package hysteria2 import ( "context" "net" "net/http" "net/http/httputil" "net/url" "time" "github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/adapter/inbound" "github.com/sagernet/sing-box/common/listener" "github.com/sagernet/sing-box/common/tls" C "github.com/sagernet/sing-box/constant" "github.com/sagernet/sing-box/log" "github.com/sagernet/sing-box/option" "github.com/sagernet/sing-quic/hysteria" "github.com/sagernet/sing-quic/hysteria2" "github.com/sagernet/sing/common" "github.com/sagernet/sing/common/auth" E "github.com/sagernet/sing/common/exceptions" N "github.com/sagernet/sing/common/network" ) func RegisterInbound(registry *inbound.Registry) { inbound.Register[option.Hysteria2InboundOptions](registry, C.TypeHysteria2, NewInbound) } type Inbound struct { inbound.Adapter router adapter.Router logger log.ContextLogger listener *listener.Listener tlsConfig tls.ServerConfig service *hysteria2.Service[int] userNameList []string } func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.Hysteria2InboundOptions) (adapter.Inbound, error) { options.UDPFragmentDefault = true if options.TLS == nil || !options.TLS.Enabled { return nil, C.ErrTLSRequired } tlsConfig, err := tls.NewServer(ctx, logger, common.PtrValueOrDefault(options.TLS)) if err != nil { return nil, err } var salamanderPassword string if options.Obfs != nil { if options.Obfs.Password == "" { return nil, E.New("missing obfs password") } switch options.Obfs.Type { case hysteria2.ObfsTypeSalamander: salamanderPassword = options.Obfs.Password default: return nil, E.New("unknown obfs type: ", options.Obfs.Type) } } var masqueradeHandler http.Handler if options.Masquerade != "" { masqueradeURL, err := url.Parse(options.Masquerade) if err != nil { return nil, E.Cause(err, "parse masquerade URL") } switch masqueradeURL.Scheme { case "file": masqueradeHandler = http.FileServer(http.Dir(masqueradeURL.Path)) case "http", "https": masqueradeHandler = &httputil.ReverseProxy{ Rewrite: func(r *httputil.ProxyRequest) { r.SetURL(masqueradeURL) r.Out.Host = r.In.Host }, ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) { w.WriteHeader(http.StatusBadGateway) }, } default: return nil, E.New("unknown masquerade URL scheme: ", masqueradeURL.Scheme) } } inbound := &Inbound{ Adapter: inbound.NewAdapter(C.TypeHysteria2, tag), router: router, logger: logger, listener: listener.New(listener.Options{ Context: ctx, Logger: logger, Listen: options.ListenOptions, }), tlsConfig: tlsConfig, } var udpTimeout time.Duration if options.UDPTimeout != 0 { udpTimeout = time.Duration(options.UDPTimeout) } else { udpTimeout = C.UDPTimeout } service, err := hysteria2.NewService[int](hysteria2.ServiceOptions{ Context: ctx, Logger: logger, BrutalDebug: options.BrutalDebug, SendBPS: uint64(options.UpMbps * hysteria.MbpsToBps), ReceiveBPS: uint64(options.DownMbps * hysteria.MbpsToBps), SalamanderPassword: salamanderPassword, TLSConfig: tlsConfig, IgnoreClientBandwidth: options.IgnoreClientBandwidth, UDPTimeout: udpTimeout, Handler: adapter.NewUpstreamHandler(adapter.InboundContext{}, inbound.newConnection, inbound.newPacketConnection, nil), MasqueradeHandler: masqueradeHandler, }) if err != nil { return nil, err } userList := make([]int, 0, len(options.Users)) userNameList := make([]string, 0, len(options.Users)) userPasswordList := make([]string, 0, len(options.Users)) for index, user := range options.Users { userList = append(userList, index) userNameList = append(userNameList, user.Name) userPasswordList = append(userPasswordList, user.Password) } service.UpdateUsers(userList, userPasswordList) inbound.service = service inbound.userNameList = userNameList return inbound, nil } func (h *Inbound) newConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error { ctx = log.ContextWithNewID(ctx) metadata.Inbound = h.Tag() metadata.InboundType = h.Type() metadata.InboundDetour = h.listener.ListenOptions().Detour metadata.InboundOptions = h.listener.ListenOptions().InboundOptions h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source) userID, _ := auth.UserFromContext[int](ctx) if userName := h.userNameList[userID]; userName != "" { metadata.User = userName h.logger.InfoContext(ctx, "[", userName, "] inbound connection to ", metadata.Destination) } else { h.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination) } return h.router.RouteConnection(ctx, conn, metadata) } func (h *Inbound) newPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error { ctx = log.ContextWithNewID(ctx) metadata.Inbound = h.Tag() metadata.InboundType = h.Type() metadata.InboundDetour = h.listener.ListenOptions().Detour metadata.InboundOptions = h.listener.ListenOptions().InboundOptions metadata.OriginDestination = h.listener.UDPAddr() h.logger.InfoContext(ctx, "inbound packet connection from ", metadata.Source) userID, _ := auth.UserFromContext[int](ctx) if userName := h.userNameList[userID]; userName != "" { metadata.User = userName h.logger.InfoContext(ctx, "[", userName, "] inbound packet connection to ", metadata.Destination) } else { h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination) } return h.router.RoutePacketConnection(ctx, conn, metadata) } func (h *Inbound) Start() error { if h.tlsConfig != nil { err := h.tlsConfig.Start() if err != nil { return err } } packetConn, err := h.listener.ListenUDP() if err != nil { return err } return h.service.Start(packetConn) } func (h *Inbound) Close() error { return common.Close( &h.listener, h.tlsConfig, common.PtrOrNil(h.service), ) }