Fix feature request #4445: add Hysteria2 client allow insecure support

database/model/model.go

@@ -179,6 +179,7 @@ type Client struct {
 	Flow       string         `json:"flow,omitempty"`               // Flow control (XTLS)
 	Reverse    *ClientReverse `json:"reverse,omitempty"`            // VLESS simple reverse proxy settings
 	Auth       string         `json:"auth,omitempty"`               // Auth password (Hysteria)
+	AllowInsecure bool        `json:"allowInsecure,omitempty"`      // Per-client TLS insecure flag (Hysteria2)
 	Email      string         `json:"email"`                        // Client email identifier
 	LimitIP    int            `json:"limitIp"`                      // IP limit for this client
 	TotalGB    int64          `json:"totalGB" form:"totalGB"`       // Total traffic limit in GB

frontend/src/models/inbound.js

@@ -2224,7 +2224,7 @@ export class Inbound extends XrayCommonClass {
         return url.toString();
     }
 
-    genHysteriaLink(address = '', port = this.port, remark = '', clientAuth) {
+    genHysteriaLink(address = '', port = this.port, remark = '', clientAuth, clientAllowInsecure) {
         const protocol = this.settings.version == 2 ? "hysteria2" : "hysteria";
         const link = `${protocol}://${clientAuth}@${address}:${port}`;
 
@@ -2232,7 +2232,7 @@ export class Inbound extends XrayCommonClass {
         params.set("security", "tls");
         if (this.stream.tls.settings.fingerprint?.length > 0) params.set("fp", this.stream.tls.settings.fingerprint);
         if (this.stream.tls.alpn?.length > 0) params.set("alpn", this.stream.tls.alpn);
-        if (this.stream.tls.settings.allowInsecure) params.set("insecure", "1");
+        if (clientAllowInsecure ?? this.stream.tls.settings.allowInsecure) params.set("insecure", "1");
         if (this.stream.tls.settings.echConfigList?.length > 0) params.set("ech", this.stream.tls.settings.echConfigList);
         if (this.stream.tls.sni?.length > 0) params.set("sni", this.stream.tls.sni);
 
@@ -2343,7 +2343,13 @@ export class Inbound extends XrayCommonClass {
             case Protocols.TROJAN:
                 return this.genTrojanLink(address, port, forceTls, remark, client.password);
             case Protocols.HYSTERIA:
-                return this.genHysteriaLink(address, port, remark, client.auth.length > 0 ? client.auth : this.stream.hysteria.auth);
+                return this.genHysteriaLink(
+                    address,
+                    port,
+                    remark,
+                    client.auth.length > 0 ? client.auth : this.stream.hysteria.auth,
+                    client.allowInsecure,
+                );
             default: return '';
         }
     }
@@ -2952,15 +2958,18 @@ Inbound.HysteriaSettings = class extends Inbound.Settings {
 Inbound.HysteriaSettings.Hysteria = class extends Inbound.ClientBase {
     constructor(
         auth = RandomUtil.randomSeq(10),
+        allowInsecure = false,
         email, limitIp, totalGB, expiryTime, enable, tgId, subId, comment, reset, created_at, updated_at,
     ) {
         super(email, limitIp, totalGB, expiryTime, enable, tgId, subId, comment, reset, created_at, updated_at);
         this.auth = auth;
+        this.allowInsecure = allowInsecure;
     }
 
     toJson() {
         return {
             auth: this.auth,
+            allowInsecure: this.allowInsecure,
             ...this._clientBaseToJson(),
         };
     }
@@ -2968,6 +2977,7 @@ Inbound.HysteriaSettings.Hysteria = class extends Inbound.ClientBase {
     static fromJson(json = {}) {
         return new Inbound.HysteriaSettings.Hysteria(
             json.auth,
+            json.allowInsecure ?? false,
             ...Inbound.ClientBase.commonArgsFromJson(json),
         );
     }

frontend/src/pages/inbounds/ClientFormModal.vue

@@ -271,6 +271,9 @@ const title = computed(() =>
         </template>
         <a-input v-model:value="client.auth" />
       </a-form-item>
+      <a-form-item v-if="protocol === Protocols.HYSTERIA" label="Allow Insecure">
+        <a-switch v-model:checked="client.allowInsecure" />
+      </a-form-item>
 
       <a-form-item v-if="isVmessOrVless">
         <template #label>

frontend/src/pages/inbounds/InboundFormModal.vue

@@ -1690,6 +1690,9 @@ watch(() => inbound.value?.protocol, () => stampAdvancedTextFor('stream'));
             <a-form-item label="Session Resumption">
               <a-switch v-model:checked="inbound.stream.tls.enableSessionResumption" />
             </a-form-item>
+            <a-form-item label="Allow Insecure">
+              <a-switch v-model:checked="inbound.stream.tls.settings.allowInsecure" />
+            </a-form-item>
 
 
             <!-- Cert array — file path or inline content per row -->

sub/subService.go

@@ -446,6 +446,7 @@ func (s *SubService) genHysteriaLink(inbound *model.Inbound, email string) strin
 		}
 	}
 	auth := clients[clientIndex].Auth
+	clientAllowInsecure := clients[clientIndex].AllowInsecure
 	params := make(map[string]string)
 
 	params["security"] = "tls"
@@ -467,7 +468,9 @@ func (s *SubService) genHysteriaLink(inbound *model.Inbound, email string) strin
 		if fpValue, ok := searchKey(tlsSettings, "fingerprint"); ok {
 			params["fp"], _ = fpValue.(string)
 		}
-		if insecure, ok := searchKey(tlsSettings, "allowInsecure"); ok {
+		if clientAllowInsecure {
+			params["insecure"] = "1"
+		} else if insecure, ok := searchKey(tlsSettings, "allowInsecure"); ok {
 			if insecure.(bool) {
 				params["insecure"] = "1"
 			}