Merge pull request #307 from ReturnFI/beta

Advanced Node Management & UI Upgrades
2025-10-27 13:46:41 +01:00
parent 79bada5b2a d1e12d7081
commit fe4e0a86cd
19 changed files with 781 additions and 237 deletions
--- a/35
+++ b/35
@ -1,19 +1,26 @@
-### 🚀 **[2.3.5] – Dependency Updates & Minor Fixes**
+### 🚀 **[2.4.0] – Advanced Node Management & Paginated User List**

-*Released: 2025-10-13*
+*Released: 2025-10-27*

-#### 🧩 Dependency Updates
+#### 🌐 **API & Backend**

-* ⬆️ **pydantic-core** → 2.41.1
-* ⬆️ **pydantic** → 2.12.0
-* ⬆️ **fastapi** → 0.118.0
-* ⬆️ **pymongo** → 4.15.2
-* ⬆️ **certifi** → 2025.10.5
-* ⬆️ **frozenlist** → 1.8.0
-* ⬆️ **markupsafe** → 3.0.3
-* ⬆️ **propcache** → 0.4.1
+* 🚀 **feat(api):** Added endpoint for receiving node traffic data
+* 🧩 **refactor(api):** Applied node-specific parameters to wrapper URI script
+* ⚙️ **refactor(uri):** Enhanced URI generation with node-specific parameters
+* 🧠 **refactor:** Cleaned up API documentation tags
+* 🧱 **feat(api):** Added full node configuration to web panel API

-#### 🛠 Fixes
+#### 🧮 **Node Management**

-* 🐛 Fixed **path handling bug** in Core module
-* ✏️ Fixed **typo** in CLI messages
+* 🧠 **feat(nodes):** Implemented advanced node management and automatic certificate generation
+* 🔐 **feat(nodes):** Added *insecure TLS* option for external nodes
+* 🌀 **feat(nodes):** Added optional **OBFS** and **port** parameters for flexible node setups
+
+#### 💻 **Frontend / Web Panel**
+
+* 🖥️ **feat(web):** Implemented full node configuration UI in the settings page
+* 📄 **feat(ui):** Added **paginated user list** with selectable limit for improved performance
+
+#### 🤖 **Bot & Scripts**
+
+* 🧰 **fix(bot):** Removed unnecessary `-u` flag from `remove-user` command
--- a/core/cli.py
+++ b/core/cli.py
@ -329,12 +329,17 @@ def node():
    pass

@node.command('add')
-@click.option('--name', required=True, type=str, help='A unique name for the node (e.g., "Node-DE").')
-@click.option('--ip', required=True, type=str, help='The public IP address of the node.')
-def add_node(name, ip):
+@click.option('--name', required=True, type=str, help='Unique name for the node.')
+@click.option('--ip', required=True, type=str, help='Public IP address of the node.')
+@click.option('--port', required=False, type=int, help='Optional: Port of the node.')
+@click.option('--sni', required=False, type=str, help='Optional: Server Name Indication.')
+@click.option('--pinSHA256', required=False, type=str, help='Optional: Public key SHA256 pin.')
+@click.option('--obfs', required=False, type=str, help='Optional: Obfuscation key.')
+@click.option('--insecure', is_flag=True, default=False, help='Optional: Skip certificate verification.')
+def add_node(name, ip, port, sni, pinsha256, obfs, insecure):
    """Add a new external node."""
    try:
-        output = cli_api.add_node(name, ip)
+        output = cli_api.add_node(name, ip, sni, pinSHA256=pinsha256, port=port, obfs=obfs, insecure=insecure)
        click.echo(output.strip())
    except Exception as e:
        click.echo(f'{e}', err=True)
@ -358,6 +363,15 @@ def list_nodes():
    except Exception as e:
        click.echo(f'{e}', err=True)

+@node.command('generate-cert')
+def generate_cert():
+    """Generate a self-signed certificate for nodes."""
+    try:
+        output = cli_api.generate_node_cert()
+        click.echo(output.strip())
+    except Exception as e:
+        click.echo(f'{e}', err=True)
+
@cli.command('update-geo')
@click.option('--country', '-c',
              type=click.Choice(['iran', 'china', 'russia'], case_sensitive=False),
--- a/core/cli_api.py
+++ b/core/cli_api.py
@ -35,7 +35,7 @@ class Command(Enum):
    SHOW_USER_URI = os.path.join(SCRIPT_DIR, 'hysteria2', 'show_user_uri.py')
    WRAPPER_URI = os.path.join(SCRIPT_DIR, 'hysteria2', 'wrapper_uri.py')
    IP_ADD = os.path.join(SCRIPT_DIR, 'hysteria2', 'ip.py')
-    NODE_MANAGER = os.path.join(SCRIPT_DIR, 'hysteria2', 'node.py')
+    NODE_MANAGER = os.path.join(SCRIPT_DIR, 'nodes', 'node.py')
    MANAGE_OBFS = os.path.join(SCRIPT_DIR, 'hysteria2', 'manage_obfs.py')
    MASQUERADE_SCRIPT = os.path.join(SCRIPT_DIR, 'hysteria2', 'masquerade.py')
    EXTRA_CONFIG_SCRIPT = os.path.join(SCRIPT_DIR, 'hysteria2', 'extra_config.py')
@ -464,11 +464,22 @@ def edit_ip_address(ipv4: str, ipv6: str):
    if ipv6:
        run_cmd(['python3', Command.IP_ADD.value, 'edit', '-6', ipv6])

-def add_node(name: str, ip: str):
+def add_node(name: str, ip: str, sni: Optional[str] = None, pinSHA256: Optional[str] = None, port: Optional[int] = None, obfs: Optional[str] = None, insecure: Optional[bool] = None):
    """
    Adds a new external node.
    """
-    return run_cmd(['python3', Command.NODE_MANAGER.value, 'add', '--name', name, '--ip', ip])
+    command = ['python3', Command.NODE_MANAGER.value, 'add', '--name', name, '--ip', ip]
+    if port:
+        command.extend(['--port', str(port)])
+    if sni:
+        command.extend(['--sni', sni])
+    if pinSHA256:
+        command.extend(['--pinSHA256', pinSHA256])
+    if obfs:
+        command.extend(['--obfs', obfs])
+    if insecure:
+        command.append('--insecure')
+    return run_cmd(command)

 def delete_node(name: str):
    """
@ -482,6 +493,12 @@ def list_nodes():
    """
    return run_cmd(['python3', Command.NODE_MANAGER.value, 'list'])

+def generate_node_cert():
+    """
+    Generates a self-signed certificate for nodes.
+    """
+    return run_cmd(['python3', Command.NODE_MANAGER.value, 'generate-cert'])
+
 def update_geo(country: str):
    '''
    Updates geographic data files based on the specified country.
--- a/core/scripts/hysteria2/node.py
+++ b/core/scripts/hysteria2/node.py
@ -1,110 +0,0 @@
-#!/usr/bin/env python3
-
-import sys
-import json
-import argparse
-from pathlib import Path
-import re
-from ipaddress import ip_address
-from init_paths import *
-from paths import NODES_JSON_PATH
-
-def is_valid_ip_or_domain(value: str) -> bool:
-    """Check if the value is a valid IP address or domain name."""
-    if not value or not value.strip():
-        return False
-    value = value.strip()
-    try:
-        ip_address(value)
-        return True
-    except ValueError:
-        domain_regex = re.compile(
-            r'^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$',
-            re.IGNORECASE
-        )
-        return re.match(domain_regex, value) is not None
-
-def read_nodes():
-    if not NODES_JSON_PATH.exists():
-        return []
-    try:
-        with NODES_JSON_PATH.open("r") as f:
-            content = f.read()
-            if not content:
-                return []
-            return json.loads(content)
-    except (json.JSONDecodeError, IOError, OSError) as e:
-        sys.exit(f"Error reading or parsing {NODES_JSON_PATH}: {e}")
-
-def write_nodes(nodes):
-    try:
-        NODES_JSON_PATH.parent.mkdir(parents=True, exist_ok=True)
-        with NODES_JSON_PATH.open("w") as f:
-            json.dump(nodes, f, indent=4)
-    except (IOError, OSError) as e:
-        sys.exit(f"Error writing to {NODES_JSON_PATH}: {e}")
-
-def add_node(name: str, ip: str):
-    if not is_valid_ip_or_domain(ip):
-        print(f"Error: '{ip}' is not a valid IP address or domain name.", file=sys.stderr)
-        sys.exit(1)
-
-    nodes = read_nodes()
-    if any(node['name'] == name for node in nodes):
-        print(f"Error: A node with the name '{name}' already exists.", file=sys.stderr)
-        sys.exit(1)
-    if any(node['ip'] == ip for node in nodes):
-        print(f"Error: A node with the IP/domain '{ip}' already exists.", file=sys.stderr)
-        sys.exit(1)
-    
-    nodes.append({"name": name, "ip": ip})
-    write_nodes(nodes)
-    print(f"Successfully added node '{name}' with IP/domain '{ip}'.")
-
-def delete_node(name: str):
-    nodes = read_nodes()
-    original_count = len(nodes)
-    nodes = [node for node in nodes if node['name'] != name]
-    
-    if len(nodes) == original_count:
-        print(f"Error: No node with the name '{name}' found.", file=sys.stderr)
-        sys.exit(1)
-
-    write_nodes(nodes)
-    print(f"Successfully deleted node '{name}'.")
-
-def list_nodes():
-    nodes = read_nodes()
-    if not nodes:
-        print("No nodes configured.")
-        return
-        
-    print(f"{'Name':<30} {'IP Address / Domain'}")
-    print(f"{'-'*30} {'-'*25}")
-    for node in sorted(nodes, key=lambda x: x['name']):
-        print(f"{node['name']:<30} {node['ip']}")
-
-def main():
-    parser = argparse.ArgumentParser(description="Manage external node configurations.")
-    subparsers = parser.add_subparsers(dest='command', required=True)
-
-    add_parser = subparsers.add_parser('add', help='Add a new node.')
-    add_parser.add_argument('--name', type=str, required=True, help='The unique name of the node.')
-    add_parser.add_argument('--ip', type=str, required=True, help='The IP address or domain of the node.')
-
-    delete_parser = subparsers.add_parser('delete', help='Delete a node by name.')
-    delete_parser.add_argument('--name', type=str, required=True, help='The name of the node to delete.')
-
-    subparsers.add_parser('list', help='List all configured nodes.')
-    
-    args = parser.parse_args()
-
-    if args.command == 'add':
-        add_node(args.name, args.ip)
-    elif args.command == 'delete':
-        delete_node(args.name)
-    elif args.command == 'list':
-        list_nodes()
-
-if __name__ == "__main__":
-    main()
--- a/core/scripts/hysteria2/show_user_uri.py
+++ b/core/scripts/hysteria2/show_user_uri.py
@ -24,7 +24,7 @@ def load_env_file(env_file: str) -> Dict[str, str]:
                    env_vars[key] = value
    return env_vars

-def load_nodes() -> List[Dict[str, str]]:
+def load_nodes() -> List[Dict[str, Any]]:
    if NODES_JSON_PATH.exists():
        try:
            with NODES_JSON_PATH.open("r") as f:
@ -147,25 +147,26 @@ def show_uri(args: argparse.Namespace) -> None:
        return
    
    auth_password = user_doc["password"]
-    port = config["listen"].split(":")[-1]
-    sha256 = config.get("tls", {}).get("pinSHA256", "")
-    obfs_password = config.get("obfs", {}).get("salamander", {}).get("password", "")
-    insecure = config.get("tls", {}).get("insecure", True)

-    ip4, ip6, sni = load_hysteria2_ips()
+    local_port = config["listen"].split(":")[-1]
+    local_sha256 = config.get("tls", {}).get("pinSHA256", "")
+    local_obfs_password = config.get("obfs", {}).get("salamander", {}).get("password", "")
+    local_insecure = config.get("tls", {}).get("insecure", True)
+    
+    ip4, ip6, local_sni = load_hysteria2_ips()
    nodes = load_nodes()
    terminal_width = get_terminal_width()

    if args.all or args.ip_version == 4:
        if ip4 and ip4 != "None":
-            uri = generate_uri(args.username, auth_password, ip4, port, 
-                                 obfs_password, sha256, sni, 4, insecure, f"{args.username}-IPv4")
+            uri = generate_uri(args.username, auth_password, ip4, local_port, 
+                                 local_obfs_password, local_sha256, local_sni, 4, local_insecure, f"{args.username}-IPv4")
            display_uri_and_qr(uri, "IPv4", args, terminal_width)
            
    if args.all or args.ip_version == 6:
        if ip6 and ip6 != "None":
-            uri = generate_uri(args.username, auth_password, ip6, port, 
-                                 obfs_password, sha256, sni, 6, insecure, f"{args.username}-IPv6")
+            uri = generate_uri(args.username, auth_password, ip6, local_port, 
+                                 local_obfs_password, local_sha256, local_sni, 6, local_insecure, f"{args.username}-IPv6")
            display_uri_and_qr(uri, "IPv6", args, terminal_width)

    for node in nodes:
@ -177,8 +178,24 @@ def show_uri(args: argparse.Namespace) -> None:
        ip_v = 4 if '.' in node_ip else 6
        
        if args.all or args.ip_version == ip_v:
-            uri = generate_uri(args.username, auth_password, node_ip, port, 
-                                 obfs_password, sha256, sni, ip_v, insecure, f"{args.username}-{node_name}")
+            node_port = node.get("port", local_port)
+            node_sni = node.get("sni", local_sni)
+            node_obfs = node.get("obfs", local_obfs_password)
+            node_pin = node.get("pinSHA256", local_sha256)
+            node_insecure = node.get("insecure", local_insecure)
+
+            uri = generate_uri(
+                username=args.username,
+                auth_password=auth_password,
+                ip=node_ip,
+                port=str(node_port),
+                obfs_password=node_obfs,
+                sha256=node_pin,
+                sni=node_sni,
+                ip_version=ip_v,
+                insecure=node_insecure,
+                fragment_tag=f"{args.username}-{node_name}"
+            )
            display_uri_and_qr(uri, f"Node: {node_name} (IPv{ip_v})", args, terminal_width)

    if args.singbox and is_service_active("hysteria-singbox.service"):
--- a/core/scripts/hysteria2/wrapper_uri.py
+++ b/core/scripts/hysteria2/wrapper_uri.py
@ -37,7 +37,10 @@ def generate_uri(username: str, auth_password: str, ip: str, port: str,
                 uri_params: Dict[str, str], ip_version: int, fragment_tag: str) -> str:
    ip_part = f"[{ip}]" if ip_version == 6 and ':' in ip else ip
    uri_base = f"hy2://{username}:{auth_password}@{ip_part}:{port}"
-    query_string = "&".join([f"{k}={v}" for k, v in uri_params.items()])
+    
+    query_params = [f"{k}={v}" for k, v in uri_params.items() if v is not None and v != '']
+    query_string = "&".join(query_params)
+    
    return f"{uri_base}?{query_string}#{fragment_tag}"

 def process_users(target_usernames: List[str]) -> List[Dict[str, Any]]:
@ -51,23 +54,23 @@ def process_users(target_usernames: List[str]) -> List[Dict[str, Any]]:
        sys.exit(1)

    nodes = load_json_file(NODES_JSON_PATH) or []
-    port = config.get("listen", "").split(":")[-1]
+    
+    default_port = config.get("listen", "").split(":")[-1]
    tls_config = config.get("tls", {})
    hy2_env = load_env_file(CONFIG_ENV)
    ns_env = load_env_file(NORMALSUB_ENV)

-    base_uri_params = {
-        "insecure": "1" if tls_config.get("insecure", True) else "0",
-        "sni": hy2_env.get('SNI', '')
-    }
-    obfs_password = config.get("obfs", {}).get("salamander", {}).get("password")
-    if obfs_password:
-        base_uri_params["obfs"] = "salamander"
-        base_uri_params["obfs-password"] = obfs_password
+    default_sni = hy2_env.get('SNI', '')
+    default_obfs = config.get("obfs", {}).get("salamander", {}).get("password")
+    default_pin = tls_config.get("pinSHA256")
+    default_insecure = tls_config.get("insecure", True)
    
-    sha256 = tls_config.get("pinSHA256")
-    if sha256:
-        base_uri_params["pinSHA256"] = sha256
+    base_uri_params = {"insecure": "1" if default_insecure else "0"}
+    if default_sni: base_uri_params["sni"] = default_sni
+    if default_obfs:
+        base_uri_params["obfs"] = "salamander"
+        base_uri_params["obfs-password"] = default_obfs
+    if default_pin: base_uri_params["pinSHA256"] = default_pin
    
    ip4 = hy2_env.get('IP4')
    ip6 = hy2_env.get('IP6')
@ -84,17 +87,34 @@ def process_users(target_usernames: List[str]) -> List[Dict[str, Any]]:
        user_output = {"username": username, "ipv4": None, "ipv6": None, "nodes": [], "normal_sub": None}

        if ip4 and ip4 != "None":
-            user_output["ipv4"] = generate_uri(username, auth_password, ip4, port, base_uri_params, 4, f"{username}-IPv4")
+            user_output["ipv4"] = generate_uri(username, auth_password, ip4, default_port, base_uri_params, 4, f"{username}-IPv4")
        if ip6 and ip6 != "None":
-            user_output["ipv6"] = generate_uri(username, auth_password, ip6, port, base_uri_params, 6, f"{username}-IPv6")
+            user_output["ipv6"] = generate_uri(username, auth_password, ip6, default_port, base_uri_params, 6, f"{username}-IPv6")

        for node in nodes:
-            if node_name := node.get("name"):
-                if node_ip := node.get("ip"):
-                    ip_v = 6 if ':' in node_ip else 4
-                    tag = f"{username}-{node_name}"
-                    uri = generate_uri(username, auth_password, node_ip, port, base_uri_params, ip_v, tag)
-                    user_output["nodes"].append({"name": node_name, "uri": uri})
+            node_name = node.get("name")
+            node_ip = node.get("ip")
+            if not node_name or not node_ip:
+                continue
+
+            ip_v = 6 if ':' in node_ip else 4
+            tag = f"{username}-{node_name}"
+
+            node_port = str(node.get("port", default_port))
+            node_sni = node.get("sni", default_sni)
+            node_obfs = node.get("obfs", default_obfs)
+            node_pin = node.get("pinSHA256", default_pin)
+            node_insecure = node.get("insecure", default_insecure)
+            
+            node_params = {"insecure": "1" if node_insecure else "0"}
+            if node_sni: node_params["sni"] = node_sni
+            if node_obfs:
+                node_params["obfs"] = "salamander"
+                node_params["obfs-password"] = node_obfs
+            if node_pin: node_params["pinSHA256"] = node_pin
+            
+            uri = generate_uri(username, auth_password, node_ip, node_port, node_params, ip_v, tag)
+            user_output["nodes"].append({"name": node_name, "uri": uri})
        
        if ns_domain and ns_port and ns_subpath:
            user_output["normal_sub"] = f"https://{ns_domain}:{ns_port}/{ns_subpath}/sub/normal/{auth_password}#{username}"
--- a/core/scripts/nodes/init_paths.py
+++ b/core/scripts/nodes/init_paths.py
@ -0,0 +1,7 @@
+import sys
+from pathlib import Path
+
+core_scripts_dir = Path(__file__).resolve().parents[1]
+
+if str(core_scripts_dir) not in sys.path:
+    sys.path.append(str(core_scripts_dir))
--- a/core/scripts/nodes/node.py
+++ b/core/scripts/nodes/node.py
@ -0,0 +1,229 @@
+#!/usr/bin/env python3
+
+import sys
+import json
+import argparse
+from pathlib import Path
+import re
+from ipaddress import ip_address
+import subprocess
+from datetime import datetime, timedelta
+from init_paths import *
+from paths import NODES_JSON_PATH
+
+
+def is_valid_ip_or_domain(value: str) -> bool:
+    if not value or not value.strip():
+        return False
+    value = value.strip()
+    try:
+        ip_address(value)
+        return True
+    except ValueError:
+        domain_regex = re.compile(
+            r'^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$',
+            re.IGNORECASE
+        )
+        return re.match(domain_regex, value) is not None
+
+def is_valid_sni(value: str) -> bool:
+    if not value or not value.strip():
+        return False
+    value = value.strip()
+    try:
+        ip_address(value)
+        return False
+    except ValueError:
+        if "https://" in value or "http://" in value or "//" in value:
+            return False
+        domain_regex = re.compile(
+            r'^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$',
+            re.IGNORECASE
+        )
+        return re.match(domain_regex, value) is not None
+
+def is_valid_sha256_pin(value: str) -> bool:
+    if not value or not value.strip():
+        return False
+    value = value.strip().upper()
+    pin_regex = re.compile(r'^([0-9A-F]{2}:){31}[0-9A-F]{2}$')
+    return re.match(pin_regex, value) is not None
+
+def is_valid_port(port: int) -> bool:
+    return 1 <= port <= 65535
+
+def read_nodes():
+    if not NODES_JSON_PATH.exists():
+        return []
+    try:
+        with NODES_JSON_PATH.open("r") as f:
+            content = f.read()
+            if not content:
+                return []
+            return json.loads(content)
+    except (json.JSONDecodeError, IOError, OSError) as e:
+        sys.exit(f"Error reading or parsing {NODES_JSON_PATH}: {e}")
+
+def write_nodes(nodes):
+    try:
+        NODES_JSON_PATH.parent.mkdir(parents=True, exist_ok=True)
+        with NODES_JSON_PATH.open("w") as f:
+            json.dump(nodes, f, indent=4)
+    except (IOError, OSError) as e:
+        sys.exit(f"Error writing to {NODES_JSON_PATH}: {e}")
+
+def add_node(name: str, ip: str, sni: str | None = None, pinSHA256: str | None = None, port: int | None = None, obfs: str | None = None, insecure: bool = False):
+    if not is_valid_ip_or_domain(ip):
+        print(f"Error: '{ip}' is not a valid IP address or domain name.", file=sys.stderr)
+        sys.exit(1)
+
+    if sni and not is_valid_sni(sni):
+        print(f"Error: '{sni}' is not a valid domain name for SNI.", file=sys.stderr)
+        sys.exit(1)
+
+    if pinSHA256 and not is_valid_sha256_pin(pinSHA256):
+        print(f"Error: '{pinSHA256}' is not a valid SHA256 pin format.", file=sys.stderr)
+        sys.exit(1)
+
+    if port and not is_valid_port(port):
+        print(f"Error: Port '{port}' must be between 1 and 65535.", file=sys.stderr)
+        sys.exit(1)
+
+    nodes = read_nodes()
+    if any(node['name'] == name for node in nodes):
+        print(f"Error: A node with the name '{name}' already exists.", file=sys.stderr)
+        sys.exit(1)
+    if any(node['ip'] == ip for node in nodes):
+        print(f"Error: A node with the IP/domain '{ip}' already exists.", file=sys.stderr)
+        sys.exit(1)
+    
+    new_node = {"name": name, "ip": ip}
+    if sni:
+        new_node["sni"] = sni.strip()
+    if pinSHA256:
+        new_node["pinSHA256"] = pinSHA256.strip().upper()
+    if port:
+        new_node["port"] = port
+    if obfs:
+        new_node["obfs"] = obfs.strip()
+    if insecure:
+        new_node["insecure"] = insecure
+
+    nodes.append(new_node)
+    write_nodes(nodes)
+    print(f"Successfully added node '{name}'.")
+
+def delete_node(name: str):
+    nodes = read_nodes()
+    original_count = len(nodes)
+    nodes = [node for node in nodes if node['name'] != name]
+    
+    if len(nodes) == original_count:
+        print(f"Error: No node with the name '{name}' found.", file=sys.stderr)
+        sys.exit(1)
+
+    write_nodes(nodes)
+    print(f"Successfully deleted node '{name}'.")
+
+def list_nodes():
+    nodes = read_nodes()
+    if not nodes:
+        print("No nodes configured.")
+        return
+        
+    print(f"{'Name':<15} {'IP / Domain':<25} {'Port':<8} {'SNI':<20} {'Insecure':<10} {'OBFS':<20} {'Pin SHA256'}")
+    print(f"{'-'*15} {'-'*25} {'-'*8} {'-'*20} {'-'*10} {'-'*20} {'-'*30}")
+    for node in sorted(nodes, key=lambda x: x['name']):
+        name = node['name']
+        ip = node['ip']
+        port = node.get('port', 'N/A')
+        sni = node.get('sni', 'N/A')
+        insecure = str(node.get('insecure', 'False'))
+        obfs = node.get('obfs', 'N/A')
+        pin = node.get('pinSHA256', 'N/A')
+        print(f"{name:<15} {ip:<25} {str(port):<8} {sni:<20} {insecure:<10} {obfs:<20} {pin}")
+
+def generate_cert():
+    try:
+        script_dir = Path(__file__).parent.resolve()
+        key_filepath = script_dir / "blitz.key"
+        cert_filepath = script_dir / "blitz.crt"
+        
+        if cert_filepath.exists():
+            try:
+                check_cmd = ['openssl', 'x509', '-in', str(cert_filepath), '-noout', '-enddate']
+                result = subprocess.run(check_cmd, capture_output=True, text=True, check=True)
+                
+                end_date_str = result.stdout.strip().split('=')[1]
+                end_date = datetime.strptime(end_date_str, '%b %d %H:%M:%S %Y %Z')
+                
+                if end_date > datetime.now() + timedelta(days=30):
+                    print("Existing certificate is valid for more than 30 days.")
+                    print("\n")
+                    print(cert_filepath.read_text().strip())
+                    return
+                else:
+                    print("Existing certificate is expiring in less than 30 days. Generating a new one.")
+            except (subprocess.CalledProcessError, FileNotFoundError, IndexError, ValueError) as e:
+                print(f"Could not validate existing certificate: {e}. Generating a new one.")
+
+        print("Generating new certificate and key...")
+        openssl_command = [
+            'openssl', 'req', '-x509',
+            '-newkey', 'ec',
+            '-pkeyopt', 'ec_paramgen_curve:prime256v1',
+            '-keyout', str(key_filepath),
+            '-out', str(cert_filepath),
+            '-sha256', '-days', '3650', '-nodes',
+            '-subj', '/CN=Blitz'
+        ]
+        
+        result = subprocess.run(openssl_command, capture_output=True, text=True, check=False)
+
+        if result.returncode != 0:
+            sys.exit(f"Error generating certificate with OpenSSL:\n{result.stderr}")
+        
+        cert_content = cert_filepath.read_text()
+        
+        print("Successfully generated certificate and key:")
+        print("\n")
+        print(cert_content.strip())
+
+    except FileNotFoundError:
+        sys.exit("Error: 'openssl' command not found. Please ensure OpenSSL is installed and in your PATH.")
+    except Exception as e:
+        sys.exit(f"An unexpected error occurred: {e}")
+
+def main():
+    parser = argparse.ArgumentParser(description="Manage external node configurations.")
+    subparsers = parser.add_subparsers(dest='command', required=True)
+
+    add_parser = subparsers.add_parser('add', help='Add a new node.')
+    add_parser.add_argument('--name', type=str, required=True, help='The unique name of the node.')
+    add_parser.add_argument('--ip', type=str, required=True, help='The IP address or domain of the node.')
+    add_parser.add_argument('--port', type=int, help='Optional: The port of the node.')
+    add_parser.add_argument('--sni', type=str, help='Optional: The Server Name Indication.')
+    add_parser.add_argument('--pinSHA256', type=str, help='Optional: The public key SHA256 pin.')
+    add_parser.add_argument('--obfs', type=str, help='Optional: The obfuscation key.')
+    add_parser.add_argument('--insecure', action='store_true', help='Optional: Skip certificate verification.')
+
+    delete_parser = subparsers.add_parser('delete', help='Delete a node by name.')
+    delete_parser.add_argument('--name', type=str, required=True, help='The name of the node to delete.')
+
+    subparsers.add_parser('list', help='List all configured nodes.')
+    
+    subparsers.add_parser('generate-cert', help="Generate blitz.crt and blitz.key.")
+    
+    args = parser.parse_args()
+
+    if args.command == 'add':
+        add_node(args.name, args.ip, args.sni, args.pinSHA256, args.port, args.obfs, args.insecure)
+    elif args.command == 'delete':
+        delete_node(args.name)
+    elif args.command == 'list':
+        list_nodes()
+    elif args.command == 'generate-cert':
+        generate_cert()
+
+if __name__ == "__main__":
+    main()
--- a/core/scripts/telegrambot/utils/deleteuser.py
+++ b/core/scripts/telegrambot/utils/deleteuser.py
@ -20,6 +20,6 @@ def delete_user(message):

 def process_delete_user(message):
    username = message.text.strip().lower()
-    command = f"python3 {CLI_PATH} remove-user -u {username}"
+    command = f"python3 {CLI_PATH} remove-user {username}"
    result = run_cli_command(command)
    bot.reply_to(message, result)
--- a/core/scripts/webpanel/app.py
+++ b/core/scripts/webpanel/app.py
@ -5,18 +5,17 @@ import asyncio
 from fastapi import FastAPI
 from starlette.staticfiles import StaticFiles

-from config import CONFIGS  # Loads the configuration from .env
-from middleware import AuthMiddleware  # Defines authentication middleware
-from middleware import AfterRequestMiddleware  # Defines after request middleware
-from dependency import get_session_manager  # Defines dependencies across routers
-from openapi import setup_openapi_schema   # Adds authorization header to openapi schema
-from exception_handler import setup_exception_handler  # Defines exception handlers
+from config import CONFIGS
+from middleware import AuthMiddleware
+from middleware import AfterRequestMiddleware
+from dependency import get_session_manager
+from openapi import setup_openapi_schema
+from exception_handler import setup_exception_handler

-# Append directory of cli_api.py to be able to import it
 HYSTERIA_CORE_DIR = '/etc/hysteria/core/'
 sys.path.append(HYSTERIA_CORE_DIR)

-import routers  # noqa: This import should be after the sys.path modification, because it imports cli_api
+import routers


 def create_app() -> FastAPI:
@ -24,11 +23,10 @@ def create_app() -> FastAPI:
    Create FastAPI app.
    '''

-    # Set up FastAPI
    app = FastAPI(
-        title='Hysteria Webpanel',
-        description='Webpanel for Hysteria',
-        version='0.1.0',
+        title='Blitz API',
+        description='Webpanel for Hysteria2',
+        version='0.2.0',
        contact={
            'github': 'https://github.com/ReturnFI/Blitz'
        },
@ -36,26 +34,19 @@ def create_app() -> FastAPI:
        root_path=f'/{CONFIGS.ROOT_PATH}',
    )

-    # Set up static files
    app.mount('/assets', StaticFiles(directory='assets'), name='assets')

-    # Set up exception handlers
    setup_exception_handler(app)

-    # Set up authentication middleware
-
    app.add_middleware(AuthMiddleware, session_manager=get_session_manager(), api_token=CONFIGS.API_TOKEN)
-    # Set up after request middleware
    app.add_middleware(AfterRequestMiddleware)

-    # Set up Routers
-    app.include_router(routers.basic.router, prefix='', tags=['Basic Routes[Web]'])  # Add basic router
-    app.include_router(routers.login.router, prefix='', tags=['Authentication[Web]'])  # Add authentication router
-    app.include_router(routers.settings.router, prefix='/settings', tags=['Settings[Web]'])  # Add settings router
-    app.include_router(routers.user.router, prefix='/users', tags=['User Management[Web]'])  # Add user router
-    app.include_router(routers.api.v1.api_v1_router, prefix='/api/v1', tags=['API Version 1'])  # Add API version 1 router # type: ignore
+    app.include_router(routers.basic.router, prefix='', tags=['Web - Basic'])
+    app.include_router(routers.login.router, prefix='', tags=['Web - Authentication'])
+    app.include_router(routers.settings.router, prefix='/settings', tags=['Web - Settings'])
+    app.include_router(routers.user.router, prefix='/users', tags=['Web - User Management'])
+    app.include_router(routers.api.v1.api_v1_router, prefix='/api/v1')

-    # Document that the API requires an API key
    setup_openapi_schema(app)

    return app
@ -66,7 +57,7 @@ app: FastAPI = create_app()

 if __name__ == '__main__':
    from hypercorn.config import Config
-    from hypercorn.asyncio import serve  # type: ignore
+    from hypercorn.asyncio import serve
    from hypercorn.middleware import ProxyFixMiddleware

    config = Config()
@ -75,6 +66,5 @@ if __name__ == '__main__':
    config.accesslog = '-'
    config.errorlog = '-'

-    # Fix proxy headers
-    app = ProxyFixMiddleware(app, 'legacy')  # type: ignore
-    asyncio.run(serve(app, config))  # type: ignore
+    app = ProxyFixMiddleware(app, 'legacy')
+    asyncio.run(serve(app, config))
--- a/core/scripts/webpanel/assets/js/settings.js
+++ b/core/scripts/webpanel/assets/js/settings.js
@ -67,7 +67,11 @@ $(document).ready(function () {
    function isValidDomain(domain) {
        if (!domain) return false;
        const lowerDomain = domain.toLowerCase();
-        return !lowerDomain.startsWith("http://") && !lowerDomain.startsWith("https://");
+        if (lowerDomain.startsWith("http://") || lowerDomain.startsWith("https://")) return false;
+        const ipV4Regex = /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;
+        if(ipV4Regex.test(domain)) return false;
+        const domainRegex = /^(?!-)(?:[a-zA-Z\d-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+$)[a-zA-Z\d]{1,63}$/;
+        return domainRegex.test(lowerDomain);
    }

    function isValidPort(port) {
@ -75,6 +79,12 @@ $(document).ready(function () {
        return /^[0-9]+$/.test(port) && parseInt(port) > 0 && parseInt(port) <= 65535;
    }

+    function isValidSha256Pin(pin) {
+        if (!pin) return false;
+        const pinRegex = /^([0-9A-F]{2}:){31}[0-9A-F]{2}$/i;
+        return pinRegex.test(pin.trim());
+    }
+
    function isValidSubPath(subpath) {
        if (!subpath) return false;
        return /^[a-zA-Z0-9]+$/.test(subpath);
@ -198,6 +208,14 @@ $(document).ready(function () {
                }
            } else if (id === 'decoy_path') {
                fieldValid = isValidPath(input.val());
+            } else if (id === 'node_port') {
+                fieldValid = (input.val().trim() === '') ? true : isValidPort(input.val());
+            } else if (id === 'node_sni') {
+                fieldValid = (input.val().trim() === '') ? true : isValidDomain(input.val());
+            } else if (id === 'node_pin') {
+                fieldValid = (input.val().trim() === '') ? true : isValidSha256Pin(input.val());
+            } else if (id === 'node_obfs') {
+                fieldValid = true;
            } else {
                if (input.attr('placeholder') && input.attr('placeholder').includes('Enter') && !input.attr('id').startsWith('ipv')) {
                     fieldValid = input.val().trim() !== "";
@ -265,6 +283,11 @@ $(document).ready(function () {
                const row = `<tr>
                                <td>${escapeHtml(node.name)}</td>
                                <td>${escapeHtml(node.ip)}</td>
+                                <td>${escapeHtml(node.port || 'N/A')}</td>
+                                <td>${escapeHtml(node.sni || 'N/A')}</td>
+                                <td>${escapeHtml(node.obfs || 'N/A')}</td>
+                                <td>${escapeHtml(node.insecure ? 'True' : 'False')}</td>
+                                <td>${escapeHtml(node.pinSHA256 || 'N/A')}</td>
                                <td>
                                    <button class="btn btn-xs btn-danger delete-node-btn" data-name="${escapeHtml(node.name)}">
                                        <i class="fas fa-trash"></i> Delete
@ -284,18 +307,28 @@ $(document).ready(function () {

        const name = $("#node_name").val().trim();
        const ip = $("#node_ip").val().trim();
+        const port = $("#node_port").val().trim();
+        const sni = $("#node_sni").val().trim();
+        const obfs = $("#node_obfs").val().trim();
+        const pinSHA256 = $("#node_pin").val().trim();
+        const insecure = $("#node_insecure").is(':checked');
+        
+        const data = { name: name, ip: ip, insecure: insecure };
+        if (port) data.port = parseInt(port);
+        if (sni) data.sni = sni;
+        if (obfs) data.obfs = obfs;
+        if (pinSHA256) data.pinSHA256 = pinSHA256;

        confirmAction(`add the node '${name}'`, function () {
            sendRequest(
                API_URLS.addNode,
                "POST",
-                { name: name, ip: ip },
+                data,
                `Node '${name}' added successfully!`,
                "#add_node_btn",
                false,
                function() {
-                    $("#node_name").val('');
-                    $("#node_ip").val('');
+                    $("#add_node_form")[0].reset();
                    $("#add_node_form .form-control").removeClass('is-invalid');
                    fetchNodes();
                }
@ -1055,4 +1088,31 @@ $(document).ready(function () {
             $(this).addClass('is-invalid');
        }
    });
+
+    $('#node_port').on('input', function () {
+        const val = $(this).val().trim();
+        if (val === '' || isValidPort(val)) {
+            $(this).removeClass('is-invalid');
+        } else {
+            $(this).addClass('is-invalid');
+        }
+    });
+    
+    $('#node_sni').on('input', function () {
+        const val = $(this).val().trim();
+        if (val === '' || isValidDomain(val)) {
+            $(this).removeClass('is-invalid');
+        } else {
+            $(this).addClass('is-invalid');
+        }
+    });
+    
+    $('#node_pin').on('input', function () {
+        const val = $(this).val().trim();
+        if (val === '' || isValidSha256Pin(val)) {
+            $(this).removeClass('is-invalid');
+        } else {
+            $(this).addClass('is-invalid');
+        }
+    });
 });
--- a/core/scripts/webpanel/assets/js/users.js
+++ b/core/scripts/webpanel/assets/js/users.js
@ -9,10 +9,32 @@ $(function () {
    const RESET_USER_URL_TEMPLATE = contentSection.dataset.resetUserUrlTemplate;
    const USER_URI_URL_TEMPLATE = contentSection.dataset.userUriUrlTemplate;
    const BULK_URI_URL = contentSection.dataset.bulkUriUrl;
+    const USERS_BASE_URL = contentSection.dataset.usersBaseUrl;

    const usernameRegex = /^[a-zA-Z0-9_]+$/;
    let cachedUserData = [];

+    function setCookie(name, value, days) {
+        let expires = "";
+        if (days) {
+            const date = new Date();
+            date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
+            expires = "; expires=" + date.toUTCString();
+        }
+        document.cookie = name + "=" + (value || "") + expires + "; path=/";
+    }
+
+    function getCookie(name) {
+        const nameEQ = name + "=";
+        const ca = document.cookie.split(';');
+        for (let i = 0; i < ca.length; i++) {
+            let c = ca[i];
+            while (c.charAt(0) === ' ') c = c.substring(1, c.length);
+            if (c.indexOf(nameEQ) === 0) return c.substring(nameEQ.length, c.length);
+        }
+        return null;
+    }
+
    function checkIpLimitServiceStatus() {
        $.getJSON(SERVICE_STATUS_URL)
            .done(data => {
@ -325,5 +347,17 @@ $(function () {
    $("#searchButton").on("click", filterUsers);
    $("#searchInput").on("keyup", filterUsers);

+    function initializeLimitSelector() {
+        const savedLimit = getCookie('limit') || '50';
+        $('#limit-select').val(savedLimit);
+
+        $('#limit-select').on('change', function() {
+            const newLimit = $(this).val();
+            setCookie('limit', newLimit, 365);
+            window.location.href = USERS_BASE_URL;
+        });
+    }
+    
+    initializeLimitSelector();
    checkIpLimitServiceStatus();
 });
--- a/core/scripts/webpanel/routers/api/v1/init.py
+++ b/core/scripts/webpanel/routers/api/v1/init.py
@ -5,6 +5,6 @@ from . import config

 api_v1_router = APIRouter()

-api_v1_router.include_router(user.router, prefix='/users')
-api_v1_router.include_router(server.router, prefix='/server')
+api_v1_router.include_router(user.router, prefix='/users', tags=['API - Users'])
+api_v1_router.include_router(server.router, prefix='/server', tags=['API - Server'])
 api_v1_router.include_router(config.router, prefix='/config')
--- a/core/scripts/webpanel/routers/api/v1/config/init.py
+++ b/core/scripts/webpanel/routers/api/v1/config/init.py
@ -11,11 +11,11 @@ from . import extra_config
 router = APIRouter()


-router.include_router(hysteria.router, prefix='/hysteria')
-router.include_router(warp.router, prefix='/warp')
-router.include_router(telegram.router, prefix='/telegram')
-router.include_router(normalsub.router, prefix='/normalsub')
-router.include_router(singbox.router, prefix='/singbox')
-router.include_router(ip.router, prefix='/ip')
-router.include_router(extra_config.router, prefix='/extra-config', tags=['Config - Extra Config'])
-router.include_router(misc.router)
+router.include_router(hysteria.router, prefix='/hysteria', tags=['API - Config - Hysteria'])
+router.include_router(warp.router, prefix='/warp', tags=['API - Config - Warp'])
+router.include_router(telegram.router, prefix='/telegram', tags=['API - Config - Telegram'])
+router.include_router(normalsub.router, prefix='/normalsub', tags=['API - Config - Normalsub'])
+router.include_router(singbox.router, prefix='/singbox', tags=['API - Config - Singbox'])
+router.include_router(ip.router, prefix='/ip', tags=['API - Config - IP'])
+router.include_router(extra_config.router, prefix='/extra-config', tags=['API - Config - Extra Config'])
+router.include_router(misc.router, tags=['API - Config - Misc'])
--- a/core/scripts/webpanel/routers/api/v1/config/ip.py
+++ b/core/scripts/webpanel/routers/api/v1/config/ip.py
@ -2,13 +2,15 @@ from fastapi import APIRouter, HTTPException
 from ..schema.response import DetailResponse
 import json
 import os
+from scripts.db.database import db

 from ..schema.config.ip import (
    EditInputBody, 
    StatusResponse,
    AddNodeBody,
    DeleteNodeBody,
-    NodeListResponse
+    NodeListResponse,
+    NodesTrafficPayload
 )
 import cli_api

@ -90,10 +92,18 @@ async def add_node(body: AddNodeBody):
    Adds a new external node to the configuration.

    Args:
-        body: Request body containing the name and IP of the node.
+        body: Request body containing the full details of the node.
    """
    try:
-        cli_api.add_node(body.name, body.ip)
+        cli_api.add_node(
+            name=body.name, 
+            ip=body.ip, 
+            port=body.port, 
+            sni=body.sni, 
+            pinSHA256=body.pinSHA256, 
+            obfs=body.obfs,
+            insecure=body.insecure
+        )
        return DetailResponse(detail=f"Node '{body.name}' added successfully.")
    except Exception as e:
        raise HTTPException(status_code=400, detail=str(e))
@ -102,7 +112,6 @@ async def add_node(body: AddNodeBody):
@router.post('/nodes/delete', response_model=DetailResponse, summary='Delete External Node')
 async def delete_node(body: DeleteNodeBody):
    """
-
    Deletes an external node from the configuration by its name.

    Args:
@ -113,3 +122,40 @@ async def delete_node(body: DeleteNodeBody):
        return DetailResponse(detail=f"Node '{body.name}' deleted successfully.")
    except Exception as e:
        raise HTTPException(status_code=400, detail=str(e))
+
+
+@router.post('/nodestraffic', response_model=DetailResponse, summary='Receive and Aggregate Traffic from Node')
+async def receive_node_traffic(body: NodesTrafficPayload):
+    """
+    Receives traffic delta from a node and adds it to the user's total in the database.
+    Authentication is handled by the AuthMiddleware.
+    """
+    if db is None:
+        raise HTTPException(status_code=500, detail="Database connection is not available.")
+    
+    updated_count = 0
+    for user_traffic in body.users:
+        try:
+            db_user = db.get_user(user_traffic.username)
+            if not db_user:
+                continue
+
+            new_upload = db_user.get('upload_bytes', 0) + user_traffic.upload_bytes
+            new_download = db_user.get('download_bytes', 0) + user_traffic.download_bytes
+
+            update_data = {
+                'upload_bytes': new_upload,
+                'download_bytes': new_download,
+                'status': user_traffic.status,
+            }
+            
+            if not db_user.get('account_creation_date') and user_traffic.account_creation_date:
+                update_data['account_creation_date'] = user_traffic.account_creation_date
+
+            db.update_user(user_traffic.username, update_data)
+            updated_count += 1
+            
+        except Exception as e:
+            print(f"Error updating traffic for user {user_traffic.username}: {e}")
+
+    return DetailResponse(detail=f"Successfully processed and aggregated traffic for {updated_count} users.")
--- a/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
+++ b/core/scripts/webpanel/routers/api/v1/schema/config/ip.py
@ -1,6 +1,8 @@
-from pydantic import BaseModel, field_validator, ValidationInfo
-from ipaddress import IPv4Address, IPv6Address, ip_address
+from pydantic import BaseModel, field_validator
+from ipaddress import ip_address
 import re
+from typing import Optional, List
+from datetime import datetime

 def validate_ip_or_domain(v: str) -> str | None:
    if v is None or v.strip() in ['', 'None']:
@ -34,6 +36,11 @@ class EditInputBody(StatusResponse):
 class Node(BaseModel):
    name: str
    ip: str
+    port: Optional[int] = None
+    sni: Optional[str] = None
+    pinSHA256: Optional[str] = None
+    obfs: Optional[str] = None
+    insecure: Optional[bool] = False

    @field_validator('ip', mode='before')
    def check_node_ip(cls, v: str | None):
@ -41,6 +48,42 @@ class Node(BaseModel):
            raise ValueError("IP or Domain field cannot be empty.")
        return validate_ip_or_domain(v)

+    @field_validator('port')
+    def check_port(cls, v: int | None):
+        if v is not None and not (1 <= v <= 65535):
+            raise ValueError('Port must be between 1 and 65535.')
+        return v
+    
+    @field_validator('sni', mode='before')
+    def check_sni(cls, v: str | None):
+        if v is None or not v.strip():
+            return None
+        v = v.strip()
+        try:
+            ip_address(v)
+            raise ValueError("SNI must be a domain name, not an IP address.")
+        except ValueError:
+            pass 
+        if "://" in v:
+            raise ValueError("SNI cannot contain '://'")
+        domain_regex = re.compile(
+            r'^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$', 
+            re.IGNORECASE
+        )
+        if not domain_regex.match(v):
+            raise ValueError("Invalid domain name format for SNI.")
+        return v
+    
+    @field_validator('pinSHA256', mode='before')
+    def check_pin(cls, v: str | None):
+        if v is None or not v.strip():
+            return None
+        v_stripped = v.strip().upper()
+        pin_regex = re.compile(r'^([0-9A-F]{2}:){31}[0-9A-F]{2}$')
+        if not pin_regex.match(v_stripped):
+            raise ValueError("Invalid SHA256 pin format.")
+        return v_stripped
+
 class AddNodeBody(Node):
    pass

@ -48,3 +91,23 @@ class DeleteNodeBody(BaseModel):
    name: str

 NodeListResponse = list[Node]
+
+class NodeUserTraffic(BaseModel):
+    username: str
+    upload_bytes: int
+    download_bytes: int
+    status: str
+    account_creation_date: Optional[str] = None
+
+    @field_validator('account_creation_date')
+    def check_date_format(cls, v: str | None):
+        if v is None:
+            return None
+        try:
+            datetime.strptime(v, "%Y-%m-%d")
+            return v
+        except ValueError:
+            raise ValueError("account_creation_date must be in YYYY-MM-DD format.")
+
+class NodesTrafficPayload(BaseModel):
+    users: List[NodeUserTraffic]
--- a/core/scripts/webpanel/routers/user/user.py
+++ b/core/scripts/webpanel/routers/user/user.py
@ -1,5 +1,8 @@
-from fastapi import APIRouter, HTTPException, Request, Depends
+from fastapi import APIRouter, HTTPException, Request, Depends, Query, Path, Cookie
 from fastapi.templating import Jinja2Templates
+from fastapi.responses import RedirectResponse
+from starlette.status import HTTP_302_FOUND
+import math

 from dependency import get_templates
 from .viewmodel import User
@ -9,12 +12,57 @@ import cli_api
 router = APIRouter()


-@router.get('/')
-async def users(request: Request, templates: Jinja2Templates = Depends(get_templates)):
+async def get_users_page(
+    request: Request,
+    templates: Jinja2Templates,
+    page: int,
+    limit: int
+):
    try:
        users_list = cli_api.list_users() or []
-        users: list[User] = [User.from_dict(user_data.get('username', ''), user_data) for user_data in users_list]
+        total_users = len(users_list)
+        total_pages = math.ceil(total_users / limit) if limit > 0 else 1

-        return templates.TemplateResponse('users.html', {'users': users, 'request': request})
+        if page > total_pages and total_pages > 0:
+            return RedirectResponse(url=f"/users/{total_pages}", status_code=HTTP_302_FOUND)
+        if page < 1:
+            return RedirectResponse(url=f"/users/1", status_code=HTTP_302_FOUND)
+
+        start_index = (page - 1) * limit
+        end_index = start_index + limit
+        paginated_list = users_list[start_index:end_index]
+
+        users: list[User] = [User.from_dict(user_data.get('username', ''), user_data) for user_data in paginated_list]
+
+        return templates.TemplateResponse(
+            'users.html',
+            {
+                'users': users,
+                'request': request,
+                'current_page': page,
+                'total_pages': total_pages,
+                'limit': limit,
+                'total_users': total_users,
+            }
+        )
    except Exception as e:
        raise HTTPException(status_code=400, detail=f'Error: {str(e)}')
+
+
+@router.get('/{page}', name="users_paginated")
+async def users_paginated(
+    request: Request,
+    templates: Jinja2Templates = Depends(get_templates),
+    page: int = Path(..., ge=1),
+    limit: int = Cookie(default=50, ge=1)
+):
+    return await get_users_page(request, templates, page, limit)
+
+
+@router.get('/', name="users")
+async def users_root(
+    request: Request,
+    templates: Jinja2Templates = Depends(get_templates),
+    limit: int = Cookie(default=50, ge=1)
+):
+    return await get_users_page(request, templates, 1, limit)
--- a/core/scripts/webpanel/templates/settings.html
+++ b/core/scripts/webpanel/templates/settings.html
@ -223,8 +223,13 @@
                                            <table class="table table-bordered table-striped" id="nodes_table">
                                                <thead>
                                                    <tr>
-                                                        <th>Node Name</th>
-                                                        <th>IP Address / Domain</th>
+                                                        <th>Name</th>
+                                                        <th>IP/Domain</th>
+                                                        <th>Port</th>
+                                                        <th>SNI</th>
+                                                        <th>OBFS</th>
+                                                        <th>Insecure</th>
+                                                        <th>Pin SHA256</th>
                                                        <th>Action</th>
                                                    </tr>
                                                </thead>
@ -237,18 +242,50 @@
                            
                                        <hr>
                                        <h5>Add New Node</h5>
-                                        <form id="add_node_form" class="form-inline">
-                                            <div class="form-group mb-2 mr-sm-2">
-                                                <label for="node_name" class="sr-only">Node Name</label>
-                                                <input type="text" class="form-control" id="node_name" placeholder="e.g., Node-US">
-                                                <div class="invalid-feedback">Please enter a name.</div>
+                                        <form id="add_node_form">
+                                            <div class="form-row">
+                                                <div class="form-group col-md-6">
+                                                    <label for="node_name">Node Name (Required)</label>
+                                                    <input type="text" class="form-control" id="node_name" placeholder="e.g., Node-US">
+                                                    <div class="invalid-feedback">Please enter a unique name.</div>
+                                                </div>
+                                                <div class="form-group col-md-6">
+                                                    <label for="node_ip">IP Address / Domain (Required)</label>
+                                                    <input type="text" class="form-control" id="node_ip" placeholder="e.g., node.example.com or 1.2.3.4">
+                                                    <div class="invalid-feedback">Please enter a valid IP or domain.</div>
+                                                </div>
                                            </div>
-                                            <div class="form-group mb-2 mr-sm-2">
-                                                <label for="node_ip" class="sr-only">IP Address / Domain</label>
-                                                <input type="text" class="form-control" id="node_ip" placeholder="e.g., node.example.com">
-                                                <div class="invalid-feedback">Please enter a valid IP or domain.</div>
+                                            <div class="form-row">
+                                                <div class="form-group col-md-3">
+                                                    <label for="node_port">Port (Optional)</label>
+                                                    <input type="number" class="form-control" id="node_port" placeholder="e.g., 443">
+                                                    <div class="invalid-feedback">Please enter a valid port (1-65535).</div>
+                                                </div>
+                                                <div class="form-group col-md-3">
+                                                    <label for="node_obfs">OBFS (Optional)</label>
+                                                    <input type="text" class="form-control" id="node_obfs" placeholder="obfs-password">
+                                                    <div class="invalid-feedback">OBFS cannot be empty if provided.</div>
+                                                </div>
+                                                <div class="form-group col-md-6">
+                                                    <label for="node_sni">SNI (Optional)</label>
+                                                    <input type="text" class="form-control" id="node_sni" placeholder="e.g., yourdomain.com">
+                                                    <div class="invalid-feedback">Please enter a valid domain name (not an IP).</div>
+                                                </div>
                                            </div>
-                                            <button type="button" id="add_node_btn" class="btn btn-success mb-2">
+                                            <div class="form-group">
+                                                <label for="node_pin">Pin SHA256 (Optional)</label>
+                                                <input type="text" class="form-control" id="node_pin" placeholder="5D:23:0E:E9:10:AB:96:E0:43...">
+                                                <div class="invalid-feedback">Invalid SHA256 pin format.</div>
+                                            </div>
+                                            <div class="form-group">
+                                                <div class="form-check">
+                                                    <input class="form-check-input" type="checkbox" id="node_insecure">
+                                                    <label class="form-check-label" for="node_insecure">
+                                                        Insecure
+                                                    </label>
+                                                </div>
+                                            </div>
+                                            <button type="button" id="add_node_btn" class="btn btn-success">
                                                <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true" style="display: none;"></span>
                                                Add Node
                                            </button>
--- a/core/scripts/webpanel/templates/users.html
+++ b/core/scripts/webpanel/templates/users.html
@ -44,11 +44,12 @@
    data-edit-user-url-template="{{ url_for('edit_user_api', username='U') }}"
    data-reset-user-url-template="{{ url_for('reset_user_api', username='U') }}"
    data-user-uri-url-template="{{ url_for('show_user_uri_api', username='U') }}"
-    data-bulk-uri-url="{{ url_for('show_multiple_user_uris_api') }}">
+    data-bulk-uri-url="{{ url_for('show_multiple_user_uris_api') }}"
+    data-users-base-url="{{ url_for('users') }}">
    <div class="container-fluid">
        <div class="card">
            <div class="card-header">
-                <h3 class="card-title">User List {% if users %}({{ users|length }}){% endif %}</h3>
+                <h3 class="card-title">User List {% if total_users is defined %}({{ total_users }}){% endif %}</h3>
                <div class="card-tools d-flex align-items-center flex-wrap">

                    <!-- Mobile Filter Dropdown -->
@ -143,7 +144,7 @@
                            <td>
                                <input type="checkbox" class="user-checkbox" value="{{ user.username }}">
                            </td>
-                            <td>{{ loop.index }}</td>
+                            <td>{{ loop.index + ((current_page - 1) * limit) }}</td>
                            <td data-username="{{ user.username }}">{{ user.username }}</td>
                            <td class="d-none d-md-table-cell">
                                {% if user.status == "Online" %}
@ -275,6 +276,70 @@
                </table>
                {% endif %}
            </div>
+            <div class="card-footer clearfix">
+                <div class="row">
+                    <div class="col-sm-12 col-md-5 d-flex align-items-center">
+                        <div class="dataTables_info" role="status" aria-live="polite">
+                            Showing {{ ((current_page - 1) * limit) + 1 }} to {{ [((current_page - 1) * limit) + limit, total_users] | min }} of {{ total_users }} users
+                        </div>
+                    </div>
+                    <div class="col-sm-12 col-md-7">
+                        <div class="d-flex justify-content-end align-items-center">
+                            <div class="mr-3">
+                                <form id="limit-form" method="get" class="form-inline">
+                                    <label for="limit-select" class="mr-2">Per Page:</label>
+                                    <select id="limit-select" class="form-control form-control-sm">
+                                        <option value="10">10</option>
+                                        <option value="25">25</option>
+                                        <option value="50" selected>50</option>
+                                        <option value="100">100</option>
+                                    </select>
+                                </form>
+                            </div>
+                            {% if total_pages > 1 %}
+                            <nav aria-label="Page navigation">
+                                <ul class="pagination pagination-sm m-0">
+                                    <li class="page-item {% if current_page == 1 %}disabled{% endif %}">
+                                        <a class="page-link" href="{{ url_for('users_paginated', page=current_page - 1) }}" aria-label="Previous">
+                                            <span aria-hidden="true">&laquo;</span>
+                                        </a>
+                                    </li>
+            
+                                    {% set page_start = [1, current_page - 2] | max %}
+                                    {% set page_end = [total_pages, current_page + 2] | min %}
+            
+                                    {% if page_start > 1 %}
+                                        <li class="page-item"><a class="page-link" href="{{ url_for('users_paginated', page=1) }}">1</a></li>
+                                        {% if page_start > 2 %}
+                                            <li class="page-item disabled"><span class="page-link">...</span></li>
+                                        {% endif %}
+                                    {% endif %}
+            
+                                    {% for page_num in range(page_start, page_end + 1) %}
+                                    <li class="page-item {% if page_num == current_page %}active{% endif %}">
+                                        <a class="page-link" href="{{ url_for('users_paginated', page=page_num) }}">{{ page_num }}</a>
+                                    </li>
+                                    {% endfor %}
+            
+                                    {% if page_end < total_pages %}
+                                        {% if page_end < total_pages - 1 %}
+                                            <li class="page-item disabled"><span class="page-link">...</span></li>
+                                        {% endif %}
+                                        <li class="page-item"><a class="page-link" href="{{ url_for('users_paginated', page=total_pages) }}">{{ total_pages }}</a></li>
+                                    {% endif %}
+                                    
+                                    <li class="page-item {% if current_page == total_pages %}disabled{% endif %}">
+                                        <a class="page-link" href="{{ url_for('users_paginated', page=current_page + 1) }}" aria-label="Next">
+                                            <span aria-hidden="true">&raquo;</span>
+                                        </a>
+                                    </li>
+                                </ul>
+                            </nav>
+                            {% endif %}
+                        </div>
+                    </div>
+                </div>
+            </div>
        </div>
    </div>
 </section>