#!/bin/bash
# 检查是否是 root 用户
if [[ $EUID -ne 0 ]]; then
  echo "❌❌❌❌ 错误：本脚本需要以 ROOT 用户运行"
  exit 1
fi
# 定义颜色
RED='\033[0;31m'
NC='\033[0m' # No Color
# 定义统一配置文件夹路径
CONFIG_DIR="/root/hysteria_config"
mkdir -p "$CONFIG_DIR" # 确保文件夹存在
# 合并后的配置文件路径
MERGED_CONFIG="$CONFIG_DIR/config_info.conf"
# 自动安装 at 命令并启用 atd 服务
install_at() {
  if command -v at &>/dev/null; then
    echo "✅ 已检测到 at 命令"
    return
  fi
  echo "🔧🔧🔧🔧 未检测到 at 命令，正在尝试安装..."
  if command -v apt &>/dev/null; then
    apt update && apt install -y at
  elif command -v dnf &>/dev/null; then
    dnf install -y at
  elif command -v yum &>/dev/null; then
    yum install -y at
  elif command -v pacman &>/dev/null; then
    pacman -Sy --noconfirm at
  else
    echo "❌❌❌❌ 无法识别的包管理器，请手动安装 at"
    exit 1
  fi
  if ! command -v at &>/dev/null; then
    echo "❌❌❌❌ 安装 at 失败，请手动处理"
    exit 1
  fi
}
# 从网络下载 Hysteria2 二进制文件（固定amd64架构）
install_hysteria() {
  HYSTERIA_PATH="/usr/local/bin/hysteria"
  # 固定下载amd64架构的最新版本，可替换为其他架构/版本
  DOWNLOAD_URL="https://download.hysteria.network/app/latest/hysteria-linux-amd64-avx"
  
  echo "🔧🔧🔧🔧 正在从网络下载 Hysteria2 (amd64 架构)..."
  # 使用 curl/wget 下载，优先用 curl
  if command -v curl &>/dev/null; then
    curl -L -o "$HYSTERIA_PATH" "$DOWNLOAD_URL"
  elif command -v wget &>/dev/null; then
    wget -O "$HYSTERIA_PATH" "$DOWNLOAD_URL"
  else
    echo "❌❌❌❌ 未检测到 curl/wget，请手动安装后重试"
    exit 1
  fi

  if [[ ! -f "$HYSTERIA_PATH" ]]; then
    echo "❌❌❌❌ Hysteria2 下载失败"
    exit 1
  fi
  chmod +x "$HYSTERIA_PATH"
  setcap cap_net_bind_service=+ep "$HYSTERIA_PATH"
  echo "✅ Hysteria2 已下载并安装到 $HYSTERIA_PATH"
}
install_at
systemctl enable --now atd || {
  echo "❌❌❌❌ 无法启动 atd 服务，请检查 systemd"
  exit 1
}
# 安装 Hysteria2
install_hysteria
# ===================== 读取/写入合并配置文件 =====================
if [[ -f "$MERGED_CONFIG" ]]; then
  # 从合并文件读取配置
  server_domain=$(grep -E "^server_domain:" "$MERGED_CONFIG" | cut -d':' -f2- | xargs)
  email=$(grep -E "^email:" "$MERGED_CONFIG" | cut -d':' -f2- | xargs)
  masquerade_url=$(grep -E "^masquerade_url:" "$MERGED_CONFIG" | cut -d':' -f2- | xargs)
  echo "ℹ️ 使用已保存的域名: $server_domain"
  echo "ℹ️ 使用已保存的邮箱: $email"
  echo "ℹ️ 使用已保存的伪装网址: $masquerade_url"
else
  # 提示用户输入并写入合并文件
  read -p "请输入服务器域名: " server_domain
  [[ -z "$server_domain" ]] && { echo "❌ 域名不能为空"; exit 1; }
  read -p "请输入邮箱地址: " email
  [[ -z "$email" ]] && { echo "❌ 邮箱不能为空"; exit 1; }
  read -p "请输入伪装网址(例如 https://www.baidu.com): " masquerade_url
  [[ -z "$masquerade_url" ]] && { echo "❌ 伪装网址不能为空"; exit 1; }
  # 写入合并配置文件
  cat <<EOF > "$MERGED_CONFIG"
server_domain:$server_domain
email:$email
masquerade_url:$masquerade_url
EOF
  echo "✅ 已保存配置到 $MERGED_CONFIG"
fi
mkdir -p /etc/hysteria
check_port() {
  local port=$1
  if lsof -iTCP -sTCP:LISTEN -P | grep ":$port" >/dev/null; then
    return 1
  else
    return 0
  fi
}
get_available_port() {
  local min_port=12000
  local max_port=12800
  local tries=100
  while (( tries > 0 )); do
    port=$((RANDOM % (max_port - min_port + 1) + min_port))
    if check_port "$port"; then
      echo $port
      return
    fi
    ((tries--))
  done
  echo "❌❌❌❌ 未能找到可用端口，请手动指定"
  exit 1
}
while true; do
  port=$(get_available_port)
  echo -e "${RED}🔍🔍🔍🔍 自动选择可用端口：$port${NC}"
  password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 12)
  echo -e "${RED}🔐🔐🔐🔐 为端口 $port 生成的密码是：$password${NC}"
  echo -e -n "${RED}✅✅✅✅请输入失效时间（小时）: ${NC}"
  read expire_hours
  if [[ ! "$expire_hours" =~ ^[0-9]+$ || $expire_hours -lt 1 ]]; then
    echo -e "${RED}❌❌❌❌ 请输入正确的小时数${NC}"
    continue
  fi
  CONFIG_FILE="/etc/hysteria/config-$port.yaml"
  SERVICE_FILE="/etc/systemd/system/hysteria-$port.service"
  cat <<EOF > "$CONFIG_FILE"
listen: ":$port"
acme:
  domains:
    - "$server_domain"
  email: "$email"
auth:
  type: password
  password: "$password"
masquerade:
  type: proxy
  proxy:
    url: "$masquerade_url"
    rewriteHost: true
EOF
  cat <<EOF > "$SERVICE_FILE"
[Unit]
Description=Hysteria VPN Server on port $port
After=network.target
[Service]
ExecStart=/usr/local/bin/hysteria server -c $CONFIG_FILE
Restart=on-failure
User=root
[Install]
WantedBy=multi-user.target
EOF
  systemctl daemon-reload
  systemctl enable "hysteria-$port" >/dev/null 2>&1
  systemctl start "hysteria-$port"
  expire_date=$(date -d "+$expire_hours hour" +"%Y%m%d")
  TXT_FILE="$CONFIG_DIR/${port}-${expire_date}.txt" # 节点信息也保存到统一文件夹
  cat <<EOF > "$TXT_FILE"
log-level: error

proxies:
  - name: 节点
    type: hysteria2
    server: $server_domain
    port: $port
    password: $password
    skip-cert-verify: true

proxy-groups:
  - name: 选择节点
    type: select
    proxies:
      - 节点

rules:
  - DOMAIN-SUFFIX,apple.com,DIRECT
  - DOMAIN-SUFFIX,icloud.com,DIRECT
  - GEOIP,CN,DIRECT
  - MATCH,选择节点

#失效时间：$expire_hours 小时后（过期日期：$expire_date）
EOF
  echo -e "${RED}📝📝📝📝 节点信息已保存到：$TXT_FILE${NC}"
  echo "systemctl stop hysteria-$port && systemctl disable hysteria-$port && rm -f $SERVICE_FILE $CONFIG_FILE $TXT_FILE && systemctl daemon-reload" | at now + $expire_hours hour >/dev/null 2>&1
  echo -e "${RED}✅✅✅✅ 节点 $port 部署完成，将在 $expire_hours 小时后失效。${NC}"
  read -p "是否继续添加新节点？(y/n): " choice
  [[ "$choice" != "y" ]] && break
done
echo "🎉🎉🎉🎉 所有节点配置完成，Hysteria 多节点服务正在运行！"
echo "ℹ️ 配置信息和节点文件均保存在：$CONFIG_DIR"