From 3b58a0273fe9350eb97baaa8b679a529c8f91240 Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Mon, 13 Oct 2025 12:39:16 +0000
Subject: [PATCH 01/13] feat(nodes): Implement advanced node management and
 certificate generation

---
 core/cli.py                      |  15 ++-
 core/cli_api.py                  |  19 ++-
 core/scripts/hysteria2/node.py   | 110 ----------------
 core/scripts/nodes/init_paths.py |   7 ++
 core/scripts/nodes/node.py       | 210 +++++++++++++++++++++++++++++++
 5 files changed, 245 insertions(+), 116 deletions(-)
 delete mode 100644 core/scripts/hysteria2/node.py
 create mode 100644 core/scripts/nodes/init_paths.py
 create mode 100644 core/scripts/nodes/node.py

diff --git a/core/cli.py b/core/cli.py
index 37ca6fa..72c0531 100644
--- a/core/cli.py
+++ b/core/cli.py
@@ -331,10 +331,12 @@ def node():
 @node.command('add')
 @click.option('--name', required=True, type=str, help='A unique name for the node (e.g., "Node-DE").')
 @click.option('--ip', required=True, type=str, help='The public IP address of the node.')
-def add_node(name, ip):
+@click.option('--sni', required=False, type=str, help='Optional: The Server Name Indication (e.g., yourdomain.com).')
+@click.option('--pinSHA256', required=False, type=str, help='Optional: The public key SHA256 pin.')
+def add_node(name, ip, sni, pinsha256):
     """Add a new external node."""
     try:
-        output = cli_api.add_node(name, ip)
+        output = cli_api.add_node(name, ip, sni, pinSHA256=pinsha256)
         click.echo(output.strip())
     except Exception as e:
         click.echo(f'{e}', err=True)
@@ -358,6 +360,15 @@ def list_nodes():
     except Exception as e:
         click.echo(f'{e}', err=True)
 
+@node.command('generate-cert')
+def generate_cert():
+    """Generate a self-signed certificate for nodes."""
+    try:
+        output = cli_api.generate_node_cert()
+        click.echo(output.strip())
+    except Exception as e:
+        click.echo(f'{e}', err=True)
+
 @cli.command('update-geo')
 @click.option('--country', '-c',
               type=click.Choice(['iran', 'china', 'russia'], case_sensitive=False),
diff --git a/core/cli_api.py b/core/cli_api.py
index 01856f0..d59cbe6 100644
--- a/core/cli_api.py
+++ b/core/cli_api.py
@@ -35,7 +35,7 @@ class Command(Enum):
     SHOW_USER_URI = os.path.join(SCRIPT_DIR, 'hysteria2', 'show_user_uri.py')
     WRAPPER_URI = os.path.join(SCRIPT_DIR, 'hysteria2', 'wrapper_uri.py')
     IP_ADD = os.path.join(SCRIPT_DIR, 'hysteria2', 'ip.py')
-    NODE_MANAGER = os.path.join(SCRIPT_DIR, 'hysteria2', 'node.py')
+    NODE_MANAGER = os.path.join(SCRIPT_DIR, 'nodes', 'node.py')
     MANAGE_OBFS = os.path.join(SCRIPT_DIR, 'hysteria2', 'manage_obfs.py')
     MASQUERADE_SCRIPT = os.path.join(SCRIPT_DIR, 'hysteria2', 'masquerade.py')
     EXTRA_CONFIG_SCRIPT = os.path.join(SCRIPT_DIR, 'hysteria2', 'extra_config.py')
@@ -464,11 +464,16 @@ def edit_ip_address(ipv4: str, ipv6: str):
     if ipv6:
         run_cmd(['python3', Command.IP_ADD.value, 'edit', '-6', ipv6])
 
-def add_node(name: str, ip: str):
+def add_node(name: str, ip: str, sni: Optional[str] = None, pinSHA256: Optional[str] = None):
     """
     Adds a new external node.
     """
-    return run_cmd(['python3', Command.NODE_MANAGER.value, 'add', '--name', name, '--ip', ip])
+    command = ['python3', Command.NODE_MANAGER.value, 'add', '--name', name, '--ip', ip]
+    if sni:
+        command.extend(['--sni', sni])
+    if pinSHA256:
+        command.extend(['--pinSHA256', pinSHA256])
+    return run_cmd(command)
 
 def delete_node(name: str):
     """
@@ -482,6 +487,12 @@ def list_nodes():
     """
     return run_cmd(['python3', Command.NODE_MANAGER.value, 'list'])
 
+def generate_node_cert():
+    """
+    Generates a self-signed certificate for nodes.
+    """
+    return run_cmd(['python3', Command.NODE_MANAGER.value, 'generate-cert'])
+
 def update_geo(country: str):
     '''
     Updates geographic data files based on the specified country.
@@ -775,4 +786,4 @@ def get_ip_limiter_config() -> dict[str, int | None]:
     except Exception as e:
         print(f"Error reading IP Limiter config from .configs.env: {e}")
         return {"block_duration": None, "max_ips": None}
-# endregion
+# endregion
\ No newline at end of file
diff --git a/core/scripts/hysteria2/node.py b/core/scripts/hysteria2/node.py
deleted file mode 100644
index e8c6150..0000000
--- a/core/scripts/hysteria2/node.py
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/usr/bin/env python3
-
-import sys
-import json
-import argparse
-from pathlib import Path
-import re
-from ipaddress import ip_address
-from init_paths import *
-from paths import NODES_JSON_PATH
-
-def is_valid_ip_or_domain(value: str) -> bool:
-    """Check if the value is a valid IP address or domain name."""
-    if not value or not value.strip():
-        return False
-    value = value.strip()
-    try:
-        ip_address(value)
-        return True
-    except ValueError:
-        domain_regex = re.compile(
-            r'^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$',
-            re.IGNORECASE
-        )
-        return re.match(domain_regex, value) is not None
-
-def read_nodes():
-    if not NODES_JSON_PATH.exists():
-        return []
-    try:
-        with NODES_JSON_PATH.open("r") as f:
-            content = f.read()
-            if not content:
-                return []
-            return json.loads(content)
-    except (json.JSONDecodeError, IOError, OSError) as e:
-        sys.exit(f"Error reading or parsing {NODES_JSON_PATH}: {e}")
-
-def write_nodes(nodes):
-    try:
-        NODES_JSON_PATH.parent.mkdir(parents=True, exist_ok=True)
-        with NODES_JSON_PATH.open("w") as f:
-            json.dump(nodes, f, indent=4)
-    except (IOError, OSError) as e:
-        sys.exit(f"Error writing to {NODES_JSON_PATH}: {e}")
-
-def add_node(name: str, ip: str):
-    if not is_valid_ip_or_domain(ip):
-        print(f"Error: '{ip}' is not a valid IP address or domain name.", file=sys.stderr)
-        sys.exit(1)
-
-    nodes = read_nodes()
-    if any(node['name'] == name for node in nodes):
-        print(f"Error: A node with the name '{name}' already exists.", file=sys.stderr)
-        sys.exit(1)
-    if any(node['ip'] == ip for node in nodes):
-        print(f"Error: A node with the IP/domain '{ip}' already exists.", file=sys.stderr)
-        sys.exit(1)
-    
-    nodes.append({"name": name, "ip": ip})
-    write_nodes(nodes)
-    print(f"Successfully added node '{name}' with IP/domain '{ip}'.")
-
-def delete_node(name: str):
-    nodes = read_nodes()
-    original_count = len(nodes)
-    nodes = [node for node in nodes if node['name'] != name]
-    
-    if len(nodes) == original_count:
-        print(f"Error: No node with the name '{name}' found.", file=sys.stderr)
-        sys.exit(1)
-
-    write_nodes(nodes)
-    print(f"Successfully deleted node '{name}'.")
-
-def list_nodes():
-    nodes = read_nodes()
-    if not nodes:
-        print("No nodes configured.")
-        return
-        
-    print(f"{'Name':<30} {'IP Address / Domain'}")
-    print(f"{'-'*30} {'-'*25}")
-    for node in sorted(nodes, key=lambda x: x['name']):
-        print(f"{node['name']:<30} {node['ip']}")
-
-def main():
-    parser = argparse.ArgumentParser(description="Manage external node configurations.")
-    subparsers = parser.add_subparsers(dest='command', required=True)
-
-    add_parser = subparsers.add_parser('add', help='Add a new node.')
-    add_parser.add_argument('--name', type=str, required=True, help='The unique name of the node.')
-    add_parser.add_argument('--ip', type=str, required=True, help='The IP address or domain of the node.')
-
-    delete_parser = subparsers.add_parser('delete', help='Delete a node by name.')
-    delete_parser.add_argument('--name', type=str, required=True, help='The name of the node to delete.')
-
-    subparsers.add_parser('list', help='List all configured nodes.')
-    
-    args = parser.parse_args()
-
-    if args.command == 'add':
-        add_node(args.name, args.ip)
-    elif args.command == 'delete':
-        delete_node(args.name)
-    elif args.command == 'list':
-        list_nodes()
-
-if __name__ == "__main__":
-    main()
\ No newline at end of file
diff --git a/core/scripts/nodes/init_paths.py b/core/scripts/nodes/init_paths.py
new file mode 100644
index 0000000..c9c4648
--- /dev/null
+++ b/core/scripts/nodes/init_paths.py
@@ -0,0 +1,7 @@
+import sys
+from pathlib import Path
+
+core_scripts_dir = Path(__file__).resolve().parents[1]
+
+if str(core_scripts_dir) not in sys.path:
+    sys.path.append(str(core_scripts_dir))
diff --git a/core/scripts/nodes/node.py b/core/scripts/nodes/node.py
new file mode 100644
index 0000000..b19644d
--- /dev/null
+++ b/core/scripts/nodes/node.py
@@ -0,0 +1,210 @@
+#!/usr/bin/env python3
+
+import sys
+import json
+import argparse
+from pathlib import Path
+import re
+from ipaddress import ip_address
+import subprocess
+from datetime import datetime, timedelta
+from init_paths import *
+from paths import NODES_JSON_PATH
+
+
+def is_valid_ip_or_domain(value: str) -> bool:
+    if not value or not value.strip():
+        return False
+    value = value.strip()
+    try:
+        ip_address(value)
+        return True
+    except ValueError:
+        domain_regex = re.compile(
+            r'^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$',
+            re.IGNORECASE
+        )
+        return re.match(domain_regex, value) is not None
+
+def is_valid_sni(value: str) -> bool:
+    if not value or not value.strip():
+        return False
+    value = value.strip()
+    try:
+        ip_address(value)
+        return False
+    except ValueError:
+        if "https://" in value or "http://" in value or "//" in value:
+            return False
+        domain_regex = re.compile(
+            r'^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$',
+            re.IGNORECASE
+        )
+        return re.match(domain_regex, value) is not None
+
+def is_valid_sha256_pin(value: str) -> bool:
+    if not value or not value.strip():
+        return False
+    value = value.strip().upper()
+    pin_regex = re.compile(r'^([0-9A-F]{2}:){31}[0-9A-F]{2}$')
+    return re.match(pin_regex, value) is not None
+
+def read_nodes():
+    if not NODES_JSON_PATH.exists():
+        return []
+    try:
+        with NODES_JSON_PATH.open("r") as f:
+            content = f.read()
+            if not content:
+                return []
+            return json.loads(content)
+    except (json.JSONDecodeError, IOError, OSError) as e:
+        sys.exit(f"Error reading or parsing {NODES_JSON_PATH}: {e}")
+
+def write_nodes(nodes):
+    try:
+        NODES_JSON_PATH.parent.mkdir(parents=True, exist_ok=True)
+        with NODES_JSON_PATH.open("w") as f:
+            json.dump(nodes, f, indent=4)
+    except (IOError, OSError) as e:
+        sys.exit(f"Error writing to {NODES_JSON_PATH}: {e}")
+
+def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None = None):
+    if not is_valid_ip_or_domain(ip):
+        print(f"Error: '{ip}' is not a valid IP address or domain name.", file=sys.stderr)
+        sys.exit(1)
+
+    if sni and not is_valid_sni(sni):
+        print(f"Error: '{sni}' is not a valid domain name for SNI. Do not include http/https and ensure it's not an IP.", file=sys.stderr)
+        sys.exit(1)
+
+    if pinSHA256 and not is_valid_sha256_pin(pinSHA256):
+        print(f"Error: '{pinSHA256}' is not a valid SHA256 pin format.", file=sys.stderr)
+        sys.exit(1)
+
+    nodes = read_nodes()
+    if any(node['name'] == name for node in nodes):
+        print(f"Error: A node with the name '{name}' already exists.", file=sys.stderr)
+        sys.exit(1)
+    if any(node['ip'] == ip for node in nodes):
+        print(f"Error: A node with the IP/domain '{ip}' already exists.", file=sys.stderr)
+        sys.exit(1)
+    
+    new_node = {"name": name, "ip": ip}
+    if sni:
+        new_node["sni"] = sni.strip()
+    if pinSHA256:
+        new_node["pinSHA256"] = pinSHA256.strip().upper()
+
+    nodes.append(new_node)
+    write_nodes(nodes)
+    print(f"Successfully added node '{name}'.")
+
+def delete_node(name: str):
+    nodes = read_nodes()
+    original_count = len(nodes)
+    nodes = [node for node in nodes if node['name'] != name]
+    
+    if len(nodes) == original_count:
+        print(f"Error: No node with the name '{name}' found.", file=sys.stderr)
+        sys.exit(1)
+
+    write_nodes(nodes)
+    print(f"Successfully deleted node '{name}'.")
+
+def list_nodes():
+    nodes = read_nodes()
+    if not nodes:
+        print("No nodes configured.")
+        return
+        
+    print(f"{'Name':<20} {'IP / Domain':<25} {'SNI':<25} {'Pin SHA256'}")
+    print(f"{'-'*20} {'-'*25} {'-'*25} {'-'*30}")
+    for node in sorted(nodes, key=lambda x: x['name']):
+        name = node['name']
+        ip = node['ip']
+        sni = node.get('sni', 'N/A')
+        pin = node.get('pinSHA256', 'N/A')
+        print(f"{name:<20} {ip:<25} {sni:<25} {pin}")
+
+def generate_cert():
+    try:
+        script_dir = Path(__file__).parent.resolve()
+        key_filepath = script_dir / "blitz.key"
+        cert_filepath = script_dir / "blitz.crt"
+        
+        if cert_filepath.exists():
+            try:
+                check_cmd = ['openssl', 'x509', '-in', str(cert_filepath), '-noout', '-enddate']
+                result = subprocess.run(check_cmd, capture_output=True, text=True, check=True)
+                
+                end_date_str = result.stdout.strip().split('=')[1]
+                end_date = datetime.strptime(end_date_str, '%b %d %H:%M:%S %Y %Z')
+                
+                if end_date > datetime.now() + timedelta(days=30):
+                    print("Existing certificate is valid for more than 30 days.")
+                    print("\n")
+                    print(cert_filepath.read_text().strip())
+                    return
+                else:
+                    print("Existing certificate is expiring in less than 30 days. Generating a new one.")
+            except (subprocess.CalledProcessError, FileNotFoundError, IndexError, ValueError) as e:
+                print(f"Could not validate existing certificate: {e}. Generating a new one.")
+
+        print("Generating new certificate and key...")
+        openssl_command = [
+            'openssl', 'req', '-x509',
+            '-newkey', 'ec',
+            '-pkeyopt', 'ec_paramgen_curve:prime256v1',
+            '-keyout', str(key_filepath),
+            '-out', str(cert_filepath),
+            '-sha256', '-days', '3650', '-nodes',
+            '-subj', '/CN=Blitz'
+        ]
+        
+        result = subprocess.run(openssl_command, capture_output=True, text=True, check=False)
+
+        if result.returncode != 0:
+            sys.exit(f"Error generating certificate with OpenSSL:\n{result.stderr}")
+        
+        cert_content = cert_filepath.read_text()
+        
+        print("Successfully generated certificate and key:")
+        print("\n")
+        print(cert_content.strip())
+
+    except FileNotFoundError:
+        sys.exit("Error: 'openssl' command not found. Please ensure OpenSSL is installed and in your PATH.")
+    except Exception as e:
+        sys.exit(f"An unexpected error occurred: {e}")
+
+def main():
+    parser = argparse.ArgumentParser(description="Manage external node configurations.")
+    subparsers = parser.add_subparsers(dest='command', required=True)
+
+    add_parser = subparsers.add_parser('add', help='Add a new node.')
+    add_parser.add_argument('--name', type=str, required=True, help='The unique name of the node.')
+    add_parser.add_argument('--ip', type=str, required=True, help='The IP address or domain of the node.')
+    add_parser.add_argument('--sni', type=str, help='Optional: The Server Name Indication (e.g., yourdomain.com).')
+    add_parser.add_argument('--pinSHA256', type=str, help='Optional: The public key SHA256 pin.')
+
+    delete_parser = subparsers.add_parser('delete', help='Delete a node by name.')
+    delete_parser.add_argument('--name', type=str, required=True, help='The name of the node to delete.')
+
+    subparsers.add_parser('list', help='List all configured nodes.')
+    
+    subparsers.add_parser('generate-cert', help="Generate blitz.crt and blitz.key if they don't exist or are expiring soon.")
+    
+    args = parser.parse_args()
+
+    if args.command == 'add':
+        add_node(args.name, args.ip, args.sni, args.pinSHA256)
+    elif args.command == 'delete':
+        delete_node(args.name)
+    elif args.command == 'list':
+        list_nodes()
+    elif args.command == 'generate-cert':
+        generate_cert()
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file

From db82da6e62b406e7e185802f00927f03a7441ca7 Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Thu, 16 Oct 2025 19:22:49 +0000
Subject: [PATCH 02/13] feat(nodes): Add optional port parameter for node
 management

---
 core/cli.py                |  7 ++++---
 core/cli_api.py            |  4 +++-
 core/scripts/nodes/node.py | 23 +++++++++++++++++------
 3 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/core/cli.py b/core/cli.py
index 72c0531..407ae19 100644
--- a/core/cli.py
+++ b/core/cli.py
@@ -331,12 +331,13 @@ def node():
 @node.command('add')
 @click.option('--name', required=True, type=str, help='A unique name for the node (e.g., "Node-DE").')
 @click.option('--ip', required=True, type=str, help='The public IP address of the node.')
-@click.option('--sni', required=False, type=str, help='Optional: The Server Name Indication (e.g., yourdomain.com).')
+@click.option('--port', required=False, type=int, help='Optional: The port of the node.')
+@click.option('--sni', required=False, type=str, help='Optional: The Server Name Indication.')
 @click.option('--pinSHA256', required=False, type=str, help='Optional: The public key SHA256 pin.')
-def add_node(name, ip, sni, pinsha256):
+def add_node(name, ip, port, sni, pinsha256):
     """Add a new external node."""
     try:
-        output = cli_api.add_node(name, ip, sni, pinSHA256=pinsha256)
+        output = cli_api.add_node(name, ip, sni, pinSHA256=pinsha256, port=port)
         click.echo(output.strip())
     except Exception as e:
         click.echo(f'{e}', err=True)
diff --git a/core/cli_api.py b/core/cli_api.py
index d59cbe6..87b86bf 100644
--- a/core/cli_api.py
+++ b/core/cli_api.py
@@ -464,11 +464,13 @@ def edit_ip_address(ipv4: str, ipv6: str):
     if ipv6:
         run_cmd(['python3', Command.IP_ADD.value, 'edit', '-6', ipv6])
 
-def add_node(name: str, ip: str, sni: Optional[str] = None, pinSHA256: Optional[str] = None):
+def add_node(name: str, ip: str, sni: Optional[str] = None, pinSHA256: Optional[str] = None, port: Optional[int] = None):
     """
     Adds a new external node.
     """
     command = ['python3', Command.NODE_MANAGER.value, 'add', '--name', name, '--ip', ip]
+    if port:
+        command.extend(['--port', str(port)])
     if sni:
         command.extend(['--sni', sni])
     if pinSHA256:
diff --git a/core/scripts/nodes/node.py b/core/scripts/nodes/node.py
index b19644d..050bb43 100644
--- a/core/scripts/nodes/node.py
+++ b/core/scripts/nodes/node.py
@@ -49,6 +49,9 @@ def is_valid_sha256_pin(value: str) -> bool:
     pin_regex = re.compile(r'^([0-9A-F]{2}:){31}[0-9A-F]{2}$')
     return re.match(pin_regex, value) is not None
 
+def is_valid_port(port: int) -> bool:
+    return 1 <= port <= 65535
+
 def read_nodes():
     if not NODES_JSON_PATH.exists():
         return []
@@ -69,19 +72,23 @@ def write_nodes(nodes):
     except (IOError, OSError) as e:
         sys.exit(f"Error writing to {NODES_JSON_PATH}: {e}")
 
-def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None = None):
+def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None = None, port: int | None = None):
     if not is_valid_ip_or_domain(ip):
         print(f"Error: '{ip}' is not a valid IP address or domain name.", file=sys.stderr)
         sys.exit(1)
 
     if sni and not is_valid_sni(sni):
-        print(f"Error: '{sni}' is not a valid domain name for SNI. Do not include http/https and ensure it's not an IP.", file=sys.stderr)
+        print(f"Error: '{sni}' is not a valid domain name for SNI.", file=sys.stderr)
         sys.exit(1)
 
     if pinSHA256 and not is_valid_sha256_pin(pinSHA256):
         print(f"Error: '{pinSHA256}' is not a valid SHA256 pin format.", file=sys.stderr)
         sys.exit(1)
 
+    if port and not is_valid_port(port):
+        print(f"Error: Port '{port}' must be between 1 and 65535.", file=sys.stderr)
+        sys.exit(1)
+
     nodes = read_nodes()
     if any(node['name'] == name for node in nodes):
         print(f"Error: A node with the name '{name}' already exists.", file=sys.stderr)
@@ -95,6 +102,8 @@ def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None =
         new_node["sni"] = sni.strip()
     if pinSHA256:
         new_node["pinSHA256"] = pinSHA256.strip().upper()
+    if port:
+        new_node["port"] = port
 
     nodes.append(new_node)
     write_nodes(nodes)
@@ -118,14 +127,15 @@ def list_nodes():
         print("No nodes configured.")
         return
         
-    print(f"{'Name':<20} {'IP / Domain':<25} {'SNI':<25} {'Pin SHA256'}")
-    print(f"{'-'*20} {'-'*25} {'-'*25} {'-'*30}")
+    print(f"{'Name':<20} {'IP / Domain':<25} {'Port':<10} {'SNI':<25} {'Pin SHA256'}")
+    print(f"{'-'*20} {'-'*25} {'-'*10} {'-'*25} {'-'*30}")
     for node in sorted(nodes, key=lambda x: x['name']):
         name = node['name']
         ip = node['ip']
+        port = node.get('port', 'N/A')
         sni = node.get('sni', 'N/A')
         pin = node.get('pinSHA256', 'N/A')
-        print(f"{name:<20} {ip:<25} {sni:<25} {pin}")
+        print(f"{name:<20} {ip:<25} {str(port):<10} {sni:<25} {pin}")
 
 def generate_cert():
     try:
@@ -185,6 +195,7 @@ def main():
     add_parser = subparsers.add_parser('add', help='Add a new node.')
     add_parser.add_argument('--name', type=str, required=True, help='The unique name of the node.')
     add_parser.add_argument('--ip', type=str, required=True, help='The IP address or domain of the node.')
+    add_parser.add_argument('--port', type=int, help='Optional: The port of the node.')
     add_parser.add_argument('--sni', type=str, help='Optional: The Server Name Indication (e.g., yourdomain.com).')
     add_parser.add_argument('--pinSHA256', type=str, help='Optional: The public key SHA256 pin.')
 
@@ -198,7 +209,7 @@ def main():
     args = parser.parse_args()
 
     if args.command == 'add':
-        add_node(args.name, args.ip, args.sni, args.pinSHA256)
+        add_node(args.name, args.ip, args.sni, args.pinSHA256, args.port)
     elif args.command == 'delete':
         delete_node(args.name)
     elif args.command == 'list':

From dd9f2a3e578c26fd0182642f7450c121391bd6f2 Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Thu, 16 Oct 2025 19:51:58 +0000
Subject: [PATCH 03/13] feat(nodes): Add optional obfs parameter for node
 management

---
 core/cli.py                |  5 +++--
 core/cli_api.py            |  4 +++-
 core/scripts/nodes/node.py | 22 +++++++++++++++-------
 3 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/core/cli.py b/core/cli.py
index 407ae19..4b1f0ab 100644
--- a/core/cli.py
+++ b/core/cli.py
@@ -334,10 +334,11 @@ def node():
 @click.option('--port', required=False, type=int, help='Optional: The port of the node.')
 @click.option('--sni', required=False, type=str, help='Optional: The Server Name Indication.')
 @click.option('--pinSHA256', required=False, type=str, help='Optional: The public key SHA256 pin.')
-def add_node(name, ip, port, sni, pinsha256):
+@click.option('--obfs', required=False, type=str, help='Optional: The obfuscation key/password.')
+def add_node(name, ip, port, sni, pinsha256, obfs):
     """Add a new external node."""
     try:
-        output = cli_api.add_node(name, ip, sni, pinSHA256=pinsha256, port=port)
+        output = cli_api.add_node(name, ip, sni, pinSHA256=pinsha256, port=port, obfs=obfs)
         click.echo(output.strip())
     except Exception as e:
         click.echo(f'{e}', err=True)
diff --git a/core/cli_api.py b/core/cli_api.py
index 87b86bf..045b2ef 100644
--- a/core/cli_api.py
+++ b/core/cli_api.py
@@ -464,7 +464,7 @@ def edit_ip_address(ipv4: str, ipv6: str):
     if ipv6:
         run_cmd(['python3', Command.IP_ADD.value, 'edit', '-6', ipv6])
 
-def add_node(name: str, ip: str, sni: Optional[str] = None, pinSHA256: Optional[str] = None, port: Optional[int] = None):
+def add_node(name: str, ip: str, sni: Optional[str] = None, pinSHA256: Optional[str] = None, port: Optional[int] = None, obfs: Optional[str] = None):
     """
     Adds a new external node.
     """
@@ -475,6 +475,8 @@ def add_node(name: str, ip: str, sni: Optional[str] = None, pinSHA256: Optional[
         command.extend(['--sni', sni])
     if pinSHA256:
         command.extend(['--pinSHA256', pinSHA256])
+    if obfs:
+        command.extend(['--obfs', obfs])
     return run_cmd(command)
 
 def delete_node(name: str):
diff --git a/core/scripts/nodes/node.py b/core/scripts/nodes/node.py
index 050bb43..7f697c8 100644
--- a/core/scripts/nodes/node.py
+++ b/core/scripts/nodes/node.py
@@ -72,7 +72,7 @@ def write_nodes(nodes):
     except (IOError, OSError) as e:
         sys.exit(f"Error writing to {NODES_JSON_PATH}: {e}")
 
-def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None = None, port: int | None = None):
+def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None = None, port: int | None = None, obfs: str | None = None):
     if not is_valid_ip_or_domain(ip):
         print(f"Error: '{ip}' is not a valid IP address or domain name.", file=sys.stderr)
         sys.exit(1)
@@ -89,6 +89,10 @@ def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None =
         print(f"Error: Port '{port}' must be between 1 and 65535.", file=sys.stderr)
         sys.exit(1)
 
+    if obfs and not obfs.strip():
+        print(f"Error: OBFS value cannot be empty or just whitespace.", file=sys.stderr)
+        sys.exit(1)
+
     nodes = read_nodes()
     if any(node['name'] == name for node in nodes):
         print(f"Error: A node with the name '{name}' already exists.", file=sys.stderr)
@@ -98,12 +102,14 @@ def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None =
         sys.exit(1)
     
     new_node = {"name": name, "ip": ip}
+    if port:
+        new_node["port"] = port
     if sni:
         new_node["sni"] = sni.strip()
     if pinSHA256:
         new_node["pinSHA256"] = pinSHA256.strip().upper()
-    if port:
-        new_node["port"] = port
+    if obfs:
+        new_node["obfs"] = obfs.strip()
 
     nodes.append(new_node)
     write_nodes(nodes)
@@ -127,15 +133,16 @@ def list_nodes():
         print("No nodes configured.")
         return
         
-    print(f"{'Name':<20} {'IP / Domain':<25} {'Port':<10} {'SNI':<25} {'Pin SHA256'}")
-    print(f"{'-'*20} {'-'*25} {'-'*10} {'-'*25} {'-'*30}")
+    print(f"{'Name':<15} {'IP / Domain':<25} {'Port':<8} {'OBFS':<15} {'SNI':<20} {'Pin SHA256'}")
+    print(f"{'-'*15} {'-'*25} {'-'*8} {'-'*15} {'-'*20} {'-'*30}")
     for node in sorted(nodes, key=lambda x: x['name']):
         name = node['name']
         ip = node['ip']
         port = node.get('port', 'N/A')
+        obfs = node.get('obfs', 'N/A')
         sni = node.get('sni', 'N/A')
         pin = node.get('pinSHA256', 'N/A')
-        print(f"{name:<20} {ip:<25} {str(port):<10} {sni:<25} {pin}")
+        print(f"{name:<15} {ip:<25} {str(port):<8} {obfs:<15} {sni:<20} {pin}")
 
 def generate_cert():
     try:
@@ -198,6 +205,7 @@ def main():
     add_parser.add_argument('--port', type=int, help='Optional: The port of the node.')
     add_parser.add_argument('--sni', type=str, help='Optional: The Server Name Indication (e.g., yourdomain.com).')
     add_parser.add_argument('--pinSHA256', type=str, help='Optional: The public key SHA256 pin.')
+    add_parser.add_argument('--obfs', type=str, help='Optional: The obfuscation key/password.')
 
     delete_parser = subparsers.add_parser('delete', help='Delete a node by name.')
     delete_parser.add_argument('--name', type=str, required=True, help='The name of the node to delete.')
@@ -209,7 +217,7 @@ def main():
     args = parser.parse_args()
 
     if args.command == 'add':
-        add_node(args.name, args.ip, args.sni, args.pinSHA256, args.port)
+        add_node(args.name, args.ip, args.sni, args.pinSHA256, args.port, args.obfs)
     elif args.command == 'delete':
         delete_node(args.name)
     elif args.command == 'list':

From 70fab7169ef1cd413aa699398869b9bb8fe318e0 Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Thu, 16 Oct 2025 20:33:22 +0000
Subject: [PATCH 04/13] feat(api): Add full node configuration to web panel API

---
 .../webpanel/routers/api/v1/config/ip.py      | 10 +++-
 .../routers/api/v1/schema/config/ip.py        | 48 ++++++++++++++++++-
 2 files changed, 54 insertions(+), 4 deletions(-)

diff --git a/core/scripts/webpanel/routers/api/v1/config/ip.py b/core/scripts/webpanel/routers/api/v1/config/ip.py
index bcd8398..f981673 100644
--- a/core/scripts/webpanel/routers/api/v1/config/ip.py
+++ b/core/scripts/webpanel/routers/api/v1/config/ip.py
@@ -93,7 +93,14 @@ async def add_node(body: AddNodeBody):
         body: Request body containing the name and IP of the node.
     """
     try:
-        cli_api.add_node(body.name, body.ip)
+        cli_api.add_node(
+            name=body.name, 
+            ip=body.ip, 
+            port=body.port, 
+            sni=body.sni, 
+            pinSHA256=body.pinSHA256, 
+            obfs=body.obfs
+        )
         return DetailResponse(detail=f"Node '{body.name}' added successfully.")
     except Exception as e:
         raise HTTPException(status_code=400, detail=str(e))
@@ -102,7 +109,6 @@ async def add_node(body: AddNodeBody):
 @router.post('/nodes/delete', response_model=DetailResponse, summary='Delete External Node')
 async def delete_node(body: DeleteNodeBody):
     """
-
     Deletes an external node from the configuration by its name.
 
     Args:
diff --git a/core/scripts/webpanel/routers/api/v1/schema/config/ip.py b/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
index 538d2e7..73f293c 100644
--- a/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
+++ b/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
@@ -1,6 +1,7 @@
-from pydantic import BaseModel, field_validator, ValidationInfo
-from ipaddress import IPv4Address, IPv6Address, ip_address
+from pydantic import BaseModel, field_validator, Field
+from ipaddress import ip_address
 import re
+from typing import Optional
 
 def validate_ip_or_domain(v: str) -> str | None:
     if v is None or v.strip() in ['', 'None']:
@@ -34,6 +35,10 @@ class EditInputBody(StatusResponse):
 class Node(BaseModel):
     name: str
     ip: str
+    port: Optional[int] = Field(default=None, ge=1, le=65535)
+    sni: Optional[str] = None
+    pinSHA256: Optional[str] = None
+    obfs: Optional[str] = None
 
     @field_validator('ip', mode='before')
     def check_node_ip(cls, v: str | None):
@@ -41,6 +46,45 @@ class Node(BaseModel):
             raise ValueError("IP or Domain field cannot be empty.")
         return validate_ip_or_domain(v)
 
+    @field_validator('sni', mode='before')
+    def validate_sni_format(cls, v: str | None):
+        if v is None or not v.strip():
+            return None
+        
+        v_stripped = v.strip()
+        
+        if "://" in v_stripped:
+            raise ValueError("SNI must not contain a protocol (e.g., http://).")
+
+        try:
+            ip_address(v_stripped)
+            raise ValueError("SNI cannot be an IP address.")
+        except ValueError as e:
+            if "SNI cannot be an IP address" in str(e):
+                raise e
+
+        domain_regex = re.compile(
+            r'^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$', 
+            re.IGNORECASE
+        )
+        if not domain_regex.match(v_stripped):
+            raise ValueError(f"'{v_stripped}' is not a valid domain name for SNI.")
+            
+        return v_stripped
+
+    @field_validator('pinSHA256', mode='before')
+    def validate_pin_format(cls, v: str | None):
+        if v is None or not v.strip():
+            return None
+        
+        v_stripped = v.strip().upper()
+        pin_regex = re.compile(r'^([0-9A-F]{2}:){31}[0-9A-F]{2}$')
+        
+        if not pin_regex.match(v_stripped):
+            raise ValueError("Invalid SHA256 pin format.")
+            
+        return v_stripped
+
 class AddNodeBody(Node):
     pass
 

From 5b7a1cf5c30fac19cecd15195a0e194740a950ef Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Thu, 16 Oct 2025 20:34:22 +0000
Subject: [PATCH 05/13] feat(web): Implement full node configuration in
 settings UI

---
 core/scripts/webpanel/assets/js/settings.js   | 67 ++++++++++++++++++-
 core/scripts/webpanel/templates/settings.html | 52 ++++++++++----
 2 files changed, 105 insertions(+), 14 deletions(-)

diff --git a/core/scripts/webpanel/assets/js/settings.js b/core/scripts/webpanel/assets/js/settings.js
index 79567d6..d97c2a4 100644
--- a/core/scripts/webpanel/assets/js/settings.js
+++ b/core/scripts/webpanel/assets/js/settings.js
@@ -67,7 +67,11 @@ $(document).ready(function () {
     function isValidDomain(domain) {
         if (!domain) return false;
         const lowerDomain = domain.toLowerCase();
-        return !lowerDomain.startsWith("http://") && !lowerDomain.startsWith("https://");
+        if (lowerDomain.startsWith("http://") || lowerDomain.startsWith("https://")) return false;
+        const ipV4Regex = /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;
+        if(ipV4Regex.test(domain)) return false;
+        const domainRegex = /^(?!-)(?:[a-zA-Z\d-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+$)[a-zA-Z\d]{1,63}$/;
+        return domainRegex.test(lowerDomain);
     }
 
     function isValidPort(port) {
@@ -75,6 +79,12 @@ $(document).ready(function () {
         return /^[0-9]+$/.test(port) && parseInt(port) > 0 && parseInt(port) <= 65535;
     }
 
+    function isValidSha256Pin(pin) {
+        if (!pin) return false;
+        const pinRegex = /^([0-9A-F]{2}:){31}[0-9A-F]{2}$/i;
+        return pinRegex.test(pin.trim());
+    }
+
     function isValidSubPath(subpath) {
         if (!subpath) return false;
         return /^[a-zA-Z0-9]+$/.test(subpath);
@@ -198,6 +208,14 @@ $(document).ready(function () {
                 }
             } else if (id === 'decoy_path') {
                 fieldValid = isValidPath(input.val());
+            } else if (id === 'node_port') {
+                fieldValid = (input.val().trim() === '') ? true : isValidPort(input.val());
+            } else if (id === 'node_sni') {
+                fieldValid = (input.val().trim() === '') ? true : isValidDomain(input.val());
+            } else if (id === 'node_pin') {
+                fieldValid = (input.val().trim() === '') ? true : isValidSha256Pin(input.val());
+            } else if (id === 'node_obfs') {
+                fieldValid = true;
             } else {
                 if (input.attr('placeholder') && input.attr('placeholder').includes('Enter') && !input.attr('id').startsWith('ipv')) {
                      fieldValid = input.val().trim() !== "";
@@ -265,6 +283,10 @@ $(document).ready(function () {
                 const row = `<tr>
                                 <td>${escapeHtml(node.name)}</td>
                                 <td>${escapeHtml(node.ip)}</td>
+                                <td>${escapeHtml(node.port || 'N/A')}</td>
+                                <td>${escapeHtml(node.sni || 'N/A')}</td>
+                                <td>${escapeHtml(node.obfs || 'N/A')}</td>
+                                <td>${escapeHtml(node.pinSHA256 || 'N/A')}</td>
                                 <td>
                                     <button class="btn btn-xs btn-danger delete-node-btn" data-name="${escapeHtml(node.name)}">
                                         <i class="fas fa-trash"></i> Delete
@@ -284,18 +306,32 @@ $(document).ready(function () {
 
         const name = $("#node_name").val().trim();
         const ip = $("#node_ip").val().trim();
+        const port = $("#node_port").val().trim();
+        const sni = $("#node_sni").val().trim();
+        const obfs = $("#node_obfs").val().trim();
+        const pinSHA256 = $("#node_pin").val().trim();
+        
+        const data = { name: name, ip: ip };
+        if (port) data.port = parseInt(port);
+        if (sni) data.sni = sni;
+        if (obfs) data.obfs = obfs;
+        if (pinSHA256) data.pinSHA256 = pinSHA256;
 
         confirmAction(`add the node '${name}'`, function () {
             sendRequest(
                 API_URLS.addNode,
                 "POST",
-                { name: name, ip: ip },
+                data,
                 `Node '${name}' added successfully!`,
                 "#add_node_btn",
                 false,
                 function() {
                     $("#node_name").val('');
                     $("#node_ip").val('');
+                    $("#node_port").val('');
+                    $("#node_sni").val('');
+                    $("#node_obfs").val('');
+                    $("#node_pin").val('');
                     $("#add_node_form .form-control").removeClass('is-invalid');
                     fetchNodes();
                 }
@@ -1055,4 +1091,31 @@ $(document).ready(function () {
              $(this).addClass('is-invalid');
         }
     });
+
+    $('#node_port').on('input', function () {
+        const val = $(this).val().trim();
+        if (val === '' || isValidPort(val)) {
+            $(this).removeClass('is-invalid');
+        } else {
+            $(this).addClass('is-invalid');
+        }
+    });
+    
+    $('#node_sni').on('input', function () {
+        const val = $(this).val().trim();
+        if (val === '' || isValidDomain(val)) {
+            $(this).removeClass('is-invalid');
+        } else {
+            $(this).addClass('is-invalid');
+        }
+    });
+    
+    $('#node_pin').on('input', function () {
+        const val = $(this).val().trim();
+        if (val === '' || isValidSha256Pin(val)) {
+            $(this).removeClass('is-invalid');
+        } else {
+            $(this).addClass('is-invalid');
+        }
+    });
 });
\ No newline at end of file
diff --git a/core/scripts/webpanel/templates/settings.html b/core/scripts/webpanel/templates/settings.html
index 8724e52..aab39e9 100644
--- a/core/scripts/webpanel/templates/settings.html
+++ b/core/scripts/webpanel/templates/settings.html
@@ -223,8 +223,12 @@
                                             <table class="table table-bordered table-striped" id="nodes_table">
                                                 <thead>
                                                     <tr>
-                                                        <th>Node Name</th>
-                                                        <th>IP Address / Domain</th>
+                                                        <th>Name</th>
+                                                        <th>IP/Domain</th>
+                                                        <th>Port</th>
+                                                        <th>SNI</th>
+                                                        <th>OBFS</th>
+                                                        <th>Pin SHA256</th>
                                                         <th>Action</th>
                                                     </tr>
                                                 </thead>
@@ -237,18 +241,42 @@
                             
                                         <hr>
                                         <h5>Add New Node</h5>
-                                        <form id="add_node_form" class="form-inline">
-                                            <div class="form-group mb-2 mr-sm-2">
-                                                <label for="node_name" class="sr-only">Node Name</label>
-                                                <input type="text" class="form-control" id="node_name" placeholder="e.g., Node-US">
-                                                <div class="invalid-feedback">Please enter a name.</div>
+                                        <form id="add_node_form">
+                                            <div class="form-row">
+                                                <div class="form-group col-md-6">
+                                                    <label for="node_name">Node Name (Required)</label>
+                                                    <input type="text" class="form-control" id="node_name" placeholder="e.g., Node-US">
+                                                    <div class="invalid-feedback">Please enter a unique name.</div>
+                                                </div>
+                                                <div class="form-group col-md-6">
+                                                    <label for="node_ip">IP Address / Domain (Required)</label>
+                                                    <input type="text" class="form-control" id="node_ip" placeholder="e.g., node.example.com or 1.2.3.4">
+                                                    <div class="invalid-feedback">Please enter a valid IP or domain.</div>
+                                                </div>
                                             </div>
-                                            <div class="form-group mb-2 mr-sm-2">
-                                                <label for="node_ip" class="sr-only">IP Address / Domain</label>
-                                                <input type="text" class="form-control" id="node_ip" placeholder="e.g., node.example.com">
-                                                <div class="invalid-feedback">Please enter a valid IP or domain.</div>
+                                            <div class="form-row">
+                                                <div class="form-group col-md-3">
+                                                    <label for="node_port">Port (Optional)</label>
+                                                    <input type="number" class="form-control" id="node_port" placeholder="e.g., 443">
+                                                    <div class="invalid-feedback">Please enter a valid port (1-65535).</div>
+                                                </div>
+                                                <div class="form-group col-md-3">
+                                                    <label for="node_obfs">OBFS (Optional)</label>
+                                                    <input type="text" class="form-control" id="node_obfs" placeholder="obfs-password">
+                                                    <div class="invalid-feedback">OBFS cannot be empty if provided.</div>
+                                                </div>
+                                                <div class="form-group col-md-6">
+                                                    <label for="node_sni">SNI (Optional)</label>
+                                                    <input type="text" class="form-control" id="node_sni" placeholder="e.g., yourdomain.com">
+                                                    <div class="invalid-feedback">Please enter a valid domain name (not an IP).</div>
+                                                </div>
                                             </div>
-                                            <button type="button" id="add_node_btn" class="btn btn-success mb-2">
+                                            <div class="form-group">
+                                                <label for="node_pin">Pin SHA256 (Optional)</label>
+                                                <input type="text" class="form-control" id="node_pin" placeholder="5D:23:0E:E9:10:AB:96:E0:43...">
+                                                <div class="invalid-feedback">Invalid SHA256 pin format.</div>
+                                            </div>
+                                            <button type="button" id="add_node_btn" class="btn btn-success">
                                                 <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true" style="display: none;"></span>
                                                 Add Node
                                             </button>

From a9309920c4398a8034a4b04c347fddd7d7d151ba Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Mon, 20 Oct 2025 18:46:53 +0000
Subject: [PATCH 06/13] Refactor: Clean up API documentation tags

---
 core/scripts/webpanel/app.py                  | 46 ++++++++-----------
 .../webpanel/routers/api/v1/__init__.py       |  6 +--
 .../routers/api/v1/config/__init__.py         | 16 +++----
 3 files changed, 29 insertions(+), 39 deletions(-)

diff --git a/core/scripts/webpanel/app.py b/core/scripts/webpanel/app.py
index 0ac88ef..3b957af 100644
--- a/core/scripts/webpanel/app.py
+++ b/core/scripts/webpanel/app.py
@@ -5,18 +5,17 @@ import asyncio
 from fastapi import FastAPI
 from starlette.staticfiles import StaticFiles
 
-from config import CONFIGS  # Loads the configuration from .env
-from middleware import AuthMiddleware  # Defines authentication middleware
-from middleware import AfterRequestMiddleware  # Defines after request middleware
-from dependency import get_session_manager  # Defines dependencies across routers
-from openapi import setup_openapi_schema   # Adds authorization header to openapi schema
-from exception_handler import setup_exception_handler  # Defines exception handlers
+from config import CONFIGS
+from middleware import AuthMiddleware
+from middleware import AfterRequestMiddleware
+from dependency import get_session_manager
+from openapi import setup_openapi_schema
+from exception_handler import setup_exception_handler
 
-# Append directory of cli_api.py to be able to import it
 HYSTERIA_CORE_DIR = '/etc/hysteria/core/'
 sys.path.append(HYSTERIA_CORE_DIR)
 
-import routers  # noqa: This import should be after the sys.path modification, because it imports cli_api
+import routers
 
 
 def create_app() -> FastAPI:
@@ -24,11 +23,10 @@ def create_app() -> FastAPI:
     Create FastAPI app.
     '''
 
-    # Set up FastAPI
     app = FastAPI(
-        title='Hysteria Webpanel',
-        description='Webpanel for Hysteria',
-        version='0.1.0',
+        title='Blitz API',
+        description='Webpanel for Hysteria2',
+        version='0.2.0',
         contact={
             'github': 'https://github.com/ReturnFI/Blitz'
         },
@@ -36,26 +34,19 @@ def create_app() -> FastAPI:
         root_path=f'/{CONFIGS.ROOT_PATH}',
     )
 
-    # Set up static files
     app.mount('/assets', StaticFiles(directory='assets'), name='assets')
 
-    # Set up exception handlers
     setup_exception_handler(app)
 
-    # Set up authentication middleware
-
     app.add_middleware(AuthMiddleware, session_manager=get_session_manager(), api_token=CONFIGS.API_TOKEN)
-    # Set up after request middleware
     app.add_middleware(AfterRequestMiddleware)
 
-    # Set up Routers
-    app.include_router(routers.basic.router, prefix='', tags=['Basic Routes[Web]'])  # Add basic router
-    app.include_router(routers.login.router, prefix='', tags=['Authentication[Web]'])  # Add authentication router
-    app.include_router(routers.settings.router, prefix='/settings', tags=['Settings[Web]'])  # Add settings router
-    app.include_router(routers.user.router, prefix='/users', tags=['User Management[Web]'])  # Add user router
-    app.include_router(routers.api.v1.api_v1_router, prefix='/api/v1', tags=['API Version 1'])  # Add API version 1 router # type: ignore
+    app.include_router(routers.basic.router, prefix='', tags=['Web - Basic'])
+    app.include_router(routers.login.router, prefix='', tags=['Web - Authentication'])
+    app.include_router(routers.settings.router, prefix='/settings', tags=['Web - Settings'])
+    app.include_router(routers.user.router, prefix='/users', tags=['Web - User Management'])
+    app.include_router(routers.api.v1.api_v1_router, prefix='/api/v1')
 
-    # Document that the API requires an API key
     setup_openapi_schema(app)
 
     return app
@@ -66,7 +57,7 @@ app: FastAPI = create_app()
 
 if __name__ == '__main__':
     from hypercorn.config import Config
-    from hypercorn.asyncio import serve  # type: ignore
+    from hypercorn.asyncio import serve
     from hypercorn.middleware import ProxyFixMiddleware
 
     config = Config()
@@ -75,6 +66,5 @@ if __name__ == '__main__':
     config.accesslog = '-'
     config.errorlog = '-'
 
-    # Fix proxy headers
-    app = ProxyFixMiddleware(app, 'legacy')  # type: ignore
-    asyncio.run(serve(app, config))  # type: ignore
+    app = ProxyFixMiddleware(app, 'legacy')
+    asyncio.run(serve(app, config))
\ No newline at end of file
diff --git a/core/scripts/webpanel/routers/api/v1/__init__.py b/core/scripts/webpanel/routers/api/v1/__init__.py
index ed12a2a..1e69814 100644
--- a/core/scripts/webpanel/routers/api/v1/__init__.py
+++ b/core/scripts/webpanel/routers/api/v1/__init__.py
@@ -5,6 +5,6 @@ from . import config
 
 api_v1_router = APIRouter()
 
-api_v1_router.include_router(user.router, prefix='/users')
-api_v1_router.include_router(server.router, prefix='/server')
-api_v1_router.include_router(config.router, prefix='/config')
+api_v1_router.include_router(user.router, prefix='/users', tags=['API - Users'])
+api_v1_router.include_router(server.router, prefix='/server', tags=['API - Server'])
+api_v1_router.include_router(config.router, prefix='/config')
\ No newline at end of file
diff --git a/core/scripts/webpanel/routers/api/v1/config/__init__.py b/core/scripts/webpanel/routers/api/v1/config/__init__.py
index ee15be7..b346224 100644
--- a/core/scripts/webpanel/routers/api/v1/config/__init__.py
+++ b/core/scripts/webpanel/routers/api/v1/config/__init__.py
@@ -11,11 +11,11 @@ from . import extra_config
 router = APIRouter()
 
 
-router.include_router(hysteria.router, prefix='/hysteria')
-router.include_router(warp.router, prefix='/warp')
-router.include_router(telegram.router, prefix='/telegram')
-router.include_router(normalsub.router, prefix='/normalsub')
-router.include_router(singbox.router, prefix='/singbox')
-router.include_router(ip.router, prefix='/ip')
-router.include_router(extra_config.router, prefix='/extra-config', tags=['Config - Extra Config'])
-router.include_router(misc.router)
+router.include_router(hysteria.router, prefix='/hysteria', tags=['API - Config - Hysteria'])
+router.include_router(warp.router, prefix='/warp', tags=['API - Config - Warp'])
+router.include_router(telegram.router, prefix='/telegram', tags=['API - Config - Telegram'])
+router.include_router(normalsub.router, prefix='/normalsub', tags=['API - Config - Normalsub'])
+router.include_router(singbox.router, prefix='/singbox', tags=['API - Config - Singbox'])
+router.include_router(ip.router, prefix='/ip', tags=['API - Config - IP'])
+router.include_router(extra_config.router, prefix='/extra-config', tags=['API - Config - Extra Config'])
+router.include_router(misc.router, tags=['API - Config - Misc'])
\ No newline at end of file

From 8cfed0f1b422372bf19a38b9c4868c689efd54fe Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Thu, 23 Oct 2025 11:07:50 +0000
Subject: [PATCH 07/13] feat(nodes): Add insecure TLS option for external nodes

---
 core/cli.py                                   | 17 ++++++-----
 core/cli_api.py                               |  4 ++-
 core/scripts/nodes/node.py                    | 30 +++++++++----------
 core/scripts/webpanel/assets/js/settings.js   | 11 +++----
 .../webpanel/routers/api/v1/config/ip.py      |  5 ++--
 .../routers/api/v1/schema/config/ip.py        |  1 +
 core/scripts/webpanel/templates/settings.html |  9 ++++++
 7 files changed, 44 insertions(+), 33 deletions(-)

diff --git a/core/cli.py b/core/cli.py
index 4b1f0ab..9522b49 100644
--- a/core/cli.py
+++ b/core/cli.py
@@ -329,16 +329,17 @@ def node():
     pass
 
 @node.command('add')
-@click.option('--name', required=True, type=str, help='A unique name for the node (e.g., "Node-DE").')
-@click.option('--ip', required=True, type=str, help='The public IP address of the node.')
-@click.option('--port', required=False, type=int, help='Optional: The port of the node.')
-@click.option('--sni', required=False, type=str, help='Optional: The Server Name Indication.')
-@click.option('--pinSHA256', required=False, type=str, help='Optional: The public key SHA256 pin.')
-@click.option('--obfs', required=False, type=str, help='Optional: The obfuscation key/password.')
-def add_node(name, ip, port, sni, pinsha256, obfs):
+@click.option('--name', required=True, type=str, help='Unique name for the node.')
+@click.option('--ip', required=True, type=str, help='Public IP address of the node.')
+@click.option('--port', required=False, type=int, help='Optional: Port of the node.')
+@click.option('--sni', required=False, type=str, help='Optional: Server Name Indication.')
+@click.option('--pinSHA256', required=False, type=str, help='Optional: Public key SHA256 pin.')
+@click.option('--obfs', required=False, type=str, help='Optional: Obfuscation key.')
+@click.option('--insecure', is_flag=True, default=False, help='Optional: Skip certificate verification.')
+def add_node(name, ip, port, sni, pinsha256, obfs, insecure):
     """Add a new external node."""
     try:
-        output = cli_api.add_node(name, ip, sni, pinSHA256=pinsha256, port=port, obfs=obfs)
+        output = cli_api.add_node(name, ip, sni, pinSHA256=pinsha256, port=port, obfs=obfs, insecure=insecure)
         click.echo(output.strip())
     except Exception as e:
         click.echo(f'{e}', err=True)
diff --git a/core/cli_api.py b/core/cli_api.py
index 045b2ef..5641d22 100644
--- a/core/cli_api.py
+++ b/core/cli_api.py
@@ -464,7 +464,7 @@ def edit_ip_address(ipv4: str, ipv6: str):
     if ipv6:
         run_cmd(['python3', Command.IP_ADD.value, 'edit', '-6', ipv6])
 
-def add_node(name: str, ip: str, sni: Optional[str] = None, pinSHA256: Optional[str] = None, port: Optional[int] = None, obfs: Optional[str] = None):
+def add_node(name: str, ip: str, sni: Optional[str] = None, pinSHA256: Optional[str] = None, port: Optional[int] = None, obfs: Optional[str] = None, insecure: Optional[bool] = None):
     """
     Adds a new external node.
     """
@@ -477,6 +477,8 @@ def add_node(name: str, ip: str, sni: Optional[str] = None, pinSHA256: Optional[
         command.extend(['--pinSHA256', pinSHA256])
     if obfs:
         command.extend(['--obfs', obfs])
+    if insecure:
+        command.append('--insecure')
     return run_cmd(command)
 
 def delete_node(name: str):
diff --git a/core/scripts/nodes/node.py b/core/scripts/nodes/node.py
index 7f697c8..c735793 100644
--- a/core/scripts/nodes/node.py
+++ b/core/scripts/nodes/node.py
@@ -72,7 +72,7 @@ def write_nodes(nodes):
     except (IOError, OSError) as e:
         sys.exit(f"Error writing to {NODES_JSON_PATH}: {e}")
 
-def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None = None, port: int | None = None, obfs: str | None = None):
+def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None = None, port: int | None = None, obfs: str | None = None, insecure: bool = False):
     if not is_valid_ip_or_domain(ip):
         print(f"Error: '{ip}' is not a valid IP address or domain name.", file=sys.stderr)
         sys.exit(1)
@@ -89,10 +89,6 @@ def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None =
         print(f"Error: Port '{port}' must be between 1 and 65535.", file=sys.stderr)
         sys.exit(1)
 
-    if obfs and not obfs.strip():
-        print(f"Error: OBFS value cannot be empty or just whitespace.", file=sys.stderr)
-        sys.exit(1)
-
     nodes = read_nodes()
     if any(node['name'] == name for node in nodes):
         print(f"Error: A node with the name '{name}' already exists.", file=sys.stderr)
@@ -102,14 +98,16 @@ def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None =
         sys.exit(1)
     
     new_node = {"name": name, "ip": ip}
-    if port:
-        new_node["port"] = port
     if sni:
         new_node["sni"] = sni.strip()
     if pinSHA256:
         new_node["pinSHA256"] = pinSHA256.strip().upper()
+    if port:
+        new_node["port"] = port
     if obfs:
         new_node["obfs"] = obfs.strip()
+    if insecure:
+        new_node["insecure"] = insecure
 
     nodes.append(new_node)
     write_nodes(nodes)
@@ -133,16 +131,17 @@ def list_nodes():
         print("No nodes configured.")
         return
         
-    print(f"{'Name':<15} {'IP / Domain':<25} {'Port':<8} {'OBFS':<15} {'SNI':<20} {'Pin SHA256'}")
-    print(f"{'-'*15} {'-'*25} {'-'*8} {'-'*15} {'-'*20} {'-'*30}")
+    print(f"{'Name':<15} {'IP / Domain':<25} {'Port':<8} {'SNI':<20} {'Insecure':<10} {'OBFS':<20} {'Pin SHA256'}")
+    print(f"{'-'*15} {'-'*25} {'-'*8} {'-'*20} {'-'*10} {'-'*20} {'-'*30}")
     for node in sorted(nodes, key=lambda x: x['name']):
         name = node['name']
         ip = node['ip']
         port = node.get('port', 'N/A')
-        obfs = node.get('obfs', 'N/A')
         sni = node.get('sni', 'N/A')
+        insecure = str(node.get('insecure', 'False'))
+        obfs = node.get('obfs', 'N/A')
         pin = node.get('pinSHA256', 'N/A')
-        print(f"{name:<15} {ip:<25} {str(port):<8} {obfs:<15} {sni:<20} {pin}")
+        print(f"{name:<15} {ip:<25} {str(port):<8} {sni:<20} {insecure:<10} {obfs:<20} {pin}")
 
 def generate_cert():
     try:
@@ -203,21 +202,22 @@ def main():
     add_parser.add_argument('--name', type=str, required=True, help='The unique name of the node.')
     add_parser.add_argument('--ip', type=str, required=True, help='The IP address or domain of the node.')
     add_parser.add_argument('--port', type=int, help='Optional: The port of the node.')
-    add_parser.add_argument('--sni', type=str, help='Optional: The Server Name Indication (e.g., yourdomain.com).')
+    add_parser.add_argument('--sni', type=str, help='Optional: The Server Name Indication.')
     add_parser.add_argument('--pinSHA256', type=str, help='Optional: The public key SHA256 pin.')
-    add_parser.add_argument('--obfs', type=str, help='Optional: The obfuscation key/password.')
+    add_parser.add_argument('--obfs', type=str, help='Optional: The obfuscation key.')
+    add_parser.add_argument('--insecure', action='store_true', help='Optional: Skip certificate verification.')
 
     delete_parser = subparsers.add_parser('delete', help='Delete a node by name.')
     delete_parser.add_argument('--name', type=str, required=True, help='The name of the node to delete.')
 
     subparsers.add_parser('list', help='List all configured nodes.')
     
-    subparsers.add_parser('generate-cert', help="Generate blitz.crt and blitz.key if they don't exist or are expiring soon.")
+    subparsers.add_parser('generate-cert', help="Generate blitz.crt and blitz.key.")
     
     args = parser.parse_args()
 
     if args.command == 'add':
-        add_node(args.name, args.ip, args.sni, args.pinSHA256, args.port, args.obfs)
+        add_node(args.name, args.ip, args.sni, args.pinSHA256, args.port, args.obfs, args.insecure)
     elif args.command == 'delete':
         delete_node(args.name)
     elif args.command == 'list':
diff --git a/core/scripts/webpanel/assets/js/settings.js b/core/scripts/webpanel/assets/js/settings.js
index d97c2a4..b818fa9 100644
--- a/core/scripts/webpanel/assets/js/settings.js
+++ b/core/scripts/webpanel/assets/js/settings.js
@@ -286,6 +286,7 @@ $(document).ready(function () {
                                 <td>${escapeHtml(node.port || 'N/A')}</td>
                                 <td>${escapeHtml(node.sni || 'N/A')}</td>
                                 <td>${escapeHtml(node.obfs || 'N/A')}</td>
+                                <td>${escapeHtml(node.insecure ? 'True' : 'False')}</td>
                                 <td>${escapeHtml(node.pinSHA256 || 'N/A')}</td>
                                 <td>
                                     <button class="btn btn-xs btn-danger delete-node-btn" data-name="${escapeHtml(node.name)}">
@@ -310,8 +311,9 @@ $(document).ready(function () {
         const sni = $("#node_sni").val().trim();
         const obfs = $("#node_obfs").val().trim();
         const pinSHA256 = $("#node_pin").val().trim();
+        const insecure = $("#node_insecure").is(':checked');
         
-        const data = { name: name, ip: ip };
+        const data = { name: name, ip: ip, insecure: insecure };
         if (port) data.port = parseInt(port);
         if (sni) data.sni = sni;
         if (obfs) data.obfs = obfs;
@@ -326,12 +328,7 @@ $(document).ready(function () {
                 "#add_node_btn",
                 false,
                 function() {
-                    $("#node_name").val('');
-                    $("#node_ip").val('');
-                    $("#node_port").val('');
-                    $("#node_sni").val('');
-                    $("#node_obfs").val('');
-                    $("#node_pin").val('');
+                    $("#add_node_form")[0].reset();
                     $("#add_node_form .form-control").removeClass('is-invalid');
                     fetchNodes();
                 }
diff --git a/core/scripts/webpanel/routers/api/v1/config/ip.py b/core/scripts/webpanel/routers/api/v1/config/ip.py
index f981673..515b7fc 100644
--- a/core/scripts/webpanel/routers/api/v1/config/ip.py
+++ b/core/scripts/webpanel/routers/api/v1/config/ip.py
@@ -90,7 +90,7 @@ async def add_node(body: AddNodeBody):
     Adds a new external node to the configuration.
 
     Args:
-        body: Request body containing the name and IP of the node.
+        body: Request body containing the full details of the node.
     """
     try:
         cli_api.add_node(
@@ -99,7 +99,8 @@ async def add_node(body: AddNodeBody):
             port=body.port, 
             sni=body.sni, 
             pinSHA256=body.pinSHA256, 
-            obfs=body.obfs
+            obfs=body.obfs,
+            insecure=body.insecure
         )
         return DetailResponse(detail=f"Node '{body.name}' added successfully.")
     except Exception as e:
diff --git a/core/scripts/webpanel/routers/api/v1/schema/config/ip.py b/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
index 73f293c..eca8809 100644
--- a/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
+++ b/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
@@ -39,6 +39,7 @@ class Node(BaseModel):
     sni: Optional[str] = None
     pinSHA256: Optional[str] = None
     obfs: Optional[str] = None
+    insecure: Optional[bool] = False
 
     @field_validator('ip', mode='before')
     def check_node_ip(cls, v: str | None):
diff --git a/core/scripts/webpanel/templates/settings.html b/core/scripts/webpanel/templates/settings.html
index aab39e9..0b94761 100644
--- a/core/scripts/webpanel/templates/settings.html
+++ b/core/scripts/webpanel/templates/settings.html
@@ -228,6 +228,7 @@
                                                         <th>Port</th>
                                                         <th>SNI</th>
                                                         <th>OBFS</th>
+                                                        <th>Insecure</th>
                                                         <th>Pin SHA256</th>
                                                         <th>Action</th>
                                                     </tr>
@@ -276,6 +277,14 @@
                                                 <input type="text" class="form-control" id="node_pin" placeholder="5D:23:0E:E9:10:AB:96:E0:43...">
                                                 <div class="invalid-feedback">Invalid SHA256 pin format.</div>
                                             </div>
+                                            <div class="form-group">
+                                                <div class="form-check">
+                                                    <input class="form-check-input" type="checkbox" id="node_insecure">
+                                                    <label class="form-check-label" for="node_insecure">
+                                                        Insecure
+                                                    </label>
+                                                </div>
+                                            </div>
                                             <button type="button" id="add_node_btn" class="btn btn-success">
                                                 <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true" style="display: none;"></span>
                                                 Add Node

From dbf0b847e9ed58dddb1bd57ec094467ccfb0a1dd Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Thu, 23 Oct 2025 11:14:26 +0000
Subject: [PATCH 08/13] refactor(uri): Enhance URI generation with
 node-specific parameters

---
 core/scripts/hysteria2/show_user_uri.py | 41 +++++++++++++++++--------
 1 file changed, 29 insertions(+), 12 deletions(-)

diff --git a/core/scripts/hysteria2/show_user_uri.py b/core/scripts/hysteria2/show_user_uri.py
index 8fd9661..1d6a781 100644
--- a/core/scripts/hysteria2/show_user_uri.py
+++ b/core/scripts/hysteria2/show_user_uri.py
@@ -24,7 +24,7 @@ def load_env_file(env_file: str) -> Dict[str, str]:
                     env_vars[key] = value
     return env_vars
 
-def load_nodes() -> List[Dict[str, str]]:
+def load_nodes() -> List[Dict[str, Any]]:
     if NODES_JSON_PATH.exists():
         try:
             with NODES_JSON_PATH.open("r") as f:
@@ -147,25 +147,26 @@ def show_uri(args: argparse.Namespace) -> None:
         return
     
     auth_password = user_doc["password"]
-    port = config["listen"].split(":")[-1]
-    sha256 = config.get("tls", {}).get("pinSHA256", "")
-    obfs_password = config.get("obfs", {}).get("salamander", {}).get("password", "")
-    insecure = config.get("tls", {}).get("insecure", True)
+
+    local_port = config["listen"].split(":")[-1]
+    local_sha256 = config.get("tls", {}).get("pinSHA256", "")
+    local_obfs_password = config.get("obfs", {}).get("salamander", {}).get("password", "")
+    local_insecure = config.get("tls", {}).get("insecure", True)
     
-    ip4, ip6, sni = load_hysteria2_ips()
+    ip4, ip6, local_sni = load_hysteria2_ips()
     nodes = load_nodes()
     terminal_width = get_terminal_width()
 
     if args.all or args.ip_version == 4:
         if ip4 and ip4 != "None":
-            uri = generate_uri(args.username, auth_password, ip4, port, 
-                                 obfs_password, sha256, sni, 4, insecure, f"{args.username}-IPv4")
+            uri = generate_uri(args.username, auth_password, ip4, local_port, 
+                                 local_obfs_password, local_sha256, local_sni, 4, local_insecure, f"{args.username}-IPv4")
             display_uri_and_qr(uri, "IPv4", args, terminal_width)
             
     if args.all or args.ip_version == 6:
         if ip6 and ip6 != "None":
-            uri = generate_uri(args.username, auth_password, ip6, port, 
-                                 obfs_password, sha256, sni, 6, insecure, f"{args.username}-IPv6")
+            uri = generate_uri(args.username, auth_password, ip6, local_port, 
+                                 local_obfs_password, local_sha256, local_sni, 6, local_insecure, f"{args.username}-IPv6")
             display_uri_and_qr(uri, "IPv6", args, terminal_width)
 
     for node in nodes:
@@ -177,8 +178,24 @@ def show_uri(args: argparse.Namespace) -> None:
         ip_v = 4 if '.' in node_ip else 6
         
         if args.all or args.ip_version == ip_v:
-            uri = generate_uri(args.username, auth_password, node_ip, port, 
-                                 obfs_password, sha256, sni, ip_v, insecure, f"{args.username}-{node_name}")
+            node_port = node.get("port", local_port)
+            node_sni = node.get("sni", local_sni)
+            node_obfs = node.get("obfs", local_obfs_password)
+            node_pin = node.get("pinSHA256", local_sha256)
+            node_insecure = node.get("insecure", local_insecure)
+
+            uri = generate_uri(
+                username=args.username,
+                auth_password=auth_password,
+                ip=node_ip,
+                port=str(node_port),
+                obfs_password=node_obfs,
+                sha256=node_pin,
+                sni=node_sni,
+                ip_version=ip_v,
+                insecure=node_insecure,
+                fragment_tag=f"{args.username}-{node_name}"
+            )
             display_uri_and_qr(uri, f"Node: {node_name} (IPv{ip_v})", args, terminal_width)
 
     if args.singbox and is_service_active("hysteria-singbox.service"):

From f21cdc11894911049263f494461e12a6c71fd84b Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Thu, 23 Oct 2025 11:53:42 +0000
Subject: [PATCH 09/13] refactor(api): Apply node-specific parameters to
 wrapper URI script

---
 core/scripts/hysteria2/wrapper_uri.py | 62 ++++++++++++++++++---------
 1 file changed, 41 insertions(+), 21 deletions(-)

diff --git a/core/scripts/hysteria2/wrapper_uri.py b/core/scripts/hysteria2/wrapper_uri.py
index 8d1b71e..6f50542 100644
--- a/core/scripts/hysteria2/wrapper_uri.py
+++ b/core/scripts/hysteria2/wrapper_uri.py
@@ -37,7 +37,10 @@ def generate_uri(username: str, auth_password: str, ip: str, port: str,
                  uri_params: Dict[str, str], ip_version: int, fragment_tag: str) -> str:
     ip_part = f"[{ip}]" if ip_version == 6 and ':' in ip else ip
     uri_base = f"hy2://{username}:{auth_password}@{ip_part}:{port}"
-    query_string = "&".join([f"{k}={v}" for k, v in uri_params.items()])
+    
+    query_params = [f"{k}={v}" for k, v in uri_params.items() if v is not None and v != '']
+    query_string = "&".join(query_params)
+    
     return f"{uri_base}?{query_string}#{fragment_tag}"
 
 def process_users(target_usernames: List[str]) -> List[Dict[str, Any]]:
@@ -51,23 +54,23 @@ def process_users(target_usernames: List[str]) -> List[Dict[str, Any]]:
         sys.exit(1)
 
     nodes = load_json_file(NODES_JSON_PATH) or []
-    port = config.get("listen", "").split(":")[-1]
+    
+    default_port = config.get("listen", "").split(":")[-1]
     tls_config = config.get("tls", {})
     hy2_env = load_env_file(CONFIG_ENV)
     ns_env = load_env_file(NORMALSUB_ENV)
 
-    base_uri_params = {
-        "insecure": "1" if tls_config.get("insecure", True) else "0",
-        "sni": hy2_env.get('SNI', '')
-    }
-    obfs_password = config.get("obfs", {}).get("salamander", {}).get("password")
-    if obfs_password:
-        base_uri_params["obfs"] = "salamander"
-        base_uri_params["obfs-password"] = obfs_password
+    default_sni = hy2_env.get('SNI', '')
+    default_obfs = config.get("obfs", {}).get("salamander", {}).get("password")
+    default_pin = tls_config.get("pinSHA256")
+    default_insecure = tls_config.get("insecure", True)
     
-    sha256 = tls_config.get("pinSHA256")
-    if sha256:
-        base_uri_params["pinSHA256"] = sha256
+    base_uri_params = {"insecure": "1" if default_insecure else "0"}
+    if default_sni: base_uri_params["sni"] = default_sni
+    if default_obfs:
+        base_uri_params["obfs"] = "salamander"
+        base_uri_params["obfs-password"] = default_obfs
+    if default_pin: base_uri_params["pinSHA256"] = default_pin
     
     ip4 = hy2_env.get('IP4')
     ip6 = hy2_env.get('IP6')
@@ -84,17 +87,34 @@ def process_users(target_usernames: List[str]) -> List[Dict[str, Any]]:
         user_output = {"username": username, "ipv4": None, "ipv6": None, "nodes": [], "normal_sub": None}
 
         if ip4 and ip4 != "None":
-            user_output["ipv4"] = generate_uri(username, auth_password, ip4, port, base_uri_params, 4, f"{username}-IPv4")
+            user_output["ipv4"] = generate_uri(username, auth_password, ip4, default_port, base_uri_params, 4, f"{username}-IPv4")
         if ip6 and ip6 != "None":
-            user_output["ipv6"] = generate_uri(username, auth_password, ip6, port, base_uri_params, 6, f"{username}-IPv6")
+            user_output["ipv6"] = generate_uri(username, auth_password, ip6, default_port, base_uri_params, 6, f"{username}-IPv6")
 
         for node in nodes:
-            if node_name := node.get("name"):
-                if node_ip := node.get("ip"):
-                    ip_v = 6 if ':' in node_ip else 4
-                    tag = f"{username}-{node_name}"
-                    uri = generate_uri(username, auth_password, node_ip, port, base_uri_params, ip_v, tag)
-                    user_output["nodes"].append({"name": node_name, "uri": uri})
+            node_name = node.get("name")
+            node_ip = node.get("ip")
+            if not node_name or not node_ip:
+                continue
+
+            ip_v = 6 if ':' in node_ip else 4
+            tag = f"{username}-{node_name}"
+
+            node_port = str(node.get("port", default_port))
+            node_sni = node.get("sni", default_sni)
+            node_obfs = node.get("obfs", default_obfs)
+            node_pin = node.get("pinSHA256", default_pin)
+            node_insecure = node.get("insecure", default_insecure)
+            
+            node_params = {"insecure": "1" if node_insecure else "0"}
+            if node_sni: node_params["sni"] = node_sni
+            if node_obfs:
+                node_params["obfs"] = "salamander"
+                node_params["obfs-password"] = node_obfs
+            if node_pin: node_params["pinSHA256"] = node_pin
+            
+            uri = generate_uri(username, auth_password, node_ip, node_port, node_params, ip_v, tag)
+            user_output["nodes"].append({"name": node_name, "uri": uri})
         
         if ns_domain and ns_port and ns_subpath:
             user_output["normal_sub"] = f"https://{ns_domain}:{ns_port}/{ns_subpath}/sub/normal/{auth_password}#{username}"

From 9349037f06325ea4c712966210433c501b343cc4 Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Sat, 25 Oct 2025 17:40:37 +0000
Subject: [PATCH 10/13] Fix(bot) : remove -u flag from remove-user

---
 core/scripts/telegrambot/utils/deleteuser.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/scripts/telegrambot/utils/deleteuser.py b/core/scripts/telegrambot/utils/deleteuser.py
index 8fd2c76..327e2ff 100644
--- a/core/scripts/telegrambot/utils/deleteuser.py
+++ b/core/scripts/telegrambot/utils/deleteuser.py
@@ -20,6 +20,6 @@ def delete_user(message):
 
 def process_delete_user(message):
     username = message.text.strip().lower()
-    command = f"python3 {CLI_PATH} remove-user -u {username}"
+    command = f"python3 {CLI_PATH} remove-user {username}"
     result = run_cli_command(command)
     bot.reply_to(message, result)
\ No newline at end of file

From 17660d6a54f515e064f4609a3a4aa75c5aa62ae0 Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Sat, 25 Oct 2025 18:55:55 +0000
Subject: [PATCH 11/13] feat: Add paginated user list with selectable limit

---
 core/scripts/webpanel/assets/js/users.js   | 34 +++++++++++
 core/scripts/webpanel/routers/user/user.py | 58 ++++++++++++++++--
 core/scripts/webpanel/templates/users.html | 71 +++++++++++++++++++++-
 3 files changed, 155 insertions(+), 8 deletions(-)

diff --git a/core/scripts/webpanel/assets/js/users.js b/core/scripts/webpanel/assets/js/users.js
index 6b04d2c..a2e77de 100644
--- a/core/scripts/webpanel/assets/js/users.js
+++ b/core/scripts/webpanel/assets/js/users.js
@@ -9,10 +9,32 @@ $(function () {
     const RESET_USER_URL_TEMPLATE = contentSection.dataset.resetUserUrlTemplate;
     const USER_URI_URL_TEMPLATE = contentSection.dataset.userUriUrlTemplate;
     const BULK_URI_URL = contentSection.dataset.bulkUriUrl;
+    const USERS_BASE_URL = contentSection.dataset.usersBaseUrl;
 
     const usernameRegex = /^[a-zA-Z0-9_]+$/;
     let cachedUserData = [];
 
+    function setCookie(name, value, days) {
+        let expires = "";
+        if (days) {
+            const date = new Date();
+            date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
+            expires = "; expires=" + date.toUTCString();
+        }
+        document.cookie = name + "=" + (value || "") + expires + "; path=/";
+    }
+
+    function getCookie(name) {
+        const nameEQ = name + "=";
+        const ca = document.cookie.split(';');
+        for (let i = 0; i < ca.length; i++) {
+            let c = ca[i];
+            while (c.charAt(0) === ' ') c = c.substring(1, c.length);
+            if (c.indexOf(nameEQ) === 0) return c.substring(nameEQ.length, c.length);
+        }
+        return null;
+    }
+
     function checkIpLimitServiceStatus() {
         $.getJSON(SERVICE_STATUS_URL)
             .done(data => {
@@ -324,6 +346,18 @@ $(function () {
 
     $("#searchButton").on("click", filterUsers);
     $("#searchInput").on("keyup", filterUsers);
+
+    function initializeLimitSelector() {
+        const savedLimit = getCookie('limit') || '50';
+        $('#limit-select').val(savedLimit);
+
+        $('#limit-select').on('change', function() {
+            const newLimit = $(this).val();
+            setCookie('limit', newLimit, 365);
+            window.location.href = USERS_BASE_URL;
+        });
+    }
     
+    initializeLimitSelector();
     checkIpLimitServiceStatus();
 });
\ No newline at end of file
diff --git a/core/scripts/webpanel/routers/user/user.py b/core/scripts/webpanel/routers/user/user.py
index 77d86de..3c9cd4c 100644
--- a/core/scripts/webpanel/routers/user/user.py
+++ b/core/scripts/webpanel/routers/user/user.py
@@ -1,5 +1,8 @@
-from fastapi import APIRouter, HTTPException, Request, Depends
+from fastapi import APIRouter, HTTPException, Request, Depends, Query, Path, Cookie
 from fastapi.templating import Jinja2Templates
+from fastapi.responses import RedirectResponse
+from starlette.status import HTTP_302_FOUND
+import math
 
 from dependency import get_templates
 from .viewmodel import User
@@ -9,12 +12,57 @@ import cli_api
 router = APIRouter()
 
 
-@router.get('/')
-async def users(request: Request, templates: Jinja2Templates = Depends(get_templates)):
+async def get_users_page(
+    request: Request,
+    templates: Jinja2Templates,
+    page: int,
+    limit: int
+):
     try:
         users_list = cli_api.list_users() or []
-        users: list[User] = [User.from_dict(user_data.get('username', ''), user_data) for user_data in users_list]
+        total_users = len(users_list)
+        total_pages = math.ceil(total_users / limit) if limit > 0 else 1
 
-        return templates.TemplateResponse('users.html', {'users': users, 'request': request})
+        if page > total_pages and total_pages > 0:
+            return RedirectResponse(url=f"/users/{total_pages}", status_code=HTTP_302_FOUND)
+        if page < 1:
+            return RedirectResponse(url=f"/users/1", status_code=HTTP_302_FOUND)
+
+        start_index = (page - 1) * limit
+        end_index = start_index + limit
+        paginated_list = users_list[start_index:end_index]
+
+        users: list[User] = [User.from_dict(user_data.get('username', ''), user_data) for user_data in paginated_list]
+
+        return templates.TemplateResponse(
+            'users.html',
+            {
+                'users': users,
+                'request': request,
+                'current_page': page,
+                'total_pages': total_pages,
+                'limit': limit,
+                'total_users': total_users,
+            }
+        )
     except Exception as e:
         raise HTTPException(status_code=400, detail=f'Error: {str(e)}')
+
+
+@router.get('/{page}', name="users_paginated")
+async def users_paginated(
+    request: Request,
+    templates: Jinja2Templates = Depends(get_templates),
+    page: int = Path(..., ge=1),
+    limit: int = Cookie(default=50, ge=1)
+):
+    return await get_users_page(request, templates, page, limit)
+
+
+@router.get('/', name="users")
+async def users_root(
+    request: Request,
+    templates: Jinja2Templates = Depends(get_templates),
+    limit: int = Cookie(default=50, ge=1)
+):
+    return await get_users_page(request, templates, 1, limit)
\ No newline at end of file
diff --git a/core/scripts/webpanel/templates/users.html b/core/scripts/webpanel/templates/users.html
index a9aa5c9..8ade765 100644
--- a/core/scripts/webpanel/templates/users.html
+++ b/core/scripts/webpanel/templates/users.html
@@ -44,11 +44,12 @@
     data-edit-user-url-template="{{ url_for('edit_user_api', username='U') }}"
     data-reset-user-url-template="{{ url_for('reset_user_api', username='U') }}"
     data-user-uri-url-template="{{ url_for('show_user_uri_api', username='U') }}"
-    data-bulk-uri-url="{{ url_for('show_multiple_user_uris_api') }}">
+    data-bulk-uri-url="{{ url_for('show_multiple_user_uris_api') }}"
+    data-users-base-url="{{ url_for('users') }}">
     <div class="container-fluid">
         <div class="card">
             <div class="card-header">
-                <h3 class="card-title">User List {% if users %}({{ users|length }}){% endif %}</h3>
+                <h3 class="card-title">User List {% if total_users is defined %}({{ total_users }}){% endif %}</h3>
                 <div class="card-tools d-flex align-items-center flex-wrap">
 
                     <!-- Mobile Filter Dropdown -->
@@ -143,7 +144,7 @@
                             <td>
                                 <input type="checkbox" class="user-checkbox" value="{{ user.username }}">
                             </td>
-                            <td>{{ loop.index }}</td>
+                            <td>{{ loop.index + ((current_page - 1) * limit) }}</td>
                             <td data-username="{{ user.username }}">{{ user.username }}</td>
                             <td class="d-none d-md-table-cell">
                                 {% if user.status == "Online" %}
@@ -275,6 +276,70 @@
                 </table>
                 {% endif %}
             </div>
+            <div class="card-footer clearfix">
+                <div class="row">
+                    <div class="col-sm-12 col-md-5 d-flex align-items-center">
+                        <div class="dataTables_info" role="status" aria-live="polite">
+                            Showing {{ ((current_page - 1) * limit) + 1 }} to {{ [((current_page - 1) * limit) + limit, total_users] | min }} of {{ total_users }} users
+                        </div>
+                    </div>
+                    <div class="col-sm-12 col-md-7">
+                        <div class="d-flex justify-content-end align-items-center">
+                            <div class="mr-3">
+                                <form id="limit-form" method="get" class="form-inline">
+                                    <label for="limit-select" class="mr-2">Per Page:</label>
+                                    <select id="limit-select" class="form-control form-control-sm">
+                                        <option value="10">10</option>
+                                        <option value="25">25</option>
+                                        <option value="50" selected>50</option>
+                                        <option value="100">100</option>
+                                    </select>
+                                </form>
+                            </div>
+                            {% if total_pages > 1 %}
+                            <nav aria-label="Page navigation">
+                                <ul class="pagination pagination-sm m-0">
+                                    <li class="page-item {% if current_page == 1 %}disabled{% endif %}">
+                                        <a class="page-link" href="{{ url_for('users_paginated', page=current_page - 1) }}" aria-label="Previous">
+                                            <span aria-hidden="true">&laquo;</span>
+                                        </a>
+                                    </li>
+            
+                                    {% set page_start = [1, current_page - 2] | max %}
+                                    {% set page_end = [total_pages, current_page + 2] | min %}
+            
+                                    {% if page_start > 1 %}
+                                        <li class="page-item"><a class="page-link" href="{{ url_for('users_paginated', page=1) }}">1</a></li>
+                                        {% if page_start > 2 %}
+                                            <li class="page-item disabled"><span class="page-link">...</span></li>
+                                        {% endif %}
+                                    {% endif %}
+            
+                                    {% for page_num in range(page_start, page_end + 1) %}
+                                    <li class="page-item {% if page_num == current_page %}active{% endif %}">
+                                        <a class="page-link" href="{{ url_for('users_paginated', page=page_num) }}">{{ page_num }}</a>
+                                    </li>
+                                    {% endfor %}
+            
+                                    {% if page_end < total_pages %}
+                                        {% if page_end < total_pages - 1 %}
+                                            <li class="page-item disabled"><span class="page-link">...</span></li>
+                                        {% endif %}
+                                        <li class="page-item"><a class="page-link" href="{{ url_for('users_paginated', page=total_pages) }}">{{ total_pages }}</a></li>
+                                    {% endif %}
+                                    
+                                    <li class="page-item {% if current_page == total_pages %}disabled{% endif %}">
+                                        <a class="page-link" href="{{ url_for('users_paginated', page=current_page + 1) }}" aria-label="Next">
+                                            <span aria-hidden="true">&raquo;</span>
+                                        </a>
+                                    </li>
+                                </ul>
+                            </nav>
+                            {% endif %}
+                        </div>
+                    </div>
+                </div>
+            </div>
         </div>
     </div>
 </section>

From fb9dd427557020b7b10134b50aa76b466a4154e5 Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Mon, 27 Oct 2025 12:38:20 +0000
Subject: [PATCH 12/13] feat(api): Add endpoint for receiving node traffic data

---
 .../webpanel/routers/api/v1/config/ip.py      | 43 +++++++++++-
 .../routers/api/v1/schema/config/ip.py        | 70 ++++++++++++-------
 2 files changed, 85 insertions(+), 28 deletions(-)

diff --git a/core/scripts/webpanel/routers/api/v1/config/ip.py b/core/scripts/webpanel/routers/api/v1/config/ip.py
index 515b7fc..92e4d6e 100644
--- a/core/scripts/webpanel/routers/api/v1/config/ip.py
+++ b/core/scripts/webpanel/routers/api/v1/config/ip.py
@@ -2,13 +2,15 @@ from fastapi import APIRouter, HTTPException
 from ..schema.response import DetailResponse
 import json
 import os
+from scripts.db.database import db
 
 from ..schema.config.ip import (
     EditInputBody, 
     StatusResponse,
     AddNodeBody,
     DeleteNodeBody,
-    NodeListResponse
+    NodeListResponse,
+    NodesTrafficPayload
 )
 import cli_api
 
@@ -119,4 +121,41 @@ async def delete_node(body: DeleteNodeBody):
         cli_api.delete_node(body.name)
         return DetailResponse(detail=f"Node '{body.name}' deleted successfully.")
     except Exception as e:
-        raise HTTPException(status_code=400, detail=str(e))
\ No newline at end of file
+        raise HTTPException(status_code=400, detail=str(e))
+
+
+@router.post('/nodestraffic', response_model=DetailResponse, summary='Receive and Aggregate Traffic from Node')
+async def receive_node_traffic(body: NodesTrafficPayload):
+    """
+    Receives traffic delta from a node and adds it to the user's total in the database.
+    Authentication is handled by the AuthMiddleware.
+    """
+    if db is None:
+        raise HTTPException(status_code=500, detail="Database connection is not available.")
+    
+    updated_count = 0
+    for user_traffic in body.users:
+        try:
+            db_user = db.get_user(user_traffic.username)
+            if not db_user:
+                continue
+
+            new_upload = db_user.get('upload_bytes', 0) + user_traffic.upload_bytes
+            new_download = db_user.get('download_bytes', 0) + user_traffic.download_bytes
+
+            update_data = {
+                'upload_bytes': new_upload,
+                'download_bytes': new_download,
+                'status': user_traffic.status,
+            }
+            
+            if not db_user.get('account_creation_date') and user_traffic.account_creation_date:
+                update_data['account_creation_date'] = user_traffic.account_creation_date
+
+            db.update_user(user_traffic.username, update_data)
+            updated_count += 1
+            
+        except Exception as e:
+            print(f"Error updating traffic for user {user_traffic.username}: {e}")
+
+    return DetailResponse(detail=f"Successfully processed and aggregated traffic for {updated_count} users.")
\ No newline at end of file
diff --git a/core/scripts/webpanel/routers/api/v1/schema/config/ip.py b/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
index eca8809..e54ec7f 100644
--- a/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
+++ b/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
@@ -1,7 +1,8 @@
-from pydantic import BaseModel, field_validator, Field
+from pydantic import BaseModel, field_validator
 from ipaddress import ip_address
 import re
-from typing import Optional
+from typing import Optional, List
+from datetime import datetime
 
 def validate_ip_or_domain(v: str) -> str | None:
     if v is None or v.strip() in ['', 'None']:
@@ -35,7 +36,7 @@ class EditInputBody(StatusResponse):
 class Node(BaseModel):
     name: str
     ip: str
-    port: Optional[int] = Field(default=None, ge=1, le=65535)
+    port: Optional[int] = None
     sni: Optional[str] = None
     pinSHA256: Optional[str] = None
     obfs: Optional[str] = None
@@ -47,43 +48,40 @@ class Node(BaseModel):
             raise ValueError("IP or Domain field cannot be empty.")
         return validate_ip_or_domain(v)
 
+    @field_validator('port')
+    def check_port(cls, v: int | None):
+        if v is not None and not (1 <= v <= 65535):
+            raise ValueError('Port must be between 1 and 65535.')
+        return v
+    
     @field_validator('sni', mode='before')
-    def validate_sni_format(cls, v: str | None):
+    def check_sni(cls, v: str | None):
         if v is None or not v.strip():
             return None
-        
-        v_stripped = v.strip()
-        
-        if "://" in v_stripped:
-            raise ValueError("SNI must not contain a protocol (e.g., http://).")
-
+        v = v.strip()
         try:
-            ip_address(v_stripped)
-            raise ValueError("SNI cannot be an IP address.")
-        except ValueError as e:
-            if "SNI cannot be an IP address" in str(e):
-                raise e
-
+            ip_address(v)
+            raise ValueError("SNI must be a domain name, not an IP address.")
+        except ValueError:
+            pass 
+        if "://" in v:
+            raise ValueError("SNI cannot contain '://'")
         domain_regex = re.compile(
             r'^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$', 
             re.IGNORECASE
         )
-        if not domain_regex.match(v_stripped):
-            raise ValueError(f"'{v_stripped}' is not a valid domain name for SNI.")
-            
-        return v_stripped
-
+        if not domain_regex.match(v):
+            raise ValueError("Invalid domain name format for SNI.")
+        return v
+    
     @field_validator('pinSHA256', mode='before')
-    def validate_pin_format(cls, v: str | None):
+    def check_pin(cls, v: str | None):
         if v is None or not v.strip():
             return None
-        
         v_stripped = v.strip().upper()
         pin_regex = re.compile(r'^([0-9A-F]{2}:){31}[0-9A-F]{2}$')
-        
         if not pin_regex.match(v_stripped):
             raise ValueError("Invalid SHA256 pin format.")
-            
         return v_stripped
 
 class AddNodeBody(Node):
@@ -92,4 +90,24 @@ class AddNodeBody(Node):
 class DeleteNodeBody(BaseModel):
     name: str
 
-NodeListResponse = list[Node]
\ No newline at end of file
+NodeListResponse = list[Node]
+
+class NodeUserTraffic(BaseModel):
+    username: str
+    upload_bytes: int
+    download_bytes: int
+    status: str
+    account_creation_date: Optional[str] = None
+
+    @field_validator('account_creation_date')
+    def check_date_format(cls, v: str | None):
+        if v is None:
+            return None
+        try:
+            datetime.strptime(v, "%Y-%m-%d")
+            return v
+        except ValueError:
+            raise ValueError("account_creation_date must be in YYYY-MM-DD format.")
+
+class NodesTrafficPayload(BaseModel):
+    users: List[NodeUserTraffic]
\ No newline at end of file

From d1e12d7081b53fc939ac0251596ef9b48eec93e4 Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Mon, 27 Oct 2025 12:44:39 +0000
Subject: [PATCH 13/13] =?UTF-8?q?=F0=9F=A7=BE=20Update=20Changelog?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 changelog | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/changelog b/changelog
index 246d610..3a2db3c 100644
--- a/changelog
+++ b/changelog
@@ -1,19 +1,26 @@
-### 🚀 **[2.3.5] – Dependency Updates & Minor Fixes**
+### 🚀 **[2.4.0] – Advanced Node Management & Paginated User List**
 
-*Released: 2025-10-13*
+*Released: 2025-10-27*
 
-#### 🧩 Dependency Updates
+#### 🌐 **API & Backend**
 
-* ⬆️ **pydantic-core** → 2.41.1
-* ⬆️ **pydantic** → 2.12.0
-* ⬆️ **fastapi** → 0.118.0
-* ⬆️ **pymongo** → 4.15.2
-* ⬆️ **certifi** → 2025.10.5
-* ⬆️ **frozenlist** → 1.8.0
-* ⬆️ **markupsafe** → 3.0.3
-* ⬆️ **propcache** → 0.4.1
+* 🚀 **feat(api):** Added endpoint for receiving node traffic data
+* 🧩 **refactor(api):** Applied node-specific parameters to wrapper URI script
+* ⚙️ **refactor(uri):** Enhanced URI generation with node-specific parameters
+* 🧠 **refactor:** Cleaned up API documentation tags
+* 🧱 **feat(api):** Added full node configuration to web panel API
 
-#### 🛠 Fixes
+#### 🧮 **Node Management**
 
-* 🐛 Fixed **path handling bug** in Core module
-* ✏️ Fixed **typo** in CLI messages
+* 🧠 **feat(nodes):** Implemented advanced node management and automatic certificate generation
+* 🔐 **feat(nodes):** Added *insecure TLS* option for external nodes
+* 🌀 **feat(nodes):** Added optional **OBFS** and **port** parameters for flexible node setups
+
+#### 💻 **Frontend / Web Panel**
+
+* 🖥️ **feat(web):** Implemented full node configuration UI in the settings page
+* 📄 **feat(ui):** Added **paginated user list** with selectable limit for improved performance
+
+#### 🤖 **Bot & Scripts**
+
+* 🧰 **fix(bot):** Removed unnecessary `-u` flag from `remove-user` command