJOuItG5Dzl1RRP5/NE=
-github.com/sagernet/sing-mux v0.3.2/go.mod h1:pht8iFY4c9Xltj7rhVd208npkNaeCxzyXCgulDPLUDA=
-github.com/sagernet/sing-quic v0.5.0-beta.3 h1:X/acRNsqQNfDlmwE7SorHfaZiny5e67hqIzM/592ric=
-github.com/sagernet/sing-quic v0.5.0-beta.3/go.mod h1:SAv/qdeDN+75msGG5U5ZIwG+3Ua50jVIKNrRSY8pkx0=
+github.com/sagernet/sing-mux v0.3.3 h1:YFgt9plMWzH994BMZLmyKL37PdIVaIilwP0Jg+EcLfw=
+github.com/sagernet/sing-mux v0.3.3/go.mod h1:pht8iFY4c9Xltj7rhVd208npkNaeCxzyXCgulDPLUDA=
+github.com/sagernet/sing-quic v0.5.2-0.20250909083218-00a55617c0fb h1:5Wx3XeTiKrrrcrAky7Hc1bO3CGxrvho2Vu5b/adlEIM=
+github.com/sagernet/sing-quic v0.5.2-0.20250909083218-00a55617c0fb/go.mod h1:evP1e++ZG8TJHVV5HudXV4vWeYzGfCdF4HwSJZcdqkI=
 github.com/sagernet/sing-shadowsocks v0.2.8 h1:PURj5PRoAkqeHh2ZW205RWzN9E9RtKCVCzByXruQWfE=
 github.com/sagernet/sing-shadowsocks v0.2.8/go.mod h1:lo7TWEMDcN5/h5B8S0ew+r78ZODn6SwVaFhvB6H+PTI=
 github.com/sagernet/sing-shadowsocks2 v0.2.1 h1:dWV9OXCeFPuYGHb6IRqlSptVnSzOelnqqs2gQ2/Qioo=
 github.com/sagernet/sing-shadowsocks2 v0.2.1/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ=
 github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11 h1:tK+75l64tm9WvEFrYRE1t0YxoFdWQqw/h7Uhzj0vJ+w=
 github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11/go.mod h1:sWqKnGlMipCHaGsw1sTTlimyUpgzP4WP3pjhCsYt9oA=
-github.com/sagernet/sing-tun v0.6.10-0.20250703121732-a0881ada3251 h1:eH9naJXvyF/DZDk0V1SYkL6ypYD+A1tUFWLcT7PRezg=
-github.com/sagernet/sing-tun v0.6.10-0.20250703121732-a0881ada3251/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE=
-github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88 h1:0pVm8sPOel+BoiCddW3pV3cKDKEaSioVTYDdTSKjyFI=
-github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88/go.mod h1:IL8Rr+EGwuqijszZkNrEFTQDKhilEpkqFqOlvdpS6/w=
+github.com/sagernet/sing-tun v0.7.2 h1:uJkAZM0KBqIYzrq077QGqdvj/+4i/pMOx6Pnx0jYqAs=
+github.com/sagernet/sing-tun v0.7.2/go.mod h1:pUEjh9YHQ2gJT6Lk0TYDklh3WJy7lz+848vleGM3JPM=
+github.com/sagernet/sing-vmess v0.2.7 h1:2ee+9kO0xW5P4mfe6TYVWf9VtY8k1JhNysBqsiYj0sk=
+github.com/sagernet/sing-vmess v0.2.7/go.mod h1:5aYoOtYksAyS0NXDm0qKeTYW1yoE1bJVcv+XLcVoyJs=
 github.com/sagernet/smux v1.5.34-mod.2 h1:gkmBjIjlJ2zQKpLigOkFur5kBKdV6bNRoFu2WkltRQ4=
 github.com/sagernet/smux v1.5.34-mod.2/go.mod h1:0KW0+R+ycvA2INW4gbsd7BNyg+HEfLIAxa5N02/28Zc=
-github.com/sagernet/tailscale v1.80.3-mod.5 h1:7V7z+p2C//TGtff20pPnDCt3qP6uFyY62peJoKF9z/A=
-github.com/sagernet/tailscale v1.80.3-mod.5/go.mod h1:EBxXsWu4OH2ELbQLq32WoBeIubG8KgDrg4/Oaxjs6lI=
+github.com/sagernet/tailscale v1.80.3-sing-box-1.12-mod.1 h1:gMC0q+0VvZBotZMZ9G0R8ZMEIT/Q6KnXbw0/OgMjmdk=
+github.com/sagernet/tailscale v1.80.3-sing-box-1.12-mod.1/go.mod h1:EBxXsWu4OH2ELbQLq32WoBeIubG8KgDrg4/Oaxjs6lI=
 github.com/sagernet/wireguard-go v0.0.1-beta.7 h1:ltgBwYHfr+9Wz1eG59NiWnHrYEkDKHG7otNZvu85DXI=
 github.com/sagernet/wireguard-go v0.0.1-beta.7/go.mod h1:jGXij2Gn2wbrWuYNUmmNhf1dwcZtvyAvQoe8Xd8MbUo=
 github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 h1:6uUiZcDRnZSAegryaUGwPC/Fj13JSHwiTftrXhMmYOc=
 github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854/go.mod h1:LtfoSK3+NG57tvnVEHgcuBW9ujgE8enPSgzgwStwCAA=
-github.com/shirou/gopsutil/v4 v4.25.6 h1:kLysI2JsKorfaFPcYmcJqbzROzsBWEOAtw6A7dIfqXs=
-github.com/shirou/gopsutil/v4 v4.25.6/go.mod h1:PfybzyydfZcN+JMMjkF6Zb8Mq1A/VcogFFg7hj50W9c=
+github.com/shirou/gopsutil/v4 v4.25.8 h1:NnAsw9lN7587WHxjJA9ryDnqhJpFH6A+wagYWTOH970=
+github.com/shirou/gopsutil/v4 v4.25.8/go.mod h1:q9QdMmfAOVIw7a+eF86P7ISEU6ka+NLgkUxlopV4RwI=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -298,8 +255,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e h1:PtWT87weP5LWHEY//SWsYkSO3RWRZo4OSWagh3YD2vQ=
 github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e/go.mod h1:XrBNfAFN+pwoWuksbFS9Ccxnopa15zJGgXRFN90l3K4=
 github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55 h1:Gzfnfk2TWrk8Jj4P4c1a3CtQyMaTVCznlkLZI++hok4=
@@ -343,16 +300,16 @@ github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
 github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
-go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
-go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
-go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
-go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
-go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
-go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk=
-go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w=
-go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
-go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
+go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ=
+go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y=
+go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
+go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE=
+go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY=
+go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg=
+go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o=
+go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w=
+go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs=
+go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
@@ -365,34 +322,22 @@ go4.org/mem v0.0.0-20240501181205-ae6ca9944745 h1:Tl++JLUCe4sxGu8cTpDzRLd3tN7US4
 go4.org/mem v0.0.0-20240501181205-ae6ca9944745/go.mod h1:reUoABIJ9ikfM5sgtSF3Wushcza7+WeD01VB9Lirh3g=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
-golang.org/x/arch v0.18.0 h1:WN9poc33zL4AzGxqf8VtpKUnGvMi8O9lhNyBMF/85qc=
-golang.org/x/arch v0.18.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
-golang.org/x/arch v0.19.0 h1:LmbDQUodHThXE+htjrnmVD73M//D9GTH6wFZjyDkjyU=
-golang.org/x/arch v0.19.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
+golang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c=
+golang.org/x/arch v0.20.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
-golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
-golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
-golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
+golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
+golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
 golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 h1:y5zboxd6LQAqYIhHnB48p0ByQ/GnQx2BE33L8BOHQkI=
 golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6/go.mod h1:U6Lno4MTRCDY+Ba7aCcauB9T60gsv5s4ralQzP72ZoQ=
-golang.org/x/exp v0.0.0-20250711185948-6ae5c78190dc h1:TS73t7x3KarrNd5qAipmspBDS1rkMcgVG/fS1aRb4Rc=
-golang.org/x/exp v0.0.0-20250711185948-6ae5c78190dc/go.mod h1:A+z0yzpGtvnG90cToK5n2tu8UJVP2XUATh+r+sfOOOc=
 golang.org/x/image v0.23.0 h1:HseQ7c2OpPKTPVzNjG5fwJsOTCiiwS4QdsYi5XU6H68=
 golang.org/x/image v0.23.0/go.mod h1:wJJBTdLfCCf3tiHa1fNxpZmUI4mmoZvwMCPP0ddoNKY=
-golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
-golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
-golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
-golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
+golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
+golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
-golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
-golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
-golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
+golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
-golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -405,40 +350,30 @@ golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
-golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
-golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
-golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
-golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
+golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
+golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
-golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
-golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
-golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
+golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
+golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
 golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
-golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
-golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
-golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
-golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
+golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
+golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
 golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10 h1:3GDAcqdIg1ozBNLgPy4SLT84nfcBjr6rhGtXYtrkWLU=
 golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10/go.mod h1:T97yPqesLiNrOYxkwmhMI0ZIlJDm+p0PMR8eRVeR5tQ=
 golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE=
 golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a h1:51aaUVRocpvUOSQKM6Q7VuoaktNIaMCLuhZB6DKksq4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a/go.mod h1:uRxBH1mhmO8PGhU89cMcHaXKZqO+OfakD8QQO0oYwlQ=
-google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM=
-google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 h1:e0AIkUUhxyBKh6ssZNrAMeqhA7RKUj42346d1y02i2g=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
+google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok=
+google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc=
 google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
 google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
@@ -448,8 +383,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gorm.io/driver/sqlite v1.6.0 h1:WHRRrIiulaPiPFmDcod6prc4l2VGVWHz80KspNsxSfQ=
 gorm.io/driver/sqlite v1.6.0/go.mod h1:AO9V1qIQddBESngQUKWL9yoH93HIeA1X6V633rBwyT8=
-gorm.io/gorm v1.30.0 h1:qbT5aPv1UH8gI99OsRlvDToLxW5zR7FzS9acZDOZcgs=
-gorm.io/gorm v1.30.0/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
+gorm.io/gorm v1.31.0 h1:0VlycGreVhK7RF/Bwt51Fk8v0xLiiiFdbGDPIZQ7mJY=
+gorm.io/gorm v1.31.0/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
 lukechampine.com/blake3 v1.4.1 h1:I3Smz7gso8w4/TunLKec6K2fn+kyKtDxr/xcQEN84Wg=
 lukechampine.com/blake3 v1.4.1/go.mod h1:QFosUxmjB8mnrWFSNwKmvxHpfY72bmD2tQ0kBMM3kwo=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=

install.sh

@@ -38,66 +38,6 @@ arch() {
 
 echo "arch: $(arch)"
 
-os_version=""
-os_version=$(grep -i version_id /etc/os-release | cut -d \" -f2 | cut -d . -f1)
-
-if [[ "${release}" == "arch" ]]; then
-    echo "Your OS is Arch Linux"
-elif [[ "${release}" == "parch" ]]; then
-    echo "Your OS is Parch linux"
-elif [[ "${release}" == "manjaro" ]]; then
-    echo "Your OS is Manjaro"
-elif [[ "${release}" == "armbian" ]]; then
-    echo "Your OS is Armbian"
-elif [[ "${release}" == "opensuse-tumbleweed" ]]; then
-    echo "Your OS is OpenSUSE Tumbleweed"
-elif [[ "${release}" == "centos" ]]; then
-    if [[ ${os_version} -lt 8 ]]; then
-        echo -e "${red} Please use CentOS 8 or higher ${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "ubuntu" ]]; then
-    if [[ ${os_version} -lt 20 ]]; then
-        echo -e "${red} Please use Ubuntu 20 or higher version!${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "fedora" ]]; then
-    if [[ ${os_version} -lt 36 ]]; then
-        echo -e "${red} Please use Fedora 36 or higher version!${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "debian" ]]; then
-    if [[ ${os_version} -lt 11 ]]; then
-        echo -e "${red} Please use Debian 11 or higher ${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "almalinux" ]]; then
-    if [[ ${os_version} -lt 9 ]]; then
-        echo -e "${red} Please use AlmaLinux 9 or higher ${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "rocky" ]]; then
-    if [[ ${os_version} -lt 9 ]]; then
-        echo -e "${red} Please use Rocky Linux 9 or higher ${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "oracle" ]]; then
-    if [[ ${os_version} -lt 8 ]]; then
-        echo -e "${red} Please use Oracle Linux 8 or higher ${plain}\n" && exit 1
-    fi
-else
-    echo -e "${red}Your operating system is not supported by this script.${plain}\n"
-    echo "Please ensure you are using one of the following supported operating systems:"
-    echo "- Ubuntu 20.04+"
-    echo "- Debian 11+"
-    echo "- CentOS 8+"
-    echo "- Fedora 36+"
-    echo "- Arch Linux"
-    echo "- Parch Linux"
-    echo "- Manjaro"
-    echo "- Armbian"
-    echo "- AlmaLinux 9+"
-    echo "- Rocky Linux 9+"
-    echo "- Oracle Linux 8+"
-    echo "- OpenSUSE Tumbleweed"
-    exit 1
-fi
-
-
 install_base() {
     case "${release}" in
     centos | almalinux | rocky | oracle)

package-lock.json

@@ -1,6 +0,0 @@
-{
-  "name": "s-ui",
-  "lockfileVersion": 3,
-  "requires": true,
-  "packages": {}
-}

s-ui.sh

@@ -1,4 +1,3 @@
-
 #!/bin/bash
 
 red='\033[0;31m'
@@ -6,7 +5,6 @@ green='\033[0;32m'
 yellow='\033[0;33m'
 plain='\033[0m'
 
-#Add some basic function here
 function LOGD() {
     echo -e "${yellow}[DEG] $* ${plain}"
 }
@@ -18,10 +16,9 @@ function LOGE() {
 function LOGI() {
     echo -e "${green}[INF] $* ${plain}"
 }
-# check root
+
 [[ $EUID -ne 0 ]] && LOGE "ERROR: You must be root to run this script! \n" && exit 1
 
-# Check OS and set release variable
 if [[ -f /etc/os-release ]]; then
     source /etc/os-release
     release=$ID
@@ -35,67 +32,6 @@ fi
 
 echo "The OS release is: $release"
 
-
-os_version=""
-os_version=$(grep -i version_id /etc/os-release | cut -d \" -f2 | cut -d . -f1)
-
-if [[ "${release}" == "arch" ]]; then
-    echo "Your OS is Arch Linux"
-elif [[ "${release}" == "parch" ]]; then
-    echo "Your OS is Parch linux"
-elif [[ "${release}" == "manjaro" ]]; then
-    echo "Your OS is Manjaro"
-elif [[ "${release}" == "armbian" ]]; then
-    echo "Your OS is Armbian"
-elif [[ "${release}" == "opensuse-tumbleweed" ]]; then
-    echo "Your OS is OpenSUSE Tumbleweed"
-elif [[ "${release}" == "centos" ]]; then
-    if [[ ${os_version} -lt 8 ]]; then
-        echo -e "${red} Please use CentOS 8 or higher ${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "ubuntu" ]]; then
-    if [[ ${os_version} -lt 20 ]]; then
-        echo -e "${red} Please use Ubuntu 20 or higher version!${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "fedora" ]]; then
-    if [[ ${os_version} -lt 36 ]]; then
-        echo -e "${red} Please use Fedora 36 or higher version!${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "debian" ]]; then
-    if [[ ${os_version} -lt 11 ]]; then
-        echo -e "${red} Please use Debian 11 or higher ${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "almalinux" ]]; then
-    if [[ ${os_version} -lt 9 ]]; then
-        echo -e "${red} Please use AlmaLinux 9 or higher ${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "rocky" ]]; then
-    if [[ ${os_version} -lt 9 ]]; then
-        echo -e "${red} Please use Rocky Linux 9 or higher ${plain}\n" && exit 1
-    fi
-elif [[ "${release}" == "oracle" ]]; then
-    if [[ ${os_version} -lt 8 ]]; then
-        echo -e "${red} Please use Oracle Linux 8 or higher ${plain}\n" && exit 1
-    fi
-else
-    echo -e "${red}Your operating system is not supported by this script.${plain}\n"
-    echo "Please ensure you are using one of the following supported operating systems:"
-    echo "- Ubuntu 20.04+"
-    echo "- Debian 11+"
-    echo "- CentOS 8+"
-    echo "- Fedora 36+"
-    echo "- Arch Linux"
-    echo "- Parch Linux"
-    echo "- Manjaro"
-    echo "- Armbian"
-    echo "- AlmaLinux 9+"
-    echo "- Rocky Linux 9+"
-    echo "- Oracle Linux 8+"
-    echo "- OpenSUSE Tumbleweed"
-    exit 1
-
-fi
-
 confirm() {
     if [[ $# > 1 ]]; then
         echo && read -p "$1 [Default$2]: " temp
@@ -164,7 +100,6 @@ custom_version() {
 
     download_link="https://raw.githubusercontent.com/alireza0/s-ui/master/install.sh"
 
-    # Use the entered panel version in the download link
     install_command="bash <(curl -Ls $download_link) $panel_version"
 
     echo "Downloading and installing panel version $panel_version..."
@@ -232,13 +167,11 @@ set_setting() {
     echo -e "Enter the ${yellow}panel path${plain} (leave blank for existing/default value):"
     read config_path
 
-    # Sub configuration
     echo -e "Enter the ${yellow}subscription port${plain} (leave blank for existing/default value):"
     read config_subPort
     echo -e "Enter the ${yellow}subscription path${plain} (leave blank for existing/default value):" 
     read config_subPath
 
-    # Set configs
     echo -e "${yellow}Initializing, please wait...${plain}"
     params=""
     [ -z "$config_port" ] || params="$params -port $config_port"
@@ -373,7 +306,6 @@ update_shell() {
     fi
 }
 
-# 0: running, 1: not running, 2: not installed
 check_status() {
     if [[ ! -f "/etc/systemd/system/$1.service" ]]; then
         return 2
@@ -487,20 +419,13 @@ bbr_menu() {
 }
 
 disable_bbr() {
-
     if ! grep -q "net.core.default_qdisc=fq" /etc/sysctl.conf || ! grep -q "net.ipv4.tcp_congestion_control=bbr" /etc/sysctl.conf; then
         echo -e "${yellow}BBR is not currently enabled.${plain}"
         exit 0
     fi
-
-    # Replace BBR with CUBIC configurations
     sed -i 's/net.core.default_qdisc=fq/net.core.default_qdisc=pfifo_fast/' /etc/sysctl.conf
     sed -i 's/net.ipv4.tcp_congestion_control=bbr/net.ipv4.tcp_congestion_control=cubic/' /etc/sysctl.conf
-
-    # Apply changes
     sysctl -p
-
-    # Verify that BBR is replaced with CUBIC
     if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "cubic" ]]; then
         echo -e "${green}BBR has been replaced with CUBIC successfully.${plain}"
     else
@@ -513,8 +438,6 @@ enable_bbr() {
         echo -e "${green}BBR is already enabled!${plain}"
         exit 0
     fi
-
-    # Check the OS and install necessary packages
     case "${release}" in
     ubuntu | debian | armbian)
         apt-get update && apt-get install -yqq --no-install-recommends ca-certificates
@@ -533,15 +456,9 @@ enable_bbr() {
         exit 1
         ;;
     esac
-
-    # Enable BBR
     echo "net.core.default_qdisc=fq" | tee -a /etc/sysctl.conf
     echo "net.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf
-
-    # Apply changes
     sysctl -p
-
-    # Verify that BBR is enabled
     if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "bbr" ]]; then
         echo -e "${green}BBR has been enabled successfully.${plain}"
     else
@@ -566,6 +483,7 @@ ssl_cert_issue_main() {
     echo -e "${green}\t1.${plain} Get SSL"
     echo -e "${green}\t2.${plain} Revoke"
     echo -e "${green}\t3.${plain} Force Renew"
+    echo -e "${green}\t4.${plain} Self-signed Certificate"
     read -p "Choose an option: " choice
     case "$choice" in
         1) ssl_cert_issue ;;
@@ -579,12 +497,14 @@ ssl_cert_issue_main() {
             local domain=""
             read -p "Please enter your domain name to forcefully renew an SSL certificate: " domain
             ~/.acme.sh/acme.sh --renew -d ${domain} --force ;;
+        4)
+            generate_self_signed_cert
+            ;;
         *) echo "Invalid choice" ;;
     esac
 }
 
 ssl_cert_issue() {
-    # check for acme.sh first
     if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
         echo "acme.sh could not be found. we will install it"
         install_acme
@@ -593,7 +513,6 @@ ssl_cert_issue() {
             exit 1
         fi
     fi
-    # install socat second
     case "${release}" in
     ubuntu | debian | armbian)
         apt update && apt install socat -y
@@ -619,11 +538,9 @@ ssl_cert_issue() {
         LOGI "install socat succeed..."
     fi
 
-    # get the domain here,and we need verify it
     local domain=""
     read -p "Please enter your domain name:" domain
     LOGD "your domain is:${domain},check it..."
-    # here we need to judge whether there exists cert already
     local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
 
     if [ ${currentCert} == ${domain} ]; then
@@ -635,7 +552,6 @@ ssl_cert_issue() {
         LOGI "your domain is ready for issuing cert now..."
     fi
 
-    # create a directory for install cert
     certPath="/root/cert/${domain}"
     if [ ! -d "$certPath" ]; then
         mkdir -p "$certPath"
@@ -644,15 +560,12 @@ ssl_cert_issue() {
         mkdir -p "$certPath"
     fi
 
-    # get needed port here
     local WebPort=80
     read -p "please choose which port do you use,default will be 80 port:" WebPort
     if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
         LOGE "your input ${WebPort} is invalid,will use default port"
     fi
     LOGI "will use port:${WebPort} to issue certs,please make sure this port is open..."
-    # NOTE:This should be handled by user
-    # open the port and kill the occupied progress
     ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
     ~/.acme.sh/acme.sh --issue -d ${domain} --standalone --httpport ${WebPort}
     if [ $? -ne 0 ]; then
@@ -662,7 +575,6 @@ ssl_cert_issue() {
     else
         LOGE "issue certs succeed,installing certs..."
     fi
-    # install cert
     ~/.acme.sh/acme.sh --installcert -d ${domain} \
         --key-file /root/cert/${domain}/privkey.pem \
         --fullchain-file /root/cert/${domain}/fullchain.pem
@@ -804,6 +716,61 @@ ssl_cert_issue_CF() {
     esac
 }
 
+generate_self_signed_cert() {
+    cert_dir="/etc/sing-box"
+    mkdir -p "$cert_dir"
+    LOGI "Choose certificate type:"
+    echo -e "${green}\t1.${plain} Ed25519 (*recommended*)"
+    echo -e "${green}\t2.${plain} RSA 2048"
+    echo -e "${green}\t3.${plain} RSA 4096"
+    echo -e "${green}\t4.${plain} ECDSA prime256v1"
+    echo -e "${green}\t5.${plain} ECDSA secp384r1"
+    read -p "Enter your choice [1-5, default 1]: " cert_type
+    cert_type=${cert_type:-1}
+
+    case "$cert_type" in
+        1)
+            algo="ed25519"
+            key_opt="-newkey ed25519"
+            ;;
+        2)
+            algo="rsa"
+            key_opt="-newkey rsa:2048"
+            ;;
+        3)
+            algo="rsa"
+            key_opt="-newkey rsa:4096"
+            ;;
+        4)
+            algo="ecdsa"
+            key_opt="-newkey ec -pkeyopt ec_paramgen_curve:prime256v1"
+            ;;
+        5)
+            algo="ecdsa"
+            key_opt="-newkey ec -pkeyopt ec_paramgen_curve:secp384r1"
+            ;;
+        *)
+            algo="ed25519"
+            key_opt="-newkey ed25519"
+            ;;
+    esac
+
+    LOGI "Generating self-signed certificate ($algo)..."
+    sudo openssl req -x509 -nodes -days 3650 $key_opt \
+        -keyout "${cert_dir}/self.key" \
+        -out "${cert_dir}/self.crt" \
+        -subj "/CN=myserver"
+    if [[ $? -eq 0 ]]; then
+        sudo chmod 600 "${cert_dir}/self."*
+        LOGI "Self-signed certificate generated successfully!"
+        LOGI "Certificate path: ${cert_dir}/self.crt"
+        LOGI "Key path: ${cert_dir}/self.key"
+    else
+        LOGE "Failed to generate self-signed certificate."
+    fi
+    before_show_menu
+}
+
 show_usage() {
     echo -e "S-UI Control Menu Usage"
     echo -e "------------------------------------------"

service/client.go

@@ -55,7 +55,7 @@ func (s *ClientService) Save(tx *gorm.DB, act string, data json.RawMessage, host
 		if err != nil {
 			return nil, err
 		}
-		err = s.updateLinksWithFixedInbounds(tx, []*model.Client{&client}, inboundIds, hostname)
+		err = s.updateLinksWithFixedInbounds(tx, []*model.Client{&client}, hostname)
 		if err != nil {
 			return nil, err
 		}
@@ -85,7 +85,7 @@ func (s *ClientService) Save(tx *gorm.DB, act string, data json.RawMessage, host
 		if err != nil {
 			return nil, err
 		}
-		err = s.updateLinksWithFixedInbounds(tx, clients, inboundIds, hostname)
+		err = s.updateLinksWithFixedInbounds(tx, clients, hostname)
 		if err != nil {
 			return nil, err
 		}
@@ -119,13 +119,19 @@ func (s *ClientService) Save(tx *gorm.DB, act string, data json.RawMessage, host
 	return inboundIds, nil
 }
 
-func (s *ClientService) updateLinksWithFixedInbounds(tx *gorm.DB, clients []*model.Client, inbounIds []uint, hostname string) error {
+func (s *ClientService) updateLinksWithFixedInbounds(tx *gorm.DB, clients []*model.Client, hostname string) error {
 	var err error
 	var inbounds []model.Inbound
+	var inboundIds []uint
+
+	err = json.Unmarshal(clients[0].Inbounds, &inboundIds)
+	if err != nil {
+		return err
+	}
 
 	// Zero inbounds means removing local links only
-	if len(inbounIds) > 0 {
-		err = tx.Model(model.Inbound{}).Preload("Tls").Where("id in ? and type in ?", inbounIds, util.InboundTypeWithLink).Find(&inbounds).Error
+	if len(inboundIds) > 0 {
+		err = tx.Model(model.Inbound{}).Preload("Tls").Where("id in ? and type in ?", inboundIds, util.InboundTypeWithLink).Find(&inbounds).Error
 		if err != nil {
 			return err
 		}
@@ -277,7 +283,7 @@ func (s *ClientService) UpdateLinksByInboundChange(tx *gorm.DB, inbounds *[]mode
 				})
 			}
 			for _, clientLink := range clientLinks {
-				if clientLink["remark"] != inbound.Tag && clientLink["remark"] != oldTag {
+				if clientLink["type"] != "local" || (clientLink["remark"] != inbound.Tag && clientLink["remark"] != oldTag) {
 					newClientLinks = append(newClientLinks, clientLink)
 				}
 			}

service/config.go

@@ -142,10 +142,11 @@ func (s *ConfigService) Save(obj string, act string, data json.RawMessage, initU
 
 	switch obj {
 	case "clients":
-		inboundIds, err := s.ClientService.Save(tx, act, data, hostname)
+		var inboundIds []uint
+		inboundIds, err = s.ClientService.Save(tx, act, data, hostname)
 		if err == nil && len(inboundIds) > 0 {
 			objs = append(objs, "inbounds")
-			err = s.InboundService.UpdateUsers(tx, inboundIds)
+			err = s.InboundService.RestartInbounds(tx, inboundIds)
 			if err != nil {
 				return nil, common.NewErrorf("failed to update users for inbounds: %v", err)
 			}

service/inbounds.go

@@ -4,16 +4,12 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"s-ui/core/protocol/hysteria"
-	"s-ui/core/protocol/hysteria2"
 	"s-ui/database"
 	"s-ui/database/model"
-	"s-ui/logger"
 	"s-ui/util"
 	"s-ui/util/common"
 	"strings"
 
-	"github.com/sagernet/sing-box/option"
 	"gorm.io/gorm"
 )
 
@@ -331,64 +327,6 @@ func (s *InboundService) initUsers(db *gorm.DB, inboundJson []byte, clientIds st
 	return json.Marshal(inbound)
 }
 
-func (s *InboundService) UpdateUsers(tx *gorm.DB, ids []uint) error {
-	var inbounds []model.Inbound
-	err := tx.Model(model.Inbound{}).Preload("Tls").Where("id in ?", ids).Find(&inbounds).Error
-	if err != nil {
-		return err
-	}
-	for _, inbound := range inbounds {
-		inboundConfig, err := inbound.MarshalJSON()
-		if err != nil {
-			return err
-		}
-		inboundConfig, err = s.addUsers(tx, inboundConfig, inbound.Id, inbound.Type)
-		if err != nil {
-			return err
-		}
-		inb, ok := corePtr.GetInstance().Inbound().Get(inbound.Tag)
-		if !ok {
-			return common.NewErrorf("inbound %s not found", inbound.Tag)
-		}
-		switch inbound.Type {
-		case "hysteria":
-			var hysteriaOptions option.HysteriaInboundOptions
-			err = json.Unmarshal(inboundConfig, &hysteriaOptions)
-			if err != nil {
-				return common.NewErrorf("failed to unmarshal hysteria options for inbound %s: %v", inbound.Tag, err)
-			}
-			err = inb.(*hysteria.Inbound).UpdateUsers(hysteriaOptions.Users)
-			if err != nil {
-				return common.NewErrorf("failed to update users for hysteria inbound %s: %v", inbound.Tag, err)
-			}
-			logger.Info("Updated users for hysteria inbound:", inbound.Tag)
-		case "hysteria2":
-			var hy2Options option.Hysteria2InboundOptions
-			err = json.Unmarshal(inboundConfig, &hy2Options)
-			if err != nil {
-				return common.NewErrorf("failed to unmarshal hysteria2 options for inbound %s: %v", inbound.Tag, err)
-			}
-			err = inb.(*hysteria2.Inbound).UpdateUsers(hy2Options.Users)
-			if err != nil {
-				return common.NewErrorf("failed to update users for hysteria2 inbound %s: %v", inbound.Tag, err)
-			}
-			logger.Info("Updated users for hysteria2 inbound:", inbound.Tag)
-		default:
-			err = corePtr.RemoveInbound(inbound.Tag)
-			if err != nil && err != os.ErrInvalid {
-				return err
-			}
-
-			err = corePtr.AddInbound(inboundConfig)
-			if err != nil {
-				return err
-			}
-		}
-
-	}
-	return nil
-}
-
 func (s *InboundService) RestartInbounds(tx *gorm.DB, ids []uint) error {
 	if !corePtr.IsRunning() {
 		return nil
@@ -403,6 +341,9 @@ func (s *InboundService) RestartInbounds(tx *gorm.DB, ids []uint) error {
 		if err != nil && err != os.ErrInvalid {
 			return err
 		}
+		// Close all existing connections
+		corePtr.GetInstance().ConnTracker().CloseConnByInbound(inbound.Tag)
+
 		inboundConfig, err := inbound.MarshalJSON()
 		if err != nil {
 			return err

service/panel.go

@@ -2,6 +2,7 @@ package service
 
 import (
 	"os"
+	"runtime"
 	"s-ui/logger"
 	"syscall"
 	"time"
@@ -17,7 +18,11 @@ func (s *PanelService) RestartPanel(delay time.Duration) error {
 	}
 	go func() {
 		time.Sleep(delay)
-		err := p.Signal(syscall.SIGHUP)
+		if runtime.GOOS == "windows" {
+			err = p.Kill()
+		} else {
+			err = p.Signal(syscall.SIGHUP)
+		}
 		if err != nil {
 			logger.Error("send signal SIGHUP failed:", err)
 		}

service/setting.go

@@ -3,6 +3,7 @@ package service
 import (
 	"encoding/json"
 	"os"
+	"runtime"
 	"s-ui/config"
 	"s-ui/database"
 	"s-ui/database/model"
@@ -19,10 +20,16 @@ var defaultConfig = `{
   "log": {
     "level": "info"
   },
-  "dns": {},
+  "dns": {
+    "servers": [],
+    "rules": []
+  },
   "route": {
     "rules": [
 		  {
+        "action": "sniff"
+      },
+      {
         "protocol": [
           "dns"
         ],
@@ -239,6 +246,9 @@ func (s *SettingService) GetTimeLocation() (*time.Location, error) {
 	if err != nil {
 		return nil, err
 	}
+	if runtime.GOOS == "windows" {
+		l = "Local"
+	}
 	location, err := time.LoadLocation(l)
 	if err != nil {
 		defaultLocation := defaultValueMap["timeLocation"]
@@ -381,6 +391,13 @@ func (s *SettingService) Save(tx *gorm.DB, data json.RawMessage) error {
 			}
 		}
 
+		// Delete all stats if it is set to 0
+		if key == "trafficAge" && obj == "0" {
+			err = tx.Where("id > 0").Delete(model.Stats{}).Error
+			if err != nil {
+				return err
+			}
+		}
 		err = tx.Model(model.Setting{}).Where("key = ?", key).Update("value", obj).Error
 		if err != nil {
 			return err

service/stats.go

@@ -19,11 +19,11 @@ var onlineResources = &onlines{}
 type StatsService struct {
 }
 
-func (s *StatsService) SaveStats() error {
+func (s *StatsService) SaveStats(enableTraffic bool) error {
 	if !corePtr.IsRunning() {
 		return nil
 	}
-	stats := corePtr.GetInstance().ConnTracker().GetStats()
+	stats := corePtr.GetInstance().StatsTracker().GetStats()
 
 	// Reset onlines
 	onlineResources.Inbound = nil
@@ -70,8 +70,10 @@ func (s *StatsService) SaveStats() error {
 		}
 	}
 
-	err = tx.Create(&stats).Error
-	return err
+	if !enableTraffic {
+		return nil
+	}
+	return tx.Create(&stats).Error
 }
 
 func (s *StatsService) GetStats(resource string, tag string, limit int) ([]model.Stats, error) {

sub/clashService.go

@@ -73,8 +73,12 @@ func (s *ClashService) GetClash(subId string) (*string, []string, error) {
 	}
 
 	links := s.LinkService.GetLinks(&client.Links, "external", "")
+	tagNumEnable := 0
+	if len(links) > 1 {
+		tagNumEnable = 1
+	}
 	for index, link := range links {
-		json, tag, err := util.GetOutbound(link, index)
+		json, tag, err := util.GetOutbound(link, (index+1)*tagNumEnable)
 		if err == nil && len(tag) > 0 {
 			*outbounds = append(*outbounds, *json)
 			*outTags = append(*outTags, tag)
@@ -132,6 +136,12 @@ func (s *ClashService) ConvertToClashMeta(outbounds *[]map[string]interface{}) (
 					proxy["flow"] = flow
 				}
 			}
+			if t == "tuic" {
+				proxy["password"] = obMap["password"]
+				if congestion_control, ok := obMap["congestion_control"].(string); ok {
+					proxy["congestion-controller"] = congestion_control
+				}
+			}
 		case "trojan":
 			proxy["password"] = obMap["password"]
 		case "socks", "http":
@@ -162,9 +172,15 @@ func (s *ClashService) ConvertToClashMeta(outbounds *[]map[string]interface{}) (
 					proxy["obfs"] = obfs["type"]
 					proxy["obfs-password"] = obfs["password"]
 				}
-				if ports, ok := obMap["server_ports"].([]string); ok {
-					proxy["ports"] = strings.ReplaceAll(strings.Join(ports, ","), ":", "-")
 			}
+
+			if portLists, ok := obMap["server_ports"].([]interface{}); ok {
+				var ports []string
+				for _, portList := range portLists {
+					portRange, _ := portList.(string)
+					ports = append(ports, strings.ReplaceAll(portRange, ":", "-"))
+				}
+				proxy["ports"] = strings.Join(ports, ",")
 			}
 		case "anytls":
 			proxy["password"] = obMap["password"]

sub/jsonService.go

@@ -7,6 +7,7 @@ import (
 	"s-ui/database/model"
 	"s-ui/service"
 	"s-ui/util"
+	"strings"
 )
 
 const defaultJson = `
@@ -60,8 +61,12 @@ func (j *JsonService) GetJson(subId string, format string) (*string, []string, e
 	}
 
 	links := j.LinkService.GetLinks(&client.Links, "external", "")
+	tagNumEnable := 0
+	if len(links) > 1 {
+		tagNumEnable = 1
+	}
 	for index, link := range links {
-		json, tag, err := util.GetOutbound(link, index)
+		json, tag, err := util.GetOutbound(link, (index+1)*tagNumEnable)
 		if err == nil && len(tag) > 0 {
 			*outbounds = append(*outbounds, *json)
 			*outTags = append(*outTags, tag)
@@ -128,6 +133,29 @@ func (j *JsonService) getOutbounds(clientConfig json.RawMessage, inbounds []*mod
 			return nil, nil, err
 		}
 		protocol, _ := outbound["type"].(string)
+
+		// Shadowsocks
+		if protocol == "shadowsocks" {
+			var userPass []string
+			var inbOptions map[string]interface{}
+			err = json.Unmarshal(inData.Options, &inbOptions)
+			if err != nil {
+				return nil, nil, err
+			}
+			method, _ := inbOptions["method"].(string)
+			if strings.HasPrefix(method, "2022") {
+				inbPass, _ := inbOptions["password"].(string)
+				userPass = append(userPass, inbPass)
+			}
+			var pass string
+			if method == "2022-blake3-aes-128-gcm" {
+				pass, _ = configs["shadowsocks16"].(map[string]interface{})["password"].(string)
+			} else {
+				pass, _ = configs["shadowsocks"].(map[string]interface{})["password"].(string)
+			}
+			userPass = append(userPass, pass)
+			outbound["password"] = strings.Join(userPass, ":")
+		} else { // Other protocols
 			config, _ := configs[protocol].(map[string]interface{})
 			for key, value := range config {
 				if key == "name" || key == "alterId" || (key == "flow" && inData.TlsId == 0) {
@@ -135,6 +163,7 @@ func (j *JsonService) getOutbounds(clientConfig json.RawMessage, inbounds []*mod
 				}
 				outbound[key] = value
 			}
+		}
 
 		var addrs []map[string]interface{}
 		err = json.Unmarshal(inData.Addrs, &addrs)

util/genLink.go

@@ -10,7 +10,7 @@ import (
 	"strings"
 )
 
-var InboundTypeWithLink = []string{"shadowsocks", "naive", "hysteria", "hysteria2", "anytls", "tuic", "vless", "trojan", "vmess"}
+var InboundTypeWithLink = []string{"socks", "http", "mixed", "shadowsocks", "naive", "hysteria", "hysteria2", "anytls", "tuic", "vless", "trojan", "vmess"}
 
 func LinkGenerator(clientConfig json.RawMessage, i *model.Inbound, hostname string) []string {
 	inbound, err := i.MarshalFull()
@@ -61,6 +61,15 @@ func LinkGenerator(clientConfig json.RawMessage, i *model.Inbound, hostname stri
 	}
 
 	switch i.Type {
+	case "socks":
+		return socksLink(userConfig["socks"], *inbound, Addrs)
+	case "http":
+		return httpLink(userConfig["http"], *inbound, Addrs)
+	case "mixed":
+		return append(
+			socksLink(userConfig["socks"], *inbound, Addrs),
+			httpLink(userConfig["http"], *inbound, Addrs)...,
+		)
 	case "shadowsocks":
 		return shadowsocksLink(userConfig, *inbound, Addrs)
 	case "naive":
@@ -106,6 +115,26 @@ func prepareTls(t *model.Tls) map[string]interface{} {
 	return oTls
 }
 
+func socksLink(userConfig map[string]interface{}, inbound map[string]interface{}, addrs []map[string]interface{}) []string {
+	var links []string
+	for _, addr := range addrs {
+		links = append(links, fmt.Sprintf("socks5://%s:%s@%s:%d", userConfig["username"], userConfig["password"], addr["server"].(string), uint(addr["server_port"].(float64))))
+	}
+	return links
+}
+
+func httpLink(userConfig map[string]interface{}, inbound map[string]interface{}, addrs []map[string]interface{}) []string {
+	var links []string
+	var protocol string = "http"
+	for _, addr := range addrs {
+		if addr["tls"] != nil {
+			protocol = "https"
+		}
+		links = append(links, fmt.Sprintf("%s://%s:%s@%s:%d", protocol, userConfig["username"], userConfig["password"], addr["server"].(string), uint(addr["server_port"].(float64))))
+	}
+	return links
+}
+
 func shadowsocksLink(
 	userConfig map[string]map[string]interface{},
 	inbound map[string]interface{},
@@ -130,7 +159,7 @@ func shadowsocksLink(
 	var links []string
 	for _, addr := range addrs {
 		port, _ := addr["server_port"].(float64)
-		links = append(links, fmt.Sprintf("%s@%s:%d", uriBase, addr["server"].(string), uint(port)))
+		links = append(links, fmt.Sprintf("%s@%s:%.0f#%s", uriBase, addr["server"].(string), port, addr["remark"].(string)))
 	}
 	return links
 }
@@ -171,7 +200,7 @@ func naiveLink(
 		}
 
 		port, _ := addr["server_port"].(float64)
-		uri := baseUri + toBase64([]byte(fmt.Sprintf("%s:%s@%s:%d", username, password, addr["server"].(string), uint(port))))
+		uri := baseUri + toBase64([]byte(fmt.Sprintf("%s:%s@%s:%.0f", username, password, addr["server"].(string), port)))
 		links = append(links, addParams(uri, params, addr["remark"].(string)))
 	}
 	return links
@@ -187,29 +216,17 @@ func hysteriaLink(
 
 	for _, addr := range addrs {
 		params := map[string]string{}
-		if upmbps, ok := inbound["up_mbps"].(string); ok {
-			params["up_mbps"] = upmbps
+		if upmbps, ok := inbound["up_mbps"].(float64); ok {
+			params["downmbps"] = fmt.Sprintf("%.0f", upmbps)
 		}
-		if downmbps, ok := inbound["down_mbps"].(string); ok {
-			params["down_mbps"] = downmbps
+		if downmbps, ok := inbound["down_mbps"].(float64); ok {
+			params["upmbps"] = fmt.Sprintf("%.0f", downmbps)
 		}
 		if auth, ok := userConfig["auth_str"].(string); ok {
 			params["auth"] = auth
 		}
 		if tls, ok := addr["tls"].(map[string]interface{}); ok {
-			if sni, ok := tls["server_name"].(string); ok {
-				params["peer"] = sni
-			}
-			if alpn, ok := tls["alpn"].([]interface{}); ok {
-				alpnList := make([]string, len(alpn))
-				for i, v := range alpn {
-					alpnList[i] = v.(string)
-				}
-				params["alpn"] = strings.Join(alpnList, ",")
-			}
-			if insecure, ok := tls["insecure"].(bool); ok && insecure {
-				params["insecure"] = "1"
-			}
+			getTlsParams(&params, tls, "insecure")
 		}
 		if obfs, ok := inbound["obfs"].(string); ok {
 			params["obfs"] = obfs
@@ -219,9 +236,18 @@ func hysteriaLink(
 		} else {
 			params["fastopen"] = "0"
 		}
+		var outJson map[string]interface{}
+		json.Unmarshal(inbound["out_json"].(json.RawMessage), &outJson)
+		if mport, ok := outJson["server_ports"].([]interface{}); ok {
+			mportList := make([]string, len(mport))
+			for i, v := range mport {
+				mportList[i] = v.(string)
+			}
+			params["mport"] = strings.Join(mportList, ",")
+		}
 
 		port, _ := addr["server_port"].(float64)
-		uri := fmt.Sprintf("%s%s:%d", baseUri, addr["server"].(string), uint(port))
+		uri := fmt.Sprintf("%s%s:%.0f", baseUri, addr["server"].(string), port)
 		links = append(links, addParams(uri, params, addr["remark"].(string)))
 	}
 
@@ -239,26 +265,14 @@ func hysteria2Link(
 
 	for _, addr := range addrs {
 		params := map[string]string{}
-		if upmbps, ok := inbound["up_mbps"].(string); ok {
-			params["up_mbps"] = upmbps
+		if upmbps, ok := inbound["up_mbps"].(float64); ok {
+			params["downmbps"] = fmt.Sprintf("%.0f", upmbps)
 		}
-		if downmbps, ok := inbound["down_mbps"].(string); ok {
-			params["down_mbps"] = downmbps
+		if downmbps, ok := inbound["down_mbps"].(float64); ok {
+			params["upmbps"] = fmt.Sprintf("%.0f", downmbps)
 		}
 		if tls, ok := addr["tls"].(map[string]interface{}); ok {
-			if sni, ok := tls["server_name"].(string); ok {
-				params["sni"] = sni
-			}
-			if alpn, ok := tls["alpn"].([]interface{}); ok {
-				alpnList := make([]string, len(alpn))
-				for i, v := range alpn {
-					alpnList[i] = v.(string)
-				}
-				params["alpn"] = strings.Join(alpnList, ",")
-			}
-			if insecure, ok := tls["insecure"].(bool); ok && insecure {
-				params["insecure"] = "1"
-			}
+			getTlsParams(&params, tls, "insecure")
 		}
 		if obfs, ok := inbound["obfs"].(map[string]interface{}); ok {
 			if obfsType, ok := obfs["type"].(string); ok {
@@ -273,9 +287,18 @@ func hysteria2Link(
 		} else {
 			params["fastopen"] = "0"
 		}
+		var outJson map[string]interface{}
+		json.Unmarshal(inbound["out_json"].(json.RawMessage), &outJson)
+		if mport, ok := outJson["server_ports"].([]interface{}); ok {
+			mportList := make([]string, len(mport))
+			for i, v := range mport {
+				mportList[i] = v.(string)
+			}
+			params["mport"] = strings.Join(mportList, ",")
+		}
 
 		port, _ := addr["server_port"].(float64)
-		uri := fmt.Sprintf("%s%s:%d", baseUri, addr["server"].(string), uint(port))
+		uri := fmt.Sprintf("%s%s:%.0f", baseUri, addr["server"].(string), port)
 		links = append(links, addParams(uri, params, addr["remark"].(string)))
 	}
 
@@ -293,23 +316,11 @@ func anytlsLink(
 	for _, addr := range addrs {
 		params := map[string]string{}
 		if tls, ok := addr["tls"].(map[string]interface{}); ok {
-			if sni, ok := tls["server_name"].(string); ok {
-				params["sni"] = sni
-			}
-			if alpn, ok := tls["alpn"].([]interface{}); ok {
-				alpnList := make([]string, len(alpn))
-				for i, v := range alpn {
-					alpnList[i] = v.(string)
-				}
-				params["alpn"] = strings.Join(alpnList, ",")
-			}
-			if insecure, ok := tls["insecure"].(bool); ok && insecure {
-				params["insecure"] = "1"
-			}
+			getTlsParams(&params, tls, "insecure")
 		}
 
 		port, _ := addr["server_port"].(float64)
-		uri := fmt.Sprintf("%s%s:%d", baseUri, addr["server"].(string), uint(port))
+		uri := fmt.Sprintf("%s%s:%.0f", baseUri, addr["server"].(string), port)
 		links = append(links, addParams(uri, params, addr["remark"].(string)))
 	}
 
@@ -329,29 +340,14 @@ func tuicLink(
 	for _, addr := range addrs {
 		params := map[string]string{}
 		if tls, ok := addr["tls"].(map[string]interface{}); ok {
-			if sni, ok := tls["server_name"].(string); ok {
-				params["sni"] = sni
-			}
-			if alpn, ok := tls["alpn"].([]interface{}); ok {
-				alpnList := make([]string, len(alpn))
-				for i, v := range alpn {
-					alpnList[i] = v.(string)
-				}
-				params["alpn"] = strings.Join(alpnList, ",")
-			}
-			if insecure, ok := tls["insecure"].(bool); ok && insecure {
-				params["insecure"] = "1"
-			}
-			if disableSni, ok := tls["disable_sni"].(bool); ok && disableSni {
-				params["disable_sni"] = "1"
-			}
+			getTlsParams(&params, tls, "insecure")
 		}
 		if congestionControl, ok := inbound["congestion_control"].(string); ok {
 			params["congestion_control"] = congestionControl
 		}
 
 		port, _ := addr["server_port"].(float64)
-		uri := fmt.Sprintf("%s%s:%d", baseUri, addr["server"].(string), uint(port))
+		uri := fmt.Sprintf("%s%s:%.0f", baseUri, addr["server"].(string), port)
 		links = append(links, addParams(uri, params, addr["remark"].(string)))
 	}
 
@@ -370,39 +366,13 @@ func vlessLink(
 	for _, addr := range addrs {
 		params := baseParams
 		if tls, ok := addr["tls"].(map[string]interface{}); ok && tls["enabled"].(bool) {
-			if reality, ok := tls["reality"].(map[string]interface{}); ok && reality["enabled"].(bool) {
-				params["security"] = "reality"
-				if pbk, ok := reality["public_key"].(string); ok {
-					params["pbk"] = pbk
-				}
-				if sid, ok := reality["short_id"].(string); ok {
-					params["sid"] = sid
-				}
-			} else {
-				params["security"] = "tls"
-				if insecure, ok := tls["insecure"].(bool); ok && insecure {
-					params["allowInsecure"] = "1"
-				}
-			}
+			getTlsParams(&params, tls, "allowInsecure")
 			if flow, ok := userConfig["flow"].(string); ok {
 				params["flow"] = flow
 			}
-			if utls, ok := tls["utls"].(map[string]interface{}); ok {
-				params["fp"], _ = utls["fingerprint"].(string)
-			}
-			if sni, ok := tls["server_name"].(string); ok {
-				params["sni"] = sni
-			}
-			if alpn, ok := tls["alpn"].([]interface{}); ok {
-				alpnList := make([]string, len(alpn))
-				for i, v := range alpn {
-					alpnList[i] = v.(string)
-				}
-				params["alpn"] = strings.Join(alpnList, ",")
-			}
 		}
 		port, _ := addr["server_port"].(float64)
-		uri := fmt.Sprintf("vless://%s@%s:%d", uuid, addr["server"].(string), uint(port))
+		uri := fmt.Sprintf("vless://%s@%s:%.0f", uuid, addr["server"].(string), port)
 		uri = addParams(uri, params, addr["remark"].(string))
 		links = append(links, uri)
 	}
@@ -421,36 +391,10 @@ func trojanLink(
 	for _, addr := range addrs {
 		params := baseParams
 		if tls, ok := addr["tls"].(map[string]interface{}); ok && tls["enabled"].(bool) {
-			if reality, ok := tls["reality"].(map[string]interface{}); ok && reality["enabled"].(bool) {
-				params["security"] = "reality"
-				if pbk, ok := reality["public_key"].(string); ok {
-					params["pbk"] = pbk
-				}
-				if sid, ok := reality["short_id"].(string); ok {
-					params["sid"] = sid
-				}
-			} else {
-				params["security"] = "tls"
-				if insecure, ok := tls["insecure"].(bool); ok && insecure {
-					params["allowInsecure"] = "1"
-				}
-			}
-			if utls, ok := tls["utls"].(map[string]interface{}); ok {
-				params["fp"], _ = utls["fingerprint"].(string)
-			}
-			if sni, ok := tls["server_name"].(string); ok {
-				params["sni"] = sni
-			}
-			if alpn, ok := tls["alpn"].([]interface{}); ok {
-				alpnList := make([]string, len(alpn))
-				for i, v := range alpn {
-					alpnList[i] = v.(string)
-				}
-				params["alpn"] = strings.Join(alpnList, ",")
-			}
+			getTlsParams(&params, tls, "allowInsecure")
 		}
 		port, _ := addr["server_port"].(float64)
-		uri := fmt.Sprintf("trojan://%s@%s:%d", password, addr["server"].(string), uint(port))
+		uri := fmt.Sprintf("trojan://%s@%s:%.0f", password, addr["server"].(string), port)
 		uri = addParams(uri, params, addr["remark"].(string))
 		links = append(links, uri)
 	}
@@ -501,6 +445,13 @@ func vmessLink(
 			if sni, ok := tls["server_name"].(string); ok {
 				obj["sni"] = sni
 			}
+			if alpn, ok := tls["alpn"].([]interface{}); ok {
+				alpnList := make([]string, len(alpn))
+				for i, v := range alpn {
+					alpnList[i] = v.(string)
+				}
+				obj["alpn"] = strings.Join(alpnList, ",")
+			}
 			if utls, ok := tls["utls"].(map[string]interface{}); ok {
 				obj["fp"], _ = utls["fingerprint"].(string)
 			}
@@ -522,11 +473,16 @@ func toBase64(d []byte) string {
 
 func addParams(uri string, params map[string]string, remark string) string {
 	URL, _ := url.Parse(uri)
-	q := URL.Query()
+	var q []string
 	for k, v := range params {
-		q.Add(k, v)
+		switch k {
+		case "mport", "alpn":
+			q = append(q, fmt.Sprintf("%s=%s", k, v))
+		default:
+			q = append(q, fmt.Sprintf("%s=%s", k, url.QueryEscape(v)))
 		}
-	URL.RawQuery = q.Encode()
+	}
+	URL.RawQuery = strings.Join(q, "&")
 	URL.Fragment = remark
 	return URL.String()
 }
@@ -576,22 +532,35 @@ func getTransportParams(t interface{}) map[string]string {
 	return params
 }
 
-func getTlsParams(t interface{}) map[string]string {
-	params := map[string]string{}
-	if tls, hasTls := t.(map[string]interface{}); hasTls {
+func getTlsParams(params *map[string]string, tls map[string]interface{}, insecureKey string) {
+	if reality, ok := tls["reality"].(map[string]interface{}); ok && reality["enabled"].(bool) {
+		(*params)["security"] = "reality"
+		if pbk, ok := reality["public_key"].(string); ok {
+			(*params)["pbk"] = pbk
+		}
+		if sid, ok := reality["short_id"].(string); ok {
+			(*params)["sid"] = sid
+		}
+	} else {
+		(*params)["security"] = "tls"
+		if insecure, ok := tls["insecure"].(bool); ok && insecure {
+			(*params)[insecureKey] = "1"
+		}
+		if disableSni, ok := tls["disable_sni"].(bool); ok && disableSni {
+			(*params)["disable_sni"] = "1"
+		}
+	}
+	if utls, ok := tls["utls"].(map[string]interface{}); ok {
+		(*params)["fp"], _ = utls["fingerprint"].(string)
+	}
 	if sni, ok := tls["server_name"].(string); ok {
-			params["sni"] = sni
+		(*params)["sni"] = sni
 	}
 	if alpn, ok := tls["alpn"].([]interface{}); ok {
 		alpnList := make([]string, len(alpn))
 		for i, v := range alpn {
 			alpnList[i] = v.(string)
 		}
-			params["alpn"] = strings.Join(alpnList, ",")
-		}
-		if insecure, ok := tls["insecure"].(bool); ok && insecure {
-			params["insecure"] = "1"
+		(*params)["alpn"] = strings.Join(alpnList, ",")
 	}
 }
-	return params
-}

util/linkToJson.go

@@ -435,7 +435,7 @@ func ss(u *url.URL, i int) (*map[string]interface{}, string, error) {
 	return &ss, tag, nil
 }
 
-func getTransport(tp_type string, q *url.Values) *map[string]interface{} {
+func getTransport(tp_type string, q *url.Values) map[string]interface{} {
 	transport := map[string]interface{}{}
 	tp_host := q.Get("host")
 	tp_path := q.Get("path")
@@ -472,15 +472,16 @@ func getTransport(tp_type string, q *url.Values) *map[string]interface{} {
 		transport["path"] = tp_path
 		transport["host"] = tp_host
 	}
-	return &transport
+	return transport
 }
 
-func getTls(security string, q *url.Values) *map[string]interface{} {
+func getTls(security string, q *url.Values) map[string]interface{} {
 	tls := map[string]interface{}{}
 	tls_fp := q.Get("fp")
 	tls_sni := q.Get("sni")
 	tls_insecure := q.Get("allowInsecure")
 	tls_alpn := q.Get("alpn")
+	tls_ech := q.Get("ech")
 	switch security {
 	case "tls":
 		tls["enabled"] = true
@@ -507,5 +508,13 @@ func getTls(security string, q *url.Values) *map[string]interface{} {
 			"fingerprint": tls_fp,
 		}
 	}
-	return &tls
+	if len(tls_ech) > 0 {
+		tls["ech"] = map[string]interface{}{
+			"enabled": true,
+			"config": []string{
+				tls_ech,
+			},
+		}
+	}
+	return tls
 }

util/outJson.go

@@ -42,7 +42,6 @@ func FillOutJson(i *model.Inbound, hostname string) error {
 	case "http", "socks", "mixed", "anytls":
 	case "shadowsocks":
 		shadowsocksOut(&outJson, *inbound)
-		return nil
 	case "shadowtls":
 		shadowTlsOut(&outJson, *inbound)
 	case "hysteria":
@@ -98,6 +97,9 @@ func addTls(out *map[string]interface{}, tls *model.Tls) {
 	if maxVersion, ok := tlsServer["max_version"]; ok {
 		tlsConfig["max_version"] = maxVersion
 	}
+	if certificate, ok := tlsServer["certificate"]; ok {
+		tlsConfig["certificate"] = certificate
+	}
 	if cipherSuites, ok := tlsServer["cipher_suites"]; ok {
 		tlsConfig["cipher_suites"] = cipherSuites
 	}

windows/README.md

@@ -0,0 +1,23 @@
+# Windows Files
+
+This directory contains all Windows-specific files for S-UI.
+
+## Available Files:
+
+- **s-ui-windows.xml**: Windows Service configuration
+- **install-windows.bat**: Installation script
+- **s-ui-windows.bat**: Control panel
+- **uninstall-windows.bat**: Uninstallation script
+- **build-windows.bat**: Simple build script for CMD
+- **build-windows.ps1**: Advanced build script for PowerShell
+
+## Usage:
+
+To install S-UI on Windows:
+1. Run `install-windows.bat` as Administrator
+2. Follow the installation wizard
+3. Use `s-ui-windows.bat` for management
+
+To build from source:
+- With CMD: `build-windows.bat`
+- With PowerShell: `.\build-windows.ps1`

windows/build-windows.bat

@@ -0,0 +1,71 @@
+@echo off
+setlocal enabledelayedexpansion
+
+echo Building S-UI for Windows...
+
+REM Check if Go is installed
+go version >nul 2>&1
+if errorlevel 1 (
+    echo Error: Go is not installed or not in PATH
+    echo Please install Go from https://golang.org/dl/
+    pause
+    exit /b 1
+)
+
+REM Check if Node.js is installed
+node --version >nul 2>&1
+if errorlevel 1 (
+    echo Error: Node.js is not installed or not in PATH
+    echo Please install Node.js from https://nodejs.org/
+    pause
+    exit /b 1
+)
+
+echo Building frontend...
+cd frontend
+call npm install
+if errorlevel 1 (
+    echo Error: Failed to install frontend dependencies
+    pause
+    exit /b 1
+)
+
+call npm run build
+if errorlevel 1 (
+    echo Error: Failed to build frontend
+    pause
+    exit /b 1
+)
+
+cd ..
+
+echo Creating web/html directory...
+if not exist "web\html" mkdir "web\html"
+
+echo Copying frontend build files...
+xcopy "frontend\dist\*" "web\html\" /E /Y /Q
+
+echo Building backend...
+set CGO_ENABLED=1
+set GOOS=windows
+set GOARCH=amd64
+
+REM Try to build with CGO first
+go build -ldflags "-w -s" -tags "with_quic,with_grpc,with_utls,with_acme,with_gvisor" -o sui.exe main.go
+if errorlevel 1 (
+    echo Warning: CGO build failed, trying without CGO...
+    set CGO_ENABLED=0
+    go build -ldflags "-w -s" -tags "with_quic,with_grpc,with_utls,with_acme,with_gvisor" -o sui.exe main.go
+    if errorlevel 1 (
+        echo Error: Failed to build backend
+        pause
+        exit /b 1
+    )
+    echo Built without CGO (some features may be limited)
+) else (
+    echo Built with CGO
+)
+
+echo Build completed successfully!
+echo Output: sui.exe
+pause

windows/build-windows.ps1

@@ -0,0 +1,138 @@
+# PowerShell script for building S-UI on Windows
+param(
+    [string]$Architecture = "amd64",
+    [switch]$NoCGO,
+    [switch]$Help
+)
+
+if ($Help) {
+    Write-Host "Usage: .\build-windows.ps1 [-Architecture <arch>] [-NoCGO] [-Help]"
+    Write-Host "Architectures: amd64, 386, arm64"
+    Write-Host "Examples:"
+    Write-Host "  .\build-windows.ps1                    # Build for amd64 with CGO"
+    Write-Host "  .\build-windows.ps1 -Architecture 386 # Build for 32-bit Windows"
+    Write-Host "  .\build-windows.ps1 -NoCGO            # Build without CGO"
+    exit 0
+}
+
+Write-Host "Building S-UI for Windows ($Architecture)..." -ForegroundColor Green
+
+# Check if Go is installed
+try {
+    $goVersion = go version 2>$null
+    if ($LASTEXITCODE -ne 0) {
+        throw "Go not found"
+    }
+    Write-Host "Go version: $goVersion" -ForegroundColor Green
+} catch {
+    Write-Host "Error: Go is not installed or not in PATH" -ForegroundColor Red
+    Write-Host "Please install Go from https://golang.org/dl/" -ForegroundColor Yellow
+    Read-Host "Press Enter to exit"
+    exit 1
+}
+
+# Check if Node.js is installed
+try {
+    $nodeVersion = node --version 2>$null
+    if ($LASTEXITCODE -ne 0) {
+        throw "Node.js not found"
+    }
+    Write-Host "Node.js version: $nodeVersion" -ForegroundColor Green
+} catch {
+    Write-Host "Error: Node.js is not installed or not in PATH" -ForegroundColor Red
+    Write-Host "Please install Node.js from https://nodejs.org/" -ForegroundColor Yellow
+    Read-Host "Press Enter to exit"
+    exit 1
+}
+
+# Build frontend
+Write-Host "Building frontend..." -ForegroundColor Yellow
+Push-Location frontend
+
+try {
+    Write-Host "Installing dependencies..." -ForegroundColor Cyan
+    npm install
+    if ($LASTEXITCODE -ne 0) {
+        throw "Failed to install frontend dependencies"
+    }
+
+    Write-Host "Building frontend..." -ForegroundColor Cyan
+    npm run build
+    if ($LASTEXITCODE -ne 0) {
+        throw "Failed to build frontend"
+    }
+} catch {
+    Write-Host "Error: $_" -ForegroundColor Red
+    Pop-Location
+    Read-Host "Press Enter to exit"
+    exit 1
+}
+
+Pop-Location
+
+# Create web/html directory
+Write-Host "Creating web/html directory..." -ForegroundColor Yellow
+if (!(Test-Path "web\html")) {
+    New-Item -ItemType Directory -Path "web\html" -Force | Out-Null
+}
+
+# Copy frontend build files
+Write-Host "Copying frontend build files..." -ForegroundColor Yellow
+Copy-Item "frontend\dist\*" "web\html\" -Recurse -Force
+
+# Build backend
+Write-Host "Building backend..." -ForegroundColor Yellow
+
+# Set environment variables
+$env:GOOS = "windows"
+$env:GOARCH = $Architecture
+
+if ($NoCGO) {
+    $env:CGO_ENABLED = "0"
+    Write-Host "Building without CGO..." -ForegroundColor Yellow
+} else {
+    $env:CGO_ENABLED = "1"
+    Write-Host "Building with CGO..." -ForegroundColor Yellow
+}
+
+# Build command
+$buildCmd = "go build -ldflags `"-w -s`" -tags `"with_quic,with_grpc,with_utls,with_acme,with_gvisor`" -o sui.exe main.go"
+
+try {
+    Invoke-Expression $buildCmd
+    if ($LASTEXITCODE -ne 0) {
+        if (!$NoCGO) {
+            Write-Host "CGO build failed, trying without CGO..." -ForegroundColor Yellow
+            $env:CGO_ENABLED = "0"
+            Invoke-Expression $buildCmd
+            if ($LASTEXITCODE -ne 0) {
+                throw "Failed to build backend even without CGO"
+            }
+            Write-Host "Built without CGO (some features may be limited)" -ForegroundColor Yellow
+        } else {
+            throw "Failed to build backend"
+        }
+    } else {
+        if ($env:CGO_ENABLED -eq "1") {
+            Write-Host "Built successfully with CGO" -ForegroundColor Green
+        } else {
+            Write-Host "Built successfully without CGO" -ForegroundColor Green
+        }
+    }
+} catch {
+    Write-Host "Error: $_" -ForegroundColor Red
+    Read-Host "Press Enter to exit"
+    exit 1
+}
+
+Write-Host "Build completed successfully!" -ForegroundColor Green
+Write-Host "Output: sui.exe" -ForegroundColor Green
+
+# Show file info
+if (Test-Path "sui.exe") {
+    $fileInfo = Get-Item "sui.exe"
+    Write-Host "File size: $([math]::Round($fileInfo.Length / 1MB, 2)) MB" -ForegroundColor Cyan
+    Write-Host "Created: $($fileInfo.CreationTime)" -ForegroundColor Cyan
+}
+
+Read-Host "Press Enter to exit"

windows/install-windows.bat

@@ -0,0 +1,194 @@
+@echo off
+setlocal enabledelayedexpansion
+
+echo ========================================
+echo S-UI Windows Installer
+echo ========================================
+
+REM Check if running as Administrator
+net session >nul 2>&1
+if %errorLevel% neq 0 (
+    echo Error: This script must be run as Administrator
+    echo Right-click on this file and select "Run as administrator"
+    pause
+    exit /b 1
+)
+
+REM Set installation directory
+set "INSTALL_DIR=C:\Program Files\s-ui"
+set "SERVICE_NAME=s-ui"
+
+echo Installing S-UI to: %INSTALL_DIR%
+
+REM Create installation directory
+if not exist "%INSTALL_DIR%" mkdir "%INSTALL_DIR%"
+if not exist "%INSTALL_DIR%\db" mkdir "%INSTALL_DIR%\db"
+if not exist "%INSTALL_DIR%\logs" mkdir "%INSTALL_DIR%\logs"
+if not exist "%INSTALL_DIR%\cert" mkdir "%INSTALL_DIR%\cert"
+
+REM Copy files
+echo Copying files...
+copy "sui.exe" "%INSTALL_DIR%\" >nul
+copy "s-ui-windows.xml" "%INSTALL_DIR%\" >nul
+copy "s-ui-windows.bat" "%INSTALL_DIR%\" >nul
+
+REM Check if WinSW is available
+set "WINSW_PATH=%INSTALL_DIR%\winsw.exe"
+if not exist "%WINSW_PATH%" (
+    echo Downloading WinSW...
+    powershell -Command "& {Invoke-WebRequest -Uri 'https://github.com/winsw/winsw/releases/download/v2.12.0/WinSW-x64.exe' -OutFile '%WINSW_PATH%'}"
+    if exist "%WINSW_PATH%" (
+        echo WinSW downloaded successfully
+    ) else (
+        echo Warning: Failed to download WinSW. Service installation will be skipped.
+        echo You can manually download WinSW from: https://github.com/winsw/winsw/releases
+    )
+)
+
+REM Install Windows Service
+if exist "%WINSW_PATH%" (
+    echo Installing Windows Service...
+    cd /d "%INSTALL_DIR%"
+    copy "winsw.exe" "s-ui-service.exe" >nul
+    copy "s-ui-windows.xml" "s-ui-service.xml" >nul
+        
+    REM Install service
+    s-ui-service.exe install
+    if %errorLevel% equ 0 (
+        echo Service installed successfully
+    ) else (
+        echo Warning: Failed to install service. You can install it manually later.
+    )
+)
+
+REM Run migration
+echo Running database migration...
+cd /d "%INSTALL_DIR%"
+sui.exe migrate
+if %errorLevel% equ 0 (
+    echo Migration completed successfully
+) else (
+    echo Warning: Migration failed or database is new
+)
+
+REM Get network configuration
+echo.
+echo ========================================
+echo Network Configuration
+echo ========================================
+
+REM Get local IP addresses
+echo Available IP addresses:
+for /f "tokens=2 delims=:" %%i in ('ipconfig ^| findstr /i "IPv4"') do (
+    echo   %%i
+)
+
+REM Get panel configuration
+echo.
+set /p panel_port="Enter panel port (default: 2095): "
+if "%panel_port%"=="" set "panel_port=2095"
+
+set /p panel_path="Enter panel path (default: /app/): "
+if "%panel_path%"=="" set "panel_path=/app/"
+
+set /p sub_port="Enter subscription port (default: 2096): "
+if "%sub_port%"=="" set "sub_port=2096"
+
+set /p sub_path="Enter subscription path (default: /sub/): "
+if "%sub_path%"=="" set "sub_path=/sub/"
+
+REM Apply settings
+echo.
+echo Applying settings...
+cd /d "%INSTALL_DIR%"
+sui.exe setting -port %panel_port% -path "%panel_path%" -subPort %sub_port% -subPath "%sub_path%"
+
+REM Get admin credentials
+echo.
+echo ========================================
+echo Admin Configuration
+echo ========================================
+
+set /p admin_username="Enter admin username (default: admin): "
+if "%admin_username%"=="" set "admin_username=admin"
+
+set /p admin_password="Enter admin password: "
+if "%admin_password%"=="" (
+    echo Error: Password cannot be empty
+    pause
+    exit /b 1
+)
+
+REM Set admin credentials
+echo Setting admin credentials...
+sui.exe admin -username "%admin_username%" -password "%admin_password%"
+
+REM Start service
+echo Starting S-UI service...
+net start %SERVICE_NAME%
+if %errorLevel% equ 0 (
+    echo Service started successfully
+) else (
+    echo Warning: Failed to start service. You can start it manually later.
+)
+
+REM Create desktop shortcut
+echo Creating desktop shortcut...
+set "DESKTOP=%USERPROFILE%\Desktop"
+if exist "%DESKTOP%" (
+    powershell -Command "& {$WshShell = New-Object -comObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut('%DESKTOP%\S-UI.lnk'); $Shortcut.TargetPath = '%INSTALL_DIR%\s-ui-windows.bat'; $Shortcut.WorkingDirectory = '%INSTALL_DIR%'; $Shortcut.Description = 'S-UI Control Panel'; $Shortcut.Save()}"
+    echo Desktop shortcut created
+)
+
+REM Create Start Menu shortcut
+echo Creating Start Menu shortcut...
+set "START_MENU=%APPDATA%\Microsoft\Windows\Start Menu\Programs"
+if exist "%START_MENU%" (
+    if not exist "%START_MENU%\S-UI" mkdir "%START_MENU%\S-UI"
+    powershell -Command "& {$WshShell = New-Object -comObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut('%START_MENU%\S-UI\S-UI Control Panel.lnk'); $Shortcut.TargetPath = '%INSTALL_DIR%\s-ui-windows.bat'; $Shortcut.WorkingDirectory = '%INSTALL_DIR%'; $Shortcut.Description = 'S-UI Control Panel'; $Shortcut.Save()}"
+    echo Start Menu shortcut created
+)
+
+REM Set permissions
+echo Setting permissions...
+icacls "%INSTALL_DIR%" /grant "Users:(OI)(CI)RX" /T >nul
+icacls "%INSTALL_DIR%\db" /grant "Users:(OI)(CI)F" /T >nul
+icacls "%INSTALL_DIR%\logs" /grant "Users:(OI)(CI)F" /T >nul
+
+REM Create environment variable
+echo Setting environment variable...
+setx SUI_HOME "%INSTALL_DIR%" /M >nul
+
+REM Show final configuration
+echo.
+echo ========================================
+echo Installation completed successfully!
+echo ========================================
+echo.
+echo S-UI has been installed to: %INSTALL_DIR%
+echo.
+echo Configuration:
+echo   Panel Port: %panel_port%
+echo   Panel Path: %panel_path%
+echo   Subscription Port: %sub_port%
+echo   Subscription Path: %sub_path%
+echo   Admin Username: %admin_username%
+echo.
+echo Access URLs:
+for /f "tokens=2 delims=:" %%i in ('ipconfig ^| findstr /i "IPv4"') do (
+    set "ip=%%i"
+    set "ip=!ip: =!"
+    echo   Panel: http://!ip!:%panel_port%%panel_path%
+    echo   Subscription: http://!ip!:%sub_port%%sub_path%
+)
+echo.
+echo Service name: %SERVICE_NAME%
+echo.
+echo Useful commands:
+echo   net start %SERVICE_NAME%    - Start the service
+echo   net stop %SERVICE_NAME%     - Stop the service
+echo   sc query %SERVICE_NAME%     - Check service status
+echo.
+echo You can also use the desktop shortcut or Start Menu item.
+echo.
+pause

windows/s-ui-windows.bat

@@ -0,0 +1,236 @@
+@echo off
+setlocal enabledelayedexpansion
+
+REM S-UI Windows Control Script
+REM This script provides a menu-driven interface for managing S-UI on Windows
+
+set "SERVICE_NAME=s-ui"
+set "INSTALL_DIR=%SUI_HOME%"
+if "%INSTALL_DIR%"=="" set "INSTALL_DIR=C:\Program Files\s-ui"
+
+:menu
+cls
+echo ========================================
+echo S-UI Windows Control Panel
+echo ========================================
+echo.
+echo Current directory: %INSTALL_DIR%
+echo.
+echo 1. Start S-UI Service
+echo 2. Stop S-UI Service
+echo 3. Restart S-UI Service
+echo 4. Check Service Status
+echo 5. View Service Logs
+echo 6. Open Panel in Browser
+echo 7. Run S-UI Manually
+echo 8. Install/Uninstall Service
+echo 9. Open Installation Directory
+echo 10. Show Configuration
+echo 11. Show Access URLs
+echo 0. Exit
+echo.
+echo ========================================
+
+set /p choice="Please select an option [0-11]: "
+
+if "%choice%"=="1" goto start_service
+if "%choice%"=="2" goto stop_service
+if "%choice%"=="3" goto restart_service
+if "%choice%"=="4" goto check_status
+if "%choice%"=="5" goto view_logs
+if "%choice%"=="6" goto open_panel
+if "%choice%"=="7" goto run_manual
+if "%choice%"=="8" goto service_management
+if "%choice%"=="9" goto open_directory
+if "%choice%"=="10" goto show_config
+if "%choice%"=="11" goto show_urls
+if "%choice%"=="0" goto exit
+goto invalid_choice
+
+:start_service
+echo Starting S-UI service...
+net start %SERVICE_NAME%
+if %errorLevel% equ 0 (
+    echo Service started successfully!
+) else (
+    echo Failed to start service. Error code: %errorLevel%
+)
+pause
+goto menu
+
+:stop_service
+echo Stopping S-UI service...
+net stop %SERVICE_NAME%
+if %errorLevel% equ 0 (
+    echo Service stopped successfully!
+) else (
+    echo Failed to stop service. Error code: %errorLevel%
+)
+pause
+goto menu
+
+:restart_service
+echo Restarting S-UI service...
+net stop %SERVICE_NAME% >nul 2>&1
+timeout /t 2 /nobreak >nul
+net start %SERVICE_NAME%
+if %errorLevel% equ 0 (
+    echo Service restarted successfully!
+) else (
+    echo Failed to restart service. Error code: %errorLevel%
+)
+pause
+goto menu
+
+:check_status
+echo Checking S-UI service status...
+sc query %SERVICE_NAME%
+echo.
+echo Service status details:
+for /f "tokens=3 delims=: " %%i in ('sc query %SERVICE_NAME% ^| find "STATE"') do (
+    echo Current state: %%i
+)
+pause
+goto menu
+
+:view_logs
+echo Opening S-UI logs...
+if exist "%INSTALL_DIR%\logs" (
+    start "" "%INSTALL_DIR%\logs"
+) else (
+    echo Logs directory not found: %INSTALL_DIR%\logs
+)
+pause
+goto menu
+
+:open_panel
+echo Opening S-UI panel in browser...
+start http://localhost:2095
+echo Panel opened in default browser.
+pause
+goto menu
+
+:run_manual
+echo Running S-UI manually...
+if exist "%INSTALL_DIR%\sui.exe" (
+    cd /d "%INSTALL_DIR%"
+    echo Starting S-UI in current window...
+    echo Press Ctrl+C to stop
+    echo.
+    sui.exe
+) else (
+    echo S-UI executable not found: %INSTALL_DIR%\sui.exe
+    echo Please run the installer first.
+)
+pause
+goto menu
+
+:service_management
+cls
+echo ========================================
+echo Service Management
+echo ========================================
+echo.
+echo 1. Install Windows Service
+echo 2. Uninstall Windows Service
+echo 3. Back to Main Menu
+echo.
+set /p service_choice="Select option [1-3]: "
+
+if "%service_choice%"=="1" goto install_service
+if "%service_choice%"=="2" goto uninstall_service
+if "%service_choice%"=="3" goto menu
+goto invalid_choice
+
+:install_service
+echo Installing Windows Service...
+if exist "%INSTALL_DIR%\s-ui-service.exe" (
+    cd /d "%INSTALL_DIR%"
+    s-ui-service.exe install
+    if %errorLevel% equ 0 (
+        echo Service installed successfully!
+        echo Starting service...
+        net start %SERVICE_NAME%
+    ) else (
+        echo Failed to install service. Error code: %errorLevel%
+    )
+) else (
+    echo Service wrapper not found. Please run the installer first.
+)
+pause
+goto service_management
+
+:uninstall_service
+echo Uninstalling Windows Service...
+if exist "%INSTALL_DIR%\s-ui-service.exe" (
+    cd /d "%INSTALL_DIR%"
+    net stop %SERVICE_NAME% >nul 2>&1
+    s-ui-service.exe uninstall
+    if %errorLevel% equ 0 (
+        echo Service uninstalled successfully!
+    ) else (
+        echo Failed to uninstall service. Error code: %errorLevel%
+    )
+) else (
+    echo Service wrapper not found.
+)
+pause
+goto service_management
+
+:open_directory
+echo Opening installation directory...
+if exist "%INSTALL_DIR%" (
+    start "" "%INSTALL_DIR%"
+) else (
+    echo Installation directory not found: %INSTALL_DIR%
+)
+pause
+goto menu
+
+:show_config
+echo.
+echo ========================================
+echo S-UI Configuration
+echo ========================================
+if exist "%INSTALL_DIR%\sui.exe" (
+    cd /d "%INSTALL_DIR%"
+    echo Current settings:
+    sui.exe setting -show
+    echo.
+    echo Admin credentials:
+    sui.exe admin -show
+) else (
+    echo S-UI executable not found. Please run the installer first.
+)
+pause
+goto menu
+
+:show_urls
+echo.
+echo ========================================
+echo Access URLs
+echo ========================================
+echo.
+echo Local access:
+echo   Panel: http://localhost:2095
+echo   Subscription: http://localhost:2096
+echo.
+echo Network access:
+for /f "tokens=2 delims=:" %%i in ('ipconfig ^| findstr /i "IPv4"') do (
+    set "ip=%%i"
+    set "ip=!ip: =!"
+    echo   Panel: http://!ip!:2095
+    echo   Subscription: http://!ip!:2096
+)
+echo.
+pause
+goto menu
+
+:invalid_choice
+echo Invalid choice. Please select a valid option.
+pause
+goto menu
+
+:exit
+echo Thank you for using S-UI Windows Control Panel!
+exit /b 0

windows/s-ui-windows.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<service>
+  <id>s-ui</id>
+  <name>S-UI Proxy Panel</name>
+  <description>S-UI is a proxy panel for managing proxy services</description>
+  <executable>%BASE%\sui.exe</executable>
+  <arguments></arguments>
+  <logmode>rotate</logmode>
+  <logpath>%BASE%\logs</logpath>
+  <log size="10 m" />
+  <log keep="10" />
+  <workingdirectory>%BASE%</workingdirectory>
+  <env name="SUI_DB_FOLDER" value="db" />
+  <env name="SUI_DEBUG" value="false" />
+  <onfailure action="restart" delay="10 sec" />
+  <onfailure action="restart" delay="20 sec" />
+  <onfailure action="none" />
+  <resetfailure>1 hour</resetfailure>
+  <startmode>Automatic</startmode>
+  <depend>tcpip</depend>
+  <depend>netman</depend>
+</service>

windows/uninstall-windows.bat

@@ -0,0 +1,102 @@
+@echo off
+setlocal enabledelayedexpansion
+
+echo ========================================
+echo S-UI Windows Uninstaller
+echo ========================================
+
+REM Check if running as Administrator
+net session >nul 2>&1
+if %errorLevel% neq 0 (
+    echo Error: This script must be run as Administrator
+    echo Right-click on this file and select "Run as administrator"
+    pause
+    exit /b 1
+)
+
+REM Set installation directory
+set "INSTALL_DIR=C:\Program Files\s-ui"
+set "SERVICE_NAME=s-ui"
+
+echo Uninstalling S-UI from: %INSTALL_DIR%
+
+REM Stop and remove Windows Service
+if exist "%INSTALL_DIR%\s-ui-service.exe" (
+    echo Stopping and removing Windows Service...
+    net stop %SERVICE_NAME% >nul 2>&1
+    cd /d "%INSTALL_DIR%"
+    s-ui-service.exe uninstall >nul 2>&1
+    if %errorLevel% equ 0 (
+        echo Service removed successfully
+    ) else (
+        echo Warning: Failed to remove service or service was not installed
+    )
+)
+
+REM Remove desktop shortcut
+echo Removing desktop shortcut...
+set "DESKTOP=%USERPROFILE%\Desktop"
+if exist "%DESKTOP%\S-UI.lnk" (
+    del "%DESKTOP%\S-UI.lnk" >nul 2>&1
+    echo Desktop shortcut removed
+)
+
+REM Remove Start Menu shortcut
+echo Removing Start Menu shortcut...
+set "START_MENU=%APPDATA%\Microsoft\Windows\Start Menu\Programs\S-UI"
+if exist "%START_MENU%" (
+    rmdir /s /q "%START_MENU%" >nul 2>&1
+    echo Start Menu shortcut removed
+)
+
+REM Remove environment variable
+echo Removing environment variable...
+reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v SUI_HOME /f >nul 2>&1
+
+REM Ask user if they want to keep data
+echo.
+set /p keep_data="Do you want to keep your data (database, logs, certificates)? [y/n]: "
+if /i "%keep_data%"=="y" (
+    echo Keeping data files...
+    REM Remove only executable and service files
+    if exist "%INSTALL_DIR%\sui.exe" del "%INSTALL_DIR%\sui.exe" >nul 2>&1
+    if exist "%INSTALL_DIR%\s-ui-service.exe" del "%INSTALL_DIR%\s-ui-service.exe" >nul 2>&1
+    if exist "%INSTALL_DIR%\s-ui-service.xml" del "%INSTALL_DIR%\s-ui-service.xml" >nul 2>&1
+    if exist "%INSTALL_DIR%\winsw.exe" del "%INSTALL_DIR%\winsw.exe" >nul 2>&1
+    if exist "%INSTALL_DIR%\*.bat" del "%INSTALL_DIR%\*.bat" >nul 2>&1
+    if exist "%INSTALL_DIR%\*.xml" del "%INSTALL_DIR%\*.xml" >nul 2>&1
+    if exist "%INSTALL_DIR%\*.md" del "%INSTALL_DIR%\*.md" >nul 2>&1
+    echo Data files preserved in: %INSTALL_DIR%
+) else (
+    echo Removing all files...
+    REM Remove entire installation directory
+    if exist "%INSTALL_DIR%" (
+        rmdir /s /q "%INSTALL_DIR%" >nul 2>&1
+        if exist "%INSTALL_DIR%" (
+            echo Warning: Some files could not be removed. Please manually delete: %INSTALL_DIR%
+        ) else (
+            echo All files removed successfully
+        )
+    )
+)
+
+REM Remove firewall rules
+echo Removing firewall rules...
+netsh advfirewall firewall delete rule name="S-UI Panel" >nul 2>&1
+netsh advfirewall firewall delete rule name="S-UI Subscription" >nul 2>&1
+
+echo.
+echo ========================================
+echo Uninstallation completed!
+echo ========================================
+echo.
+echo S-UI has been uninstalled from your system.
+echo.
+if /i "%keep_data%"=="y" (
+    echo Your data has been preserved in: %INSTALL_DIR%
+    echo You can safely delete this directory if you no longer need the data.
+)
+echo.
+echo Thank you for using S-UI!
+echo.
+pause