feat(nodes): Add insecure TLS option for external nodes

2025-10-23 11:07:50 +00:00
parent a9309920c4
commit 8cfed0f1b4
7 changed files with 44 additions and 33 deletions
--- a/core/scripts/nodes/node.py
+++ b/core/scripts/nodes/node.py
@ -72,7 +72,7 @@ def write_nodes(nodes):
    except (IOError, OSError) as e:
        sys.exit(f"Error writing to {NODES_JSON_PATH}: {e}")

-def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None = None, port: int | None = None, obfs: str | None = None):
+def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None = None, port: int | None = None, obfs: str | None = None, insecure: bool = False):
    if not is_valid_ip_or_domain(ip):
        print(f"Error: '{ip}' is not a valid IP address or domain name.", file=sys.stderr)
        sys.exit(1)
@ -89,10 +89,6 @@ def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None =
        print(f"Error: Port '{port}' must be between 1 and 65535.", file=sys.stderr)
        sys.exit(1)

-    if obfs and not obfs.strip():
-        print(f"Error: OBFS value cannot be empty or just whitespace.", file=sys.stderr)
-        sys.exit(1)
-
    nodes = read_nodes()
    if any(node['name'] == name for node in nodes):
        print(f"Error: A node with the name '{name}' already exists.", file=sys.stderr)
@ -102,14 +98,16 @@ def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None =
        sys.exit(1)
    
    new_node = {"name": name, "ip": ip}
-    if port:
-        new_node["port"] = port
    if sni:
        new_node["sni"] = sni.strip()
    if pinSHA256:
        new_node["pinSHA256"] = pinSHA256.strip().upper()
+    if port:
+        new_node["port"] = port
    if obfs:
        new_node["obfs"] = obfs.strip()
+    if insecure:
+        new_node["insecure"] = insecure

    nodes.append(new_node)
    write_nodes(nodes)
@ -133,16 +131,17 @@ def list_nodes():
        print("No nodes configured.")
        return
        
-    print(f"{'Name':<15} {'IP / Domain':<25} {'Port':<8} {'OBFS':<15} {'SNI':<20} {'Pin SHA256'}")
-    print(f"{'-'*15} {'-'*25} {'-'*8} {'-'*15} {'-'*20} {'-'*30}")
+    print(f"{'Name':<15} {'IP / Domain':<25} {'Port':<8} {'SNI':<20} {'Insecure':<10} {'OBFS':<20} {'Pin SHA256'}")
+    print(f"{'-'*15} {'-'*25} {'-'*8} {'-'*20} {'-'*10} {'-'*20} {'-'*30}")
    for node in sorted(nodes, key=lambda x: x['name']):
        name = node['name']
        ip = node['ip']
        port = node.get('port', 'N/A')
-        obfs = node.get('obfs', 'N/A')
        sni = node.get('sni', 'N/A')
+        insecure = str(node.get('insecure', 'False'))
+        obfs = node.get('obfs', 'N/A')
        pin = node.get('pinSHA256', 'N/A')
-        print(f"{name:<15} {ip:<25} {str(port):<8} {obfs:<15} {sni:<20} {pin}")
+        print(f"{name:<15} {ip:<25} {str(port):<8} {sni:<20} {insecure:<10} {obfs:<20} {pin}")

 def generate_cert():
    try:
@ -203,21 +202,22 @@ def main():
    add_parser.add_argument('--name', type=str, required=True, help='The unique name of the node.')
    add_parser.add_argument('--ip', type=str, required=True, help='The IP address or domain of the node.')
    add_parser.add_argument('--port', type=int, help='Optional: The port of the node.')
-    add_parser.add_argument('--sni', type=str, help='Optional: The Server Name Indication (e.g., yourdomain.com).')
+    add_parser.add_argument('--sni', type=str, help='Optional: The Server Name Indication.')
    add_parser.add_argument('--pinSHA256', type=str, help='Optional: The public key SHA256 pin.')
-    add_parser.add_argument('--obfs', type=str, help='Optional: The obfuscation key/password.')
+    add_parser.add_argument('--obfs', type=str, help='Optional: The obfuscation key.')
+    add_parser.add_argument('--insecure', action='store_true', help='Optional: Skip certificate verification.')

    delete_parser = subparsers.add_parser('delete', help='Delete a node by name.')
    delete_parser.add_argument('--name', type=str, required=True, help='The name of the node to delete.')

    subparsers.add_parser('list', help='List all configured nodes.')
    
-    subparsers.add_parser('generate-cert', help="Generate blitz.crt and blitz.key if they don't exist or are expiring soon.")
+    subparsers.add_parser('generate-cert', help="Generate blitz.crt and blitz.key.")
    
    args = parser.parse_args()

    if args.command == 'add':
-        add_node(args.name, args.ip, args.sni, args.pinSHA256, args.port, args.obfs)
+        add_node(args.name, args.ip, args.sni, args.pinSHA256, args.port, args.obfs, args.insecure)
    elif args.command == 'delete':
        delete_node(args.name)
    elif args.command == 'list':
--- a/core/scripts/webpanel/assets/js/settings.js
+++ b/core/scripts/webpanel/assets/js/settings.js
@ -286,6 +286,7 @@ $(document).ready(function () {
                                <td>${escapeHtml(node.port || 'N/A')}</td>
                                <td>${escapeHtml(node.sni || 'N/A')}</td>
                                <td>${escapeHtml(node.obfs || 'N/A')}</td>
+                                <td>${escapeHtml(node.insecure ? 'True' : 'False')}</td>
                                <td>${escapeHtml(node.pinSHA256 || 'N/A')}</td>
                                <td>
                                    <button class="btn btn-xs btn-danger delete-node-btn" data-name="${escapeHtml(node.name)}">
@ -310,8 +311,9 @@ $(document).ready(function () {
        const sni = $("#node_sni").val().trim();
        const obfs = $("#node_obfs").val().trim();
        const pinSHA256 = $("#node_pin").val().trim();
+        const insecure = $("#node_insecure").is(':checked');
        
-        const data = { name: name, ip: ip };
+        const data = { name: name, ip: ip, insecure: insecure };
        if (port) data.port = parseInt(port);
        if (sni) data.sni = sni;
        if (obfs) data.obfs = obfs;
@ -326,12 +328,7 @@ $(document).ready(function () {
                "#add_node_btn",
                false,
                function() {
-                    $("#node_name").val('');
-                    $("#node_ip").val('');
-                    $("#node_port").val('');
-                    $("#node_sni").val('');
-                    $("#node_obfs").val('');
-                    $("#node_pin").val('');
+                    $("#add_node_form")[0].reset();
                    $("#add_node_form .form-control").removeClass('is-invalid');
                    fetchNodes();
                }
--- a/core/scripts/webpanel/routers/api/v1/config/ip.py
+++ b/core/scripts/webpanel/routers/api/v1/config/ip.py
@ -90,7 +90,7 @@ async def add_node(body: AddNodeBody):
    Adds a new external node to the configuration.

    Args:
-        body: Request body containing the name and IP of the node.
+        body: Request body containing the full details of the node.
    """
    try:
        cli_api.add_node(
@ -99,7 +99,8 @@ async def add_node(body: AddNodeBody):
            port=body.port, 
            sni=body.sni, 
            pinSHA256=body.pinSHA256, 
-            obfs=body.obfs
+            obfs=body.obfs,
+            insecure=body.insecure
        )
        return DetailResponse(detail=f"Node '{body.name}' added successfully.")
    except Exception as e:
--- a/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
+++ b/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
@ -39,6 +39,7 @@ class Node(BaseModel):
    sni: Optional[str] = None
    pinSHA256: Optional[str] = None
    obfs: Optional[str] = None
+    insecure: Optional[bool] = False

    @field_validator('ip', mode='before')
    def check_node_ip(cls, v: str | None):
--- a/core/scripts/webpanel/templates/settings.html
+++ b/core/scripts/webpanel/templates/settings.html
@ -228,6 +228,7 @@
                                                        <th>Port</th>
                                                        <th>SNI</th>
                                                        <th>OBFS</th>
+                                                        <th>Insecure</th>
                                                        <th>Pin SHA256</th>
                                                        <th>Action</th>
                                                    </tr>
@ -276,6 +277,14 @@
                                                <input type="text" class="form-control" id="node_pin" placeholder="5D:23:0E:E9:10:AB:96:E0:43...">
                                                <div class="invalid-feedback">Invalid SHA256 pin format.</div>
                                            </div>
+                                            <div class="form-group">
+                                                <div class="form-check">
+                                                    <input class="form-check-input" type="checkbox" id="node_insecure">
+                                                    <label class="form-check-label" for="node_insecure">
+                                                        Insecure
+                                                    </label>
+                                                </div>
+                                            </div>
                                            <button type="button" id="add_node_btn" class="btn btn-success">
                                                <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true" style="display: none;"></span>
                                                Add Node