fix: post-merge cleanup (TOTP + Hysteria 2 UI)

- deduplicate parseDurationSeconds/normalizeHopInterval into shared helpers
- replace hardcoded Russian error strings with i18n
- remove dead acme schema fields
- fix parseInt without radix
- extend REST API, MCP and OpenAPI with Hysteria 2 node fields
- fix MCP handlers to actually pass new fields on create/update
- fix MCP/OpenAPI schemas to match Mongoose model structure
- save useTlsFiles on node creation via form parser
- restore C³ branding across docs and views

Author: ddddeadispose

README.md

@@ -1,4 +1,4 @@
-# CELERITY
+# C³ CELERITY
 
 ⚡ **Fast. Simple. Long-lasting.**
 
@@ -11,12 +11,12 @@
 [![Hysteria](https://img.shields.io/badge/Hysteria-2.x-9B59B6)](https://v2.hysteria.network/)
 [![Xray](https://img.shields.io/badge/Xray-VLESS-00ADD8)](https://xtls.github.io/)
 
-**CELERITY** by Click Connect — modern web panel for managing [Hysteria 2](https://v2.hysteria.network/) and [Xray VLESS](https://xtls.github.io/) proxy servers with centralized authentication, one-click node setup, and flexible user-to-server group mapping.
+**C³ CELERITY** by Click Connect — modern web panel for managing [Hysteria 2](https://v2.hysteria.network/) and [Xray VLESS](https://xtls.github.io/) proxy servers with centralized authentication, one-click node setup, and flexible user-to-server group mapping.
 
 **Built for performance:** Lightweight architecture designed for speed at any scale.
 
 <p align="center">
-  <img src="docs/dashboard.png" alt="CELERITY Dashboard" width="800">
+  <img src="docs/dashboard.png" alt="C³ CELERITY Dashboard" width="800">
   <br>
   <em>Dashboard — real-time server monitoring and statistics</em>
 </p>

README.ru.md

@@ -1,4 +1,4 @@
-# CELERITY
+# C³ CELERITY
 
 ⚡ **Быстро, просто и надолго**
 
@@ -11,7 +11,7 @@
 [Hysteria](https://v2.hysteria.network/)
 [Xray](https://xtls.github.io/)
 
-**CELERITY** by Click Connect — современная веб-панель для управления серверами [Hysteria 2](https://v2.hysteria.network/) и [Xray VLESS](https://xtls.github.io/) с централизованной авторизацией, автоматической настройкой нод и гибким распределением пользователей по группам.
+**C³ CELERITY** by Click Connect — современная веб-панель для управления серверами [Hysteria 2](https://v2.hysteria.network/) и [Xray VLESS](https://xtls.github.io/) с централизованной авторизацией, автоматической настройкой нод и гибким распределением пользователей по группам.
 
 **Создана для скорости:** Лёгкая архитектура, оптимизированная для быстрой работы на любом масштабе.
 

docker-compose.hub.yml

@@ -1,4 +1,4 @@
-# CELERITY - Quick Start (Docker Hub)
+# C³ CELERITY - Quick Start (Docker Hub)
 # Use this file for quick deployment without building from source
 # Run: docker compose -f docker-compose.hub.yml up -d
 

docs/mcp-user-guide.md

@@ -1,12 +1,12 @@
 # 🤖 MCP Integration User Guide
 
-> Connect AI assistants directly to your CELERITY panel for automated management.
+> Connect AI assistants directly to your C³ CELERITY panel for automated management.
 
 ---
 
 ## 📖 What is MCP?
 
-**Model Context Protocol (MCP)** is a protocol that allows AI assistants (Claude, Cursor, etc.) to directly interact with the CELERITY panel.
+**Model Context Protocol (MCP)** is a protocol that allows AI assistants (Claude, Cursor, etc.) to directly interact with the C³ CELERITY panel.
 
 ### ✨ Capabilities
 

docs/mcp-user-guide.ru.md

@@ -1,12 +1,12 @@
 # 🤖 Руководство по использованию MCP-интеграции
 
-> Подключите AI-ассистентов напрямую к панели CELERITY для автоматизированного управления.
+> Подключите AI-ассистентов напрямую к панели C³ CELERITY для автоматизированного управления.
 
 ---
 
 ## 📖 Что такое MCP?
 
-**Model Context Protocol (MCP)** — это протокол, который позволяет AI-ассистентам (Claude, Cursor и др.) напрямую взаимодействовать с панелью CELERITY.
+**Model Context Protocol (MCP)** — это протокол, который позволяет AI-ассистентам (Claude, Cursor и др.) напрямую взаимодействовать с панелью C³ CELERITY.
 
 ### ✨ Возможности
 

docs/safe-update.md

@@ -1,6 +1,6 @@
 # Safe Production Updates
 
-Step-by-step guide for updating CELERITY on production servers with minimal downtime.
+Step-by-step guide for updating C³ CELERITY on production servers with minimal downtime.
 
 ---
 

docs/safe-update.ru.md

@@ -1,6 +1,6 @@
 # Безопасное обновление на проде
 
-Пошаговое руководство по обновлению CELERITY на production-сервере с минимальным временем простоя.
+Пошаговое руководство по обновлению C³ CELERITY на production-сервере с минимальным временем простоя.
 
 ---
 

package.json

@@ -1,7 +1,7 @@
 {
   "name": "c3-celerity",
   "version": "1.0.0",
-  "description": "CELERITY - Management panel for Hysteria 2 nodes by Click Connect",
+  "description": "C³ CELERITY - Management panel for Hysteria 2 nodes by Click Connect",
   "keywords": [
     "nodejs",
     "docker",

src/docs/openapi.js

@@ -164,6 +164,113 @@ Admin sessions (cookie) bypass scope checks entirely.
                             rx: { type: 'integer' },
                         },
                     },
+                    // Hysteria 2 advanced configuration
+                    hopInterval:            { type: 'string', example: '30s', description: 'Port-hopping interval' },
+                    ignoreClientBandwidth:  { type: 'boolean', example: false },
+                    speedTest:              { type: 'boolean', example: false },
+                    disableUDP:             { type: 'boolean', example: false },
+                    udpIdleTimeout:         { type: 'string', example: '60s' },
+                    acme: {
+                        type: 'object',
+                        properties: {
+                            email:       { type: 'string' },
+                            ca:          { type: 'string', example: 'letsencrypt' },
+                            listenHost:  { type: 'string', example: '0.0.0.0' },
+                            type:        { type: 'string', enum: ['', 'http', 'tls', 'dns'] },
+                            httpAltPort: { type: 'integer', example: 0 },
+                            tlsAltPort:  { type: 'integer', example: 0 },
+                            dnsName:     { type: 'string' },
+                            dnsConfig:   { type: 'object' },
+                        },
+                    },
+                    masquerade: {
+                        type: 'object',
+                        properties: {
+                            type: { type: 'string', enum: ['proxy', 'string'], example: 'proxy' },
+                            proxy: {
+                                type: 'object',
+                                properties: {
+                                    url:         { type: 'string', example: 'https://www.google.com' },
+                                    rewriteHost: { type: 'boolean' },
+                                    insecure:    { type: 'boolean' },
+                                },
+                            },
+                            string: {
+                                type: 'object',
+                                properties: {
+                                    content:    { type: 'string' },
+                                    headers:    { type: 'object' },
+                                    statusCode: { type: 'integer', example: 503 },
+                                },
+                            },
+                            listenHTTP:  { type: 'string', description: 'HTTP listen address for masquerade' },
+                            listenHTTPS: { type: 'string', description: 'HTTPS listen address for masquerade' },
+                            forceHTTPS:  { type: 'boolean' },
+                        },
+                    },
+                    bandwidth: {
+                        type: 'object',
+                        properties: {
+                            up:   { type: 'string', example: '1 gbps' },
+                            down: { type: 'string', example: '1 gbps' },
+                        },
+                    },
+                    sniff: {
+                        type: 'object',
+                        properties: {
+                            enabled:       { type: 'boolean' },
+                            enable:        { type: 'boolean', description: 'Enable sniffing within the protocol' },
+                            timeout:       { type: 'string', example: '2s' },
+                            rewriteDomain: { type: 'boolean' },
+                            tcpPorts:      { type: 'string', example: '80,443,8000-9000' },
+                            udpPorts:      { type: 'string', example: '443,80,53' },
+                        },
+                    },
+                    quic: {
+                        type: 'object',
+                        properties: {
+                            enabled:                 { type: 'boolean' },
+                            initStreamReceiveWindow: { type: 'integer' },
+                            maxStreamReceiveWindow:  { type: 'integer' },
+                            initConnReceiveWindow:   { type: 'integer' },
+                            maxConnReceiveWindow:    { type: 'integer' },
+                            maxIdleTimeout:          { type: 'string', example: '60s' },
+                            maxIncomingStreams:       { type: 'integer' },
+                            disablePathMTUDiscovery: { type: 'boolean' },
+                        },
+                    },
+                    resolver: {
+                        type: 'object',
+                        properties: {
+                            enabled:       { type: 'boolean' },
+                            type:          { type: 'string', enum: ['udp', 'tcp', 'tls', 'https'] },
+                            udpAddr:       { type: 'string', example: '8.8.4.4:53' },
+                            udpTimeout:    { type: 'string', example: '4s' },
+                            tcpAddr:       { type: 'string', example: '8.8.8.8:53' },
+                            tcpTimeout:    { type: 'string', example: '4s' },
+                            tlsAddr:       { type: 'string', example: '1.1.1.1:853' },
+                            tlsTimeout:    { type: 'string', example: '10s' },
+                            tlsSni:        { type: 'string', example: 'cloudflare-dns.com' },
+                            tlsInsecure:   { type: 'boolean' },
+                            httpsAddr:     { type: 'string', example: '1.1.1.1:443' },
+                            httpsTimeout:  { type: 'string', example: '10s' },
+                            httpsSni:      { type: 'string', example: 'cloudflare-dns.com' },
+                            httpsInsecure: { type: 'boolean' },
+                        },
+                    },
+                    acl: {
+                        type: 'object',
+                        properties: {
+                            enabled:           { type: 'boolean' },
+                            type:              { type: 'string', enum: ['inline', 'file'] },
+                            file:              { type: 'string' },
+                            geoip:             { type: 'string' },
+                            geosite:           { type: 'string' },
+                            geoUpdateInterval: { type: 'string' },
+                        },
+                    },
+                    aclRules: { type: 'array', items: { type: 'string' }, description: 'Inline ACL rules' },
+                    useTlsFiles: { type: 'boolean', description: 'Whether to use TLS cert/key files instead of ACME' },
                 },
             },
             GroupRef: {

src/mcp/tools/nodes.js

@@ -61,6 +61,86 @@ const manageNodeSchema = z.object({
             username: z.string().optional(),
             password: z.string().optional(),
         }).optional(),
+        // Hysteria 2 advanced configuration
+        hopInterval: z.string().optional().describe('Port-hopping interval, e.g. "30s"'),
+        acme: z.object({
+            email: z.string().optional(),
+            ca: z.string().optional(),
+            listenHost: z.string().optional(),
+            type: z.enum(['', 'http', 'tls', 'dns']).optional(),
+            httpAltPort: z.number().optional(),
+            tlsAltPort: z.number().optional(),
+            dnsName: z.string().optional(),
+            dnsConfig: z.record(z.unknown()).optional(),
+        }).optional(),
+        masquerade: z.object({
+            type: z.enum(['proxy', 'string']).optional(),
+            proxy: z.object({
+                url: z.string().optional(),
+                rewriteHost: z.boolean().optional(),
+                insecure: z.boolean().optional(),
+            }).optional(),
+            string: z.object({
+                content: z.string().optional(),
+                headers: z.record(z.string()).optional(),
+                statusCode: z.number().optional(),
+            }).optional(),
+            listenHTTP: z.string().optional(),
+            listenHTTPS: z.string().optional(),
+            forceHTTPS: z.boolean().optional(),
+        }).optional(),
+        bandwidth: z.object({
+            up: z.string().optional(),
+            down: z.string().optional(),
+        }).optional(),
+        ignoreClientBandwidth: z.boolean().optional(),
+        speedTest: z.boolean().optional(),
+        disableUDP: z.boolean().optional(),
+        udpIdleTimeout: z.string().optional().describe('UDP idle timeout, e.g. "60s"'),
+        sniff: z.object({
+            enabled: z.boolean().optional(),
+            enable: z.boolean().optional().describe('Enable sniffing within the protocol'),
+            timeout: z.string().optional().describe('Sniff timeout, e.g. "2s"'),
+            rewriteDomain: z.boolean().optional(),
+            tcpPorts: z.string().optional().describe('TCP ports to sniff, e.g. "80,443,8000-9000"'),
+            udpPorts: z.string().optional().describe('UDP ports to sniff, e.g. "443,80,53"'),
+        }).optional(),
+        quic: z.object({
+            enabled: z.boolean().optional(),
+            initStreamReceiveWindow: z.number().optional(),
+            maxStreamReceiveWindow: z.number().optional(),
+            initConnReceiveWindow: z.number().optional(),
+            maxConnReceiveWindow: z.number().optional(),
+            maxIdleTimeout: z.string().optional(),
+            maxIncomingStreams: z.number().optional(),
+            disablePathMTUDiscovery: z.boolean().optional(),
+        }).optional(),
+        resolver: z.object({
+            enabled: z.boolean().optional(),
+            type: z.enum(['udp', 'tcp', 'tls', 'https']).optional(),
+            udpAddr: z.string().optional(),
+            udpTimeout: z.string().optional(),
+            tcpAddr: z.string().optional(),
+            tcpTimeout: z.string().optional(),
+            tlsAddr: z.string().optional(),
+            tlsTimeout: z.string().optional(),
+            tlsSni: z.string().optional(),
+            tlsInsecure: z.boolean().optional(),
+            httpsAddr: z.string().optional(),
+            httpsTimeout: z.string().optional(),
+            httpsSni: z.string().optional(),
+            httpsInsecure: z.boolean().optional(),
+        }).optional(),
+        acl: z.object({
+            enabled: z.boolean().optional(),
+            type: z.enum(['inline', 'file']).optional(),
+            file: z.string().optional(),
+            geoip: z.string().optional(),
+            geosite: z.string().optional(),
+            geoUpdateInterval: z.string().optional(),
+        }).optional(),
+        aclRules: z.array(z.string()).optional().describe('Inline ACL rules (stored on node root, not inside acl)'),
+        useTlsFiles: z.boolean().optional().describe('Whether to use TLS cert/key files instead of ACME'),
     }).optional(),
     setupOptions: z.object({
         installHysteria: z.boolean().default(true),
@@ -156,7 +236,7 @@ async function manageNode(args, emit) {
             if (existing) return { error: 'Node with this IP already exists', code: 409 };
 
             const statsSecret = cryptoService.generateNodeSecret();
-            const node = new HyNode({
+            const nodeData = {
                 name: data.name,
                 ip: data.ip,
                 type: data.type || 'hysteria',
@@ -172,7 +252,16 @@ async function manageNode(args, emit) {
                 status: 'offline',
                 cascadeRole: data.cascadeRole || 'standalone',
                 country: data.country || '',
-            });
+            };
+            const hy2Keys = [
+                'hopInterval', 'acme', 'masquerade', 'bandwidth',
+                'ignoreClientBandwidth', 'speedTest', 'disableUDP',
+                'udpIdleTimeout', 'sniff', 'quic', 'resolver', 'acl', 'aclRules', 'useTlsFiles',
+            ];
+            for (const k of hy2Keys) {
+                if (data[k] !== undefined) nodeData[k] = data[k];
+            }
+            const node = new HyNode(nodeData);
             await node.save();
             await invalidateNodesCache();
             logger.info(`[MCP] Created node ${data.name} (${data.ip})`);
@@ -181,7 +270,12 @@ async function manageNode(args, emit) {
 
         case 'update': {
             if (!id) throw new Error('id is required for update');
-            const allowed = ['name', 'domain', 'sni', 'port', 'portRange', 'groups', 'active', 'country', 'cascadeRole', 'type'];
+            const allowed = [
+                'name', 'domain', 'sni', 'port', 'portRange', 'groups', 'active', 'country', 'cascadeRole', 'type',
+                'hopInterval', 'acme', 'masquerade', 'bandwidth',
+                'ignoreClientBandwidth', 'speedTest', 'disableUDP',
+                'udpIdleTimeout', 'sniff', 'quic', 'resolver', 'acl', 'aclRules', 'useTlsFiles',
+            ];
             const updates = {};
             for (const k of allowed) {
                 if (data[k] !== undefined) updates[k] = data[k];