Update changelog & Clone Main

changelog

@@ -1,19 +1,18 @@
-# [1.16.0] - 2025-08-19
+# [1.17.0] - 2025-08-24
 
-#### ✨ New Features
 
-* 📊 **Dashboard Redesign**
+#### ⚡ Authentication
 
-  * Modernized UI with detailed server stats
-* 🖥️ **Server API Enhancements**
+* 🚀 **Implemented Go HTTP Auth Server** for **maximum performance**
+* ⚡ Removed old command-based auth system
 
-  * Added uptime and traffic-since-reboot metrics
-* ⚡ **System Monitor Optimization**
+#### 👥 User Management
 
-  * Improved performance with async I/O
-  * Accurate traffic tracking since reboot
+* ✨ **Bulk User Creation** added across:
 
-#### 🐛 Fixes
-
-* 🔧 Correctly count **actual device connections** instead of unique users
-* 🔥 Fixed subscription blocked page to display the right user data
+  * 🖥️ **Frontend UI**
+  * 📡 **API Endpoint**
+  * 💻 **CLI Command**
+  * 📜 **Automation Script**
+* 🔍 New **Online User Filter & Sort** on the Users page
+* 🐛 Fixed: underscores now supported in usernames

core/scripts/auth/user_auth.go

@@ -81,33 +81,28 @@ func authHandler(w http.ResponseWriter, r *http.Request) {
 	user, ok := userCache[username]
 	cacheMutex.RUnlock()
 
-	// 1. Check existence
 	if !ok {
 		json.NewEncoder(w).Encode(httpAuthResponse{OK: false})
 		return
 	}
 
-	// 2. Check if blocked
 	if user.Blocked {
 		json.NewEncoder(w).Encode(httpAuthResponse{OK: false})
 		return
 	}
 
-	// 3. Check password (constant time)
 	if subtle.ConstantTimeCompare([]byte(user.Password), []byte(password)) != 1 {
 		time.Sleep(5 * time.Second) // Slow down brute-force attacks
 		json.NewEncoder(w).Encode(httpAuthResponse{OK: false})
 		return
 	}
 
-	// 4. Check if unlimited (if so, grant access)
 	if user.UnlimitedUser {
 		w.Header().Set("Content-Type", "application/json")
 		json.NewEncoder(w).Encode(httpAuthResponse{OK: true, ID: username})
 		return
 	}
 
-	// 5. Check expiration
 	if user.ExpirationDays > 0 {
 		creationDate, err := time.Parse("2006-01-02", user.AccountCreationDate)
 		if err == nil && time.Now().After(creationDate.AddDate(0, 0, user.ExpirationDays)) {
@@ -116,19 +111,17 @@ func authHandler(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	// 6. Check traffic limit
 	if user.MaxDownloadBytes > 0 && (user.DownloadBytes+user.UploadBytes) >= user.MaxDownloadBytes {
 		json.NewEncoder(w).Encode(httpAuthResponse{OK: false})
 		return
 	}
 
-	// All checks passed
 	w.Header().Set("Content-Type", "application/json")
 	json.NewEncoder(w).Encode(httpAuthResponse{OK: true, ID: username})
 }
 
 func main() {
-	log.SetOutput(io.Discard) // Disable logging for max performance
+	log.SetOutput(io.Discard)
 	loadUsersToCache()
 
 	ticker := time.NewTicker(cacheTTL)
@@ -140,7 +133,6 @@ func main() {
 
 	http.HandleFunc("/auth", authHandler)
 	if err := http.ListenAndServe(listenAddr, nil); err != nil {
-		// If we can't start, log to stderr so systemd can see it
 		log.SetOutput(os.Stderr)
 		log.Fatalf("Failed to start server: %v", err)
 	}

upgrade.sh

@@ -8,7 +8,7 @@ HYSTERIA_INSTALL_DIR="/etc/hysteria"
 HYSTERIA_VENV_DIR="$HYSTERIA_INSTALL_DIR/hysteria2_venv"
 AUTH_BINARY_DIR="$HYSTERIA_INSTALL_DIR/core/scripts/auth"
 REPO_URL="https://github.com/ReturnFI/Blitz"
-REPO_BRANCH="auth"
+REPO_BRANCH="main"
 GEOSITE_URL="https://raw.githubusercontent.com/Chocolate4U/Iran-v2ray-rules/release/geosite.dat"
 GEOIP_URL="https://raw.githubusercontent.com/Chocolate4U/Iran-v2ray-rules/release/geoip.dat"