feat(hosts): add pinnedPeerCertSha256 in ui

Author: x0sina

dashboard/public/statics/locales/en.json

@@ -986,6 +986,7 @@
     "sni.info": "SNI (Server Name Indication) is used to specify which hostname the client is trying to connect to. This is particularly useful when you have multiple domains pointing to the same IP address.",
     "useSniAsHost": "Use SNI as Host",
     "echConfigList": "ECH Config List",
+    "pinnedPeerCertSha256": "Pinned Peer Cert SHA256",
     "echConfigList.info": "Encrypted Client Hello (ECH) configuration list. This is a base64 encoded string.",
     "echConfigListPlaceholder": "Enter ECH Config List",
     "httpVersions": {

dashboard/public/statics/locales/fa.json

@@ -858,6 +858,7 @@
     "security.info": "اگر سرور واسط این هاست از لایه امنیتی متفاوتی نسبت به پیش‌فرض ورودی شما استفاده می‌کند، می‌توانید لایه امنیتی سفارشی را اینجا تنظیم کنید.",
     "useSniAsHost": "استفاده از SNI به عنوان هاست",
     "echConfigList": "لیست پیکربندی ECH",
+    "pinnedPeerCertSha256": "SHA256 گواهی همتای پین‌شده",
     "echConfigList.info": "لیست پیکربندی Encrypted Client Hello (ECH). این یک رشته کدگذاری شده با base64 است.",
     "echConfigListPlaceholder": "لیست پیکربندی ECH را وارد کنید",
     "httpVersions": {

dashboard/public/statics/locales/ru.json

@@ -970,6 +970,7 @@
     "randomUserAgent": "Использовать случайный User-Agent",
     "useSniAsHost": "Использовать SNI как хост",
     "echConfigList": "Список конфигураций ECH",
+    "pinnedPeerCertSha256": "SHA256 закреплённого сертификата узла",
     "echConfigList.info": "Список конфигураций Encrypted Client Hello (ECH). Это строка, закодированная в base64.",
     "echConfigListPlaceholder": "Введите список конфигураций ECH",
     "inboundDefault": "По умолчанию",

dashboard/public/statics/locales/zh.json

@@ -959,6 +959,7 @@
     "sni.info": "SNI (Server Name Indication) 用于指定客户端尝试连接的主机名。当您有多个域名指向同一个 IP 地址时，这特别有用。",
     "useSniAsHost": "使用 SNI 作为主机",
     "echConfigList": "ECH 配置列表",
+    "pinnedPeerCertSha256": "固定对端证书 SHA256",
     "echConfigList.info": "Encrypted Client Hello (ECH) 配置列表。这是一个 base64 编码的字符串。",
     "echConfigListPlaceholder": "输入 ECH 配置列表",
     "httpVersions": {

dashboard/src/components/dialogs/host-modal.tsx

@@ -1156,6 +1156,36 @@ const HostModal: React.FC<HostModalProps> = ({ isDialogOpen, onOpenChange, onSub
                           </FormItem>
                         )}
                       />
+
+                      <FormField
+                        control={form.control}
+                        name="pinnedPeerCertSha256"
+                        render={({ field }) => (
+                          <FormItem>
+                            <div className="flex items-center gap-2">
+                              <FormLabel>{t('hostsDialog.pinnedPeerCertSha256', { defaultValue: 'Pinned Peer Cert SHA256' })}</FormLabel>
+                              <Popover>
+                                <PopoverTrigger asChild>
+                                  <Button type="button" variant="ghost" size="icon" className="h-4 w-4 p-0 hover:bg-transparent">
+                                    <Info className="h-4 w-4 text-muted-foreground" />
+                                  </Button>
+                                </PopoverTrigger>
+                                <PopoverContent className="w-[320px] p-3" side="right" align="start" sideOffset={5}>
+                                  <p className="text-[11px] text-muted-foreground">
+                                    {t('hostsDialog.pinnedPeerCertSha256.info', {
+                                      defaultValue: 'Optional certificate public key pin (SHA-256) used for TLS peer pinning.',
+                                    })}
+                                  </p>
+                                </PopoverContent>
+                              </Popover>
+                            </div>
+                            <FormControl>
+                              <Input maxLength={128} placeholder={t('hostsDialog.pinnedPeerCertSha256Placeholder', { defaultValue: 'Enter SHA-256 pin' })} {...field} value={field.value ?? ''} />
+                            </FormControl>
+                            <FormMessage />
+                          </FormItem>
+                        )}
+                      />
                     </div>
                   </AccordionContent>
                 </AccordionItem>
@@ -1248,10 +1278,7 @@ const HostModal: React.FC<HostModalProps> = ({ isDialogOpen, onOpenChange, onSub
                               render={({ field }) => (
                                 <FormItem>
                                   <FormLabel>{t('hostsDialog.xhttp.mode')}</FormLabel>
-                                  <Select
-                                    onValueChange={value => field.onChange(value === '__default' ? undefined : value)}
-                                    value={field.value ?? '__default'}
-                                  >
+                                  <Select onValueChange={value => field.onChange(value === '__default' ? undefined : value)} value={field.value ?? '__default'}>
                                     <FormControl>
                                       <SelectTrigger>
                                         <SelectValue />
@@ -1349,7 +1376,6 @@ const HostModal: React.FC<HostModalProps> = ({ isDialogOpen, onOpenChange, onSub
                                 </FormItem>
                               )}
                             />
-
                           </div>
 
                           {xPaddingObfsEnabled ? (
@@ -1946,10 +1972,7 @@ const HostModal: React.FC<HostModalProps> = ({ isDialogOpen, onOpenChange, onSub
                               render={({ field }) => (
                                 <FormItem className="col-span-2">
                                   <FormLabel>{t('hostsDialog.tcp.header')}</FormLabel>
-                                  <Select
-                                    onValueChange={value => field.onChange(value === '__default' ? '' : value)}
-                                    value={field.value === '' || field.value == null ? '__default' : field.value}
-                                  >
+                                  <Select onValueChange={value => field.onChange(value === '__default' ? '' : value)} value={field.value === '' || field.value == null ? '__default' : field.value}>
                                     <FormControl>
                                       <SelectTrigger>
                                         <SelectValue />

dashboard/src/components/hosts/hosts-list.tsx

@@ -83,6 +83,7 @@ export interface HostFormValues {
   vless_route?: string
   priority: number
   ech_config_list?: string
+  pinnedPeerCertSha256?: string
   fragment_settings?: {
     xray?: {
       packets?: string
@@ -339,12 +340,11 @@ export const HostFormSchema = z.object({
   allowinsecure: z.boolean().default(false),
   random_user_agent: z.boolean().default(false),
   use_sni_as_host: z.boolean().default(false),
-  vless_route: z
-    .union([z.literal(''), z.string().regex(/^[0-9a-fA-F]{4}$/, 'VLESS route must be exactly 4 hex characters')])
-    .optional(),
+  vless_route: z.union([z.literal(''), z.string().regex(/^[0-9a-fA-F]{4}$/, 'VLESS route must be exactly 4 hex characters')]).optional(),
   priority: z.number().default(0),
   is_disabled: z.boolean().default(false),
   ech_config_list: z.string().optional(),
+  pinnedPeerCertSha256: z.string().max(128, 'Pinned peer cert SHA256 must be at most 128 characters').optional(),
   fragment_settings: z
     .object({
       xray: z
@@ -459,6 +459,7 @@ const initialDefaultValues: HostFormValues = {
   vless_route: '',
   priority: 0,
   ech_config_list: undefined,
+  pinnedPeerCertSha256: undefined,
   fragment_settings: undefined,
 }
 
@@ -538,6 +539,7 @@ export default function HostsList({ data, onAddHost, isDialogOpen, onSubmit, edi
       priority: host.priority || 0,
       is_disabled: host.is_disabled || false,
       ech_config_list: host.ech_config_list || undefined,
+      pinnedPeerCertSha256: host.pinnedPeerCertSha256 || undefined,
       fragment_settings: host.fragment_settings
         ? {
             xray: host.fragment_settings.xray ?? undefined,
@@ -598,8 +600,7 @@ export default function HostsList({ data, onAddHost, isDialogOpen, onSubmit, edi
                   mode: host.transport_settings.xhttp_settings.mode ?? undefined,
                   no_grpc_header: host.transport_settings.xhttp_settings.no_grpc_header === null ? undefined : !!host.transport_settings.xhttp_settings.no_grpc_header,
                   x_padding_bytes: host.transport_settings.xhttp_settings.x_padding_bytes ?? undefined,
-                  x_padding_obfs_mode:
-                    host.transport_settings.xhttp_settings.x_padding_obfs_mode === null ? undefined : !!host.transport_settings.xhttp_settings.x_padding_obfs_mode,
+                  x_padding_obfs_mode: host.transport_settings.xhttp_settings.x_padding_obfs_mode === null ? undefined : !!host.transport_settings.xhttp_settings.x_padding_obfs_mode,
                   x_padding_key: host.transport_settings.xhttp_settings.x_padding_key ?? undefined,
                   x_padding_header: host.transport_settings.xhttp_settings.x_padding_header ?? undefined,
                   x_padding_placement: host.transport_settings.xhttp_settings.x_padding_placement ?? undefined,
@@ -642,10 +643,7 @@ export default function HostsList({ data, onAddHost, isDialogOpen, onSubmit, edi
                   tti: host.transport_settings.kcp_settings.tti ?? undefined,
                   uplink_capacity: host.transport_settings.kcp_settings.uplink_capacity ?? undefined,
                   downlink_capacity: host.transport_settings.kcp_settings.downlink_capacity ?? undefined,
-                  congestion:
-                    host.transport_settings.kcp_settings.congestion === null
-                      ? undefined
-                      : !!host.transport_settings.kcp_settings.congestion,
+                  congestion: host.transport_settings.kcp_settings.congestion === null ? undefined : !!host.transport_settings.kcp_settings.congestion,
                   read_buffer_size: host.transport_settings.kcp_settings.read_buffer_size ?? undefined,
                   write_buffer_size: host.transport_settings.kcp_settings.write_buffer_size ?? undefined,
                 }
@@ -708,6 +706,7 @@ export default function HostsList({ data, onAddHost, isDialogOpen, onSubmit, edi
         vless_route: host.vless_route || undefined,
         priority: host.priority ?? 0, // Use the same priority as the original host
         ech_config_list: host.ech_config_list,
+        pinnedPeerCertSha256: host.pinnedPeerCertSha256 || undefined,
         fragment_settings: host.fragment_settings,
         noise_settings: host.noise_settings,
         mux_settings: host.mux_settings,
@@ -815,6 +814,7 @@ export default function HostsList({ data, onAddHost, isDialogOpen, onSubmit, edi
         vless_route: host.vless_route || undefined,
         priority: index, // New priority based on position
         ech_config_list: host.ech_config_list,
+        pinnedPeerCertSha256: host.pinnedPeerCertSha256 || undefined,
         fragment_settings: host.fragment_settings,
         noise_settings: host.noise_settings,
         mux_settings: host.mux_settings
@@ -860,8 +860,7 @@ export default function HostsList({ data, onAddHost, isDialogOpen, onSubmit, edi
                     mode: host.transport_settings.xhttp_settings.mode ?? undefined,
                     no_grpc_header: host.transport_settings.xhttp_settings.no_grpc_header === null ? undefined : !!host.transport_settings.xhttp_settings.no_grpc_header,
                     x_padding_bytes: host.transport_settings.xhttp_settings.x_padding_bytes ?? undefined,
-                    x_padding_obfs_mode:
-                      host.transport_settings.xhttp_settings.x_padding_obfs_mode === null ? undefined : !!host.transport_settings.xhttp_settings.x_padding_obfs_mode,
+                    x_padding_obfs_mode: host.transport_settings.xhttp_settings.x_padding_obfs_mode === null ? undefined : !!host.transport_settings.xhttp_settings.x_padding_obfs_mode,
                     x_padding_key: host.transport_settings.xhttp_settings.x_padding_key ?? undefined,
                     x_padding_header: host.transport_settings.xhttp_settings.x_padding_header ?? undefined,
                     x_padding_placement: host.transport_settings.xhttp_settings.x_padding_placement ?? undefined,
@@ -904,10 +903,7 @@ export default function HostsList({ data, onAddHost, isDialogOpen, onSubmit, edi
                     tti: host.transport_settings.kcp_settings.tti ?? undefined,
                     uplink_capacity: host.transport_settings.kcp_settings.uplink_capacity ?? undefined,
                     downlink_capacity: host.transport_settings.kcp_settings.downlink_capacity ?? undefined,
-                    congestion:
-                      host.transport_settings.kcp_settings.congestion === null
-                        ? undefined
-                        : !!host.transport_settings.kcp_settings.congestion,
+                    congestion: host.transport_settings.kcp_settings.congestion === null ? undefined : !!host.transport_settings.kcp_settings.congestion,
                     read_buffer_size: host.transport_settings.kcp_settings.read_buffer_size ?? undefined,
                     write_buffer_size: host.transport_settings.kcp_settings.write_buffer_size ?? undefined,
                   }
@@ -1046,18 +1042,11 @@ export default function HostsList({ data, onAddHost, isDialogOpen, onSubmit, edi
               getRowId={host => host.id ?? host.remark ?? 'host'}
               isLoading={isCurrentlyLoading}
               loadingRows={6}
-              className="gap-3 max-w-screen-[2000px] min-h-screen overflow-hidden"
+              className="max-w-screen-[2000px] min-h-screen gap-3 overflow-hidden"
               mode="grid"
               showEmptyState={false}
               renderGridItem={host => (
-                <SortableHost
-                  key={host.id ?? 'new'}
-                  host={host}
-                  onEdit={handleEdit}
-                  onDuplicate={handleDuplicate}
-                  onDataChanged={refreshHostsData}
-                  disabled={isUpdatingPriorities}
-                />
+                <SortableHost key={host.id ?? 'new'} host={host} onEdit={handleEdit} onDuplicate={handleDuplicate} onDataChanged={refreshHostsData} disabled={isUpdatingPriorities} />
               )}
               renderGridSkeleton={index => (
                 <Card key={index} className="animate-pulse">
@@ -1087,7 +1076,7 @@ export default function HostsList({ data, onAddHost, isDialogOpen, onSubmit, edi
               getRowId={host => host.id ?? host.remark ?? 'host'}
               isLoading={isCurrentlyLoading}
               loadingRows={6}
-              className="gap-3 max-w-screen-[2000px] min-h-screen overflow-hidden"
+              className="max-w-screen-[2000px] min-h-screen gap-3 overflow-hidden"
               mode="list"
               showEmptyState={false}
               onRowClick={handleEdit}

dashboard/src/pages/_dashboard._index.tsx

@@ -155,6 +155,7 @@ const Dashboard = () => {
       is_disabled: false,
       random_user_agent: false,
       use_sni_as_host: false,
+      pinnedPeerCertSha256: undefined,
       mux_settings: undefined,
       fragment_settings: undefined,
     },
@@ -376,5 +377,3 @@ const Dashboard = () => {
 }
 
 export default Dashboard
-
-

dashboard/src/pages/_dashboard.hosts.tsx

@@ -59,6 +59,7 @@ export default function HostsPage() {
         alpn: formData.alpn as ProxyHostALPN[] | undefined,
         fingerprint: formData.fingerprint as ProxyHostFingerprint | undefined,
         ech_config_list: formData.ech_config_list || undefined,
+        pinnedPeerCertSha256: formData.pinnedPeerCertSha256 || undefined,
         vless_route: formData.vless_route || undefined,
         transport_settings: formData.transport_settings
           ? {