luci: Adjust the sing-box ShadowTLS logic

luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua

@@ -50,7 +50,6 @@ end
 if singbox_tags:find("with_quic") then
 	o:value("hysteria", "Hysteria")
 end
-o:value("shadowtls", "ShadowTLS")
 o:value("vless", "VLESS")
 if singbox_tags:find("with_quic") then
 	o:value("tuic", "TUIC")
@@ -176,13 +175,6 @@ if #protocols > 0 then
 	end
 end
 
-o = s:option(ListValue, option_name("shadowtls_version"), translate("Version"))
-o.default = "1"
-o:value("1", "ShadowTLS v1")
-o:value("2", "ShadowTLS v2")
-o:value("3", "ShadowTLS v3")
-o:depends({ [option_name("protocol")] = "shadowtls" })
-
 o = s:option(Value, option_name("username"), translate("Username"))
 o:depends({ [option_name("protocol")] = "http" })
 o:depends({ [option_name("protocol")] = "socks" })
@@ -194,8 +186,6 @@ o:depends({ [option_name("protocol")] = "socks" })
 o:depends({ [option_name("protocol")] = "shadowsocks" })
 o:depends({ [option_name("protocol")] = "shadowsocksr" })
 o:depends({ [option_name("protocol")] = "trojan" })
-o:depends({ [option_name("protocol")] = "shadowtls", [option_name("shadowtls_version")] = "2" })
-o:depends({ [option_name("protocol")] = "shadowtls", [option_name("shadowtls_version")] = "3" })
 o:depends({ [option_name("protocol")] = "tuic" })
 
 o = s:option(ListValue, option_name("security"), translate("Encrypt Method"))
@@ -366,7 +356,6 @@ o:depends({ [option_name("protocol")] = "vless" })
 o:depends({ [option_name("protocol")] = "socks" })
 o:depends({ [option_name("protocol")] = "trojan" })
 o:depends({ [option_name("protocol")] = "shadowsocks" })
-o:depends({ [option_name("protocol")] = "shadowtls" })
 
 o = s:option(ListValue, option_name("alpn"), translate("alpn"))
 o.default = "default"
@@ -542,4 +531,47 @@ o = s:option(Flag, option_name("mux_padding"), translate("Padding"))
 o.default = 0
 o:depends({ [option_name("mux")] = true })
 
+o = s:option(Flag, option_name("shadowtls"), "ShadowTLS")
+o.default = 0
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "trojan" })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+o = s:option(ListValue, option_name("shadowtls_version"), "ShadowTLS " .. translate("Version"))
+o.default = "1"
+o:value("1", "ShadowTLS v1")
+o:value("2", "ShadowTLS v2")
+o:value("3", "ShadowTLS v3")
+o:depends({ [option_name("shadowtls")] = true })
+
+o = s:option(Value, option_name("shadowtls_password"), "ShadowTLS " .. translate("Password"))
+o.password = true
+o:depends({ [option_name("shadowtls")] = true, [option_name("shadowtls_version")] = "2" })
+o:depends({ [option_name("shadowtls")] = true, [option_name("shadowtls_version")] = "3" })
+
+o = s:option(Value, option_name("shadowtls_serverName"), "ShadowTLS " .. translate("Domain"))
+o:depends({ [option_name("shadowtls")] = true })
+
+if singbox_tags:find("with_utls") then
+	o = s:option(Flag, option_name("shadowtls_utls"), "ShadowTLS " .. translate("uTLS"))
+	o.default = "0"
+	o:depends({ [option_name("shadowtls")] = true })
+
+	o = s:option(ListValue, option_name("shadowtls_fingerprint"), "ShadowTLS " .. translate("Finger Print"))
+	o:value("chrome")
+	o:value("firefox")
+	o:value("edge")
+	o:value("safari")
+	-- o:value("360")
+	o:value("qq")
+	o:value("ios")
+	-- o:value("android")
+	o:value("random")
+	-- o:value("randomized")
+	o.default = "chrome"
+	o:depends({ [option_name("shadowtls")] = true, [option_name("shadowtls_utls")] = true })
+end
+
 api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall/luasrc/passwall/util_sing-box.lua

@@ -821,6 +821,27 @@ function gen_config(var)
 			elseif preproxy_node and api.is_normal_node(preproxy_node) then
 				local preproxy_outbound = gen_outbound(flag, preproxy_node, preproxy_tag)
 				if preproxy_outbound then
+					if preproxy_node.shadowtls == "1" then
+						local _node = {
+							type = "sing-box",
+							protocol = "shadowtls",
+							shadowtls_version = preproxy_node.shadowtls_version,
+							password = (preproxy_node.shadowtls_version == "2" or preproxy_node.shadowtls_version == "3") and preproxy_node.shadowtls_password or nil,
+							address = preproxy_node.address,
+							port = preproxy_node.port,
+							tls = "1",
+							tls_serverName = preproxy_node.shadowtls_serverName,
+							utls = preproxy_node.shadowtls_utls,
+							fingerprint = preproxy_node.shadowtls_fingerprint
+						}
+						local shadowtls_outbound = gen_outbound(flag, _node, preproxy_tag .. "_shadowtls")
+						if shadowtls_outbound then
+							table.insert(outbounds, shadowtls_outbound)
+							preproxy_outbound.detour = preproxy_outbound.tag .. "_shadowtls"
+							preproxy_outbound.server = nil
+							preproxy_outbound.server_port = nil
+						end
+					end
 					table.insert(outbounds, preproxy_outbound)
 				else
 					preproxy_enabled = false
@@ -902,8 +923,28 @@ function gen_config(var)
 							end
 							local _outbound = gen_outbound(flag, _node, rule_name, { proxy = proxy and 1 or 0, tag = proxy and preproxy_tag or nil })
 							if _outbound then
+								if _node.shadowtls == "1" then
+									local shadowtls_node = {
+										type = "sing-box",
+										protocol = "shadowtls",
+										shadowtls_version = _node.shadowtls_version,
+										password = (_node.shadowtls_version == "2" or _node.shadowtls_version == "3") and _node.shadowtls_password or nil,
+										address = _node.address,
+										port = _node.port,
+										tls = "1",
+										tls_serverName = _node.shadowtls_serverName,
+										utls = _node.shadowtls_utls,
+										fingerprint = _node.shadowtls_fingerprint
+									}
+									local shadowtls_outbound = gen_outbound(flag, shadowtls_node, rule_name .. "_shadowtls", { proxy = proxy and 1 or 0, tag = proxy and preproxy_tag or nil })
+									if shadowtls_outbound then
+										table.insert(outbounds, shadowtls_outbound)
+										_outbound.detour = _outbound.tag .. "_shadowtls"
+										_outbound.server = nil
+										_outbound.server_port = nil
+									end
+								end
 								table.insert(outbounds, _outbound)
-								if proxy then preproxy_used = true end
 								rule_outboundTag = rule_name
 							end
 						end
@@ -1072,6 +1113,29 @@ function gen_config(var)
 				end
 			else
 				outbound = gen_outbound(flag, node)
+				if outbound then
+					if node.shadowtls == "1" then
+						local shadowtls_node = {
+							type = "sing-box",
+							protocol = "shadowtls",
+							shadowtls_version = node.shadowtls_version,
+							password = (node.shadowtls_version == "2" or node.shadowtls_version == "3") and node.shadowtls_password or nil,
+							address = node.address,
+							port = node.port,
+							tls = "1",
+							tls_serverName = node.shadowtls_serverName,
+							utls = node.shadowtls_utls,
+							fingerprint = node.shadowtls_fingerprint
+						}
+						local shadowtls_outbound = gen_outbound(flag, shadowtls_node, outbound.tag .. "_shadowtls")
+						if shadowtls_outbound then
+							table.insert(outbounds, shadowtls_outbound)
+							outbound.detour = outbound.tag .. "_shadowtls"
+							outbound.server = nil
+							outbound.server_port = nil
+						end
+					end
+				end
 			end
 			if outbound then
 				default_outTag = outbound.tag