feat: XRay Reality key backup and restoration

- Modified migrations/048_enable_xray_stats.sql to accept existing keys via env vars (PRIVATE_KEY, SHORT_ID)
- Updated InstallProtocolManager.php to extract and store reality_private_key after XRay installation
- Added key restoration logic in buildExports() to reuse saved keys during reinstallation
- Fixed VpnClient.php to correctly parse JSON stats output from XRay API
- Security fix: removed exposed port 2375 from docker-compose.yml (dind container)

migrations/047_create_protocols_table.sql

@@ -1,19 +1,41 @@
-CREATE TABLE IF NOT EXISTS protocols (
-  id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
-  slug VARCHAR(50) NOT NULL UNIQUE,
-  name VARCHAR(100) NOT NULL,
-  description TEXT,
-  definition JSON,
-  show_text_content TINYINT(1) DEFAULT 0,
-  is_active TINYINT(1) DEFAULT 1,
-  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-  updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-  INDEX idx_slug (slug),
-  INDEX idx_active (is_active)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+-- Safely update protocols table schema and data
 
--- Insert default protocols (X-Ray, AWG)
--- We populate initial data so the panel is usable immediately
+-- 1. Ensure columns exist
+SET @dbname = DATABASE();
+SET @tablename = "protocols";
+SET @columnname = "definition";
+SET @preparedStatement = (SELECT IF(
+  (
+    SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS
+    WHERE
+      (table_name = @tablename)
+      AND (table_schema = @dbname)
+      AND (column_name = @columnname)
+  ) > 0,
+  "SELECT 1",
+  "ALTER TABLE protocols ADD COLUMN definition JSON NULL AFTER description"
+));
+PREPARE alterIfNotExists FROM @preparedStatement;
+EXECUTE alterIfNotExists;
+DEALLOCATE PREPARE alterIfNotExists;
+
+SET @columnname = "show_text_content";
+SET @preparedStatement = (SELECT IF(
+  (
+    SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS
+    WHERE
+      (table_name = @tablename)
+      AND (table_schema = @dbname)
+      AND (column_name = @columnname)
+  ) > 0,
+  "SELECT 1",
+  "ALTER TABLE protocols ADD COLUMN show_text_content TINYINT(1) DEFAULT 0 AFTER definition"
+));
+PREPARE alterIfNotExists FROM @preparedStatement;
+EXECUTE alterIfNotExists;
+DEALLOCATE PREPARE alterIfNotExists;
+
+-- 2. Insert Data
 INSERT IGNORE INTO protocols (slug, name, description, definition, show_text_content, is_active) VALUES
 ('amnezia-wg', 'AmneziaWG', 'Amnezia WireGuard implementation', '{}', 0, 1),
 ('amnezia-xray', 'Amnezia XRay', 'XRay (VLESS/Reality)', '{"scripts":{}}', 0, 1),
@@ -22,14 +44,14 @@ INSERT IGNORE INTO protocols (slug, name, description, definition, show_text_con
 ('shadowsocks', 'Shadowsocks', 'Shadowsocks proxy', '{}', 0, 1),
 ('cloak', 'Cloak', 'Cloak obfuscation', '{}', 0, 1);
 
--- Add protocol_id to vpn_clients if it does not exist
+-- 3. Update vpn_clients structure (original logic from migration)
 SET @exist := (SELECT COUNT(*) FROM information_schema.COLUMNS WHERE TABLE_SCHEMA=DATABASE() AND TABLE_NAME='vpn_clients' AND COLUMN_NAME='protocol_id');
 SET @sql := IF(@exist=0, 'ALTER TABLE vpn_clients ADD COLUMN protocol_id INT UNSIGNED NULL AFTER server_id, ADD INDEX idx_protocol_id (protocol_id), ADD CONSTRAINT fk_clients_protocol FOREIGN KEY (protocol_id) REFERENCES protocols(id) ON DELETE SET NULL', 'SELECT "Column protocol_id exists"');
 PREPARE stmt FROM @sql;
 EXECUTE stmt;
 DEALLOCATE PREPARE stmt;
 
--- Also check server_protocols table existence (referenced in InstallProtocolManager)
+-- 4. Create server_protocols if not exists
 CREATE TABLE IF NOT EXISTS server_protocols (
   id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
   server_id INT UNSIGNED NOT NULL,