luci-app-passwall: support xray xtls-rprx-vision (#2174)

* luci: support xray xtls-rprx-vision

* update

Co-authored-by: ShanStone <31815718+ShanStone@users.noreply.github.com>

luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua

@@ -147,7 +147,8 @@ function gen_outbound(node, tag, proxy_table)
                 security = node.stream_security,
                 xtlsSettings = (node.stream_security == "xtls") and {
                     serverName = node.tls_serverName,
-                    allowInsecure = (node.tls_allowInsecure == "1") and true or false
+                    allowInsecure = (node.tls_allowInsecure == "1") and true or false,
+                    fingerprint = (node.type == "Xray" and node.fingerprint and node.fingerprint ~= "disable") and node.fingerprint or nil
                 } or nil,
                 tlsSettings = (node.stream_security == "tls") and {
                     serverName = node.tls_serverName,
@@ -216,7 +217,7 @@ function gen_outbound(node, tag, proxy_table)
                                 level = 0,
                                 security = (node.protocol == "vmess") and node.security or nil,
                                 encryption = node.encryption or "none",
-                                flow = node.flow or nil
+                                flow = node.flow or (node.tls == '1' and node.xtls ~= '1' and node.tlsflow) and node.tlsflow or nil
                             }
                         }
                     }
@@ -226,7 +227,7 @@ function gen_outbound(node, tag, proxy_table)
                         address = node.address,
                         port = tonumber(node.port),
                         method = node.method or nil,
-                        flow = node.flow or nil,
+                        flow = node.flow or (node.tls == '1' and node.xtls ~= '1' and node.tlsflow) and node.tlsflow or nil,
                         ivCheck = (node.protocol == "shadowsocks") and node.iv_check == "1" or nil,
                         uot = (node.protocol == "shadowsocks") and node.uot == "1" or nil,
                         password = node.password or "",

luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua

@@ -511,6 +511,13 @@ xtls.default = 0
 xtls:depends({ type = "Xray", protocol = "vless", tls = true })
 xtls:depends({ type = "Xray", protocol = "trojan", tls = true })
 
+tlsflow = s:option(Value, "tlsflow", translate("flow"))
+tlsflow.default = ""
+tlsflow:value("", translate("Disable"))
+tlsflow:value("xtls-rprx-vision")
+tlsflow:value("xtls-rprx-vision-udp443")
+tlsflow:depends({ type = "Xray", protocol = "vless", tls = true , xtls = false })
+
 flow = s:option(Value, "flow", translate("flow"))
 flow.default = "xtls-rprx-direct"
 flow:value("xtls-rprx-origin")
@@ -530,6 +537,11 @@ alpn:value("http/1.1")
 alpn:depends({ type = "V2ray", tls = true })
 alpn:depends({ type = "Xray", tls = true })
 
+-- minversion = s:option(Value, "minversion", translate("minversion"))
+-- minversion.default = "1.3"
+-- minversion:value("1.3")
+-- minversion:depends("tls", true)
+
 -- [[ TLS部分 ]] --
 tls_sessionTicket = s:option(Flag, "tls_sessionTicket", translate("Session Ticket"))
 tls_sessionTicket.default = "0"
@@ -568,6 +580,7 @@ xray_fingerprint:value("safari")
 xray_fingerprint:value("randomized")
 xray_fingerprint.default = "disable"
 xray_fingerprint:depends({ type = "Xray", tls = true, xtls = false })
+xray_fingerprint:depends({ type = "Xray", tls = true, xtls = true })
 function xray_fingerprint.cfgvalue(self, section)
 	return m:get(section, "fingerprint")
 end

luci-app-passwall/luasrc/model/cbi/passwall/server/api/v2ray.lua

@@ -14,7 +14,7 @@ function gen_config(user)
             for i = 1, #user.uuid do
                 clients[i] = {
                     id = user.uuid[i],
-                    flow = ("1" == user.xtls) and user.flow or nil
+                    flow = ("1" == user.xtls) and user.flow or ("1" == user.tls and "1" ~= user.xtls and user.tlsflow) and user.tlsflow or nil
                 }
             end
             settings = {
@@ -57,7 +57,7 @@ function gen_config(user)
             local clients = {}
             for i = 1, #user.uuid do
                 clients[i] = {
-                    flow = ("1" == user.xtls) and user.flow or nil,
+                    flow = ("1" == user.xtls) and user.flow or ("1" == user.tls and "1" ~= user.xtls and user.tlsflow) and user.tlsflow or nil,
                     password = user.uuid[i],
                 }
             end

luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua

@@ -392,6 +392,13 @@ xtls.default = 0
 xtls:depends({ type = "Xray", protocol = "vless", tls = true })
 xtls:depends({ type = "Xray", protocol = "trojan", tls = true })
 
+tlsflow = s:option(Value, "tlsflow", translate("flow"))
+tlsflow.default = ""
+tlsflow:value("", translate("Disable"))
+tlsflow:value("xtls-rprx-vision")
+tlsflow:value("xtls-rprx-vision-udp443")
+tlsflow:depends({ type = "Xray", protocol = "vless", tls = true , xtls = false })
+
 flow = s:option(Value, "flow", translate("flow"))
 flow.default = "xtls-rprx-direct"
 flow:value("xtls-rprx-origin")
@@ -406,6 +413,11 @@ alpn:value("http/1.1")
 alpn:depends({ type = "V2ray", tls = true })
 alpn:depends({ type = "Xray", tls = true })
 
+-- minversion = s:option(Value, "minversion", translate("minversion"))
+-- minversion.default = "1.3"
+-- minversion:value("1.3")
+-- minversion:depends("tls", true)
+
 -- [[ TLS部分 ]] --
 
 tls_certificateFile = s:option(FileUpload, "tls_certificateFile", translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem")

luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm

@@ -285,19 +285,30 @@ local has_xray = api.is_finded("xray")
 			params += "&type=" + v_transport;
 			
 			params += opt.query("encryption", "encryption");
+
 			if (opt.get("tls").checked) {
 					var v_security = "tls";
+					var v_flow = "xtls-rprx-vision";
+					if (opt.get("tlsflow").value) {
+						v_flow = opt.get("tlsflow").value;
+					}
+					params += "&flow=" + v_flow;
+					params += "&security=" + v_security;
+					params += opt.query("sni", "tls_serverName");
+			}
+
 			if (opt.get("xtls").checked) {
-					v_security = "xtls";
+					var v_security = "xtls";
 					var v_flow = "xtls-rprx-direct";
 					if (opt.get("flow").value) {
 						v_flow = opt.get("flow").value;
 					}
 					params += "&flow=" + v_flow;
-				}
 					params += "&security=" + v_security;
 					params += opt.query("sni", "tls_serverName");
 			}
+
+
 			params += "#" + encodeURI(v_alias.value);
 			if (params[0] == "&") {
 				params = params.substring(1);
@@ -850,14 +861,22 @@ local has_xray = api.is_finded("xray")
 			
 			opt.set('encryption', queryParam.encryption);
 			if (queryParam.security) {
-				if (queryParam.security == "tls" || queryParam.security == "xtls") {
+				if (queryParam.security == "tls") {
 					opt.set('tls', true);
-					if (queryParam.security == "xtls") {
+					opt.set('xtls',false);
-						opt.set('xtls', true);
+					opt.set('tlsflow', queryParam.flow || '');
-						opt.set('flow', queryParam.flow || "xtls-rprx-direct");
-					}
 					opt.set('tls_serverName', queryParam.sni || '');
+					opt.set('tls_allowInsecure', true);
+					if (queryParam.allowinsecure === '0') {
+						opt.set('tls_allowInsecure', false);
+					}
+				}
 
+				if (queryParam.security == "xtls") {
+					opt.set('tls', true);
+					opt.set('xtls',true);
+					opt.set('flow', queryParam.flow || "xtls-rprx-direct");
+					opt.set('tls_serverName', queryParam.sni || '');
 					opt.set('tls_allowInsecure', true);
 					if (queryParam.allowinsecure === '0') {
 						opt.set('tls_allowInsecure', false);

luci-app-passwall/root/usr/share/passwall/subscribe.lua

@@ -776,6 +776,8 @@ local function processData(szType, content, add_mode, add_from)
 				if params.security == "xtls" then
 					result.xtls = "1"
 					result.flow = params.flow or "xtls-rprx-direct"
+				else
+					result.tlsflow = params.flow or nil
 				end
 				result.tls_serverName = (params.sni and params.sni ~= "") and params.sni or params.host
 			end