From 095251f41bd8f3c9e63bd9bcf56ef0c86fd60eb0 Mon Sep 17 00:00:00 2001 From: zhusir Date: Thu, 17 Nov 2022 11:51:47 +0800 Subject: [PATCH] luci-app-passwall: support xray xtls-rprx-vision (#2174) * luci: support xray xtls-rprx-vision * update Co-authored-by: ShanStone <31815718+ShanStone@users.noreply.github.com> --- .../model/cbi/passwall/api/gen_v2ray.lua | 7 +-- .../model/cbi/passwall/client/node_config.lua | 13 ++++++ .../model/cbi/passwall/server/api/v2ray.lua | 4 +- .../luasrc/model/cbi/passwall/server/user.lua | 12 ++++++ .../passwall/node_list/link_share_man.htm | 43 +++++++++++++------ .../root/usr/share/passwall/subscribe.lua | 2 + 6 files changed, 64 insertions(+), 17 deletions(-) diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua b/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua index 755a2680d..f29fa7579 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua @@ -147,7 +147,8 @@ function gen_outbound(node, tag, proxy_table) security = node.stream_security, xtlsSettings = (node.stream_security == "xtls") and { serverName = node.tls_serverName, - allowInsecure = (node.tls_allowInsecure == "1") and true or false + allowInsecure = (node.tls_allowInsecure == "1") and true or false, + fingerprint = (node.type == "Xray" and node.fingerprint and node.fingerprint ~= "disable") and node.fingerprint or nil } or nil, tlsSettings = (node.stream_security == "tls") and { serverName = node.tls_serverName, @@ -216,7 +217,7 @@ function gen_outbound(node, tag, proxy_table) level = 0, security = (node.protocol == "vmess") and node.security or nil, encryption = node.encryption or "none", - flow = node.flow or nil + flow = node.flow or (node.tls == '1' and node.xtls ~= '1' and node.tlsflow) and node.tlsflow or nil } } } @@ -226,7 +227,7 @@ function gen_outbound(node, tag, proxy_table) address = node.address, port = tonumber(node.port), method = node.method or nil, - flow = node.flow or nil, + flow = node.flow or (node.tls == '1' and node.xtls ~= '1' and node.tlsflow) and node.tlsflow or nil, ivCheck = (node.protocol == "shadowsocks") and node.iv_check == "1" or nil, uot = (node.protocol == "shadowsocks") and node.uot == "1" or nil, password = node.password or "", diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua index 476590933..5ab9fe9f3 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua @@ -511,6 +511,13 @@ xtls.default = 0 xtls:depends({ type = "Xray", protocol = "vless", tls = true }) xtls:depends({ type = "Xray", protocol = "trojan", tls = true }) +tlsflow = s:option(Value, "tlsflow", translate("flow")) +tlsflow.default = "" +tlsflow:value("", translate("Disable")) +tlsflow:value("xtls-rprx-vision") +tlsflow:value("xtls-rprx-vision-udp443") +tlsflow:depends({ type = "Xray", protocol = "vless", tls = true , xtls = false }) + flow = s:option(Value, "flow", translate("flow")) flow.default = "xtls-rprx-direct" flow:value("xtls-rprx-origin") @@ -530,6 +537,11 @@ alpn:value("http/1.1") alpn:depends({ type = "V2ray", tls = true }) alpn:depends({ type = "Xray", tls = true }) +-- minversion = s:option(Value, "minversion", translate("minversion")) +-- minversion.default = "1.3" +-- minversion:value("1.3") +-- minversion:depends("tls", true) + -- [[ TLS部分 ]] -- tls_sessionTicket = s:option(Flag, "tls_sessionTicket", translate("Session Ticket")) tls_sessionTicket.default = "0" @@ -568,6 +580,7 @@ xray_fingerprint:value("safari") xray_fingerprint:value("randomized") xray_fingerprint.default = "disable" xray_fingerprint:depends({ type = "Xray", tls = true, xtls = false }) +xray_fingerprint:depends({ type = "Xray", tls = true, xtls = true }) function xray_fingerprint.cfgvalue(self, section) return m:get(section, "fingerprint") end diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/server/api/v2ray.lua b/luci-app-passwall/luasrc/model/cbi/passwall/server/api/v2ray.lua index 729d9f204..273487eb7 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/server/api/v2ray.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/server/api/v2ray.lua @@ -14,7 +14,7 @@ function gen_config(user) for i = 1, #user.uuid do clients[i] = { id = user.uuid[i], - flow = ("1" == user.xtls) and user.flow or nil + flow = ("1" == user.xtls) and user.flow or ("1" == user.tls and "1" ~= user.xtls and user.tlsflow) and user.tlsflow or nil } end settings = { @@ -57,7 +57,7 @@ function gen_config(user) local clients = {} for i = 1, #user.uuid do clients[i] = { - flow = ("1" == user.xtls) and user.flow or nil, + flow = ("1" == user.xtls) and user.flow or ("1" == user.tls and "1" ~= user.xtls and user.tlsflow) and user.tlsflow or nil, password = user.uuid[i], } end diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua b/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua index 499822fcb..abe3028cc 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua @@ -392,6 +392,13 @@ xtls.default = 0 xtls:depends({ type = "Xray", protocol = "vless", tls = true }) xtls:depends({ type = "Xray", protocol = "trojan", tls = true }) +tlsflow = s:option(Value, "tlsflow", translate("flow")) +tlsflow.default = "" +tlsflow:value("", translate("Disable")) +tlsflow:value("xtls-rprx-vision") +tlsflow:value("xtls-rprx-vision-udp443") +tlsflow:depends({ type = "Xray", protocol = "vless", tls = true , xtls = false }) + flow = s:option(Value, "flow", translate("flow")) flow.default = "xtls-rprx-direct" flow:value("xtls-rprx-origin") @@ -406,6 +413,11 @@ alpn:value("http/1.1") alpn:depends({ type = "V2ray", tls = true }) alpn:depends({ type = "Xray", tls = true }) +-- minversion = s:option(Value, "minversion", translate("minversion")) +-- minversion.default = "1.3" +-- minversion:value("1.3") +-- minversion:depends("tls", true) + -- [[ TLS部分 ]] -- tls_certificateFile = s:option(FileUpload, "tls_certificateFile", translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem") diff --git a/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm b/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm index 6662f6ff6..c8e8fd3f6 100644 --- a/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm +++ b/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm @@ -285,19 +285,30 @@ local has_xray = api.is_finded("xray") params += "&type=" + v_transport; params += opt.query("encryption", "encryption"); + if (opt.get("tls").checked) { - var v_security = "tls"; - if (opt.get("xtls").checked) { - v_security = "xtls"; + var v_security = "tls"; + var v_flow = "xtls-rprx-vision"; + if (opt.get("tlsflow").value) { + v_flow = opt.get("tlsflow").value; + } + params += "&flow=" + v_flow; + params += "&security=" + v_security; + params += opt.query("sni", "tls_serverName"); + } + + if (opt.get("xtls").checked) { + var v_security = "xtls"; var v_flow = "xtls-rprx-direct"; if (opt.get("flow").value) { v_flow = opt.get("flow").value; } params += "&flow=" + v_flow; - } - params += "&security=" + v_security; - params += opt.query("sni", "tls_serverName"); + params += "&security=" + v_security; + params += opt.query("sni", "tls_serverName"); } + + params += "#" + encodeURI(v_alias.value); if (params[0] == "&") { params = params.substring(1); @@ -850,14 +861,22 @@ local has_xray = api.is_finded("xray") opt.set('encryption', queryParam.encryption); if (queryParam.security) { - if (queryParam.security == "tls" || queryParam.security == "xtls") { + if (queryParam.security == "tls") { opt.set('tls', true); - if (queryParam.security == "xtls") { - opt.set('xtls', true); - opt.set('flow', queryParam.flow || "xtls-rprx-direct"); - } + opt.set('xtls',false); + opt.set('tlsflow', queryParam.flow || ''); + opt.set('tls_serverName', queryParam.sni || ''); + opt.set('tls_allowInsecure', true); + if (queryParam.allowinsecure === '0') { + opt.set('tls_allowInsecure', false); + } + } + + if (queryParam.security == "xtls") { + opt.set('tls', true); + opt.set('xtls',true); + opt.set('flow', queryParam.flow || "xtls-rprx-direct"); opt.set('tls_serverName', queryParam.sni || ''); - opt.set('tls_allowInsecure', true); if (queryParam.allowinsecure === '0') { opt.set('tls_allowInsecure', false); diff --git a/luci-app-passwall/root/usr/share/passwall/subscribe.lua b/luci-app-passwall/root/usr/share/passwall/subscribe.lua index 2437058c3..0b5b87a8e 100755 --- a/luci-app-passwall/root/usr/share/passwall/subscribe.lua +++ b/luci-app-passwall/root/usr/share/passwall/subscribe.lua @@ -776,6 +776,8 @@ local function processData(szType, content, add_mode, add_from) if params.security == "xtls" then result.xtls = "1" result.flow = params.flow or "xtls-rprx-direct" + else + result.tlsflow = params.flow or nil end result.tls_serverName = (params.sni and params.sni ~= "") and params.sni or params.host end