Changes:

feat: Add SNI checker and certificate manager Key features: - Domain-to-IP resolution verification - Automatic Let's Encrypt certificate acquisition - Self-signed fallback for domains not pointed to the server - Updates insecure flag in config.json based on certificate type - Updates SNI in environment config - Generates and updates SHA-256 fingerprint fix(urls): Update URI generator to respect TLS insecure flag Changes: - Added insecure parameter to generate_uri() function - Read TLS insecure flag from config.json - Set insecure=0 for valid certificates and insecure=1 for self-signed ones - Updated all URI generation calls to include the insecure parameter
2025-04-21 00:17:28 +03:30
parent a57d4b096b
commit ff194d0098
2 changed files with 89 additions and 36 deletions
--- a/core/scripts/hysteria2/show_user_uri.py
+++ b/core/scripts/hysteria2/show_user_uri.py
@ -66,11 +66,10 @@ def is_service_active(service_name: str) -> bool:
        return False

 def generate_uri(username: str, auth_password: str, ip: str, port: str, 
-                 obfs_password: str, sha256: str, sni: str, ip_version: int) -> str:
+                 obfs_password: str, sha256: str, sni: str, ip_version: int, insecure: bool) -> str:
    """Generate Hysteria2 URI for the given parameters."""
    uri_base = f"hy2://{username}%3A{auth_password}@{ip}:{port}"
    
-    # Handle IPv6 address formatting
    if ip_version == 6 and re.match(r'^[0-9a-fA-F:]+$', ip):
        uri_base = f"hy2://{username}%3A{auth_password}@[{ip}]:{port}"
    
@ -82,7 +81,8 @@ def generate_uri(username: str, auth_password: str, ip: str, port: str,
    if sha256:
        params.append(f"pinSHA256={sha256}")
    
-    params.append(f"insecure=1&sni={sni}")
+    insecure_value = "1" if insecure else "0"
+    params.append(f"insecure={insecure_value}&sni={sni}")
    
    params_str = "&".join(params)
    return f"{uri_base}?{params_str}#{username}-IPv{ip_version}"
@ -138,6 +138,8 @@ def show_uri(args: argparse.Namespace) -> None:
    sha256 = config.get("tls", {}).get("pinSHA256", "")
    obfs_password = config.get("obfs", {}).get("salamander", {}).get("password", "")
    
+    insecure = config.get("tls", {}).get("insecure", True)
+    
    ip4, ip6, sni = load_hysteria2_ips()
    available_ip4 = ip4 and ip4 != "None"
    available_ip6 = ip6 and ip6 != "None"
@ -148,21 +150,21 @@ def show_uri(args: argparse.Namespace) -> None:
    if args.all:
        if available_ip4:
            uri_ipv4 = generate_uri(args.username, auth_password, ip4, port, 
-                                    obfs_password, sha256, sni, 4)
+                                    obfs_password, sha256, sni, 4, insecure)
            print(f"\nIPv4:\n{uri_ipv4}\n")
        
        if available_ip6:
            uri_ipv6 = generate_uri(args.username, auth_password, ip6, port, 
-                                    obfs_password, sha256, sni, 6)
+                                    obfs_password, sha256, sni, 6, insecure)
            print(f"\nIPv6:\n{uri_ipv6}\n")
    else:
        if args.ip_version == 4 and available_ip4:
            uri_ipv4 = generate_uri(args.username, auth_password, ip4, port, 
-                                    obfs_password, sha256, sni, 4)
+                                    obfs_password, sha256, sni, 4, insecure)
            print(f"\nIPv4:\n{uri_ipv4}\n")
        elif args.ip_version == 6 and available_ip6:
            uri_ipv6 = generate_uri(args.username, auth_password, ip6, port, 
-                                    obfs_password, sha256, sni, 6)
+                                    obfs_password, sha256, sni, 6, insecure)
            print(f"\nIPv6:\n{uri_ipv6}\n")
        else:
            print("Invalid IP version or no available IP for the requested version.")