Users - FrankoonG/hy2scale GitHub Wiki
π English | δΈζ | νκ΅μ΄
Users
A single user database drives authentication and per-user exit routing for every protocol on HY2 SCALE.
Shared across every protocol
When you add a user here, those credentials work for:
- Hysteria 2 server (when Allow User Auth is on)
- SOCKS5 (RFC 1929 user/pass)
- HTTP proxy (Basic auth)
- Shadowsocks (AEAD key derived from the password)
- L2TP/IPsec (MSCHAPv2)
- IKEv2/IPsec (EAP-MSCHAPv2)
WireGuard is the only protocol with a separate auth model β each WireGuard peer is managed from the Proxies β WireGuard tab using public-key auth.
Per-user proxy auth β toggle each protocol on or off
The user-edit modal has a Proxy Auth tab that lists all six shared-auth proxies β hy2, ss, socks5, http, l2tp, ikev2 β with an enable toggle per row. Disabling a row revokes that user from that protocol only; the rest stay live. For password-only proxies (hy2, ss) the override password input sits flush right of the toggle and greys out when the toggle is off (empty input still means use the main password).
The toggles are hot-effective: PUT-ing a user's proxy_disabled adjusts the live config and the next auth attempt on each protocol consults it (hy2 / ss are checked at password-trial time; socks5 / http through LookupUser; l2tp / ikev2 also rewrite chap-secrets / ipsec.secrets so pppd / strongSwan honour the change without a service restart). Changing the list also kicks any in-flight session for that username so a previously-permitted protocol can't keep an existing tunnel alive past the toggle.
Fields
| Field | Description |
|---|---|
| Username | login name β must be unique across the entire user list |
| Password | hashed with SHA-256 on the client before transmission |
| Exit via | per-user mesh exit path (see below) |
| Traffic limit (GB) | monthly quota β 0 means unlimited |
| Expiry | optional expiry timestamp; user is disabled after |
| Enabled | toggle |
Per-user exit routing
exit_via is a /-separated chain of node display names (or node IDs). Examples from a Singapore-based home mesh:
exit_via |
Traffic flows β¦ |
|---|---|
| (empty) | exits from sg-home directly |
jp |
sg-home β jp β internet |
us/us-east |
sg-home β us β us-east β internet |
kr/kr-r1/kr-r1-a |
sg-home β kr β kr-r1 β kr-r1-a β internet |
Autocomplete in the Edit User modal is driven by your live topology β only reachable paths that pass nested-authorisation are offered.
Exit modes
If you supply several exit_paths you can pick a mode:
| Mode | Behaviour |
|---|---|
| Direct | single path, the first one in the list |
| Quality | adaptive failover β use the lowest-latency path, fail over on degradation |
| Aggregate | load-balance across all paths |
Traffic accounting
Each user has a rolling upload / download counter. The progress bar turns amber at 80 % of the quota and red at 100 %; at 100 % the user is soft-disabled until either the counter is reset or the quota is raised.
Resetting traffic is a bulk action β select users, use Reset Traffic on the bulk action bar.
Active devices
The Active Devices panel below the user list shows every live session, keyed by (username + client IP + protocol):
- upload / download throughput per session
- protocol badge
- node the session is currently using as its exit
- Kick β terminate the session and block reconnection for 60 seconds (rate-limit loop)
Selecting and editing
The Users page follows the same select-then-act pattern as Nodes / Rules / TLS:
- Single-click a user row to select it β a green Edit button appears at the top right of the user card, between Import and + Add User.
- The leading checkbox cell is enlarged so anywhere in its padded area toggles the box; the row body click selects exclusively (single-row replace).
- A click on any blank area outside the card body clears a single-row selection. Multi-select is sticky; clicks on buttons / inputs / open modals never deselect.
The username text in each row is still a link that opens the per-user share-URL detail modal (lists hy2 / ss / socks5 / http connection URLs). Clicking it doesn't toggle selection.
Bulk actions
Check multiple users to expose the bulk action bar:
- Enable / Disable
- Reset Traffic
- Delete
The bar collapses into a β― overflow menu on narrow viewports.
Import / export
- Export β JSON file containing every user (passwords are hashed; the export is not a password dump)
- Import β bulk-create users from a JSON file; imports update existing users by username
Typical use case: copy a user list to a second HY2 SCALE deployment.
API
See API Reference β Users for the programmatic endpoints, including bulk traffic reset and kick-session.