WireGuard inbound: Support dynamic peer management (#6360)

#6360 (comment)

Closes #6314

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: LjhAUMEM <llnu14702@gmail.com>

Author: 3 people

infra/conf/hysteria.go

@@ -22,7 +22,6 @@ func (c *HysteriaClientConfig) Build() (proto.Message, error) {
 	}
 
 	config := &hysteria.ClientConfig{}
-	config.Version = c.Version
 	config.Server = &protocol.ServerEndpoint{
 		Address: c.Address.Build(),
 		Port:    uint32(c.Port),
@@ -44,6 +43,10 @@ type HysteriaServerConfig struct {
 }
 
 func (c *HysteriaServerConfig) Build() (proto.Message, error) {
+	if c.Version != 2 {
+		return nil, errors.New("version != 2")
+	}
+
 	config := new(hysteria.ServerConfig)
 
 	if c.Clients != nil {

infra/conf/transport_internet.go

@@ -571,7 +571,6 @@ func (c *HysteriaConfig) Build() (proto.Message, error) {
 	}
 
 	config := &hysteria.Config{}
-	config.Version = c.Version
 	config.Auth = c.Auth
 	config.UdpIdleTimeout = c.UdpIdleTimeout
 	config.MasqType = c.Masquerade.Type

infra/conf/wireguard.go

@@ -7,6 +7,9 @@ import (
 	"strings"
 
 	"github.com/xtls/xray-core/common/errors"
+	"github.com/xtls/xray-core/common/protocol"
+	"github.com/xtls/xray-core/common/serial"
+	"github.com/xtls/xray-core/common/task"
 	"github.com/xtls/xray-core/proxy/wireguard"
 	"google.golang.org/protobuf/proto"
 )
@@ -17,9 +20,12 @@ type WireGuardPeerConfig struct {
 	Endpoint     string   `json:"endpoint"`
 	KeepAlive    uint32   `json:"keepAlive"`
 	AllowedIPs   []string `json:"allowedIPs,omitempty"`
+
+	Level uint32 `json:"level"`
+	Email string `json:"email"`
 }
 
-func (c *WireGuardPeerConfig) Build() (proto.Message, error) {
+func (c *WireGuardPeerConfig) Build() (*wireguard.PeerConfig, error) {
 	var err error
 	config := new(wireguard.PeerConfig)
 
@@ -78,14 +84,32 @@ func (c *WireGuardConfig) Build() (proto.Message, error) {
 		config.Endpoint = c.Address
 	}
 
-	if c.Peers != nil {
+	if c.IsClient {
 		config.Peers = make([]*wireguard.PeerConfig, len(c.Peers))
 		for i, p := range c.Peers {
 			msg, err := p.Build()
 			if err != nil {
 				return nil, err
 			}
-			config.Peers[i] = msg.(*wireguard.PeerConfig)
+			config.Peers[i] = msg
+		}
+	} else {
+		config.Users = make([]*protocol.User, len(c.Peers))
+		processUser := func(idx int) error {
+			p := c.Peers[idx]
+			m, err := p.Build()
+			if err != nil {
+				return err
+			}
+			config.Users[idx] = &protocol.User{
+				Email:   p.Email,
+				Level:   p.Level,
+				Account: serial.ToTypedMessage(m),
+			}
+			return nil
+		}
+		if err := task.ParallelForN(len(c.Peers), processUser); err != nil {
+			return nil, err
 		}
 	}
 

infra/conf/wireguard_test.go

@@ -10,8 +10,7 @@ import "common/protocol/server_spec.proto";
 import "common/protocol/user.proto";
 
 message ClientConfig {
-  int32 version = 1;
-  xray.common.protocol.ServerEndpoint server = 2;
+  xray.common.protocol.ServerEndpoint server = 1;
 }
 
 message ServerConfig {

proxy/hysteria/config.pb.go

@@ -1 +1,60 @@
 package wireguard
+
+import (
+	"encoding/hex"
+	"net/netip"
+
+	"github.com/xtls/xray-core/common/protocol"
+	"google.golang.org/protobuf/proto"
+)
+
+func (p *PeerConfig) AsAccount() (protocol.Account, error) {
+	pub, err := ParseKey(p.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+
+	allowedIPs := make([]netip.Prefix, 0, len(p.AllowedIps))
+	for i := range p.AllowedIps {
+		p, err := netip.ParsePrefix(p.AllowedIps[i])
+		if err != nil {
+			return nil, err
+		}
+		allowedIPs = append(allowedIPs, p)
+	}
+
+	return &MemoryAccount{
+		Pub:          *pub,
+		AllowedIPs:   allowedIPs,
+		PreSharedKey: p.PreSharedKey,
+		KeepAlive:    p.KeepAlive,
+	}, nil
+}
+
+type MemoryAccount struct {
+	Pub          [32]byte
+	AllowedIPs   []netip.Prefix
+	PreSharedKey string
+	KeepAlive    string
+}
+
+func (a *MemoryAccount) Equals(other protocol.Account) bool {
+	if b, ok := other.(*MemoryAccount); ok {
+		return a.Pub == b.Pub
+	}
+	return false
+}
+
+func (a *MemoryAccount) ToProto() proto.Message {
+	allowedIPs := make([]string, 0, len(a.AllowedIPs))
+	for i := range a.AllowedIPs {
+		allowedIPs = append(allowedIPs, a.AllowedIPs[i].String())
+	}
+
+	return &PeerConfig{
+		PublicKey:    hex.EncodeToString(a.Pub[:]),
+		AllowedIps:   allowedIPs,
+		PreSharedKey: a.PreSharedKey,
+		KeepAlive:    a.KeepAlive,
+	}
+}

proxy/hysteria/config.proto

@@ -6,6 +6,8 @@ option go_package = "github.com/xtls/xray-core/proxy/wireguard";
 option java_package = "com.xray.proxy.wireguard";
 option java_multiple_files = true;
 
+import "common/protocol/user.proto";
+
 message PeerConfig {
   string public_key = 1;
   string pre_shared_key = 2;
@@ -25,6 +27,7 @@ message DeviceConfig {
   string secret_key = 1;
   repeated string endpoint = 2;
   repeated PeerConfig peers = 3;
+  repeated xray.common.protocol.User users = 5;
   int32 mtu = 4;
 
   bytes reserved = 6;