From 2f40593daf6c2634643971889b591f493497869f Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Mon, 16 Jun 2025 21:12:49 +0800
Subject: [PATCH 1/4] Updated version code

---
 src/def.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/def.go b/src/def.go
index 45a008b..2e47323 100644
--- a/src/def.go
+++ b/src/def.go
@@ -44,7 +44,7 @@ import (
 const (
 	/* Build Constants */
 	SYSTEM_NAME       = "Zoraxy"
-	SYSTEM_VERSION    = "3.2.3"
+	SYSTEM_VERSION    = "3.2.4"
 	DEVELOPMENT_BUILD = false
 
 	/* System Constants */

From f276040ad0187a30deed2d17e0b9505d0b750d7b Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Mon, 16 Jun 2025 21:21:50 +0800
Subject: [PATCH 2/4] Added experimental fix for #695

Added prefix trim and location filter for oauth authrozied redirection
---
 src/mod/auth/sso/oauth2/oauth2.go | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/mod/auth/sso/oauth2/oauth2.go b/src/mod/auth/sso/oauth2/oauth2.go
index 449c44e..8cd519d 100644
--- a/src/mod/auth/sso/oauth2/oauth2.go
+++ b/src/mod/auth/sso/oauth2/oauth2.go
@@ -4,13 +4,14 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"net/http"
+	"net/url"
+	"strings"
+
 	"golang.org/x/oauth2"
 	"imuslab.com/zoraxy/mod/database"
 	"imuslab.com/zoraxy/mod/info/logger"
 	"imuslab.com/zoraxy/mod/utils"
-	"net/http"
-	"net/url"
-	"strings"
 )
 
 type OAuth2RouterOptions struct {
@@ -250,7 +251,19 @@ func (ar *OAuth2Router) HandleOAuth2Auth(w http.ResponseWriter, r *http.Request)
 			cookie.SameSite = http.SameSiteLaxMode
 		}
 		w.Header().Add("Set-Cookie", cookie.String())
-		http.Redirect(w, r, state, http.StatusTemporaryRedirect)
+
+		//Fix for #695
+		location := strings.TrimPrefix(state, "/internal/")
+		//Check if the location starts with http:// or https://. if yes, this is full URL
+		decodedLocation, err := url.PathUnescape(location)
+		if err == nil && (strings.HasPrefix(decodedLocation, "http://") || strings.HasPrefix(decodedLocation, "https://")) {
+			//Redirect to the full URL
+			http.Redirect(w, r, decodedLocation, http.StatusTemporaryRedirect)
+		} else {
+			//Redirect to a relative path
+			http.Redirect(w, r, state, http.StatusTemporaryRedirect)
+		}
+
 		return errors.New("authorized")
 	}
 	unauthorized := false

From f6b3656bb13248289e87e45f3f3846683fc7f404 Mon Sep 17 00:00:00 2001
From: Jemmy <jemmy17941997@gmail.com>
Date: Tue, 24 Jun 2025 13:09:05 +0800
Subject: [PATCH 3/4] Fix: #659

Listen UDP port on (0.0.0.0)* address.
---
 src/mod/streamproxy/udpprox.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/mod/streamproxy/udpprox.go b/src/mod/streamproxy/udpprox.go
index 08ee676..9e78639 100644
--- a/src/mod/streamproxy/udpprox.go
+++ b/src/mod/streamproxy/udpprox.go
@@ -90,8 +90,8 @@ func (c *ProxyRelayConfig) ForwardUDP(address1, address2 string, stopChan chan b
 		address1 = ":" + address1
 	}
 	if strings.HasPrefix(address1, ":") {
-		//Prepend 127.0.0.1 to the address
-		address1 = "127.0.0.1" + address1
+		//Prepend 0.0.0.0 to the address
+		address1 = "0.0.0.0" + address1
 	}
 
 	lisener, targetAddr, err := initUDPConnections(address1, address2)

From 929d4cc82ab6e2d9ab79e593b1784024c8a3d525 Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Fri, 27 Jun 2025 22:02:28 +0800
Subject: [PATCH 4/4] Optimized SSO UI

- Added tab menu to SSO settings
---
 src/web/components/sso.html | 38 ++++++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/src/web/components/sso.html b/src/web/components/sso.html
index d0cadd6..e8531c7 100644
--- a/src/web/components/sso.html
+++ b/src/web/components/sso.html
@@ -3,18 +3,15 @@
         <h2>SSO</h2>
         <p>Single Sign-On (SSO) and authentication providers settings </p>
     </div>
-
-    <div class="ui basic segment">
-        <div class="ui yellow message">
-            <div class="header">
-                Experimental Feature
-            </div>
-            <p>Please note that this feature is still in development and may not work as expected.</p>
-        </div>
-    </div>
     <div class="ui divider"></div>
-    <div class="ui basic segment">
-        <h3>Forward Auth</h3>
+    <div class="ui top attached tabular menu ssoTabs">
+        <a class="item active" data-tab="forward_auth_tab">Forward Auth</a>
+        <a class="item" data-tab="oauth2_tab">Oauth2</a>
+        <!-- <a class="item" data-tab="zoraxy_sso_tab">Zoraxy SSO</a> -->
+        </div>
+        <div class="ui bottom attached tab segment active" data-tab="forward_auth_tab">
+        <!-- Forward Auth -->
+        <h2>Forward Auth</h2>
         <p>Configuration settings for the Forward Auth provider.</p>
         <p>The Forward Auth provider makes a subrequest to an authorization server that supports Forward Auth, then either:</p>
         <ul>
@@ -86,10 +83,10 @@
             </div>
             <button class="ui basic button" type="submit"><i class="green check icon"></i> Apply Change</button>
         </form>
-    </div>
-    <div class="ui divider"></div>
-    <div class="ui basic segment">
-        <h3>OAuth 2.0</h3>
+        </div>
+        <div class="ui bottom attached tab segment" data-tab="oauth2_tab">
+        <!-- Oauth 2 -->
+        <h2>OAuth 2.0</h2>
         <p>Configuration settings for OAuth 2.0 authentication provider.</p>
 
         <form class="ui form" action="#" id="oauth2Settings">
@@ -134,11 +131,18 @@
             </div>
             <button class="ui basic button" type="submit"><i class="green check icon"></i> Apply Change</button>
         </form>
-    </div>
-    <div class="ui divider"></div>
+        </div>
+        <div class="ui bottom attached tab segment" data-tab="zoraxy_sso_tab">
+            <!-- Zoraxy SSO -->
+            <h3>Zoraxy SSO</h3>
+            <p>Configuration settings for Zoraxy SSO provider.</p>
+            <p>Currently not implemented.</p>
+        </div>
 </div>
 
 <script>
+    $(".ssoTabs .item").tab();
+
     $(document).ready(function() {
         /* Load forward-auth settings from backend */
         $.cjax({