Hysteria: support route auth IDs

[nasralbek]

Summary

• allow UUID-like Hysteria auth values to carry route IDs in the third UUID group / Go slice id[6:8]
• match configured Hysteria users while ignoring only those route bytes
• return the matched user with the client-presented auth in its Hysteria account
• set existing VlessRoute from that auth so existing vlessRoute routing rules can be used
• keep transport and app/router unchanged

Tests

• go test ./proxy/hysteria/account ./proxy/hysteria
• go test ./... -run "^$"
• live checked with two Xray instances using vlessRoute: auth route 1 reached route1 backend and auth route 2 reached route2 backend

[RPRX]

@LjhAUMEM 看一下

[RPRX]

bytes 6-7

7-8

[nasralbek]

bytes 6-7

7-8

yes you are right i meant go slice id 6 8 it is uuid bytes 7 and 8 or third uuid group i will change wording to avoid confusion

[Fangliding]

改其他的出站是否不合适 而且这个参数还叫vlessRoute

[nasralbek]

改其他的出站是否不合适 而且这个参数还叫vlessRoute

i changed it to a separate hysteriaRoute condition
vlessRoute is no longer used by hysteria

i tested it with two xray instances and route id 1 and 2 both work

[Fangliding]

加一个condition更烂了 污染更多地方。。
我的主要意思是这是在其他人的协议里加非标准功能

[Fangliding]

还是迁移到 vless+xhttp3（有hysteria同款阻塞控制）或者 vless+hysterica transport 吧 然后直接 vless route 就行了 不然写这么多组合功能不是白写了
Trojan XTLS 的教训告诉我们强行把 vless 功能依葫芦画瓢搬到其他协议上不会有好结果的

[RPRX]

相当于只是服务端改动，还行吧，算是一个小 trick，路由那个选项就叫 vlessRoute，别改

刚收到两个迷惑的 Security Advisories 似乎是不喜欢 VLESS 默认拿那两个字节当 route，实在不行的话可改成 0000 显式启用

[LjhAUMEM]

瞄了两眼，就是个 str 转 uuid 动我 account 和 transport 干啥，在 server 的 process 拿到 user 后操作不行？

[nasralbek]

瞄了两眼，就是个 str 转 uuid 动我 account 和 transport 干啥，在 server 的 process 拿到 user 后操作不行？

server process only gets matched user
it does not know the auth sent by client

if i use user account auth then it is server config auth
so route id is always from config not from client

account change lets auth variants match same user
transport change only passes client sent auth to server process

[LjhAUMEM]

it does not know the auth sent by client

不不不，原始认证信息是有的，把 Account 转一下，参考 #6360

[nasralbek]

it does not know the auth sent by client

不不不，原始认证信息是有的，把 Account 转一下，参考 #6360

got it thanks

i refactored it
transport changes are removed

server process now reads client presented auth from user Account
validator returns matched user with Account auth set to that client auth

[LjhAUMEM]

@nasralbek app/router 改动删了，使用 vless route

[nasralbek]

updated removed app/router changes and now use existing vlessRoute

[nasralbek]

@nasralbek app/router 改动删了，使用 vless route

i added hysteriaRoute because previous feedback said own name may be more logical

i removed app/router changes and use existing vlessRoute

[LjhAUMEM]

vless route 好像没有空值的说法，要使用只能服务端自己确保所有用户都是 uuid

@nasralbek 先把那两个 test 文件删了，还有一些细节给我吧，我是否可以直接 push 到你的 branch

[nasralbek]

removed the two test files

yes you can push to my branch