From 0dddc51441fddb9154c0435bbc2a68edd9c1b82f Mon Sep 17 00:00:00 2001 From: diamond261 Date: Sun, 17 May 2026 16:14:59 +0800 Subject: [PATCH] Fix feature request #4445: add Hysteria2 client allow insecure support --- database/model/model.go | 1 + frontend/src/models/inbound.js | 16 +++++++++++++--- frontend/src/pages/inbounds/ClientFormModal.vue | 3 +++ frontend/src/pages/inbounds/InboundFormModal.vue | 3 +++ sub/subService.go | 5 ++++- 5 files changed, 24 insertions(+), 4 deletions(-) diff --git a/database/model/model.go b/database/model/model.go index d71e0589..c4687e94 100644 --- a/database/model/model.go +++ b/database/model/model.go @@ -179,6 +179,7 @@ type Client struct { Flow string `json:"flow,omitempty"` // Flow control (XTLS) Reverse *ClientReverse `json:"reverse,omitempty"` // VLESS simple reverse proxy settings Auth string `json:"auth,omitempty"` // Auth password (Hysteria) + AllowInsecure bool `json:"allowInsecure,omitempty"` // Per-client TLS insecure flag (Hysteria2) Email string `json:"email"` // Client email identifier LimitIP int `json:"limitIp"` // IP limit for this client TotalGB int64 `json:"totalGB" form:"totalGB"` // Total traffic limit in GB diff --git a/frontend/src/models/inbound.js b/frontend/src/models/inbound.js index 830dc9a9..dddb46bb 100644 --- a/frontend/src/models/inbound.js +++ b/frontend/src/models/inbound.js @@ -2224,7 +2224,7 @@ export class Inbound extends XrayCommonClass { return url.toString(); } - genHysteriaLink(address = '', port = this.port, remark = '', clientAuth) { + genHysteriaLink(address = '', port = this.port, remark = '', clientAuth, clientAllowInsecure) { const protocol = this.settings.version == 2 ? "hysteria2" : "hysteria"; const link = `${protocol}://${clientAuth}@${address}:${port}`; @@ -2232,7 +2232,7 @@ export class Inbound extends XrayCommonClass { params.set("security", "tls"); if (this.stream.tls.settings.fingerprint?.length > 0) params.set("fp", this.stream.tls.settings.fingerprint); if (this.stream.tls.alpn?.length > 0) params.set("alpn", this.stream.tls.alpn); - if (this.stream.tls.settings.allowInsecure) params.set("insecure", "1"); + if (clientAllowInsecure ?? this.stream.tls.settings.allowInsecure) params.set("insecure", "1"); if (this.stream.tls.settings.echConfigList?.length > 0) params.set("ech", this.stream.tls.settings.echConfigList); if (this.stream.tls.sni?.length > 0) params.set("sni", this.stream.tls.sni); @@ -2343,7 +2343,13 @@ export class Inbound extends XrayCommonClass { case Protocols.TROJAN: return this.genTrojanLink(address, port, forceTls, remark, client.password); case Protocols.HYSTERIA: - return this.genHysteriaLink(address, port, remark, client.auth.length > 0 ? client.auth : this.stream.hysteria.auth); + return this.genHysteriaLink( + address, + port, + remark, + client.auth.length > 0 ? client.auth : this.stream.hysteria.auth, + client.allowInsecure, + ); default: return ''; } } @@ -2952,15 +2958,18 @@ Inbound.HysteriaSettings = class extends Inbound.Settings { Inbound.HysteriaSettings.Hysteria = class extends Inbound.ClientBase { constructor( auth = RandomUtil.randomSeq(10), + allowInsecure = false, email, limitIp, totalGB, expiryTime, enable, tgId, subId, comment, reset, created_at, updated_at, ) { super(email, limitIp, totalGB, expiryTime, enable, tgId, subId, comment, reset, created_at, updated_at); this.auth = auth; + this.allowInsecure = allowInsecure; } toJson() { return { auth: this.auth, + allowInsecure: this.allowInsecure, ...this._clientBaseToJson(), }; } @@ -2968,6 +2977,7 @@ Inbound.HysteriaSettings.Hysteria = class extends Inbound.ClientBase { static fromJson(json = {}) { return new Inbound.HysteriaSettings.Hysteria( json.auth, + json.allowInsecure ?? false, ...Inbound.ClientBase.commonArgsFromJson(json), ); } diff --git a/frontend/src/pages/inbounds/ClientFormModal.vue b/frontend/src/pages/inbounds/ClientFormModal.vue index df167ac0..b7fd2c9b 100644 --- a/frontend/src/pages/inbounds/ClientFormModal.vue +++ b/frontend/src/pages/inbounds/ClientFormModal.vue @@ -271,6 +271,9 @@ const title = computed(() => + + +