luci-app-passwall2: sync upstream

last commit: da49da8f53

luci-app-passwall2/Makefile

@@ -0,0 +1,156 @@
+# Copyright (C) 2022-2023 xiaorouji
+#
+# This is free software, licensed under the GNU General Public License v3.
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=luci-app-passwall2
+PKG_VERSION:=1.30-3
+PKG_RELEASE:=
+
+PKG_CONFIG_DEPENDS:= \
+	CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \
+	CONFIG_PACKAGE_$(PKG_NAME)_Nftables_Transparent_Proxy \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Haproxy \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Client \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Simple_Obfs \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_SingBox \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_tuic_client \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin
+
+LUCI_TITLE:=LuCI support for PassWall 2
+LUCI_PKGARCH:=all
+LUCI_DEPENDS:=+coreutils +coreutils-base64 +coreutils-nohup +curl \
+	+ip-full +libuci-lua +lua +luci-compat +luci-lib-jsonc +resolveip +tcping \
+	+xray-core +v2ray-geoip +v2ray-geosite \
+	+unzip \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat:ip6tables-mod-nat
+
+define Package/$(PKG_NAME)/config
+menu "Configuration"
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat
+	depends on PACKAGE_ip6tables
+	bool "Include IPv6 Nat"
+	default n
+
+if PACKAGE_$(PKG_NAME)
+
+config PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy
+	bool "Iptables Transparent Proxy"
+	select PACKAGE_dnsmasq-full
+	select PACKAGE_dnsmasq_full_ipset
+	select PACKAGE_ipset
+	select PACKAGE_iptables
+	select PACKAGE_iptables-nft
+	select PACKAGE_iptables-zz-legacy
+	select PACKAGE_iptables-mod-conntrack-extra
+	select PACKAGE_iptables-mod-iprange
+	select PACKAGE_iptables-mod-socket
+	select PACKAGE_iptables-mod-tproxy
+	select PACKAGE_kmod-ipt-nat
+	default y if ! PACKAGE_firewall4
+
+config PACKAGE_$(PKG_NAME)_Nftables_Transparent_Proxy
+	bool "Nftables Transparent Proxy"
+	select PACKAGE_dnsmasq-full
+	select PACKAGE_dnsmasq_full_nftset
+	select PACKAGE_nftables
+	select PACKAGE_kmod-nft-socket
+	select PACKAGE_kmod-nft-tproxy
+	select PACKAGE_kmod-nft-nat
+	default y if PACKAGE_firewall4
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Haproxy
+	bool "Include Haproxy"
+	select PACKAGE_haproxy
+	default y if aarch64||arm||i386||x86_64
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria
+	bool "Include Hysteria"
+	select PACKAGE_hysteria
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy
+	bool "Include NaiveProxy"
+	depends on !(arc||(arm&&TARGET_gemini)||armeb||mips||mips64||powerpc)
+	select PACKAGE_naiveproxy
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client
+	bool "Include Shadowsocks Libev Client"
+	select PACKAGE_shadowsocks-libev-ss-local
+	select PACKAGE_shadowsocks-libev-ss-redir
+	default y
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server
+	bool "Include Shadowsocks Libev Server"
+	select PACKAGE_shadowsocks-libev-ss-server
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client
+	bool "Include Shadowsocks Rust Client"
+	depends on aarch64||arm||i386||mips||mipsel||x86_64
+	select PACKAGE_shadowsocks-rust-sslocal
+	default y if aarch64
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server
+	bool "Include Shadowsocks Rust Server"
+	depends on aarch64||arm||i386||mips||mipsel||x86_64
+	select PACKAGE_shadowsocks-rust-ssserver
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Client
+	bool "Include ShadowsocksR Libev Client"
+	select PACKAGE_shadowsocksr-libev-ssr-local
+	select PACKAGE_shadowsocksr-libev-ssr-redir
+	default y
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server
+	bool "Include ShadowsocksR Libev Server"
+	select PACKAGE_shadowsocksr-libev-ssr-server
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Simple_Obfs
+	bool "Include Simple-Obfs (Shadowsocks Plugin)"
+	select PACKAGE_simple-obfs
+	default y
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_SingBox
+	bool "Include Sing-Box"
+	select PACKAGE_sing-box
+	default y if aarch64||arm||i386||x86_64
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_tuic_client
+	bool "Include tuic-client"
+	depends on aarch64||arm||i386||x86_64
+	select PACKAGE_tuic-client
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin
+	bool "Include V2ray-Plugin (Shadowsocks Plugin)"
+	select PACKAGE_v2ray-plugin
+	default y if aarch64||arm||i386||x86_64
+
+endif
+endmenu
+endef
+
+define Package/$(PKG_NAME)/conffiles
+/etc/config/passwall2
+/etc/config/passwall2_server
+/usr/share/passwall2/domains_excluded
+/www/luci-static/resources/qrcode.min.js
+endef
+
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature

luci-app-passwall2/luasrc/controller/passwall2.lua

@@ -0,0 +1,425 @@
+-- Copyright (C) 2022-2023 xiaorouji
+
+module("luci.controller.passwall2", package.seeall)
+local api = require "luci.passwall2.api"
+local appname = api.appname			-- not available
+local uci = luci.model.uci.cursor()		-- in funtion index()
+local http = require "luci.http"
+local util = require "luci.util"
+local i18n = require "luci.i18n"
+
+function index()
+	if not nixio.fs.access("/etc/config/passwall2") then
+		if nixio.fs.access("/usr/share/passwall2/0_default_config") then
+			luci.sys.call('cp -f /usr/share/passwall2/0_default_config /etc/config/passwall2')
+		else return end
+	end
+	local appname = "passwall2"			-- global definitions not available
+	local uci = luci.model.uci.cursor()		-- in function index()
+	entry({"admin", "services", appname}).dependent = true
+	entry({"admin", "services", appname, "reset_config"}, call("reset_config")).leaf = true
+	entry({"admin", "services", appname, "show"}, call("show_menu")).leaf = true
+	entry({"admin", "services", appname, "hide"}, call("hide_menu")).leaf = true
+	local e
+	if uci:get(appname, "@global[0]", "hide_from_luci") ~= "1" then
+		e = entry({"admin", "services", appname}, alias("admin", "services", appname, "settings"), _("PassWall 2"), -1)
+	else
+		e = entry({"admin", "services", appname}, alias("admin", "services", appname, "settings"), nil, -1)
+	end
+	e.dependent = true
+	e.acl_depends = { "luci-app-passwall2" }
+	--[[ Client ]]
+	entry({"admin", "services", appname, "settings"}, cbi(appname .. "/client/global"), _("Basic Settings"), 1).dependent = true
+	entry({"admin", "services", appname, "node_list"}, cbi(appname .. "/client/node_list"), _("Node List"), 2).dependent = true
+	entry({"admin", "services", appname, "node_subscribe"}, cbi(appname .. "/client/node_subscribe"), _("Node Subscribe"), 3).dependent = true
+	entry({"admin", "services", appname, "other"}, cbi(appname .. "/client/other", {autoapply = true}), _("Other Settings"), 92).leaf = true
+	if nixio.fs.access("/usr/sbin/haproxy") then
+		entry({"admin", "services", appname, "haproxy"}, cbi(appname .. "/client/haproxy"), _("Load Balancing"), 93).leaf = true
+	end
+	entry({"admin", "services", appname, "app_update"}, cbi(appname .. "/client/app_update"), _("App Update"), 95).leaf = true
+	entry({"admin", "services", appname, "rule"}, cbi(appname .. "/client/rule"), _("Rule Manage"), 96).leaf = true
+	entry({"admin", "services", appname, "node_subscribe_config"}, cbi(appname .. "/client/node_subscribe_config")).leaf = true
+	entry({"admin", "services", appname, "node_config"}, cbi(appname .. "/client/node_config")).leaf = true
+	entry({"admin", "services", appname, "shunt_rules"}, cbi(appname .. "/client/shunt_rules")).leaf = true
+	entry({"admin", "services", appname, "socks_config"}, cbi(appname .. "/client/socks_config")).leaf = true
+	entry({"admin", "services", appname, "acl"}, cbi(appname .. "/client/acl"), _("Access control"), 98).leaf = true
+	entry({"admin", "services", appname, "acl_config"}, cbi(appname .. "/client/acl_config")).leaf = true
+	entry({"admin", "services", appname, "log"}, form(appname .. "/client/log"), _("Watch Logs"), 999).leaf = true
+
+	--[[ Server ]]
+	entry({"admin", "services", appname, "server"}, cbi(appname .. "/server/index"), _("Server-Side"), 99).leaf = true
+	entry({"admin", "services", appname, "server_user"}, cbi(appname .. "/server/user")).leaf = true
+
+	--[[ API ]]
+	entry({"admin", "services", appname, "server_user_status"}, call("server_user_status")).leaf = true
+	entry({"admin", "services", appname, "server_user_log"}, call("server_user_log")).leaf = true
+	entry({"admin", "services", appname, "server_get_log"}, call("server_get_log")).leaf = true
+	entry({"admin", "services", appname, "server_clear_log"}, call("server_clear_log")).leaf = true
+	entry({"admin", "services", appname, "link_add_node"}, call("link_add_node")).leaf = true
+	entry({"admin", "services", appname, "socks_autoswitch_add_node"}, call("socks_autoswitch_add_node")).leaf = true
+	entry({"admin", "services", appname, "socks_autoswitch_remove_node"}, call("socks_autoswitch_remove_node")).leaf = true
+	entry({"admin", "services", appname, "get_now_use_node"}, call("get_now_use_node")).leaf = true
+	entry({"admin", "services", appname, "get_redir_log"}, call("get_redir_log")).leaf = true
+	entry({"admin", "services", appname, "get_socks_log"}, call("get_socks_log")).leaf = true
+	entry({"admin", "services", appname, "get_log"}, call("get_log")).leaf = true
+	entry({"admin", "services", appname, "clear_log"}, call("clear_log")).leaf = true
+	entry({"admin", "services", appname, "index_status"}, call("index_status")).leaf = true
+	entry({"admin", "services", appname, "haproxy_status"}, call("haproxy_status")).leaf = true
+	entry({"admin", "services", appname, "socks_status"}, call("socks_status")).leaf = true
+	entry({"admin", "services", appname, "connect_status"}, call("connect_status")).leaf = true
+	entry({"admin", "services", appname, "ping_node"}, call("ping_node")).leaf = true
+	entry({"admin", "services", appname, "urltest_node"}, call("urltest_node")).leaf = true
+	entry({"admin", "services", appname, "set_node"}, call("set_node")).leaf = true
+	entry({"admin", "services", appname, "copy_node"}, call("copy_node")).leaf = true
+	entry({"admin", "services", appname, "clear_all_nodes"}, call("clear_all_nodes")).leaf = true
+	entry({"admin", "services", appname, "delete_select_nodes"}, call("delete_select_nodes")).leaf = true
+	entry({"admin", "services", appname, "update_rules"}, call("update_rules")).leaf = true
+
+	--[[Components update]]
+	local coms = require "luci.passwall2.com"
+	local com
+	for com, _ in pairs(coms) do
+		entry({"admin", "services", appname, "check_" .. com}, call("com_check", com)).leaf = true
+		entry({"admin", "services", appname, "update_" .. com}, call("com_update", com)).leaf = true
+	end
+end
+
+local function http_write_json(content)
+	http.prepare_content("application/json")
+	http.write_json(content or {code = 1})
+end
+
+function reset_config()
+	luci.sys.call('/etc/init.d/passwall2 stop')
+	luci.sys.call('[ -f "/usr/share/passwall2/0_default_config" ] && cp -f /usr/share/passwall2/0_default_config /etc/config/passwall2')
+	luci.http.redirect(api.url())
+end
+
+function show_menu()
+	uci:delete(appname, "@global[0]", "hide_from_luci")
+	uci:commit(appname)
+	luci.sys.call("rm -rf /tmp/luci-*")
+	luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
+	luci.http.redirect(api.url())
+end
+
+function hide_menu()
+	uci:set(appname, "@global[0]", "hide_from_luci","1")
+	uci:commit(appname)
+	luci.sys.call("rm -rf /tmp/luci-*")
+	luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
+	luci.http.redirect(luci.dispatcher.build_url("admin", "status", "overview"))
+end
+
+function link_add_node()
+	local lfile = "/tmp/links.conf"
+	local link = luci.http.formvalue("link")
+	luci.sys.call('echo \'' .. link .. '\' > ' .. lfile)
+	luci.sys.call("lua /usr/share/passwall2/subscribe.lua add log")
+end
+
+function socks_autoswitch_add_node()
+	local id = luci.http.formvalue("id")
+	local key = luci.http.formvalue("key")
+	if id and id ~= "" and key and key ~= "" then
+		local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
+		for i = #new_list, 1, -1 do
+			if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
+				table.remove(new_list, i)
+			end
+		end
+		for k, e in ipairs(api.get_valid_nodes()) do
+			if e.node_type == "normal" and e["remark"]:find(key) then
+				table.insert(new_list, e.id)
+			end
+		end
+		uci:set_list(appname, id, "autoswitch_backup_node", new_list)
+		uci:commit(appname)
+	end
+	luci.http.redirect(api.url("socks_config", id))
+end
+
+function socks_autoswitch_remove_node()
+	local id = luci.http.formvalue("id")
+	local key = luci.http.formvalue("key")
+	if id and id ~= "" and key and key ~= "" then
+		local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
+		for i = #new_list, 1, -1 do
+			if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
+				table.remove(new_list, i)
+			end
+		end
+		uci:set_list(appname, id, "autoswitch_backup_node", new_list)
+		uci:commit(appname)
+	end
+	luci.http.redirect(api.url("socks_config", id))
+end
+
+function get_now_use_node()
+	local e = {}
+	local data, code, msg = nixio.fs.readfile("/tmp/etc/passwall2/acl/default/global.id")
+	if data then
+		e["global"] = util.trim(data)
+	end
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function get_redir_log()
+	local id = luci.http.formvalue("id")
+	local name = luci.http.formvalue("name")
+	local file_path = "/tmp/etc/passwall2/acl/" .. id .. "/" .. name .. ".log"
+	if nixio.fs.access(file_path) then
+		local content = luci.sys.exec("cat '" .. file_path .. "'")
+		content = content:gsub("\n", "<br />")
+		luci.http.write(content)
+	else
+		luci.http.write(string.format("<script>alert('%s');window.close();</script>", i18n.translate("Not enabled log")))
+	end
+end
+
+function get_socks_log()
+	local name = luci.http.formvalue("name")
+	local path = "/tmp/etc/passwall2/SOCKS_" .. name .. ".log"
+	if nixio.fs.access(path) then
+		local content = luci.sys.exec("cat ".. path)
+		content = content:gsub("\n", "<br />")
+		luci.http.write(content)
+	else
+		luci.http.write(string.format("<script>alert('%s');window.close();</script>", i18n.translate("Not enabled log")))
+	end
+end
+
+function get_log()
+	-- luci.sys.exec("[ -f /tmp/log/passwall2.log ] && sed '1!G;h;$!d' /tmp/log/passwall2.log > /tmp/log/passwall2_show.log")
+	luci.http.write(luci.sys.exec("[ -f '/tmp/log/passwall2.log' ] && cat /tmp/log/passwall2.log"))
+end
+
+function clear_log()
+	luci.sys.call("echo '' > /tmp/log/passwall2.log")
+end
+
+function index_status()
+	local e = {}
+	e["global_status"] = luci.sys.call("/bin/busybox top -bn1 | grep -v 'grep' | grep '/tmp/etc/passwall2/bin/' | grep 'default' | grep 'global' >/dev/null") == 0
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function haproxy_status()
+	local e = luci.sys.call(string.format("/bin/busybox top -bn1 | grep -v grep | grep '%s/bin/' | grep haproxy >/dev/null", appname)) == 0
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function socks_status()
+	local e = {}
+	local index = luci.http.formvalue("index")
+	local id = luci.http.formvalue("id")
+	e.index = index
+	e.socks_status = luci.sys.call(string.format("/bin/busybox top -bn1 | grep -v -E 'grep|acl/|acl_' | grep '%s/bin/' | grep '%s' | grep 'SOCKS_' > /dev/null", appname, id)) == 0
+	local use_http = uci:get(appname, id, "http_port") or 0
+	e.use_http = 0
+	if tonumber(use_http) > 0 then
+		e.use_http = 1
+		e.http_status = luci.sys.call(string.format("/bin/busybox top -bn1 | grep -v -E 'grep|acl/|acl_' | grep '%s/bin/' | grep '%s' | grep -E 'HTTP_|HTTP2SOCKS' > /dev/null", appname, id)) == 0
+	end
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function connect_status()
+	local e = {}
+	e.use_time = ""
+	local url = luci.http.formvalue("url")
+	local result = luci.sys.exec('curl --connect-timeout 3 -o /dev/null -I -sk -w "%{http_code}:%{time_appconnect}" ' .. url)
+	local code = tonumber(luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $1}'") or "0")
+	if code ~= 0 then
+		local use_time = luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $2}'")
+		if use_time:find("%.") then
+			e.use_time = string.format("%.2f", use_time * 1000)
+		else
+			e.use_time = string.format("%.2f", use_time / 1000)
+		end
+		e.ping_type = "curl"
+	end
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function ping_node()
+	local index = luci.http.formvalue("index")
+	local address = luci.http.formvalue("address")
+	local port = luci.http.formvalue("port")
+	local type = luci.http.formvalue("type") or "icmp"
+	local e = {}
+	e.index = index
+	if type == "tcping" and luci.sys.exec("echo -n $(command -v tcping)") ~= "" then
+		if api.is_ipv6(address) then
+			address = api.get_ipv6_only(address)
+		end
+		e.ping = luci.sys.exec(string.format("echo -n $(tcping -q -c 1 -i 1 -t 2 -p %s %s 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print $2}') 2>/dev/null", port, address))
+	else
+		e.ping = luci.sys.exec("echo -n $(ping -c 1 -W 1 %q 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print $2}') 2>/dev/null" % address)
+	end
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function urltest_node()
+	local index = luci.http.formvalue("index")
+	local id = luci.http.formvalue("id")
+	local e = {}
+	e.index = index
+	local result = luci.sys.exec(string.format("/usr/share/passwall2/test.sh url_test_node %s %s", id, "urltest_node"))
+	local code = tonumber(luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $1}'") or "0")
+	if code ~= 0 then
+		local use_time = luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $2}'")
+		if use_time:find("%.") then
+			e.use_time = string.format("%.2f", use_time * 1000)
+		else
+			e.use_time = string.format("%.2f", use_time / 1000)
+		end
+	end
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function set_node()
+	local type = luci.http.formvalue("type")
+	local config = luci.http.formvalue("config")
+	local section = luci.http.formvalue("section")
+	uci:set(appname, type, config, section)
+	uci:commit(appname)
+	luci.sys.call("/etc/init.d/passwall2 restart > /dev/null 2>&1 &")
+	luci.http.redirect(api.url("log"))
+end
+
+function copy_node()
+	local section = luci.http.formvalue("section")
+	local uuid = api.gen_short_uuid()
+	uci:section(appname, "nodes", uuid)
+	for k, v in pairs(uci:get_all(appname, section)) do
+		local filter = k:find("%.")
+		if filter and filter == 1 then
+		else
+			xpcall(function()
+				uci:set(appname, uuid, k, v)
+			end,
+			function(e)
+			end)
+		end
+	end
+	uci:delete(appname, uuid, "add_from")
+	uci:set(appname, uuid, "add_mode", 1)
+	uci:commit(appname)
+	luci.http.redirect(api.url("node_config", uuid))
+end
+
+function clear_all_nodes()
+	uci:set(appname, '@global[0]', "enabled", "0")
+	uci:set(appname, '@global[0]', "node", "nil")
+	uci:foreach(appname, "socks", function(t)
+		uci:delete(appname, t[".name"])
+		uci:set_list(appname, t[".name"], "autoswitch_backup_node", {})
+	end)
+	uci:foreach(appname, "haproxy_config", function(t)
+		uci:delete(appname, t[".name"])
+	end)
+	uci:foreach(appname, "acl_rule", function(t)
+		uci:set(appname, t[".name"], "node", "default")
+	end)
+	uci:foreach(appname, "nodes", function(node)
+		uci:delete(appname, node['.name'])
+	end)
+
+	uci:commit(appname)
+	luci.sys.call("/etc/init.d/" .. appname .. " stop")
+end
+
+function delete_select_nodes()
+	local ids = luci.http.formvalue("ids")
+	string.gsub(ids, '[^' .. "," .. ']+', function(w)
+		if (uci:get(appname, "@global[0]", "node") or "nil") == w then
+			uci:set(appname, '@global[0]', "node", "nil")
+		end
+		uci:foreach(appname, "socks", function(t)
+			if t["node"] == w then
+				uci:delete(appname, t[".name"])
+			end
+			local auto_switch_node_list = uci:get(appname, t[".name"], "autoswitch_backup_node") or {}
+			for i = #auto_switch_node_list, 1, -1 do
+				if w == auto_switch_node_list[i] then
+					table.remove(auto_switch_node_list, i)
+				end
+			end
+			uci:set_list(appname, t[".name"], "autoswitch_backup_node", auto_switch_node_list)
+		end)
+		uci:foreach(appname, "haproxy_config", function(t)
+			if t["lbss"] == w then
+				uci:delete(appname, t[".name"])
+			end
+		end)
+		uci:foreach(appname, "acl_rule", function(t)
+			if t["node"] == w then
+				uci:set(appname, t[".name"], "node", "default")
+			end
+		end)
+		uci:delete(appname, w)
+	end)
+	uci:commit(appname)
+	luci.sys.call("/etc/init.d/" .. appname .. " restart > /dev/null 2>&1 &")
+end
+
+function update_rules()
+	local update = luci.http.formvalue("update")
+	luci.sys.call("lua /usr/share/passwall2/rule_update.lua log '" .. update .. "' > /dev/null 2>&1 &")
+	http_write_json()
+end
+
+function server_user_status()
+	local e = {}
+	e.index = luci.http.formvalue("index")
+	e.status = luci.sys.call(string.format("/bin/busybox top -bn1 | grep -v 'grep' | grep '%s/bin/' | grep -i '%s' >/dev/null", appname .. "_server", luci.http.formvalue("id"))) == 0
+	http_write_json(e)
+end
+
+function server_user_log()
+	local id = luci.http.formvalue("id")
+	if nixio.fs.access("/tmp/etc/passwall2_server/" .. id .. ".log") then
+		local content = luci.sys.exec("cat /tmp/etc/passwall2_server/" .. id .. ".log")
+		content = content:gsub("\n", "<br />")
+		luci.http.write(content)
+	else
+		luci.http.write(string.format("<script>alert('%s');window.close();</script>", i18n.translate("Not enabled log")))
+	end
+end
+
+function server_get_log()
+	luci.http.write(luci.sys.exec("[ -f '/tmp/log/passwall2_server.log' ] && cat /tmp/log/passwall2_server.log"))
+end
+
+function server_clear_log()
+	luci.sys.call("echo '' > /tmp/log/passwall2_server.log")
+end
+
+function com_check(comname)
+	local json = api.to_check("", comname)
+	http_write_json(json)
+end
+
+function com_update(comname)
+	local json = nil
+	local task = http.formvalue("task")
+	if task == "extract" then
+		json = api.to_extract(comname, http.formvalue("file"), http.formvalue("subfix"))
+	elseif task == "move" then
+		json = api.to_move(comname, http.formvalue("file"))
+	else
+		json = api.to_download(comname, http.formvalue("url"), http.formvalue("size"))
+	end
+
+	http_write_json(json)
+end
+
+

luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl.lua

@@ -0,0 +1,63 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+local sys = api.sys
+local has_chnlist = api.fs.access("/usr/share/passwall2/rules/chnlist")
+
+m = Map(appname)
+api.set_apply_on_parse(m)
+
+s = m:section(TypedSection, "global", translate("ACLs"), "<font color='red'>" .. translate("ACLs is a tools which used to designate specific IP proxy mode.") .. "</font>")
+s.anonymous = true
+
+o = s:option(Flag, "acl_enable", translate("Main switch"))
+o.rmempty = false
+o.default = false
+
+-- [[ ACLs Settings ]]--
+s = m:section(TypedSection, "acl_rule")
+s.template = "cbi/tblsection"
+s.sortable = true
+s.anonymous = true
+s.addremove = true
+s.extedit = api.url("acl_config", "%s")
+function s.create(e, t)
+	t = TypedSection.create(e, t)
+	luci.http.redirect(e.extedit:format(t))
+end
+
+---- Enable
+o = s:option(Flag, "enabled", translate("Enable"))
+o.default = 1
+o.rmempty = false
+
+---- Remarks
+o = s:option(Value, "remarks", translate("Remarks"))
+o.rmempty = true
+
+local mac_t = {}
+sys.net.mac_hints(function(e, t)
+	mac_t[e] = {
+		ip = t,
+		mac = e
+	}
+end)
+
+o = s:option(DummyValue, "sources", translate("Source"))
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	local e = ''
+	local v = Value.cfgvalue(t, n) or ''
+	string.gsub(v, '[^' .. " " .. ']+', function(w)
+		local a = w
+		if mac_t[w] then
+			a = a .. ' (' .. mac_t[w].ip .. ')'
+		end
+		if #e > 0 then
+			e = e .. "<br />"
+		end
+		e = e .. a
+	end)
+	return e
+end
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl_config.lua

@@ -0,0 +1,298 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+local uci = api.uci
+local sys = api.sys
+
+local port_validate = function(self, value, t)
+	return value:gsub("-", ":")
+end
+
+m = Map(appname)
+api.set_apply_on_parse(m)
+
+local nodes_table = {}
+for k, e in ipairs(api.get_valid_nodes()) do
+	nodes_table[#nodes_table + 1] = e
+end
+
+local dynamicList_write = function(self, section, value)
+	local t = {}
+	local t2 = {}
+	if type(value) == "table" then
+		local x
+		for _, x in ipairs(value) do
+			if x and #x > 0 then
+				if not t2[x] then
+					t2[x] = x
+					t[#t+1] = x
+				end
+			end
+		end
+	else
+		t = { value }
+	end
+	t = table.concat(t, " ")
+	return DynamicList.write(self, section, t)
+end
+local doh_validate = function(self, value, t)
+	if value ~= "" then
+		local flag = 0
+		local util = require "luci.util"
+		local val = util.split(value, ",")
+		local url = val[1]
+		val[1] = nil
+		for i = 1, #val do
+			local v = val[i]
+			if v then
+				if not datatypes.ipmask4(v) then
+					flag = 1
+				end
+			end
+		end
+		if flag == 0 then
+			return value
+		end
+	end
+	return nil, translate("DoH request address") .. " " .. translate("Format must be:") .. " URL,IP"
+end
+-- [[ ACLs Settings ]]--
+s = m:section(NamedSection, arg[1], translate("ACLs"), translate("ACLs"))
+s.addremove = false
+s.dynamic = false
+
+---- Enable
+o = s:option(Flag, "enabled", translate("Enable"))
+o.default = 1
+o.rmempty = false
+
+---- Remarks
+o = s:option(Value, "remarks", translate("Remarks"))
+o.default = arg[1]
+o.rmempty = true
+
+local mac_t = {}
+sys.net.mac_hints(function(e, t)
+	mac_t[#mac_t + 1] = {
+		ip = t,
+		mac = e
+	}
+end)
+table.sort(mac_t, function(a,b)
+	if #a.ip < #b.ip then
+		return true
+	elseif #a.ip == #b.ip then
+		if a.ip < b.ip then
+			return true
+		else
+			return #a.ip < #b.ip
+		end
+	end
+	return false
+end)
+
+---- Source
+sources = s:option(DynamicList, "sources", translate("Source"))
+sources.description = "<ul><li>" .. translate("Example:")
+.. "</li><li>" .. translate("MAC") .. ": 00:00:00:FF:FF:FF"
+.. "</li><li>" .. translate("IP") .. ": 192.168.1.100"
+.. "</li><li>" .. translate("IP CIDR") .. ": 192.168.1.0/24"
+.. "</li><li>" .. translate("IP range") .. ": 192.168.1.100-192.168.1.200"
+.. "</li><li>" .. translate("IPSet") .. ": ipset:lanlist"
+.. "</li></ul>"
+sources.cast = "string"
+for _, key in pairs(mac_t) do
+	sources:value(key.mac, "%s (%s)" % {key.mac, key.ip})
+end
+sources.cfgvalue = function(self, section)
+	local value
+	if self.tag_error[section] then
+		value = self:formvalue(section)
+	else
+		value = self.map:get(section, self.option)
+		if type(value) == "string" then
+			local value2 = {}
+			string.gsub(value, '[^' .. " " .. ']+', function(w) table.insert(value2, w) end)
+			value = value2
+		end
+	end
+	return value
+end
+sources.validate = function(self, value, t)
+	local err = {}
+	for _, v in ipairs(value) do
+		local flag = false
+		if v:find("ipset:") and v:find("ipset:") == 1 then
+			local ipset = v:gsub("ipset:", "")
+			if ipset and ipset ~= "" then
+				flag = true
+			end
+		end
+
+		if flag == false and datatypes.macaddr(v) then
+			flag = true
+		end
+
+		if flag == false and datatypes.ip4addr(v) then
+			flag = true
+		end
+
+		if flag == false and api.iprange(v) then
+			flag = true
+		end
+
+		if flag == false then
+			err[#err + 1] = v
+		end
+	end
+
+	if #err > 0 then
+		self:add_error(t, "invalid", translate("Not true format, please re-enter!"))
+		for _, v in ipairs(err) do
+			self:add_error(t, "invalid", v)
+		end
+	end
+
+	return value
+end
+sources.write = dynamicList_write
+
+---- TCP No Redir Ports
+local TCP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_no_redir_ports")
+o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
+o.default = "default"
+o:value("disable", translate("No patterns are used"))
+o:value("default", translate("Use global config") .. "(" .. TCP_NO_REDIR_PORTS .. ")")
+o:value("1:65535", translate("All"))
+o.validate = port_validate
+
+---- UDP No Redir Ports
+local UDP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "udp_no_redir_ports")
+o = s:option(Value, "udp_no_redir_ports", translate("UDP No Redir Ports"),
+	"<font color='red'>" ..
+	translate("If you don't want to let the device in the list to go proxy, please choose all.") ..
+	"</font>")
+o.default = "default"
+o:value("disable", translate("No patterns are used"))
+o:value("default", translate("Use global config") .. "(" .. UDP_NO_REDIR_PORTS .. ")")
+o:value("1:65535", translate("All"))
+o.validate = port_validate
+
+node = s:option(ListValue, "node", "<a style='color: red'>" .. translate("Node") .. "</a>")
+node.default = "default"
+node:value("default", translate("Use global config"))
+for k, v in pairs(nodes_table) do
+	node:value(v.id, v["remark"])
+end
+
+---- TCP Redir Ports
+local TCP_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_redir_ports")
+o = s:option(Value, "tcp_redir_ports", translate("TCP Redir Ports"))
+o.default = "default"
+o:value("default", translate("Use global config") .. "(" .. TCP_REDIR_PORTS .. ")")
+o:value("1:65535", translate("All"))
+o:value("22,25,53,143,465,587,853,993,995,80,443", translate("Common Use"))
+o:value("80,443", "80,443")
+o.validate = port_validate
+
+---- UDP Redir Ports
+local UDP_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "udp_redir_ports")
+o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports"))
+o.default = "default"
+o:value("default", translate("Use global config") .. "(" .. UDP_REDIR_PORTS .. ")")
+o:value("1:65535", translate("All"))
+o.validate = port_validate
+
+o = s:option(ListValue, "remote_dns_protocol", translate("Remote DNS Protocol"))
+o:value("tcp", "TCP")
+o:value("doh", "DoH")
+o:value("udp", "UDP")
+o:depends({ node = "default",  ['!reverse'] = true })
+
+---- DNS Forward
+o = s:option(Value, "remote_dns", translate("Remote DNS"))
+o.datatype = "or(ipaddr,ipaddrport)"
+o.default = "1.1.1.1"
+o:value("1.1.1.1", "1.1.1.1 (CloudFlare)")
+o:value("1.1.1.2", "1.1.1.2 (CloudFlare-Security)")
+o:value("8.8.4.4", "8.8.4.4 (Google)")
+o:value("8.8.8.8", "8.8.8.8 (Google)")
+o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
+o:value("149.112.112.112", "149.112.112.112 (Quad9-Recommended)")
+o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
+o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
+o:depends("remote_dns_protocol", "tcp")
+o:depends("remote_dns_protocol", "udp")
+
+---- DoH
+o = s:option(Value, "remote_dns_doh", translate("Remote DNS DoH"))
+o:value("https://1.1.1.1/dns-query", "CloudFlare")
+o:value("https://1.1.1.2/dns-query", "CloudFlare-Security")
+o:value("https://8.8.4.4/dns-query", "Google 8844")
+o:value("https://8.8.8.8/dns-query", "Google 8888")
+o:value("https://9.9.9.9/dns-query", "Quad9-Recommended 9.9.9.9")
+o:value("https://149.112.112.112/dns-query", "Quad9-Recommended 149.112.112.112")
+o:value("https://208.67.222.222/dns-query", "OpenDNS")
+o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
+o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
+o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
+o.default = "https://1.1.1.1/dns-query"
+o.validate = doh_validate
+o:depends("remote_dns_protocol", "doh")
+
+o = s:option(Value, "remote_dns_client_ip", translate("Remote DNS EDNS Client Subnet"))
+o.description = translate("Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address).") .. "<br />" ..
+				translate("This feature requires the DNS server to support the Edns Client Subnet (RFC7871).")
+o.datatype = "ipaddr"
+o:depends({ __hide = true })
+
+o = s:option(ListValue, "remote_dns_detour", translate("Remote DNS Outbound"))
+o.default = "remote"
+o:value("remote", translate("Remote"))
+o:value("direct", translate("Direct"))
+o:depends("remote_dns_protocol", "tcp")
+o:depends("remote_dns_protocol", "doh")
+o:depends("remote_dns_protocol", "udp")
+
+o = s:option(Flag, "remote_fakedns", "FakeDNS", translate("Use FakeDNS work in the shunt domain that proxy."))
+o.default = "0"
+o.rmempty = false
+o:depends("remote_dns_protocol", "tcp")
+o:depends("remote_dns_protocol", "doh")
+o:depends("remote_dns_protocol", "udp")
+
+o = s:option(ListValue, "remote_dns_query_strategy", translate("Remote Query Strategy"))
+o.default = "UseIPv4"
+o:value("UseIP")
+o:value("UseIPv4")
+o:value("UseIPv6")
+o:depends("remote_dns_protocol", "tcp")
+o:depends("remote_dns_protocol", "doh")
+o:depends("remote_dns_protocol", "udp")
+
+o = s:option(TextValue, "dns_hosts", translate("Domain Override"))
+o.rows = 5
+o.wrap = "off"
+o:depends({ __hide = true })
+o.remove = function(self, section)
+	local node_value = node:formvalue(arg[1])
+	if node_value ~= "nil" then
+		local node_t = m:get(node_value) or {}
+		if node_t.type == "Xray" then
+			AbstractValue.remove(self, section)
+		end
+	end
+end
+
+for k, v in pairs(nodes_table) do
+	if v.type == "Xray" then
+		s.fields["remote_dns_client_ip"]:depends({ node = v.id, remote_dns_protocol = "tcp" })
+		s.fields["remote_dns_client_ip"]:depends({ node = v.id, remote_dns_protocol = "doh" })
+		s.fields["dns_hosts"]:depends({ node = v.id })
+	end
+end
+
+o = s:option(Flag, "write_ipset_direct", translate("Direct DNS result write to IPSet"), translate("Perform the matching direct domain name rules into IP to IPSet/NFTSet, and then connect directly (not entering the core). Maybe conflict with some special circumstances."))
+o.default = "1"
+o:depends({ node = "default",  ['!reverse'] = true })
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/app_update.lua

@@ -0,0 +1,29 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+
+m = Map(appname)
+api.set_apply_on_parse(m)
+
+-- [[ App Settings ]]--
+s = m:section(TypedSection, "global_app", translate("App Update"),
+	"<font color='red'>" ..
+	translate("Please confirm that your firmware supports FPU.") ..
+	"</font>")
+s.anonymous = true
+s:append(Template(appname .. "/app_update/app_version"))
+
+local k, v
+local com = require "luci.passwall2.com"
+for k, v in pairs(com) do
+	o = s:option(Value, k:gsub("%-","_") .. "_file", translatef("%s App Path", v.name))
+	o.default = v.default_path or ("/usr/bin/" .. k)
+	o.rmempty = false
+end
+
+o = s:option(DummyValue, "tips", " ")
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	return string.format('<font color="red">%s</font>', translate("if you want to run from memory, change the path, /tmp beginning then save the application and update it manually."))
+end
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua

@@ -0,0 +1,415 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+local uci = api.uci
+local datatypes = api.datatypes
+local has_singbox = api.finded_com("singbox")
+local has_xray = api.finded_com("xray")
+
+m = Map(appname)
+api.set_apply_on_parse(m)
+
+local nodes_table = {}
+for k, e in ipairs(api.get_valid_nodes()) do
+	nodes_table[#nodes_table + 1] = e
+end
+
+local normal_list = {}
+local balancing_list = {}
+local shunt_list = {}
+local iface_list = {}
+for k, v in pairs(nodes_table) do
+	if v.node_type == "normal" then
+		normal_list[#normal_list + 1] = v
+	end
+	if v.protocol and v.protocol == "_balancing" then
+		balancing_list[#balancing_list + 1] = v
+	end
+	if v.protocol and v.protocol == "_shunt" then
+		shunt_list[#shunt_list + 1] = v
+	end
+	if v.protocol and v.protocol == "_iface" then
+		iface_list[#iface_list + 1] = v
+	end
+end
+
+local socks_list = {}
+uci:foreach(appname, "socks", function(s)
+	if s.enabled == "1" and s.node then
+		socks_list[#socks_list + 1] = {
+			id = "Socks_" .. s[".name"],
+			remark = translate("Socks Config") .. " [" .. s.port .. "端口]"
+		}
+	end
+end)
+
+local doh_validate = function(self, value, t)
+	if value ~= "" then
+		local flag = 0
+		local util = require "luci.util"
+		local val = util.split(value, ",")
+		local url = val[1]
+		val[1] = nil
+		for i = 1, #val do
+			local v = val[i]
+			if v then
+				if not datatypes.ipmask4(v) and not datatypes.ipmask6(v) then
+					flag = 1
+				end
+			end
+		end
+		if flag == 0 then
+			return value
+		end
+	end
+	return nil, translate("DoH request address") .. " " .. translate("Format must be:") .. " URL,IP"
+end
+
+m:append(Template(appname .. "/global/status"))
+
+local global_cfgid = uci:get_all(appname, "@global[0]")[".name"]
+
+s = m:section(TypedSection, "global")
+s.anonymous = true
+s.addremove = false
+
+s:tab("Main", translate("Main"))
+
+-- [[ Global Settings ]]--
+o = s:taboption("Main", Flag, "enabled", translate("Main switch"))
+o.rmempty = false
+
+---- Node
+node = s:taboption("Main", ListValue, "node", "<a style='color: red'>" .. translate("Node") .. "</a>")
+node:value("nil", translate("Close"))
+
+-- 分流
+if (has_singbox or has_xray) and #nodes_table > 0 then
+	local function get_cfgvalue(shunt_node_id, option)
+		return function(self, section)
+			return m:get(shunt_node_id, option) or "nil"
+		end
+	end
+	local function get_write(shunt_node_id, option)
+		return function(self, section, value)
+			m:set(shunt_node_id, option, value)
+		end
+	end
+	if #normal_list > 0 then
+		for k, v in pairs(shunt_list) do
+			local vid = v.id
+			-- shunt node type, Sing-Box or Xray
+			local type = s:taboption("Main", ListValue, vid .. "-type", translate("Type"))
+			if has_singbox then
+				type:value("sing-box", translate("Sing-Box"))
+			end
+			if has_xray then
+				type:value("Xray", translate("Xray"))
+			end
+			type.cfgvalue = get_cfgvalue(v.id, "type")
+			type.write = get_write(v.id, "type")
+			
+			-- pre-proxy
+			o = s:taboption("Main", Flag, vid .. "-preproxy_enabled", translate("Preproxy"))
+			o:depends("node", v.id)
+			o.rmempty = false
+			o.cfgvalue = get_cfgvalue(v.id, "preproxy_enabled")
+			o.write = get_write(v.id, "preproxy_enabled")
+
+			o = s:taboption("Main", ListValue, vid .. "-main_node", string.format('<a style="color:red">%s</a>', translate("Preproxy Node")), translate("Set the node to be used as a pre-proxy. Each rule (including <code>Default</code>) has a separate switch that controls whether this rule uses the pre-proxy or not."))
+			o:depends(vid .. "-preproxy_enabled", "1")
+			for k1, v1 in pairs(socks_list) do
+				o:value(v1.id, v1.remark)
+			end
+			for k1, v1 in pairs(balancing_list) do
+				o:value(v1.id, v1.remark)
+			end
+			for k1, v1 in pairs(iface_list) do
+				o:value(v1.id, v1.remark)
+			end
+			for k1, v1 in pairs(normal_list) do
+				o:value(v1.id, v1.remark)
+			end
+			if #o.keylist > 0 then
+				o.default = o.keylist[1]
+			end
+			o.cfgvalue = get_cfgvalue(v.id, "main_node")
+			o.write = get_write(v.id, "main_node")
+
+			if (has_singbox and has_xray) or (v.type == "sing-box" and not has_singbox) or (v.type == "Xray" and not has_xray) then
+				type:depends("node", v.id)
+			else
+				type:depends("node", "hide") --不存在的依赖，即始终隐藏
+			end
+
+			uci:foreach(appname, "shunt_rules", function(e)
+				local id = e[".name"]
+				local node_option = vid .. "-" .. id .. "_node"
+				if id and e.remarks then
+					o = s:taboption("Main", ListValue, node_option, string.format('* <a href="%s" target="_blank">%s</a>', api.url("shunt_rules", id), e.remarks))
+					o.cfgvalue = get_cfgvalue(v.id, id)
+					o.write = get_write(v.id, id)
+					o:depends("node", v.id)
+					o.default = "nil"
+					o:value("nil", translate("Close"))
+					o:value("_default", translate("Default"))
+					o:value("_direct", translate("Direct Connection"))
+					o:value("_blackhole", translate("Blackhole"))
+
+					local pt = s:taboption("Main", ListValue, vid .. "-".. id .. "_proxy_tag", string.format('* <a style="color:red">%s</a>', e.remarks .. " " .. translate("Preproxy")))
+					pt.cfgvalue = get_cfgvalue(v.id, id .. "_proxy_tag")
+					pt.write = get_write(v.id, id .. "_proxy_tag")
+					pt:value("nil", translate("Close"))
+					pt:value("main", translate("Preproxy Node"))
+					pt.default = "nil"
+					for k1, v1 in pairs(socks_list) do
+						o:value(v1.id, v1.remark)
+					end
+					for k1, v1 in pairs(balancing_list) do
+						o:value(v1.id, v1.remark)
+					end
+					for k1, v1 in pairs(iface_list) do
+						o:value(v1.id, v1.remark)
+					end
+					for k1, v1 in pairs(normal_list) do
+						o:value(v1.id, v1.remark)
+						pt:depends({ [node_option] = v1.id, [vid .. "-preproxy_enabled"] = "1" })
+					end
+				end
+			end)
+
+			local id = "default_node"
+			o = s:taboption("Main", ListValue, vid .. "-" .. id, string.format('* <a style="color:red">%s</a>', translate("Default")))
+			o.cfgvalue = get_cfgvalue(v.id, id)
+			o.write = get_write(v.id, id)
+			o:depends("node", v.id)
+			o.default = "_direct"
+			o:value("_direct", translate("Direct Connection"))
+			o:value("_blackhole", translate("Blackhole"))
+			for k1, v1 in pairs(socks_list) do
+				o:value(v1.id, v1.remark)
+			end
+			for k1, v1 in pairs(balancing_list) do
+				o:value(v1.id, v1.remark)
+			end
+			for k1, v1 in pairs(iface_list) do
+				o:value(v1.id, v1.remark)
+			end
+			for k1, v1 in pairs(normal_list) do
+				o:value(v1.id, v1.remark)
+			end
+
+			local id = "default_proxy_tag"
+			o = s:taboption("Main", ListValue, vid .. "-" .. id, string.format('* <a style="color:red">%s</a>', translate("Default Preproxy")), translate("When using, localhost will connect this node first and then use this node to connect the default node."))
+			o.cfgvalue = get_cfgvalue(v.id, id)
+			o.write = get_write(v.id, id)
+			o:value("nil", translate("Close"))
+			o:value("main", translate("Preproxy Node"))
+			for k1, v1 in pairs(normal_list) do
+				if v1.protocol ~= "_balancing" then
+					o:depends({ [vid .. "-default_node"] = v1.id, [vid .. "-preproxy_enabled"] = "1" })
+				end
+			end
+		end
+	else
+		local tips = s:taboption("Main", DummyValue, "tips", " ")
+		tips.rawhtml = true
+		tips.cfgvalue = function(t, n)
+			return string.format('<a style="color: red">%s</a>', translate("There are no available nodes, please add or subscribe nodes first."))
+		end
+		tips:depends({ node = "nil", ["!reverse"] = true })
+		for k, v in pairs(shunt_list) do
+			tips:depends("node", v.id)
+		end
+		for k, v in pairs(balancing_list) do
+			tips:depends("node", v.id)
+		end
+	end
+end
+
+o = s:taboption("Main", Flag, "localhost_proxy", translate("Localhost Proxy"), translate("When selected, localhost can transparent proxy."))
+o.default = "1"
+o.rmempty = false
+
+o = s:taboption("Main", Flag, "client_proxy", translate("Client Proxy"), translate("When selected, devices in LAN can transparent proxy. Otherwise, it will not be proxy. But you can still use access control to allow the designated device to proxy."))
+o.default = "1"
+o.rmempty = false
+
+node_socks_port = s:taboption("Main", Value, "node_socks_port", translate("Node") .. " Socks " .. translate("Listen Port"))
+node_socks_port.default = 1070
+node_socks_port.datatype = "port"
+
+node_socks_bind_local = s:taboption("Main", Flag, "node_socks_bind_local", translate("Node") .. " Socks " .. translate("Bind Local"), translate("When selected, it can only be accessed localhost."))
+node_socks_bind_local.default = "1"
+node_socks_bind_local:depends({ node = "nil", ["!reverse"] = true })
+
+s:tab("DNS", translate("DNS"))
+
+o = s:taboption("DNS", ListValue, "remote_dns_protocol", translate("Remote DNS Protocol"))
+o:value("tcp", "TCP")
+o:value("doh", "DoH")
+o:value("udp", "UDP")
+
+---- DNS Forward
+o = s:taboption("DNS", Value, "remote_dns", translate("Remote DNS"))
+o.datatype = "or(ipaddr,ipaddrport)"
+o.default = "1.1.1.1"
+o:value("1.1.1.1", "1.1.1.1 (CloudFlare)")
+o:value("1.1.1.2", "1.1.1.2 (CloudFlare-Security)")
+o:value("8.8.4.4", "8.8.4.4 (Google)")
+o:value("8.8.8.8", "8.8.8.8 (Google)")
+o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
+o:value("149.112.112.112", "149.112.112.112 (Quad9-Recommended)")
+o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
+o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
+o:depends("remote_dns_protocol", "tcp")
+o:depends("remote_dns_protocol", "udp")
+
+---- DoH
+o = s:taboption("DNS", Value, "remote_dns_doh", translate("Remote DNS DoH"))
+o.default = "https://1.1.1.1/dns-query"
+o:value("https://1.1.1.1/dns-query", "CloudFlare")
+o:value("https://1.1.1.2/dns-query", "CloudFlare-Security")
+o:value("https://8.8.4.4/dns-query", "Google 8844")
+o:value("https://8.8.8.8/dns-query", "Google 8888")
+o:value("https://9.9.9.9/dns-query", "Quad9-Recommended 9.9.9.9")
+o:value("https://149.112.112.112/dns-query", "Quad9-Recommended 149.112.112.112")
+o:value("https://208.67.222.222/dns-query", "OpenDNS")
+o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
+o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
+o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
+o.validate = doh_validate
+o:depends("remote_dns_protocol", "doh")
+
+o = s:taboption("DNS", Value, "remote_dns_client_ip", translate("Remote DNS EDNS Client Subnet"))
+o.description = translate("Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address).") .. "<br />" ..
+				translate("This feature requires the DNS server to support the Edns Client Subnet (RFC7871).")
+o.datatype = "ipaddr"
+o:depends({ __hide = true })
+
+o = s:taboption("DNS", ListValue, "remote_dns_detour", translate("Remote DNS Outbound"))
+o.default = "remote"
+o:value("remote", translate("Remote"))
+o:value("direct", translate("Direct"))
+
+o = s:taboption("DNS", Flag, "remote_fakedns", "FakeDNS", translate("Use FakeDNS work in the shunt domain that proxy."))
+o.default = "0"
+o.rmempty = false
+
+o = s:taboption("DNS", ListValue, "remote_dns_query_strategy", translate("Remote Query Strategy"))
+o.default = "UseIPv4"
+o:value("UseIP")
+o:value("UseIPv4")
+o:value("UseIPv6")
+
+o = s:taboption("DNS", TextValue, "dns_hosts", translate("Domain Override"))
+o.rows = 5
+o.wrap = "off"
+o:depends({ __hide = true })
+o.remove = function(self, section)
+	local node_value = node:formvalue(global_cfgid)
+	if node_value ~= "nil" then
+		local node_t = m:get(node_value) or {}
+		if node_t.type == "Xray" then
+			AbstractValue.remove(self, section)
+		end
+	end
+end
+
+o = s:taboption("DNS", Flag, "write_ipset_direct", translate("Direct DNS result write to IPSet"), translate("Perform the matching direct domain name rules into IP to IPSet/NFTSet, and then connect directly (not entering the core). Maybe conflict with some special circumstances."))
+o.default = "1"
+o.rmempty = false
+
+o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSet"), translate("Try this feature if the rule modification does not take effect."))
+o.inputstyle = "remove"
+function o.write(e, e)
+	luci.sys.call('[ -n "$(nft list sets 2>/dev/null | grep \"passwall2_\")" ] && sh /usr/share/passwall2/nftables.sh flush_nftset_reload || sh /usr/share/passwall2/iptables.sh flush_ipset_reload > /dev/null 2>&1 &')
+	luci.http.redirect(api.url("log"))
+end
+
+for k, v in pairs(nodes_table) do
+	if v.type == "Xray" then
+		s.fields["remote_dns_client_ip"]:depends({ node = v.id, remote_dns_protocol = "tcp" })
+		s.fields["remote_dns_client_ip"]:depends({ node = v.id, remote_dns_protocol = "doh" })
+		s.fields["dns_hosts"]:depends({ node = v.id })
+	end
+end
+
+s:tab("log", translate("Log"))
+o = s:taboption("log", Flag, "log_node", translate("Enable Node Log"))
+o.default = "1"
+o.rmempty = false
+
+loglevel = s:taboption("log", ListValue, "loglevel", translate("Log Level"))
+loglevel.default = "warning"
+loglevel:value("debug")
+loglevel:value("info")
+loglevel:value("warning")
+loglevel:value("error")
+
+s:tab("faq", "FAQ")
+
+o = s:taboption("faq", DummyValue, "")
+o.template = appname .. "/global/faq"
+
+-- [[ Socks Server ]]--
+o = s:taboption("Main", Flag, "socks_enabled", "Socks " .. translate("Main switch"))
+o.rmempty = false
+
+s = m:section(TypedSection, "socks", translate("Socks Config"))
+s.template = "cbi/tblsection"
+s.anonymous = true
+s.addremove = true
+s.extedit = api.url("socks_config", "%s")
+function s.create(e, t)
+	local uuid = api.gen_short_uuid()
+	t = uuid
+	TypedSection.create(e, t)
+	luci.http.redirect(e.extedit:format(t))
+end
+
+o = s:option(DummyValue, "status", translate("Status"))
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	return string.format('<div class="_status" socks_id="%s"></div>', n)
+end
+
+---- Enable
+o = s:option(Flag, "enabled", translate("Enable"))
+o.default = 1
+o.rmempty = false
+
+socks_node = s:option(ListValue, "node", translate("Socks Node"))
+
+local n = 1
+uci:foreach(appname, "socks", function(s)
+	if s[".name"] == section then
+		return false
+	end
+	n = n + 1
+end)
+
+o = s:option(Value, "port", "Socks " .. translate("Listen Port"))
+o.default = n + 1080
+o.datatype = "port"
+o.rmempty = false
+
+if has_singbox or has_xray then
+	o = s:option(Value, "http_port", "HTTP " .. translate("Listen Port") .. " " .. translate("0 is not use"))
+	o.default = 0
+	o.datatype = "port"
+end
+
+for k, v in pairs(nodes_table) do
+	node:value(v.id, v["remark"])
+	if v.type == "Socks" then
+		if has_singbox or has_xray then
+			socks_node:value(v.id, v["remark"])
+		end
+	else
+		socks_node:value(v.id, v["remark"])
+	end
+end
+
+m:append(Template(appname .. "/global/footer"))
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/haproxy.lua

@@ -0,0 +1,145 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+local sys = api.sys
+local net = require "luci.model.network".init()
+local datatypes = api.datatypes
+
+local nodes_table = {}
+for k, e in ipairs(api.get_valid_nodes()) do
+	if e.node_type == "normal" then
+		nodes_table[#nodes_table + 1] = {
+			id = e[".name"],
+			obj = e,
+			remarks = e["remark"]
+		}
+	end
+end
+
+m = Map(appname)
+api.set_apply_on_parse(m)
+
+-- [[ Haproxy Settings ]]--
+s = m:section(TypedSection, "global_haproxy")
+s.anonymous = true
+
+s:append(Template(appname .. "/haproxy/status"))
+
+---- Balancing Enable
+o = s:option(Flag, "balancing_enable", translate("Enable Load Balancing"))
+o.rmempty = false
+o.default = false
+
+---- Console Username
+o = s:option(Value, "console_user", translate("Console Username"))
+o.default = ""
+o:depends("balancing_enable", true)
+
+---- Console Password
+o = s:option(Value, "console_password", translate("Console Password"))
+o.password = true
+o.default = ""
+o:depends("balancing_enable", true)
+
+---- Console Port
+o = s:option(Value, "console_port", translate("Console Port"), translate(
+				 "In the browser input routing IP plus port access, such as:192.168.1.1:1188"))
+o.default = "1188"
+o:depends("balancing_enable", true)
+
+o = s:option(Flag, "bind_local", translate("Haproxy Port") .. " " .. translate("Bind Local"), translate("When selected, it can only be accessed localhost."))
+o.default = "0"
+o:depends("balancing_enable", true)
+
+---- Health Check Type
+o = s:option(ListValue, "health_check_type", translate("Health Check Type"))
+o.default = "passwall_logic"
+o:value("tcp", "TCP")
+o:value("passwall_logic", translate("URL Test") .. string.format("(passwall %s)", translate("Inner implement")))
+o:depends("balancing_enable", true)
+
+---- Health Check Inter
+o = s:option(Value, "health_check_inter", translate("Health Check Inter"), translate("Units:seconds"))
+o.default = "60"
+o:depends("balancing_enable", true)
+
+o = s:option(DummyValue, "health_check_tips", " ")
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	return string.format('<span style="color: red">%s</span>', translate("When the URL test is used, the load balancing node will be converted into a Socks node. when node list set customizing, must be a Socks node, otherwise the health check will be invalid."))
+end
+o:depends("health_check_type", "passwall_logic")
+
+-- [[ Balancing Settings ]]--
+s = m:section(TypedSection, "haproxy_config", "",
+			  "<font color='red'>" ..
+			  translate("Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline! Multiple groups can be set, Haproxy port same one for each group.") ..
+			  "\n" .. translate("Note that the node configuration parameters for load balancing must be consistent when use TCP health check type, otherwise it cannot be used normally!") ..
+			  "</font>")
+s.template = "cbi/tblsection"
+s.sortable = true
+s.anonymous = true
+s.addremove = true
+
+s.create = function(e, t)
+	TypedSection.create(e, api.gen_short_uuid())
+end
+
+s.remove = function(self, section)
+	for k, v in pairs(self.children) do
+		v.rmempty = true
+		v.validate = nil
+	end
+	TypedSection.remove(self, section)
+end
+
+---- Enable
+o = s:option(Flag, "enabled", translate("Enable"))
+o.default = 1
+o.rmempty = false
+
+---- Node Address
+o = s:option(Value, "lbss", translate("Node Address"))
+for k, v in pairs(nodes_table) do o:value(v.id, v.remarks) end
+o.rmempty = false
+o.validate = function(self, value)
+	if not value then return nil end
+	local t = m:get(value) or nil
+	if t and t[".type"] == "nodes" then
+		return value
+	end
+	if datatypes.hostport(value) or datatypes.ip4addrport(value) then
+		return value
+	end
+	if api.is_ipv6addrport(value) then
+		return value
+	end
+	return nil, value
+end
+
+---- Haproxy Port
+o = s:option(Value, "haproxy_port", translate("Haproxy Port"))
+o.datatype = "port"
+o.default = 1181
+o.rmempty = false
+
+---- Node Weight
+o = s:option(Value, "lbweight", translate("Node Weight"))
+o.datatype = "uinteger"
+o.default = 5
+o.rmempty = false
+
+---- Export
+o = s:option(ListValue, "export", translate("Export Of Multi WAN"))
+o:value(0, translate("Auto"))
+local wa = require "luci.tools.webadmin"
+wa.cbi_add_networks(o)
+o.default = 0
+o.rmempty = false
+
+---- Mode
+o = s:option(ListValue, "backup", translate("Mode"))
+o:value(0, translate("Primary"))
+o:value(1, translate("Standby"))
+o.rmempty = false
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/log.lua

@@ -0,0 +1,8 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+
+f = SimpleForm(appname)
+f.reset = false
+f.submit = false
+f:append(Template(appname .. "/log/log"))
+return f

luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_config.lua

@@ -0,0 +1,41 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+local uci = api.uci
+local fs = require "nixio.fs"
+local types_dir = "/usr/lib/lua/luci/model/cbi/passwall2/client/type/"
+
+if not arg[1] or not uci:get(appname, arg[1]) then
+	luci.http.redirect(api.url("node_list"))
+end
+
+m = Map(appname, translate("Node Config"))
+m.redirect = api.url()
+api.set_apply_on_parse(m)
+
+s = m:section(NamedSection, arg[1], "nodes", "")
+s.addremove = false
+s.dynamic = false
+
+o = s:option(DummyValue, "passwall2", " ")
+o.rawhtml  = true
+o.template = "passwall2/node_list/link_share_man"
+o.value = arg[1]
+
+o = s:option(Value, "remarks", translate("Node Remarks"))
+o.default = translate("Remarks")
+o.rmempty = false
+
+o = s:option(ListValue, "type", translate("Type"))
+
+local type_table = {}
+for filename in fs.dir(types_dir) do
+	table.insert(type_table, filename)
+end
+table.sort(type_table)
+
+for index, value in ipairs(type_table) do
+	local p_func = loadfile(types_dir .. value)
+	setfenv(p_func, getfenv(1))(m, s)
+end
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_list.lua

@@ -0,0 +1,160 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+local sys = api.sys
+local datatypes = api.datatypes
+
+m = Map(appname)
+api.set_apply_on_parse(m)
+
+-- [[ Other Settings ]]--
+s = m:section(TypedSection, "global_other")
+s.anonymous = true
+
+o = s:option(ListValue, "auto_detection_time", translate("Automatic detection delay"))
+o:value("0", translate("Close"))
+o:value("icmp", "Ping")
+o:value("tcping", "TCP Ping")
+
+o = s:option(Flag, "show_node_info", translate("Show server address and port"))
+o.default = "0"
+
+-- [[ Add the node via the link ]]--
+s:append(Template(appname .. "/node_list/link_add_node"))
+
+local auto_detection_time = m:get("@global_other[0]", "auto_detection_time") or "0"
+local show_node_info = m:get("@global_other[0]", "show_node_info") or "0"
+
+-- [[ Node List ]]--
+s = m:section(TypedSection, "nodes")
+s.anonymous = true
+s.addremove = true
+s.template = "cbi/tblsection"
+s.extedit = api.url("node_config", "%s")
+function s.create(e, t)
+	local uuid = api.gen_short_uuid()
+	t = uuid
+	TypedSection.create(e, t)
+	luci.http.redirect(e.extedit:format(t))
+end
+
+function s.remove(e, t)
+	m.uci:foreach(appname, "socks", function(s)
+		if s["node"] == t then
+			m:del(s[".name"])
+		end
+		for k, v in ipairs(m:get(s[".name"], "autoswitch_backup_node") or {}) do
+			if v and v == t then
+				sys.call(string.format("uci -q del_list %s.%s.autoswitch_backup_node='%s'", appname, s[".name"], v))
+			end
+		end
+	end)
+	m.uci:foreach(appname, "acl_rule", function(s)
+		if s["node"] and s["node"] == t then
+			m:set(s[".name"], "node", "default")
+		end
+	end)
+	TypedSection.remove(e, t)
+	local new_node = "nil"
+	local node0 = m:get("@nodes[0]") or nil
+	if node0 then
+		new_node = node0[".name"]
+	end
+	if (m:get("@global[0]", "node") or "nil") == t then
+		m:set('@global[0]', "node", new_node)
+	end
+end
+
+s.sortable = true
+-- 简洁模式
+o = s:option(DummyValue, "add_from", "")
+o.cfgvalue = function(t, n)
+	local v = Value.cfgvalue(t, n)
+	if v and v ~= '' then
+		local group = m:get(n, "group") or ""
+		if group ~= "" then
+			v = v .. " " .. group
+		end
+		return v
+	else
+		return ''
+	end
+end
+o = s:option(DummyValue, "remarks", translate("Remarks"))
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	local str = ""
+	local is_sub = m:get(n, "is_sub") or ""
+	local group = m:get(n, "group") or ""
+	local remarks = m:get(n, "remarks") or ""
+	local type = m:get(n, "type") or ""
+	str = str .. string.format("<input type='hidden' id='cbid.%s.%s.type' value='%s'/>", appname, n, type)
+	if type == "sing-box" or type == "Xray" then
+		local protocol = m:get(n, "protocol")
+		if protocol == "_balancing" then
+			protocol = translate("Balancing")
+		elseif protocol == "_shunt" then
+			protocol = translate("Shunt")
+		elseif protocol == "vmess" then
+			protocol = "VMess"
+		elseif protocol == "vless" then
+			protocol = "VLESS"
+		else
+			protocol = protocol:gsub("^%l",string.upper)
+		end
+		type = type .. " " .. protocol
+	end
+	local address = m:get(n, "address") or ""
+	local port = m:get(n, "port") or ""
+	str = str .. translate(type) .. "：" .. remarks
+	if address ~= "" and port ~= "" then
+		if show_node_info == "1" then
+			if datatypes.ip6addr(address) then
+				str = str .. string.format("（[%s]:%s）", address, port)
+			else
+				str = str .. string.format("（%s:%s）", address, port)
+			end
+		end
+		str = str .. string.format("<input type='hidden' id='cbid.%s.%s.address' value='%s'/>", appname, n, address)
+		str = str .. string.format("<input type='hidden' id='cbid.%s.%s.port' value='%s'/>", appname, n, port)
+	end
+	return str
+end
+
+---- Ping
+o = s:option(DummyValue, "ping", "Ping")
+o.width = "8%"
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	local result = "---"
+	if auto_detection_time ~= "icmp" then
+		result = string.format('<span class="ping"><a href="javascript:void(0)" onclick="javascript:ping_node(\'%s\', this, \'icmp\')">%s</a></span>', n, translate("Test"))
+	else
+		result = string.format('<span class="ping_value" cbiid="%s">---</span>', n)
+	end
+	return result
+end
+
+---- TCP Ping
+o = s:option(DummyValue, "tcping", "TCPing")
+o.width = "8%"
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	local result = "---"
+	if auto_detection_time ~= "tcping" then
+		result = string.format('<span class="ping"><a href="javascript:void(0)" onclick="javascript:ping_node(\'%s\', this, \'tcping\')">%s</a></span>', n, translate("Test"))
+	else
+		result = string.format('<span class="tcping_value" cbiid="%s">---</span>', n)
+	end
+	return result
+end
+
+o = s:option(DummyValue, "_url_test", translate("URL Test"))
+o.width = "8%"
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	return string.format('<span class="ping"><a href="javascript:void(0)" onclick="javascript:urltest_node(\'%s\', this)">%s</a></span>', n, translate("Test"))
+end
+
+m:append(Template(appname .. "/node_list/node_list"))
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_subscribe.lua

@@ -0,0 +1,177 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+local has_ss = api.is_finded("ss-redir")
+local has_ss_rust = api.is_finded("sslocal")
+local has_singbox = api.finded_com("singbox")
+local has_xray = api.finded_com("xray")
+local has_hysteria2 = api.finded_com("hysteria")
+local ss_type = {}
+local trojan_type = {}
+local vmess_type = {}
+local vless_type = {}
+local hysteria2_type = {}
+if has_ss then
+	local s = "shadowsocks-libev"
+	table.insert(ss_type, s)
+end
+if has_ss_rust then
+	local s = "shadowsocks-rust"
+	table.insert(ss_type, s)
+end
+if has_singbox then
+	local s = "sing-box"
+	table.insert(trojan_type, s)
+	table.insert(ss_type, s)
+	table.insert(vmess_type, s)
+	table.insert(vless_type, s)
+	table.insert(hysteria2_type, s)
+end
+if has_xray then
+	local s = "xray"
+	table.insert(trojan_type, s)
+	table.insert(ss_type, s)
+	table.insert(vmess_type, s)
+	table.insert(vless_type, s)
+end
+if has_hysteria2 then
+	local s = "hysteria2"
+	table.insert(hysteria2_type, s)
+end
+
+m = Map(appname)
+api.set_apply_on_parse(m)
+
+-- [[ Subscribe Settings ]]--
+s = m:section(TypedSection, "global_subscribe", "")
+s.anonymous = true
+
+o = s:option(ListValue, "filter_keyword_mode", translate("Filter keyword Mode"))
+o:value("0", translate("Close"))
+o:value("1", translate("Discard List"))
+o:value("2", translate("Keep List"))
+o:value("3", translate("Discard List,But Keep List First"))
+o:value("4", translate("Keep List,But Discard List First"))
+
+o = s:option(DynamicList, "filter_discard_list", translate("Discard List"))
+
+o = s:option(DynamicList, "filter_keep_list", translate("Keep List"))
+
+if #ss_type > 0 then
+	o = s:option(ListValue, "ss_type", translatef("%s Node Use Type", "Shadowsocks"))
+	for key, value in pairs(ss_type) do
+		o:value(value)
+	end
+end
+
+if #trojan_type > 0 then
+	o = s:option(ListValue, "trojan_type", translatef("%s Node Use Type", "Trojan"))
+	for key, value in pairs(trojan_type) do
+		o:value(value)
+	end
+end
+
+if #vmess_type > 0 then
+	o = s:option(ListValue, "vmess_type", translatef("%s Node Use Type", "VMess"))
+	for key, value in pairs(vmess_type) do
+		o:value(value)
+	end
+	if has_xray then
+		o.default = "xray"
+	end
+end
+
+if #vless_type > 0 then
+	o = s:option(ListValue, "vless_type", translatef("%s Node Use Type", "VLESS"))
+	for key, value in pairs(vless_type) do
+		o:value(value)
+	end
+	if has_xray then
+		o.default = "xray"
+	end
+end
+
+if #hysteria2_type > 0 then
+	o = s:option(ListValue, "hysteria2_type", translatef("%s Node Use Type", "Hysteria2"))
+	for key, value in pairs(hysteria2_type) do
+		o:value(value)
+	end
+	if has_hysteria2 then
+		o.default = "hysteria2"
+	end
+end
+
+---- Subscribe Delete All
+o = s:option(Button, "_stop", translate("Delete All Subscribe Node"))
+o.inputstyle = "remove"
+function o.write(e, e)
+	luci.sys.call("lua /usr/share/" .. appname .. "/subscribe.lua truncate > /dev/null 2>&1")
+end
+
+o = s:option(Button, "_update", translate("Manual subscription All"))
+o.inputstyle = "apply"
+function o.write(t, n)
+	luci.sys.call("lua /usr/share/" .. appname .. "/subscribe.lua start > /dev/null 2>&1 &")
+	luci.http.redirect(api.url("log"))
+end
+
+s = m:section(TypedSection, "subscribe_list", "", "<font color='red'>" .. translate("Please input the subscription url first, save and submit before manual subscription.") .. "</font>")
+s.addremove = true
+s.anonymous = true
+s.sortable = true
+s.template = "cbi/tblsection"
+s.extedit = api.url("node_subscribe_config", "%s")
+function s.create(e, t)
+	local id = TypedSection.create(e, t)
+	luci.http.redirect(e.extedit:format(id))
+end
+
+o = s:option(Value, "remark", translate("Remarks"))
+o.width = "auto"
+o.rmempty = false
+o.validate = function(self, value, t)
+	if value then
+		local count = 0
+		m.uci:foreach(appname, "subscribe_list", function(e)
+			if e[".name"] ~= t and e["remark"] == value then
+				count = count + 1
+			end
+		end)
+		if count > 0 then
+			return nil, translate("This remark already exists, please change a new remark.")
+		end
+		return value
+	end
+end
+
+o = s:option(DummyValue, "_node_count")
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	local remark = m:get(n, "remark") or ""
+	local num = 0
+	m.uci:foreach(appname, "nodes", function(s)
+		if s["add_from"] ~= "" and s["add_from"] == remark then
+			num = num + 1
+		end
+	end)
+	return string.format("<span title='%s' style='color:red'>%s</span>", remark .. " " .. translate("Node num") .. ": " .. num, num)
+end
+
+o = s:option(Value, "url", translate("Subscribe URL"))
+o.width = "auto"
+o.rmempty = false
+
+o = s:option(Button, "_remove", translate("Delete the subscribed node"))
+o.inputstyle = "remove"
+function o.write(t, n)
+	local remark = m:get(n, "remark") or "" 
+	luci.sys.call("lua /usr/share/" .. appname .. "/subscribe.lua truncate " .. remark .. " > /dev/null 2>&1")
+end
+
+o = s:option(Button, "_update", translate("Manual subscription"))
+o.inputstyle = "apply"
+function o.write(t, n)
+	luci.sys.call("lua /usr/share/" .. appname .. "/subscribe.lua start " .. n .. " > /dev/null 2>&1 &")
+	luci.http.redirect(api.url("log"))
+end
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_subscribe_config.lua

@@ -0,0 +1,173 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+local has_ss = api.is_finded("ss-redir")
+local has_ss_rust = api.is_finded("sslocal")
+local has_singbox = api.finded_com("singbox")
+local has_xray = api.finded_com("xray")
+local has_hysteria2 = api.finded_com("hysteria")
+local ss_type = {}
+local trojan_type = {}
+local vmess_type = {}
+local vless_type = {}
+local hysteria2_type = {}
+if has_ss then
+	local s = "shadowsocks-libev"
+	table.insert(ss_type, s)
+end
+if has_ss_rust then
+	local s = "shadowsocks-rust"
+	table.insert(ss_type, s)
+end
+if has_singbox then
+	local s = "sing-box"
+	table.insert(trojan_type, s)
+	table.insert(ss_type, s)
+	table.insert(vmess_type, s)
+	table.insert(vless_type, s)
+	table.insert(hysteria2_type, s)
+end
+if has_xray then
+	local s = "xray"
+	table.insert(trojan_type, s)
+	table.insert(ss_type, s)
+	table.insert(vmess_type, s)
+	table.insert(vless_type, s)
+end
+if has_hysteria2 then
+	local s = "hysteria2"
+	table.insert(hysteria2_type, s)
+end
+
+m = Map(appname)
+m.redirect = api.url("node_subscribe")
+api.set_apply_on_parse(m)
+
+s = m:section(NamedSection, arg[1])
+s.addremove = false
+s.dynamic = false
+
+o = s:option(Value, "remark", translate("Subscribe Remark"))
+o.rmempty = false
+
+o = s:option(TextValue, "url", translate("Subscribe URL"))
+o.rows = 5
+o.rmempty = false
+
+o = s:option(Flag, "allowInsecure", translate("allowInsecure"), translate("Whether unsafe connections are allowed. When checked, Certificate validation will be skipped."))
+o.default = "1"
+o.rmempty = false
+
+o = s:option(ListValue, "filter_keyword_mode", translate("Filter keyword Mode"))
+o.default = "5"
+o:value("0", translate("Close"))
+o:value("1", translate("Discard List"))
+o:value("2", translate("Keep List"))
+o:value("3", translate("Discard List,But Keep List First"))
+o:value("4", translate("Keep List,But Discard List First"))
+o:value("5", translate("Use global config"))
+
+o = s:option(DynamicList, "filter_discard_list", translate("Discard List"))
+o:depends("filter_keyword_mode", "1")
+o:depends("filter_keyword_mode", "3")
+o:depends("filter_keyword_mode", "4")
+
+o = s:option(DynamicList, "filter_keep_list", translate("Keep List"))
+o:depends("filter_keyword_mode", "2")
+o:depends("filter_keyword_mode", "3")
+o:depends("filter_keyword_mode", "4")
+
+if #ss_type > 0 then
+	o = s:option(ListValue, "ss_type", translatef("%s Node Use Type", "Shadowsocks"))
+	o.default = "global"
+	o:value("global", translate("Use global config"))
+	for key, value in pairs(ss_type) do
+		o:value(value)
+	end
+end
+
+if #trojan_type > 0 then
+	o = s:option(ListValue, "trojan_type", translatef("%s Node Use Type", "Trojan"))
+	o.default = "global"
+	o:value("global", translate("Use global config"))
+	for key, value in pairs(trojan_type) do
+		o:value(value)
+	end
+end
+
+if #vmess_type > 0 then
+	o = s:option(ListValue, "vmess_type", translatef("%s Node Use Type", "VMess"))
+	o.default = "global"
+	o:value("global", translate("Use global config"))
+	for key, value in pairs(vmess_type) do
+		o:value(value)
+	end
+end
+
+if #vless_type > 0 then
+	o = s:option(ListValue, "vless_type", translatef("%s Node Use Type", "VLESS"))
+	o.default = "global"
+	o:value("global", translate("Use global config"))
+	for key, value in pairs(vless_type) do
+		o:value(value)
+	end
+end
+
+if #hysteria2_type > 0 then
+	o = s:option(ListValue, "hysteria2_type", translatef("%s Node Use Type", "Hysteria2"))
+	o.default = "global"
+	o:value("global", translate("Use global config"))
+	for key, value in pairs(hysteria2_type) do
+		o:value(value)
+	end
+end
+
+---- Enable auto update subscribe
+o = s:option(Flag, "auto_update", translate("Enable auto update subscribe"))
+o.default = 0
+o.rmempty = false
+
+---- Week Update
+o = s:option(ListValue, "week_update", translate("Update Mode"))
+o:value(8, translate("Loop Mode"))
+o:value(7, translate("Every day"))
+o:value(1, translate("Every Monday"))
+o:value(2, translate("Every Tuesday"))
+o:value(3, translate("Every Wednesday"))
+o:value(4, translate("Every Thursday"))
+o:value(5, translate("Every Friday"))
+o:value(6, translate("Every Saturday"))
+o:value(0, translate("Every Sunday"))
+o.default = 7
+o:depends("auto_update", true)
+o.rmempty = true
+
+---- Time Update
+o = s:option(ListValue, "time_update", translate("Update Time(every day)"))
+for t = 0, 23 do o:value(t, t .. ":00") end
+o.default = 0
+o:depends("week_update", "0")
+o:depends("week_update", "1")
+o:depends("week_update", "2")
+o:depends("week_update", "3")
+o:depends("week_update", "4")
+o:depends("week_update", "5")
+o:depends("week_update", "6")
+o:depends("week_update", "7")
+o.rmempty = true
+
+---- Interval Update
+o = s:option(ListValue, "interval_update", translate("Update Interval(hour)"))
+for t = 1, 24 do o:value(t, t .. " " .. translate("hour")) end
+o.default = 2
+o:depends("week_update", "8")
+o.rmempty = true
+
+o = s:option(Value, "user_agent", translate("User-Agent"))
+o.default = "sing-box/9.9.9"
+o:value("curl", "Curl Default")
+o:value("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0", "Edge for Linux")
+o:value("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0", "Edge for Windows")
+o:value("Passwall2/OpenWrt", "PassWall2")
+o:value("sing-box/9.9.9", "Xboard(V2board)")
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/other.lua

@@ -0,0 +1,224 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+local fs = api.fs
+local uci = api.uci
+local has_singbox = api.finded_com("singbox")
+local has_xray = api.finded_com("xray")
+local has_fw3 = api.is_finded("fw3")
+local has_fw4 = api.is_finded("fw4")
+
+local port_validate = function(self, value, t)
+	return value:gsub("-", ":")
+end
+
+m = Map(appname)
+api.set_apply_on_parse(m)
+
+-- [[ Delay Settings ]]--
+s = m:section(TypedSection, "global_delay", translate("Delay Settings"))
+s.anonymous = true
+s.addremove = false
+
+---- Delay Start
+o = s:option(Value, "start_delay", translate("Delay Start"), translate("Units:seconds"))
+o.default = "1"
+o.rmempty = true
+
+---- Open and close Daemon
+o = s:option(Flag, "start_daemon", translate("Open and close Daemon"))
+o.default = 1
+o.rmempty = false
+
+--[[
+---- Open and close automatically
+o = s:option(Flag, "auto_on", translate("Open and close automatically"))
+o.default = 0
+o.rmempty = false
+
+---- Automatically turn off time
+o = s:option(ListValue, "time_off", translate("Automatically turn off time"))
+o.default = nil
+o:depends("auto_on", true)
+o:value(nil, translate("Disable"))
+for e = 0, 23 do o:value(e, e .. translate("oclock")) end
+
+---- Automatically turn on time
+o = s:option(ListValue, "time_on", translate("Automatically turn on time"))
+o.default = nil
+o:depends("auto_on", true)
+o:value(nil, translate("Disable"))
+for e = 0, 23 do o:value(e, e .. translate("oclock")) end
+
+---- Automatically restart time
+o = s:option(ListValue, "time_restart", translate("Automatically restart time"))
+o.default = nil
+o:depends("auto_on", true)
+o:value(nil, translate("Disable"))
+for e = 0, 23 do o:value(e, e .. translate("oclock")) end
+--]]
+
+-- [[ Forwarding Settings ]]--
+s = m:section(TypedSection, "global_forwarding", translate("Forwarding Settings"))
+s.anonymous = true
+s.addremove = false
+
+---- TCP No Redir Ports
+o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
+o.default = "disable"
+o:value("disable", translate("No patterns are used"))
+o:value("1:65535", translate("All"))
+o.validate = port_validate
+
+---- UDP No Redir Ports
+o = s:option(Value, "udp_no_redir_ports", translate("UDP No Redir Ports"),
+	"<font color='red'>" ..
+	translate("Fill in the ports you don't want to be forwarded by the agent, with the highest priority.") ..
+	"</font>")
+o.default = "disable"
+o:value("disable", translate("No patterns are used"))
+o:value("1:65535", translate("All"))
+o.validate = port_validate
+
+---- TCP Redir Ports
+o = s:option(Value, "tcp_redir_ports", translate("TCP Redir Ports"))
+o.default = "22,25,53,143,465,587,853,993,995,80,443"
+o:value("1:65535", translate("All"))
+o:value("22,25,53,143,465,587,853,993,995,80,443", translate("Common Use"))
+o:value("80,443", translate("Only Web"))
+o.validate = port_validate
+
+---- UDP Redir Ports
+o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports"))
+o.default = "1:65535"
+o:value("1:65535", translate("All"))
+o.validate = port_validate
+
+---- Use nftables
+o = s:option(ListValue, "use_nft", translate("Firewall tools"))
+o.default = "0"
+if has_fw3 then
+	o:value("0", "IPtables")
+end
+if has_fw4 then
+	o:value("1", "NFtables")
+end
+
+if (os.execute("lsmod | grep -i REDIRECT >/dev/null") == 0 and os.execute("lsmod | grep -i TPROXY >/dev/null") == 0) or (os.execute("lsmod | grep -i nft_redir >/dev/null") == 0 and os.execute("lsmod | grep -i nft_tproxy >/dev/null") == 0) then
+	o = s:option(ListValue, "tcp_proxy_way", translate("TCP Proxy Way"))
+	o.default = "redirect"
+	o:value("redirect", "REDIRECT")
+	o:value("tproxy", "TPROXY")
+	o:depends("ipv6_tproxy", false)
+
+	o = s:option(ListValue, "_tcp_proxy_way", translate("TCP Proxy Way"))
+	o.default = "tproxy"
+	o:value("tproxy", "TPROXY")
+	o:depends("ipv6_tproxy", true)
+	o.write = function(self, section, value)
+		return self.map:set(section, "tcp_proxy_way", value)
+	end
+
+	if os.execute("lsmod | grep -i ip6table_mangle >/dev/null") == 0 or os.execute("lsmod | grep -i nft_tproxy >/dev/null") == 0 then
+		---- IPv6 TProxy
+		o = s:option(Flag, "ipv6_tproxy", translate("IPv6 TProxy"),
+			"<font color='red'>" ..
+			translate("Experimental feature. Make sure that your node supports IPv6.") ..
+			"</font>")
+		o.default = 0
+		o.rmempty = false
+	end
+end
+
+o = s:option(Flag, "accept_icmp", translate("Hijacking ICMP (PING)"))
+o.default = 0
+
+o = s:option(Flag, "accept_icmpv6", translate("Hijacking ICMPv6 (IPv6 PING)"))
+o:depends("ipv6_tproxy", true)
+o.default = 0
+
+if has_xray then
+	s_xray = m:section(TypedSection, "global_xray", "Xray " .. translate("Settings"))
+	s_xray.anonymous = true
+	s_xray.addremove = false
+
+	o = s_xray:option(Flag, "fragment", translate("Fragment"), translate("TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists."))
+	o.default = 0
+	
+	o = s_xray:option(ListValue, "fragment_packets", translate("Fragment Packets"), translate(" \"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation."))
+	o.default = "tlshello"
+	o:value("tlshello", "tlshello")
+	o:value("1-2", "1-2")
+	o:value("1-3", "1-3")
+	o:value("1-5", "1-5")
+	o:depends("fragment", true)
+
+	o = s_xray:option(Value, "fragment_length", translate("Fragment Length"), translate("Fragmented packet length (byte)"))
+	o.default = "100-200"
+	o:depends("fragment", true)
+
+	o = s_xray:option(Value, "fragment_interval", translate("Fragment Interval"), translate("Fragmentation interval (ms)"))
+	o.default = "10-20"
+	o:depends("fragment", true)
+
+	o = s_xray:option(Flag, "sniffing_override_dest", translate("Override the connection destination address"), translate("Override the connection destination address with the sniffed domain."))
+	o.default = 0
+
+	o = s_xray:option(Flag, "route_only", translate("Sniffing Route Only"))
+	o.default = 0
+	o:depends("sniffing", true)
+
+	local domains_excluded = string.format("/usr/share/%s/domains_excluded", appname)
+	o = s_xray:option(TextValue, "excluded_domains", translate("Excluded Domains"), translate("If the traffic sniffing result is in this list, the destination address will not be overridden."))
+	o.rows = 15
+	o.wrap = "off"
+	o.cfgvalue = function(self, section) return fs.readfile(domains_excluded) or "" end
+	o.write = function(self, section, value) fs.writefile(domains_excluded, value:gsub("\r\n", "\n")) end
+	o:depends({sniffing_override_dest = true})
+
+	o = s_xray:option(Value, "buffer_size", translate("Buffer Size"), translate("Buffer size for every connection (kB)"))
+	o.datatype = "uinteger"
+end
+
+if has_singbox then
+	s = m:section(TypedSection, "global_singbox", "Sing-Box " .. translate("Settings"))
+	s.anonymous = true
+	s.addremove = false
+
+	o = s:option(Flag, "sniff_override_destination", translate("Override the connection destination address"), translate("Override the connection destination address with the sniffed domain."))
+	o.default = 0
+	o.rmempty = false
+
+	o = s:option(Value, "geoip_path", translate("Custom geoip Path"))
+	o.default = "/usr/share/singbox/geoip.db"
+	o.rmempty = false
+
+	o = s:option(Value, "geoip_url", translate("Custom geoip URL"))
+	o.default = "https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db"
+	o:value("https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db")
+	o.rmempty = false
+
+	o = s:option(Value, "geosite_path", translate("Custom geosite Path"))
+	o.default = "/usr/share/singbox/geosite.db"
+	o.rmempty = false
+
+	o = s:option(Value, "geosite_url", translate("Custom geosite URL"))
+	o.default = "https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db"
+	o:value("https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db")
+	o.rmempty = false
+
+	o = s:option(Button, "_remove_resource", translate("Remove resource files"))
+	o.description = translate("Sing-Box will automatically download resource files when starting, you can use this feature achieve upgrade resource files.")
+	o.inputstyle = "remove"
+	function o.write(self, section, value)
+		local geoip_path = s.fields["geoip_path"] and s.fields["geoip_path"]:formvalue(section) or nil
+		if geoip_path then
+			os.remove(geoip_path)
+		end
+		local geosite_path = s.fields["geosite_path"] and s.fields["geosite_path"]:formvalue(section) or nil
+		if geosite_path then
+			os.remove(geosite_path)
+		end
+	end
+end
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/rule.lua

@@ -0,0 +1,89 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+
+m = Map(appname)
+api.set_apply_on_parse(m)
+
+-- [[ Rule Settings ]]--
+s = m:section(TypedSection, "global_rules", translate("Rule status"))
+s.anonymous = true
+
+o = s:option(Value, "v2ray_location_asset", translate("Location of V2ray/Xray asset"), translate("This variable specifies a directory where geoip.dat and geosite.dat files are."))
+o.default = "/usr/share/v2ray/"
+o.rmempty = false
+
+---- Custom geo file url
+o = s:option(Value, "geoip_url", translate("Custom geoip URL"))
+o.default = "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest"
+o.rmempty = false
+
+o = s:option(Value, "geosite_url", translate("Custom geosite URL"))
+o.default = "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest"
+o.rmempty = false
+----
+
+s:append(Template(appname .. "/rule/rule_version"))
+
+---- Auto Update
+o = s:option(Flag, "auto_update", translate("Enable auto update rules"))
+o.default = 0
+o.rmempty = false
+
+---- Week Update
+o = s:option(ListValue, "week_update", translate("Update Mode"))
+o:value(8, translate("Loop Mode"))
+o:value(7, translate("Every day"))
+o:value(1, translate("Every Monday"))
+o:value(2, translate("Every Tuesday"))
+o:value(3, translate("Every Wednesday"))
+o:value(4, translate("Every Thursday"))
+o:value(5, translate("Every Friday"))
+o:value(6, translate("Every Saturday"))
+o:value(0, translate("Every Sunday"))
+o.default = 7
+o:depends("auto_update", true)
+o.rmempty = true
+
+---- Time Update
+o = s:option(ListValue, "time_update", translate("Update Time(every day)"))
+for t = 0, 23 do o:value(t, t .. ":00") end
+o.default = 0
+o:depends("week_update", "0")
+o:depends("week_update", "1")
+o:depends("week_update", "2")
+o:depends("week_update", "3")
+o:depends("week_update", "4")
+o:depends("week_update", "5")
+o:depends("week_update", "6")
+o:depends("week_update", "7")
+o.rmempty = true
+
+---- Interval Update
+o = s:option(ListValue, "interval_update", translate("Update Interval(hour)"))
+for t = 1, 24 do o:value(t, t .. " " .. translate("hour")) end
+o.default = 2
+o:depends("week_update", "8")
+o.rmempty = true
+
+s = m:section(TypedSection, "shunt_rules", "Sing-Box/Xray " .. translate("Shunt Rule"), "<a style='color: red'>" .. translate("Please note attention to the priority, the higher the order, the higher the priority.") .. "</a>")
+s.template = "cbi/tblsection"
+s.anonymous = false
+s.addremove = true
+s.sortable = true
+s.extedit = api.url("shunt_rules", "%s")
+function s.create(e, t)
+	TypedSection.create(e, t)
+	luci.http.redirect(e.extedit:format(t))
+end
+function s.remove(e, t)
+	m.uci:foreach(appname, "nodes", function(s)
+		if s["protocol"] and s["protocol"] == "_shunt" then
+			m:del(s[".name"], t)
+		end
+	end)
+	TypedSection.remove(e, t)
+end
+
+o = s:option(DummyValue, "remarks", translate("Remarks"))
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/shunt_rules.lua

@@ -0,0 +1,169 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+local datatypes = api.datatypes
+
+m = Map(appname, "Sing-Box/Xray " .. translate("Shunt Rule"))
+m.redirect = api.url()
+api.set_apply_on_parse(m)
+
+s = m:section(NamedSection, arg[1], "shunt_rules", "")
+s.addremove = false
+s.dynamic = false
+
+remarks = s:option(Value, "remarks", translate("Remarks"))
+remarks.default = arg[1]
+remarks.rmempty = false
+
+protocol = s:option(MultiValue, "protocol", translate("Protocol"))
+protocol:value("http")
+protocol:value("tls")
+protocol:value("bittorrent")
+
+o = s:option(MultiValue, "inbound", translate("Inbound Tag"))
+o:value("tproxy", translate("Transparent proxy"))
+o:value("socks", "Socks")
+
+network = s:option(ListValue, "network", translate("Network"))
+network:value("tcp,udp", "TCP UDP")
+network:value("tcp", "TCP")
+network:value("udp", "UDP")
+
+source = s:option(DynamicList, "source", translate("Source"))
+source.description = "<ul><li>" .. translate("Example:")
+.. "</li><li>" .. translate("IP") .. ": 192.168.1.100"
+.. "</li><li>" .. translate("IP CIDR") .. ": 192.168.1.0/24"
+.. "</li><li>" .. translate("GeoIP") .. ": geoip:private"
+.. "</li></ul>"
+source.cast = "string"
+source.cfgvalue = function(self, section)
+	local value
+	if self.tag_error[section] then
+		value = self:formvalue(section)
+	else
+		value = self.map:get(section, self.option)
+		if type(value) == "string" then
+			local value2 = {}
+			string.gsub(value, '[^' .. " " .. ']+', function(w) table.insert(value2, w) end)
+			value = value2
+		end
+	end
+	return value
+end
+source.validate = function(self, value, t)
+	local err = {}
+	for _, v in ipairs(value) do
+		local flag = false
+		if datatypes.ip4addr(v) then
+			flag = true
+		end
+
+		if flag == false and v:find("geoip:") and v:find("geoip:") == 1 then
+			flag = true
+		end
+
+		if flag == false then
+			err[#err + 1] = v
+		end
+	end
+
+	if #err > 0 then
+		self:add_error(t, "invalid", translate("Not true format, please re-enter!"))
+		for _, v in ipairs(err) do
+			self:add_error(t, "invalid", v)
+		end
+	end
+
+	return value
+end
+
+local dynamicList_write = function(self, section, value)
+	local t = {}
+	local t2 = {}
+	if type(value) == "table" then
+		local x
+		for _, x in ipairs(value) do
+			if x and #x > 0 then
+				if not t2[x] then
+					t2[x] = x
+					t[#t+1] = x
+				end
+			end
+		end
+	else
+		t = { value }
+	end
+	t = table.concat(t, " ")
+	return DynamicList.write(self, section, t)
+end
+
+source.write = dynamicList_write
+
+sourcePort = s:option(Value, "sourcePort", translate("Source port"))
+
+port = s:option(Value, "port", translate("port"))
+
+domain_list = s:option(TextValue, "domain_list", translate("Domain"))
+domain_list.rows = 10
+domain_list.wrap = "off"
+domain_list.validate = function(self, value)
+	local hosts= {}
+	value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
+	string.gsub(value, "[^\r\n]+", function(w) table.insert(hosts, w) end)
+	for index, host in ipairs(hosts) do
+		local flag = 1
+		local tmp_host = host
+		if not host:find("#") and host:find("%s") then
+		elseif host:find("regexp:") and host:find("regexp:") == 1 then
+			flag = 0
+		elseif host:find("domain:.") and host:find("domain:.") == 1 then
+			tmp_host = host:gsub("domain:", "")
+		elseif host:find("full:.") and host:find("full:.") == 1 then
+			tmp_host = host:gsub("full:", "")
+		elseif host:find("geosite:") and host:find("geosite:") == 1 then
+			flag = 0
+		elseif host:find("ext:") and host:find("ext:") == 1 then
+			flag = 0
+		elseif host:find("#") and host:find("#") == 1 then
+			flag = 0
+		end
+		if flag == 1 then
+			if not datatypes.hostname(tmp_host) then
+				return nil, tmp_host .. " " .. translate("Not valid domain name, please re-enter!")
+			end
+		end
+	end
+	return value
+end
+domain_list.description = "<br /><ul><li>" .. translate("Plaintext: If this string matches any part of the targeting domain, this rule takes effet. Example: rule 'sina.com' matches targeting domain 'sina.com', 'sina.com.cn' and 'www.sina.com', but not 'sina.cn'.")
+.. "</li><li>" .. translate("Regular expression: Begining with 'regexp:', the rest is a regular expression. When the regexp matches targeting domain, this rule takes effect. Example: rule 'regexp:\\.goo.*\\.com$' matches 'www.google.com' and 'fonts.googleapis.com', but not 'google.com'.")
+.. "</li><li>" .. translate("Subdomain (recommended): Begining with 'domain:' and the rest is a domain. When the targeting domain is exactly the value, or is a subdomain of the value, this rule takes effect. Example: rule 'domain:v2ray.com' matches 'www.v2ray.com', 'v2ray.com', but not 'xv2ray.com'.")
+.. "</li><li>" .. translate("Full domain: Begining with 'full:' and the rest is a domain. When the targeting domain is exactly the value, the rule takes effect. Example: rule 'domain:v2ray.com' matches 'v2ray.com', but not 'www.v2ray.com'.")
+.. "</li><li>" .. translate("Pre-defined domain list: Begining with 'geosite:' and the rest is a name, such as geosite:google or geosite:cn.")
+.. "</li><li>" .. translate("Annotation: Begining with #")
+.. "</li></ul>"
+ip_list = s:option(TextValue, "ip_list", "IP")
+ip_list.rows = 10
+ip_list.wrap = "off"
+ip_list.validate = function(self, value)
+	local ipmasks= {}
+	value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
+	string.gsub(value, "[^\r\n]+", function(w) table.insert(ipmasks, w) end)
+	for index, ipmask in ipairs(ipmasks) do
+		if ipmask:find("geoip:") and ipmask:find("geoip:") == 1 and not ipmask:find("%s") then
+		elseif ipmask:find("ext:") and ipmask:find("ext:") == 1 and not ipmask:find("%s") then
+		elseif ipmask:find("#") and ipmask:find("#") == 1 then
+		else
+			if not (datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask)) then
+				return nil, ipmask .. " " .. translate("Not valid IP format, please re-enter!")
+			end
+		end
+	end
+	return value
+end
+ip_list.description = "<br /><ul><li>" .. translate("IP: such as '127.0.0.1'.")
+.. "</li><li>" .. translate("CIDR: such as '127.0.0.0/8'.")
+.. "</li><li>" .. translate("GeoIP: such as 'geoip:cn'. It begins with geoip: (lower case) and followed by two letter of country code.")
+.. "</li><li>" .. translate("Annotation: Begining with #")
+.. "</li></ul>"
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/socks_config.lua

@@ -0,0 +1,125 @@
+local api = require "luci.passwall2.api"
+local appname = api.appname
+local uci = api.uci
+local has_singbox = api.finded_com("singbox")
+local has_xray = api.finded_com("xray")
+
+m = Map(appname)
+api.set_apply_on_parse(m)
+
+local nodes_table = {}
+for k, e in ipairs(api.get_valid_nodes()) do
+	nodes_table[#nodes_table + 1] = e
+end
+
+s = m:section(NamedSection, arg[1], translate("Socks Config"), translate("Socks Config"))
+s.addremove = false
+s.dynamic = false
+
+---- Enable
+o = s:option(Flag, "enabled", translate("Enable"))
+o.default = 1
+o.rmempty = false
+
+local auto_switch_tip
+local current_node_file = string.format("/tmp/etc/%s/id/socks_%s", appname, arg[1])
+local current_node = luci.sys.exec(string.format("[ -f '%s' ] && echo -n $(cat %s)", current_node_file, current_node_file))
+if current_node and current_node ~= "" and current_node ~= "nil" then
+	local n = uci:get_all(appname, current_node)
+	if n then
+		if tonumber(m:get(arg[1], "enable_autoswitch") or 0) == 1 then
+			if n then
+				local remarks = api.get_node_remarks(n)
+				local url = api.url("node_config", n[".name"])
+				auto_switch_tip = translatef("Current node: %s", string.format('<a href="%s">%s</a>', url, remarks)) .. "<br />"
+			end
+		end
+	end
+end
+
+socks_node = s:option(ListValue, "node", translate("Node"))
+if auto_switch_tip then
+	socks_node.description = auto_switch_tip
+end
+
+o = s:option(Flag, "bind_local", translate("Bind Local"), translate("When selected, it can only be accessed localhost."))
+o.default = "0"
+
+local n = 1
+uci:foreach(appname, "socks", function(s)
+	if s[".name"] == section then
+		return false
+	end
+	n = n + 1
+end)
+
+o = s:option(Value, "port", "Socks " .. translate("Listen Port"))
+o.default = n + 1080
+o.datatype = "port"
+o.rmempty = false
+
+if has_singbox or has_xray then
+	o = s:option(Value, "http_port", "HTTP " .. translate("Listen Port") .. " " .. translate("0 is not use"))
+	o.default = 0
+	o.datatype = "port"
+end
+
+o = s:option(Flag, "log", translate("Enable") .. " " .. translate("Log"))
+o.default = 1
+o.rmempty = false
+
+o = s:option(Flag, "enable_autoswitch", translate("Auto Switch"))
+o.default = 0
+o.rmempty = false
+
+o = s:option(Value, "autoswitch_testing_time", translate("How often to test"), translate("Units:seconds"))
+o.datatype = "min(10)"
+o.default = 30
+o:depends("enable_autoswitch", true)
+
+o = s:option(Value, "autoswitch_connect_timeout", translate("Timeout seconds"), translate("Units:seconds"))
+o.datatype = "min(1)"
+o.default = 3
+o:depends("enable_autoswitch", true)
+
+o = s:option(Value, "autoswitch_retry_num", translate("Timeout retry num"))
+o.datatype = "min(1)"
+o.default = 1
+o:depends("enable_autoswitch", true)
+	
+autoswitch_backup_node = s:option(DynamicList, "autoswitch_backup_node", translate("List of backup nodes"))
+autoswitch_backup_node:depends("enable_autoswitch", true)
+function o.write(self, section, value)
+	local t = {}
+	local t2 = {}
+	if type(value) == "table" then
+		local x
+		for _, x in ipairs(value) do
+			if x and #x > 0 then
+				if not t2[x] then
+					t2[x] = x
+					t[#t+1] = x
+				end
+			end
+		end
+	else
+		t = { value }
+	end
+	return DynamicList.write(self, section, t)
+end
+
+o = s:option(Flag, "autoswitch_restore_switch", translate("Restore Switch"), translate("When detects main node is available, switch back to the main node."))
+o:depends("enable_autoswitch", true)
+
+o = s:option(Value, "autoswitch_probe_url", translate("Probe URL"), translate("The URL used to detect the connection status."))
+o.default = "https://www.google.com/generate_204"
+o:depends("enable_autoswitch", true)
+
+for k, v in pairs(nodes_table) do
+	autoswitch_backup_node:value(v.id, v["remark"])
+	socks_node:value(v.id, v["remark"])
+end
+
+m:append(Template(appname .. "/socks_auto_switch/footer"))
+
+return m

luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/hysteria2.lua

@@ -0,0 +1,76 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.finded_com("hysteria") then
+	return
+end
+
+local type_name = "Hysteria2"
+
+local option_prefix = "hysteria2_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+-- [[ Hysteria2 ]]
+
+s.fields["type"]:value(type_name, "Hysteria2")
+
+o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
+o:value("udp", "UDP")
+
+o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
+
+o = s:option(Value, option_name("port"), translate("Port"))
+o.datatype = "port"
+
+o = s:option(Value, option_name("hop"), translate("Additional ports for hysteria hop"))
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("obfs"), translate("Obfs Password"))
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("auth_password"), translate("Auth Password"))
+o.password = true
+o.rewrite_option = o.option
+
+o = s:option(Flag, option_name("fast_open"), translate("Fast Open"))
+o.default = "0"
+
+o = s:option(Value, option_name("tls_serverName"), translate("Domain"))
+
+o = s:option(Flag, option_name("tls_allowInsecure"), translate("allowInsecure"), translate("Whether unsafe connections are allowed. When checked, Certificate validation will be skipped."))
+o.default = "0"
+
+o = s:option(Value, option_name("tls_pinSHA256"), translate("PinSHA256"),translate("Certificate fingerprint"))
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("up_mbps"), translate("Max upload Mbps"))
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("down_mbps"), translate("Max download Mbps"))
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("hop_interval"), translate("Hop Interval"))
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("recv_window"), translate("QUIC stream receive window"))
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("recv_window_conn"), translate("QUIC connection receive window"))
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("idle_timeout"), translate("Idle Timeout"))
+o.rewrite_option = o.option
+
+o = s:option(Flag, option_name("disable_mtu_discovery"), translate("Disable MTU detection"))
+o.default = "0"
+o.rewrite_option = o.option
+
+o = s:option(Flag, option_name("lazy_start"), translate("Lazy Start"))
+o.default = "0"
+o.rewrite_option = o.option
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/naive.lua

@@ -0,0 +1,35 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.is_finded("naive") then
+	return
+end
+
+local type_name = "Naiveproxy"
+
+local option_prefix = "naive_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+-- [[ Naive ]]
+
+s.fields["type"]:value(type_name, translate("NaiveProxy"))
+
+o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
+o:value("https", translate("HTTPS"))
+o:value("quic", translate("QUIC"))
+
+o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
+
+o = s:option(Value, option_name("port"), translate("Port"))
+o.datatype = "port"
+
+o = s:option(Value, option_name("username"), translate("Username"))
+
+o = s:option(Value, option_name("password"), translate("Password"))
+o.password = true
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ray.lua

@@ -0,0 +1,624 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.finded_com("xray") then
+	return
+end
+
+local appname = api.appname
+local uci = api.uci
+
+local type_name = "Xray"
+
+local option_prefix = "xray_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+local x_ss_encrypt_method_list = {
+	"aes-128-gcm", "aes-256-gcm", "chacha20-poly1305", "xchacha20-poly1305", "2022-blake3-aes-128-gcm", "2022-blake3-aes-256-gcm", "2022-blake3-chacha20-poly1305"
+}
+
+local security_list = { "none", "auto", "aes-128-gcm", "chacha20-poly1305", "zero" }
+
+local header_type_list = {
+	"none", "srtp", "utp", "wechat-video", "dtls", "wireguard"
+}
+
+local xray_version = api.get_app_version("xray")
+-- [[ Xray ]]
+
+s.fields["type"]:value(type_name, "Xray")
+
+o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
+o:value("vmess", translate("Vmess"))
+o:value("vless", translate("VLESS"))
+o:value("http", translate("HTTP"))
+o:value("socks", translate("Socks"))
+o:value("shadowsocks", translate("Shadowsocks"))
+o:value("trojan", translate("Trojan"))
+o:value("wireguard", translate("WireGuard"))
+o:value("_balancing", translate("Balancing"))
+o:value("_shunt", translate("Shunt"))
+o:value("_iface", translate("Custom Interface"))
+
+o = s:option(Value, option_name("iface"), translate("Interface"))
+o.default = "eth1"
+o:depends({ [option_name("protocol")] = "_iface" })
+
+local nodes_table = {}
+local balancers_table = {}
+local fallback_table = {}
+local iface_table = {}
+local is_balancer = nil
+for k, e in ipairs(api.get_valid_nodes()) do
+	if e.node_type == "normal" then
+		nodes_table[#nodes_table + 1] = {
+			id = e[".name"],
+			remark = e["remark"],
+			type = e["type"]
+		}
+	end
+	if e.protocol == "_balancing" then
+		balancers_table[#balancers_table + 1] = {
+			id = e[".name"],
+			remark = e["remark"]
+		}
+		if e[".name"] ~= arg[1] then
+			fallback_table[#fallback_table + 1] = {
+				id = e[".name"],
+				remark = e["remark"],
+				fallback = e["fallback_node"]
+			}
+		else
+			is_balancer = true
+		end
+	end
+	if e.protocol == "_iface" then
+		iface_table[#iface_table + 1] = {
+			id = e[".name"],
+			remark = e["remark"]
+		}
+	end
+end
+
+local socks_list = {}
+uci:foreach(appname, "socks", function(s)
+	if s.enabled == "1" and s.node then
+		socks_list[#socks_list + 1] = {
+			id = "Socks_" .. s[".name"],
+			remark = translate("Socks Config") .. " [" .. s.port .. "端口]"
+		}
+	end
+end)
+
+-- 负载均衡列表
+local o = s:option(DynamicList, option_name("balancing_node"), translate("Load balancing node list"), translate("Load balancing node list, <a target='_blank' href='https://toutyrater.github.io/routing/balance2.html'>document</a>"))
+o:depends({ [option_name("protocol")] = "_balancing" })
+for k, v in pairs(nodes_table) do o:value(v.id, v.remark) end
+
+local o = s:option(ListValue, option_name("balancingStrategy"), translate("Balancing Strategy"))
+o:depends({ [option_name("protocol")] = "_balancing" })
+o:value("random")
+o:value("roundRobin")
+o:value("leastPing")
+o.default = "leastPing"
+
+-- Fallback Node
+if api.compare_versions(xray_version, ">=", "1.8.10") then
+	local o = s:option(ListValue, option_name("fallback_node"), translate("Fallback Node"))
+	if api.compare_versions(xray_version, ">=", "1.8.12") then
+		o:depends({ [option_name("protocol")] = "_balancing" })
+	else
+		o:depends({ [option_name("balancingStrategy")] = "leastPing" })
+	end
+	local function check_fallback_chain(fb)
+		for k, v in pairs(fallback_table) do
+			if v.fallback == fb then
+				fallback_table[k] = nil
+				check_fallback_chain(v.id)
+			end
+		end
+	end
+	-- 检查fallback链，去掉会形成闭环的balancer节点
+	if is_balancer then
+		check_fallback_chain(arg[1])
+	end
+	for k, v in pairs(fallback_table) do o:value(v.id, v.remark) end
+	for k, v in pairs(nodes_table) do o:value(v.id, v.remark) end
+end
+
+-- 探测地址
+local ucpu = s:option(Flag, option_name("useCustomProbeUrl"), translate("Use Custome Probe URL"), translate("By default the built-in probe URL will be used, enable this option to use a custom probe URL."))
+ucpu:depends({ [option_name("balancingStrategy")] = "leastPing" })
+
+local pu = s:option(Value, option_name("probeUrl"), translate("Probe URL"))
+pu:depends({ [option_name("useCustomProbeUrl")] = true })
+pu:value("https://cp.cloudflare.com/", "Cloudflare")
+pu:value("https://www.gstatic.com/generate_204", "Gstatic")
+pu:value("https://www.google.com/generate_204", "Google")
+pu:value("https://www.youtube.com/generate_204", "YouTube")
+pu:value("https://connect.rom.miui.com/generate_204", "MIUI (CN)")
+pu:value("https://connectivitycheck.platform.hicloud.com/generate_204", "HiCloud (CN)")
+pu.default = "https://www.google.com/generate_204"
+pu.description = translate("The URL used to detect the connection status.")
+
+-- 探测间隔
+local pi = s:option(Value, option_name("probeInterval"), translate("Probe Interval"))
+pi:depends({ [option_name("balancingStrategy")] = "leastPing" })
+pi.default = "1m"
+pi.description = translate("The interval between initiating probes. Every time this time elapses, a server status check is performed on a server. The time format is numbers + units, such as '10s', '2h45m', and the supported time units are <code>ns</code>, <code>us</code>, <code>ms</code>, <code>s</code>, <code>m</code>, <code>h</code>, which correspond to nanoseconds, microseconds, milliseconds, seconds, minutes, and hours, respectively.")
+
+if api.compare_versions(xray_version, ">=", "1.8.12") then
+	ucpu:depends({ [option_name("protocol")] = "_balancing" })
+	pi:depends({ [option_name("protocol")] = "_balancing" })
+else
+	ucpu:depends({ [option_name("balancingStrategy")] = "leastPing" })
+	pi:depends({ [option_name("balancingStrategy")] = "leastPing" })
+end
+
+
+-- [[ 分流模块 ]]
+if #nodes_table > 0 then
+	o = s:option(Flag, option_name("preproxy_enabled"), translate("Preproxy"))
+	o:depends({ [option_name("protocol")] = "_shunt" })
+
+	o = s:option(ListValue, option_name("main_node"), string.format('<a style="color:red">%s</a>', translate("Preproxy Node")), translate("Set the node to be used as a pre-proxy. Each rule (including <code>Default</code>) has a separate switch that controls whether this rule uses the pre-proxy or not."))
+	o:depends({ [option_name("protocol")] = "_shunt", [option_name("preproxy_enabled")] = true })
+	for k, v in pairs(socks_list) do
+		o:value(v.id, v.remark)
+	end
+	for k, v in pairs(balancers_table) do
+		o:value(v.id, v.remark)
+	end
+	for k, v in pairs(iface_table) do
+		o:value(v.id, v.remark)
+	end
+	for k, v in pairs(nodes_table) do
+		o:value(v.id, v.remark)
+	end
+	o.default = "nil"
+end
+uci:foreach(appname, "shunt_rules", function(e)
+	if e[".name"] and e.remarks then
+		o = s:option(ListValue, option_name(e[".name"]), string.format('* <a href="%s" target="_blank">%s</a>', api.url("shunt_rules", e[".name"]), e.remarks))
+		o:value("nil", translate("Close"))
+		o:value("_default", translate("Default"))
+		o:value("_direct", translate("Direct Connection"))
+		o:value("_blackhole", translate("Blackhole"))
+		o:depends({ [option_name("protocol")] = "_shunt" })
+
+		if #nodes_table > 0 then
+			for k, v in pairs(socks_list) do
+				o:value(v.id, v.remark)
+			end
+			for k, v in pairs(balancers_table) do
+				o:value(v.id, v.remark)
+			end
+			for k, v in pairs(iface_table) do
+				o:value(v.id, v.remark)
+			end
+			local pt = s:option(ListValue, option_name(e[".name"] .. "_proxy_tag"), string.format('* <a style="color:red">%s</a>', e.remarks .. " " .. translate("Preproxy")))
+			pt:value("nil", translate("Close"))
+			pt:value("main", translate("Preproxy Node"))
+			pt.default = "nil"
+			for k, v in pairs(nodes_table) do
+				o:value(v.id, v.remark)
+				pt:depends({ [option_name("protocol")] = "_shunt", [option_name("preproxy_enabled")] = true, [option_name(e[".name"])] = v.id })
+			end
+		end
+	end
+end)
+
+o = s:option(DummyValue, option_name("shunt_tips"), " ")
+o.not_rewrite = true
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	return string.format('<a style="color: red" href="../rule">%s</a>', translate("No shunt rules? Click me to go to add."))
+end
+o:depends({ [option_name("protocol")] = "_shunt" })
+
+local o = s:option(ListValue, option_name("default_node"), string.format('* <a style="color:red">%s</a>', translate("Default")))
+o:depends({ [option_name("protocol")] = "_shunt" })
+o:value("_direct", translate("Direct Connection"))
+o:value("_blackhole", translate("Blackhole"))
+
+if #nodes_table > 0 then
+	for k, v in pairs(socks_list) do
+		o:value(v.id, v.remark)
+	end
+	for k, v in pairs(balancers_table) do
+		o:value(v.id, v.remark)
+	end
+	for k, v in pairs(iface_table) do
+		o:value(v.id, v.remark)
+	end
+	local dpt = s:option(ListValue, option_name("default_proxy_tag"), string.format('* <a style="color:red">%s</a>', translate("Default Preproxy")), translate("When using, localhost will connect this node first and then use this node to connect the default node."))
+	dpt:value("nil", translate("Close"))
+	dpt:value("main", translate("Preproxy Node"))
+	dpt.default = "nil"
+	for k, v in pairs(nodes_table) do
+		o:value(v.id, v.remark)
+		dpt:depends({ [option_name("protocol")] = "_shunt", [option_name("preproxy_enabled")] = true, [option_name("default_node")] = v.id })
+	end
+end
+
+o = s:option(ListValue, option_name("domainStrategy"), translate("Domain Strategy"))
+o:value("AsIs")
+o:value("IPIfNonMatch")
+o:value("IPOnDemand")
+o.default = "IPOnDemand"
+o.description = "<br /><ul><li>" .. translate("'AsIs': Only use domain for routing. Default value.")
+	.. "</li><li>" .. translate("'IPIfNonMatch': When no rule matches current domain, resolves it into IP addresses (A or AAAA records) and try all rules again.")
+	.. "</li><li>" .. translate("'IPOnDemand': As long as there is a IP-based rule, resolves the domain into IP immediately.")
+	.. "</li></ul>"
+o:depends({ [option_name("protocol")] = "_shunt" })
+
+o = s:option(ListValue, option_name("domainMatcher"), translate("Domain matcher"))
+o:value("hybrid")
+o:value("linear")
+o:depends({ [option_name("protocol")] = "_shunt" })
+
+-- [[ 分流模块 End ]]
+
+o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
+
+o = s:option(Value, option_name("port"), translate("Port"))
+o.datatype = "port"
+
+local protocols = s.fields[option_name("protocol")].keylist
+if #protocols > 0 then
+	for index, value in ipairs(protocols) do
+		if not value:find("_") then
+			s.fields[option_name("address")]:depends({ [option_name("protocol")] = value })
+			s.fields[option_name("port")]:depends({ [option_name("protocol")] = value })
+		end
+	end
+end
+
+o = s:option(Value, option_name("username"), translate("Username"))
+o:depends({ [option_name("protocol")] = "http" })
+o:depends({ [option_name("protocol")] = "socks" })
+
+o = s:option(Value, option_name("password"), translate("Password"))
+o.password = true
+o:depends({ [option_name("protocol")] = "http" })
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+o = s:option(ListValue, option_name("security"), translate("Encrypt Method"))
+for a, t in ipairs(security_list) do o:value(t) end
+o:depends({ [option_name("protocol")] = "vmess" })
+
+o = s:option(Value, option_name("encryption"), translate("Encrypt Method"))
+o.default = "none"
+o:value("none")
+o:depends({ [option_name("protocol")] = "vless" })
+
+o = s:option(ListValue, option_name("x_ss_encrypt_method"), translate("Encrypt Method"))
+o.rewrite_option = "method"
+for a, t in ipairs(x_ss_encrypt_method_list) do o:value(t) end
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+o = s:option(Flag, option_name("iv_check"), translate("IV Check"))
+o:depends({ [option_name("protocol")] = "shadowsocks", [option_name("x_ss_encrypt_method")] = "aes-128-gcm" })
+o:depends({ [option_name("protocol")] = "shadowsocks", [option_name("x_ss_encrypt_method")] = "aes-256-gcm" })
+o:depends({ [option_name("protocol")] = "shadowsocks", [option_name("x_ss_encrypt_method")] = "chacha20-poly1305" })
+o:depends({ [option_name("protocol")] = "shadowsocks", [option_name("x_ss_encrypt_method")] = "xchacha20-poly1305" })
+
+o = s:option(Flag, option_name("uot"), translate("UDP over TCP"))
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+o = s:option(Value, option_name("uuid"), translate("ID"))
+o.password = true
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+
+o = s:option(ListValue, option_name("flow"), translate("flow"))
+o.default = ""
+o:value("", translate("Disable"))
+o:value("xtls-rprx-vision")
+o:depends({ [option_name("protocol")] = "vless" })
+
+o = s:option(Flag, option_name("tls"), translate("TLS"))
+o.default = 0
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "http" })
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "trojan" })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+o = s:option(Flag, option_name("reality"), translate("REALITY"))
+o.default = 0
+o:depends({ [option_name("tls")] = true, [option_name("transport")] = "tcp" })
+o:depends({ [option_name("tls")] = true, [option_name("transport")] = "h2" })
+o:depends({ [option_name("tls")] = true, [option_name("transport")] = "grpc" })
+
+o = s:option(ListValue, option_name("alpn"), translate("alpn"))
+o.default = "default"
+o:value("default", translate("Default"))
+o:value("h3,h2,http/1.1")
+o:value("h3,h2")
+o:value("h2,http/1.1")
+o:value("h3")
+o:value("h2")
+o:value("http/1.1")
+o:depends({ [option_name("tls")] = true, [option_name("reality")] = false })
+
+-- o = s:option(Value, option_name("minversion"), translate("minversion"))
+-- o.default = "1.3"
+-- o:value("1.3")
+-- o:depends({ [option_name("tls")] = true })
+
+o = s:option(Value, option_name("tls_serverName"), translate("Domain"))
+o:depends({ [option_name("tls")] = true })
+
+o = s:option(Flag, option_name("tls_allowInsecure"), translate("allowInsecure"), translate("Whether unsafe connections are allowed. When checked, Certificate validation will be skipped."))
+o.default = "0"
+o:depends({ [option_name("tls")] = true, [option_name("reality")] = false })
+
+-- [[ REALITY部分 ]] --
+o = s:option(Value, option_name("reality_publicKey"), translate("Public Key"))
+o:depends({ [option_name("tls")] = true, [option_name("reality")] = true })
+
+o = s:option(Value, option_name("reality_shortId"), translate("Short Id"))
+o:depends({ [option_name("tls")] = true, [option_name("reality")] = true })
+
+o = s:option(Value, option_name("reality_spiderX"), translate("Spider X"))
+o.placeholder = "/"
+o:depends({ [option_name("tls")] = true, [option_name("reality")] = true })
+
+o = s:option(Flag, option_name("utls"), translate("uTLS"))
+o.default = "0"
+o:depends({ [option_name("tls")] = true, [option_name("reality")] = false })
+
+o = s:option(ListValue, option_name("fingerprint"), translate("Finger Print"))
+o:value("chrome")
+o:value("firefox")
+o:value("edge")
+o:value("safari")
+o:value("360")
+o:value("qq")
+o:value("ios")
+o:value("android")
+o:value("random")
+o:value("randomized")
+o.default = "chrome"
+o:depends({ [option_name("tls")] = true, [option_name("utls")] = true })
+o:depends({ [option_name("tls")] = true, [option_name("reality")] = true })
+
+o = s:option(ListValue, option_name("transport"), translate("Transport"))
+o:value("tcp", "TCP")
+o:value("mkcp", "mKCP")
+o:value("ws", "WebSocket")
+o:value("h2", "HTTP/2")
+o:value("ds", "DomainSocket")
+o:value("quic", "QUIC")
+o:value("grpc", "gRPC")
+o:value("httpupgrade", "HttpUpgrade")
+o:value("splithttp", "SplitHTTP")
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+o = s:option(Value, option_name("wireguard_public_key"), translate("Public Key"))
+o:depends({ [option_name("protocol")] = "wireguard" })
+
+o = s:option(Value, option_name("wireguard_secret_key"), translate("Private Key"))
+o:depends({ [option_name("protocol")] = "wireguard" })
+
+o = s:option(Value, option_name("wireguard_preSharedKey"), translate("Pre shared key"))
+o:depends({ [option_name("protocol")] = "wireguard" })
+
+o = s:option(DynamicList, option_name("wireguard_local_address"), translate("Local Address"))
+o:depends({ [option_name("protocol")] = "wireguard" })
+
+o = s:option(Value, option_name("wireguard_mtu"), translate("MTU"))
+o.default = "1420"
+o:depends({ [option_name("protocol")] = "wireguard" })
+
+if api.compare_versions(xray_version, ">=", "1.8.0") then
+	o = s:option(Value, option_name("wireguard_reserved"), translate("Reserved"), translate("Decimal numbers separated by \",\" or Base64-encoded strings."))
+	o:depends({ [option_name("protocol")] = "wireguard" })
+end
+
+o = s:option(Value, option_name("wireguard_keepAlive"), translate("Keep Alive"))
+o.default = "0"
+o:depends({ [option_name("protocol")] = "wireguard" })
+
+-- [[ TCP部分 ]]--
+
+-- TCP伪装
+o = s:option(ListValue, option_name("tcp_guise"), translate("Camouflage Type"))
+o:value("none", "none")
+o:value("http", "http")
+o:depends({ [option_name("transport")] = "tcp" })
+
+-- HTTP域名
+o = s:option(DynamicList, option_name("tcp_guise_http_host"), translate("HTTP Host"))
+o:depends({ [option_name("tcp_guise")] = "http" })
+
+-- HTTP路径
+o = s:option(DynamicList, option_name("tcp_guise_http_path"), translate("HTTP Path"))
+o.placeholder = "/"
+o:depends({ [option_name("tcp_guise")] = "http" })
+
+-- [[ mKCP部分 ]]--
+
+o = s:option(ListValue, option_name("mkcp_guise"), translate("Camouflage Type"), translate('<br />none: default, no masquerade, data sent is packets with no characteristics.<br />srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br />utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br />wechat-video: packets disguised as WeChat video calls.<br />dtls: disguised as DTLS 1.2 packet.<br />wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)'))
+for a, t in ipairs(header_type_list) do o:value(t) end
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_mtu"), translate("KCP MTU"))
+o.default = "1350"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_tti"), translate("KCP TTI"))
+o.default = "20"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_uplinkCapacity"), translate("KCP uplinkCapacity"))
+o.default = "5"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_downlinkCapacity"), translate("KCP downlinkCapacity"))
+o.default = "20"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Flag, option_name("mkcp_congestion"), translate("KCP Congestion"))
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_readBufferSize"), translate("KCP readBufferSize"))
+o.default = "1"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_writeBufferSize"), translate("KCP writeBufferSize"))
+o.default = "1"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_seed"), translate("KCP Seed"))
+o:depends({ [option_name("transport")] = "mkcp" })
+
+-- [[ WebSocket部分 ]]--
+o = s:option(Value, option_name("ws_host"), translate("WebSocket Host"))
+o:depends({ [option_name("transport")] = "ws" })
+
+o = s:option(Value, option_name("ws_path"), translate("WebSocket Path"))
+o.placeholder = "/"
+o:depends({ [option_name("transport")] = "ws" })
+
+-- [[ HTTP/2部分 ]]--
+o = s:option(Value, option_name("h2_host"), translate("HTTP/2 Host"))
+o:depends({ [option_name("transport")] = "h2" })
+
+o = s:option(Value, option_name("h2_path"), translate("HTTP/2 Path"))
+o.placeholder = "/"
+o:depends({ [option_name("transport")] = "h2" })
+
+o = s:option(Flag, option_name("h2_health_check"), translate("Health check"))
+o:depends({ [option_name("transport")] = "h2" })
+
+o = s:option(Value, option_name("h2_read_idle_timeout"), translate("Idle timeout"))
+o.default = "10"
+o:depends({ [option_name("h2_health_check")] = true })
+
+o = s:option(Value, option_name("h2_health_check_timeout"), translate("Health check timeout"))
+o.default = "15"
+o:depends({ [option_name("h2_health_check")] = true })
+
+-- [[ DomainSocket部分 ]]--
+o = s:option(Value, option_name("ds_path"), "Path", translate("A legal file path. This file must not exist before running."))
+o:depends({ [option_name("transport")] = "ds" })
+
+-- [[ QUIC部分 ]]--
+o = s:option(ListValue, option_name("quic_security"), translate("Encrypt Method"))
+o:value("none")
+o:value("aes-128-gcm")
+o:value("chacha20-poly1305")
+o:depends({ [option_name("transport")] = "quic" })
+
+o = s:option(Value, option_name("quic_key"), translate("Encrypt Method") .. translate("Key"))
+o:depends({ [option_name("transport")] = "quic" })
+
+o = s:option(ListValue, option_name("quic_guise"), translate("Camouflage Type"))
+for a, t in ipairs(header_type_list) do o:value(t) end
+o:depends({ [option_name("transport")] = "quic" })
+
+-- [[ gRPC部分 ]]--
+o = s:option(Value, option_name("grpc_serviceName"), "ServiceName")
+o:depends({ [option_name("transport")] = "grpc" })
+
+o = s:option(ListValue, option_name("grpc_mode"), "gRPC " .. translate("Transfer mode"))
+o:value("gun")
+o:value("multi")
+o:depends({ [option_name("transport")] = "grpc" })
+
+o = s:option(Flag, option_name("grpc_health_check"), translate("Health check"))
+o:depends({ [option_name("transport")] = "grpc" })
+
+o = s:option(Value, option_name("grpc_idle_timeout"), translate("Idle timeout"))
+o.default = "10"
+o:depends({ [option_name("grpc_health_check")] = true })
+
+o = s:option(Value, option_name("grpc_health_check_timeout"), translate("Health check timeout"))
+o.default = "20"
+o:depends({ [option_name("grpc_health_check")] = true })
+
+o = s:option(Flag, option_name("grpc_permit_without_stream"), translate("Permit without stream"))
+o.default = "0"
+o:depends({ [option_name("grpc_health_check")] = true })
+
+o = s:option(Value, option_name("grpc_initial_windows_size"), translate("Initial Windows Size"))
+o.default = "0"
+o:depends({ [option_name("transport")] = "grpc" })
+
+-- [[ HttpUpgrade部分 ]]--
+o = s:option(Value, option_name("httpupgrade_host"), translate("HttpUpgrade Host"))
+o:depends({ [option_name("transport")] = "httpupgrade" })
+
+o = s:option(Value, option_name("httpupgrade_path"), translate("HttpUpgrade Path"))
+o.placeholder = "/"
+o:depends({ [option_name("transport")] = "httpupgrade" })
+
+-- [[ SplitHTTP部分 ]]--
+o = s:option(Value, option_name("splithttp_host"), translate("SplitHTTP Host"))
+o:depends({ [option_name("transport")] = "splithttp" })
+
+o = s:option(Value, option_name("splithttp_path"), translate("SplitHTTP Path"))
+o.placeholder = "/"
+o:depends({ [option_name("transport")] = "splithttp" })
+
+-- [[ Mux ]]--
+o = s:option(Flag, option_name("mux"), translate("Mux"))
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless", [option_name("flow")] = "" })
+o:depends({ [option_name("protocol")] = "http" })
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+o = s:option(Value, option_name("mux_concurrency"), translate("Mux concurrency"))
+o.default = 8
+o:depends({ [option_name("mux")] = true })
+
+-- [[ XUDP Mux ]]--
+o = s:option(Flag, option_name("xmux"), translate("xMux"))
+o.default = 1
+o:depends({ [option_name("protocol")] = "vless", [option_name("flow")] = "xtls-rprx-vision" })
+o:depends({ [option_name("protocol")] = "vless", [option_name("flow")] = "xtls-rprx-vision-udp443" })
+
+o = s:option(Value, option_name("xudp_concurrency"), translate("XUDP Mux concurrency"))
+o.default = 8
+o:depends({ [option_name("xmux")] = true })
+
+--[[tcpMptcp]]
+o = s:option(Flag, option_name("tcpMptcp"), "tcpMptcp", translate("Enable Multipath TCP, need to be enabled in both server and client configuration."))
+o.default = 0
+
+o = s:option(Flag, option_name("tcpNoDelay"), "tcpNoDelay")
+o.default = 0
+
+o = s:option(ListValue, option_name("to_node"), translate("Landing node"), translate("Only support a layer of proxy."))
+o.default = ""
+o:value("", translate("Close(Not use)"))
+for k, v in pairs(nodes_table) do
+	if v.type == "Xray" then
+		o:value(v.id, v.remark)
+	end
+end
+
+for i, v in ipairs(s.fields[option_name("protocol")].keylist) do
+	if not v:find("_") then
+		s.fields[option_name("tcpMptcp")]:depends({ [option_name("protocol")] = v })
+		s.fields[option_name("tcpNoDelay")]:depends({ [option_name("protocol")] = v })
+		s.fields[option_name("to_node")]:depends({ [option_name("protocol")] = v })
+	end
+end
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/sing-box.lua

@@ -0,0 +1,665 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+local singbox_bin = api.finded_com("singbox")
+
+if not singbox_bin then
+	return
+end
+
+local singbox_tags = luci.sys.exec(singbox_bin .. " version  | grep 'Tags:' | awk '{print $2}'")
+
+local appname = api.appname
+local uci = api.uci
+
+local type_name = "sing-box"
+
+local option_prefix = "singbox_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+local ss_method_new_list = {
+	"none", "aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", "xchacha20-ietf-poly1305", "2022-blake3-aes-128-gcm", "2022-blake3-aes-256-gcm", "2022-blake3-chacha20-poly1305"
+}
+
+local ss_method_old_list = {
+	"aes-128-ctr", "aes-192-ctr", "aes-256-ctr", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "rc4-md5", "chacha20-ietf", "xchacha20",
+}
+
+local security_list = { "none", "auto", "aes-128-gcm", "chacha20-poly1305", "zero" }
+
+-- [[ sing-box ]]
+
+s.fields["type"]:value(type_name, translate("Sing-Box"))
+
+o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
+o:value("socks", "Socks")
+o:value("http", "HTTP")
+o:value("shadowsocks", "Shadowsocks")
+if singbox_tags:find("with_shadowsocksr") then
+	o:value("shadowsocksr", "ShadowsocksR")
+end
+o:value("vmess", "Vmess")
+o:value("trojan", "Trojan")
+if singbox_tags:find("with_wireguard") then
+	o:value("wireguard", "WireGuard")
+end
+if singbox_tags:find("with_quic") then
+	o:value("hysteria", "Hysteria")
+end
+o:value("vless", "VLESS")
+if singbox_tags:find("with_quic") then
+	o:value("tuic", "TUIC")
+end
+if singbox_tags:find("with_quic") then
+	o:value("hysteria2", "Hysteria2")
+end
+o:value("_shunt", translate("Shunt"))
+o:value("_iface", translate("Custom Interface"))
+
+o = s:option(Value, option_name("iface"), translate("Interface"))
+o.default = "eth1"
+o:depends({ [option_name("protocol")] = "_iface" })
+
+local nodes_table = {}
+local iface_table = {}
+for k, e in ipairs(api.get_valid_nodes()) do
+	if e.node_type == "normal" then
+		nodes_table[#nodes_table + 1] = {
+			id = e[".name"],
+			remark = e["remark"],
+			type = e["type"]
+		}
+	end
+	if e.protocol == "_iface" then
+		iface_table[#iface_table + 1] = {
+			id = e[".name"],
+			remark = e["remark"]
+		}
+	end
+end
+
+local socks_list = {}
+uci:foreach(appname, "socks", function(s)
+	if s.enabled == "1" and s.node then
+		socks_list[#socks_list + 1] = {
+			id = "Socks_" .. s[".name"],
+			remark = translate("Socks Config") .. " [" .. s.port .. "端口]"
+		}
+	end
+end)
+
+-- [[ 分流模块 ]]
+if #nodes_table > 0 then
+	o = s:option(Flag, option_name("preproxy_enabled"), translate("Preproxy"))
+	o:depends({ [option_name("protocol")] = "_shunt" })
+
+	o = s:option(ListValue, option_name("main_node"), string.format('<a style="color:red">%s</a>', translate("Preproxy Node")), translate("Set the node to be used as a pre-proxy. Each rule (including <code>Default</code>) has a separate switch that controls whether this rule uses the pre-proxy or not."))
+	o:depends({ [option_name("protocol")] = "_shunt", [option_name("preproxy_enabled")] = true })
+	for k, v in pairs(socks_list) do
+		o:value(v.id, v.remark)
+	end
+	for k, v in pairs(iface_table) do
+		o:value(v.id, v.remark)
+	end
+	for k, v in pairs(nodes_table) do
+		o:value(v.id, v.remark)
+	end
+	o.default = "nil"
+end
+uci:foreach(appname, "shunt_rules", function(e)
+	if e[".name"] and e.remarks then
+		o = s:option(ListValue, option_name(e[".name"]), string.format('* <a href="%s" target="_blank">%s</a>', api.url("shunt_rules", e[".name"]), e.remarks))
+		o:value("nil", translate("Close"))
+		o:value("_default", translate("Default"))
+		o:value("_direct", translate("Direct Connection"))
+		o:value("_blackhole", translate("Blackhole"))
+		o:depends({ [option_name("protocol")] = "_shunt" })
+
+		if #nodes_table > 0 then
+			for k, v in pairs(socks_list) do
+				o:value(v.id, v.remark)
+			end
+			for k, v in pairs(iface_table) do
+				o:value(v.id, v.remark)
+			end
+			local pt = s:option(ListValue, option_name(e[".name"] .. "_proxy_tag"), string.format('* <a style="color:red">%s</a>', e.remarks .. " " .. translate("Preproxy")))
+			pt:value("nil", translate("Close"))
+			pt:value("main", translate("Preproxy Node"))
+			pt.default = "nil"
+			for k, v in pairs(nodes_table) do
+				o:value(v.id, v.remark)
+				pt:depends({ [option_name("protocol")] = "_shunt", [option_name("preproxy_enabled")] = true, [option_name(e[".name"])] = v.id })
+			end
+		end
+	end
+end)
+
+o = s:option(DummyValue, option_name("shunt_tips"), " ")
+o.not_rewrite = true
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	return string.format('<a style="color: red" href="../rule">%s</a>', translate("No shunt rules? Click me to go to add."))
+end
+o:depends({ [option_name("protocol")] = "_shunt" })
+
+local o = s:option(ListValue, option_name("default_node"), string.format('* <a style="color:red">%s</a>', translate("Default")))
+o:depends({ [option_name("protocol")] = "_shunt" })
+o:value("_direct", translate("Direct Connection"))
+o:value("_blackhole", translate("Blackhole"))
+
+if #nodes_table > 0 then
+	for k, v in pairs(socks_list) do
+		o:value(v.id, v.remark)
+	end
+	for k, v in pairs(iface_table) do
+		o:value(v.id, v.remark)
+	end
+	local dpt = s:option(ListValue, option_name("default_proxy_tag"), string.format('* <a style="color:red">%s</a>', translate("Default Preproxy")), translate("When using, localhost will connect this node first and then use this node to connect the default node."))
+	dpt:value("nil", translate("Close"))
+	dpt:value("main", translate("Preproxy Node"))
+	dpt.default = "nil"
+	for k, v in pairs(nodes_table) do
+		o:value(v.id, v.remark)
+		dpt:depends({ [option_name("protocol")] = "_shunt", [option_name("preproxy_enabled")] = true, [option_name("default_node")] = v.id })
+	end
+end
+
+-- [[ 分流模块 End ]]
+
+o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
+
+o = s:option(Value, option_name("port"), translate("Port"))
+o.datatype = "port"
+
+local protocols = s.fields[option_name("protocol")].keylist
+if #protocols > 0 then
+	for index, value in ipairs(protocols) do
+		if not value:find("_") then
+			s.fields[option_name("address")]:depends({ [option_name("protocol")] = value })
+			s.fields[option_name("port")]:depends({ [option_name("protocol")] = value })
+		end
+	end
+end
+
+o = s:option(Value, option_name("username"), translate("Username"))
+o:depends({ [option_name("protocol")] = "http" })
+o:depends({ [option_name("protocol")] = "socks" })
+
+o = s:option(Value, option_name("password"), translate("Password"))
+o.password = true
+o:depends({ [option_name("protocol")] = "http" })
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+o:depends({ [option_name("protocol")] = "shadowsocksr" })
+o:depends({ [option_name("protocol")] = "trojan" })
+o:depends({ [option_name("protocol")] = "tuic" })
+
+o = s:option(ListValue, option_name("security"), translate("Encrypt Method"))
+for a, t in ipairs(security_list) do o:value(t) end
+o:depends({ [option_name("protocol")] = "vmess" })
+
+o = s:option(ListValue, option_name("ss_method"), translate("Encrypt Method"))
+o.rewrite_option = "method"
+for a, t in ipairs(ss_method_new_list) do o:value(t) end
+for a, t in ipairs(ss_method_old_list) do o:value(t) end
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+if singbox_tags:find("with_shadowsocksr") then
+	o = s:option(ListValue, option_name("ssr_method"), translate("Encrypt Method"))
+	o.rewrite_option = "method"
+	for a, t in ipairs(ss_method_old_list) do o:value(t) end
+	o:depends({ [option_name("protocol")] = "shadowsocksr" })
+
+	local ssr_protocol_list = {
+		"origin", "verify_simple", "verify_deflate", "verify_sha1", "auth_simple",
+		"auth_sha1", "auth_sha1_v2", "auth_sha1_v4", "auth_aes128_md5",
+		"auth_aes128_sha1", "auth_chain_a", "auth_chain_b", "auth_chain_c",
+		"auth_chain_d", "auth_chain_e", "auth_chain_f"
+	}
+
+	o = s:option(ListValue, option_name("ssr_protocol"), translate("Protocol"))
+	for a, t in ipairs(ssr_protocol_list) do o:value(t) end
+	o:depends({ [option_name("protocol")] = "shadowsocksr" })
+
+	o = s:option(Value, option_name("ssr_protocol_param"), translate("Protocol_param"))
+	o:depends({ [option_name("protocol")] = "shadowsocksr" })
+
+	local ssr_obfs_list = {
+		"plain", "http_simple", "http_post", "random_head", "tls_simple",
+		"tls1.0_session_auth", "tls1.2_ticket_auth"
+	}
+
+	o = s:option(ListValue, option_name("ssr_obfs"), translate("Obfs"))
+	for a, t in ipairs(ssr_obfs_list) do o:value(t) end
+	o:depends({ [option_name("protocol")] = "shadowsocksr" })
+
+	o = s:option(Value, option_name("ssr_obfs_param"), translate("Obfs_param"))
+	o:depends({ [option_name("protocol")] = "shadowsocksr" })
+end
+
+o = s:option(Flag, option_name("uot"), translate("UDP over TCP"))
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+o = s:option(Value, option_name("uuid"), translate("ID"))
+o.password = true
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "tuic" })
+
+o = s:option(Value, option_name("alter_id"), "Alter ID")
+o.datatype = "uinteger"
+o.default = "0"
+o:depends({ [option_name("protocol")] = "vmess" })
+
+o = s:option(Flag, option_name("global_padding"), "global_padding", translate("Protocol parameter. Will waste traffic randomly if enabled."))
+o.default = "0"
+o:depends({ [option_name("protocol")] = "vmess" })
+
+o = s:option(Flag, option_name("authenticated_length"), "authenticated_length", translate("Protocol parameter. Enable length block encryption."))
+o.default = "0"
+o:depends({ [option_name("protocol")] = "vmess" })
+
+o = s:option(ListValue, option_name("flow"), translate("flow"))
+o.default = ""
+o:value("", translate("Disable"))
+o:value("xtls-rprx-vision")
+o:depends({ [option_name("protocol")] = "vless", [option_name("tls")] = true })
+
+if singbox_tags:find("with_quic") then
+	o = s:option(Value, option_name("hysteria_obfs"), translate("Obfs Password"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(ListValue, option_name("hysteria_auth_type"), translate("Auth Type"))
+	o:value("disable", translate("Disable"))
+	o:value("string", translate("STRING"))
+	o:value("base64", translate("BASE64"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Value, option_name("hysteria_auth_password"), translate("Auth Password"))
+	o.password = true
+	o:depends({ [option_name("protocol")] = "hysteria", [option_name("hysteria_auth_type")] = "string"})
+	o:depends({ [option_name("protocol")] = "hysteria", [option_name("hysteria_auth_type")] = "base64"})
+
+	o = s:option(Value, option_name("hysteria_up_mbps"), translate("Max upload Mbps"))
+	o.default = "10"
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Value, option_name("hysteria_down_mbps"), translate("Max download Mbps"))
+	o.default = "50"
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Value, option_name("hysteria_recv_window_conn"), translate("QUIC stream receive window"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Value, option_name("hysteria_recv_window"), translate("QUIC connection receive window"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Flag, option_name("hysteria_disable_mtu_discovery"), translate("Disable MTU detection"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Value, option_name("hysteria_alpn"), translate("QUIC TLS ALPN"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+end
+
+if singbox_tags:find("with_quic") then
+	o = s:option(ListValue, option_name("tuic_congestion_control"), translate("Congestion control algorithm"))
+	o.default = "cubic"
+	o:value("bbr", translate("BBR"))
+	o:value("cubic", translate("CUBIC"))
+	o:value("new_reno", translate("New Reno"))
+	o:depends({ [option_name("protocol")] = "tuic" })
+
+	o = s:option(ListValue, option_name("tuic_udp_relay_mode"), translate("UDP relay mode"))
+	o.default = "native"
+	o:value("native", translate("native"))
+	o:value("quic", translate("QUIC"))
+	o:depends({ [option_name("protocol")] = "tuic" })
+
+	--[[
+	o = s:option(Flag, option_name("tuic_udp_over_stream"), translate("UDP over stream"))
+	o:depends({ [option_name("protocol")] = "tuic" })
+	]]--
+
+	o = s:option(Flag, option_name("tuic_zero_rtt_handshake"), translate("Enable 0-RTT QUIC handshake"))
+	o.default = 0
+	o:depends({ [option_name("protocol")] = "tuic" })
+
+	o = s:option(Value, option_name("tuic_heartbeat"), translate("Heartbeat interval(second)"))
+	o.datatype = "uinteger"
+	o.default = "3"
+	o:depends({ [option_name("protocol")] = "tuic" })
+
+	o = s:option(Value, option_name("tuic_alpn"), translate("QUIC TLS ALPN"))
+	o:depends({ [option_name("protocol")] = "tuic" })
+end
+
+if singbox_tags:find("with_quic") then
+	o = s:option(Value, option_name("hysteria2_up_mbps"), translate("Max upload Mbps"))
+	o:depends({ [option_name("protocol")] = "hysteria2" })
+
+	o = s:option(Value, option_name("hysteria2_down_mbps"), translate("Max download Mbps"))
+	o:depends({ [option_name("protocol")] = "hysteria2" })
+
+	o = s:option(ListValue, option_name("hysteria2_obfs_type"), translate("Obfs Type"))
+	o:value("", translate("Disable"))
+	o:value("salamander")
+	o:depends({ [option_name("protocol")] = "hysteria2" })
+
+	o = s:option(Value, option_name("hysteria2_obfs_password"), translate("Obfs Password"))
+	o:depends({ [option_name("protocol")] = "hysteria2" })
+
+	o = s:option(Value, option_name("hysteria2_auth_password"), translate("Auth Password"))
+	o.password = true
+	o:depends({ [option_name("protocol")] = "hysteria2"})
+end
+
+o = s:option(Flag, option_name("tls"), translate("TLS"))
+o.default = 0
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "http" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+o = s:option(ListValue, option_name("alpn"), translate("alpn"))
+o.default = "default"
+o:value("default", translate("Default"))
+o:value("h2,http/1.1")
+o:value("h2")
+o:value("http/1.1")
+o:depends({ [option_name("tls")] = true })
+
+o = s:option(Value, option_name("tls_serverName"), translate("Domain"))
+o:depends({ [option_name("tls")] = true })
+o:depends({ [option_name("protocol")] = "hysteria"})
+o:depends({ [option_name("protocol")] = "tuic" })
+o:depends({ [option_name("protocol")] = "hysteria2" })
+
+o = s:option(Flag, option_name("tls_allowInsecure"), translate("allowInsecure"), translate("Whether unsafe connections are allowed. When checked, Certificate validation will be skipped."))
+o.default = "0"
+o:depends({ [option_name("tls")] = true })
+o:depends({ [option_name("protocol")] = "hysteria"})
+o:depends({ [option_name("protocol")] = "tuic" })
+o:depends({ [option_name("protocol")] = "hysteria2" })
+
+if singbox_tags:find("with_ech") then
+	o = s:option(Flag, option_name("ech"), translate("ECH"))
+	o.default = "0"
+	o:depends({ [option_name("tls")] = true, [option_name("flow")] = "", [option_name("reality")] = false })
+	o:depends({ [option_name("protocol")] = "tuic" })
+	o:depends({ [option_name("protocol")] = "hysteria" })
+	o:depends({ [option_name("protocol")] = "hysteria2" })
+
+	o = s:option(Value, option_name("ech_config"), translate("ECH Config"))
+	o.default = ""
+	o:depends({ [option_name("ech")] = true })
+
+	o = s:option(Flag, option_name("pq_signature_schemes_enabled"), translate("PQ signature schemes"))
+	o.default = "0"
+	o:depends({ [option_name("ech")] = true })
+
+	o = s:option(Flag, option_name("dynamic_record_sizing_disabled"), translate("Disable adaptive sizing of TLS records"))
+	o.default = "0"
+	o:depends({ [option_name("ech")] = true })
+end
+
+if singbox_tags:find("with_utls") then
+	o = s:option(Flag, option_name("utls"), translate("uTLS"))
+	o.default = "0"
+	o:depends({ [option_name("tls")] = true })
+
+	o = s:option(ListValue, option_name("fingerprint"), translate("Finger Print"))
+	o:value("chrome")
+	o:value("firefox")
+	o:value("edge")
+	o:value("safari")
+	-- o:value("360")
+	o:value("qq")
+	o:value("ios")
+	-- o:value("android")
+	o:value("random")
+	-- o:value("randomized")
+	o.default = "chrome"
+	o:depends({ [option_name("tls")] = true, [option_name("utls")] = true })
+
+	-- [[ REALITY部分 ]] --
+	o = s:option(Flag, option_name("reality"), translate("REALITY"))
+	o.default = 0
+	o:depends({ [option_name("protocol")] = "vless", [option_name("utls")] = true })
+	o:depends({ [option_name("protocol")] = "vmess", [option_name("utls")] = true })
+	o:depends({ [option_name("protocol")] = "shadowsocks", [option_name("utls")] = true })
+	o:depends({ [option_name("protocol")] = "socks", [option_name("utls")] = true })
+	o:depends({ [option_name("protocol")] = "trojan", [option_name("utls")] = true })
+	
+	o = s:option(Value, option_name("reality_publicKey"), translate("Public Key"))
+	o:depends({ [option_name("utls")] = true, [option_name("reality")] = true })
+	
+	o = s:option(Value, option_name("reality_shortId"), translate("Short Id"))
+	o:depends({ [option_name("utls")] = true, [option_name("reality")] = true })
+end
+
+o = s:option(ListValue, option_name("transport"), translate("Transport"))
+o:value("tcp", "TCP")
+o:value("http", "HTTP")
+o:value("ws", "WebSocket")
+o:value("httpupgrade", "HTTPUpgrade")
+if singbox_tags:find("with_quic") then
+	o:value("quic", "QUIC")
+end
+if singbox_tags:find("with_grpc") then
+	o:value("grpc", "gRPC")
+else o:value("grpc", "gRPC-lite")
+end
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+if singbox_tags:find("with_wireguard") then
+	o = s:option(Value, option_name("wireguard_public_key"), translate("Public Key"))
+	o:depends({ [option_name("protocol")] = "wireguard" })
+
+	o = s:option(Value, option_name("wireguard_secret_key"), translate("Private Key"))
+	o:depends({ [option_name("protocol")] = "wireguard" })
+
+	o = s:option(Value, option_name("wireguard_preSharedKey"), translate("Pre shared key"))
+	o:depends({ [option_name("protocol")] = "wireguard" })
+
+	o = s:option(DynamicList, option_name("wireguard_local_address"), translate("Local Address"))
+	o:depends({ [option_name("protocol")] = "wireguard" })
+
+	o = s:option(Value, option_name("wireguard_mtu"), translate("MTU"))
+	o.default = "1420"
+	o:depends({ [option_name("protocol")] = "wireguard" })
+
+	o = s:option(Flag, option_name("wireguard_system_interface"), translate("System interface"))
+	o.default = 0
+	o:depends({ [option_name("protocol")] = "wireguard" })
+
+	o = s:option(Value, option_name("wireguard_interface_name"), translate("System interface name"))
+	o:depends({ [option_name("protocol")] = "wireguard" })
+
+	o = s:option(Value, option_name("wireguard_reserved"), translate("Reserved"), translate("Decimal numbers separated by \",\" or Base64-encoded strings."))
+	o:depends({ [option_name("protocol")] = "wireguard" })
+end
+
+-- [[ HTTP部分 ]]--
+o = s:option(Value, option_name("http_host"), translate("HTTP Host"))
+o:depends({ [option_name("transport")] = "http" })
+
+o = s:option(Value, option_name("http_path"), translate("HTTP Path"))
+o.placeholder = "/"
+o:depends({ [option_name("transport")] = "http" })
+
+o = s:option(Flag, option_name("http_h2_health_check"), translate("Health check"))
+o:depends({ [option_name("tls")] = true, [option_name("transport")] = "http" })
+
+o = s:option(Value, option_name("http_h2_read_idle_timeout"), translate("Idle timeout"))
+o.default = "10"
+o:depends({ [option_name("tls")] = true, [option_name("transport")] = "http", [option_name("http_h2_health_check")] = true })
+
+o = s:option(Value, option_name("http_h2_health_check_timeout"), translate("Health check timeout"))
+o.default = "15"
+o:depends({ [option_name("tls")] = true, [option_name("transport")] = "http", [option_name("http_h2_health_check")] = true })
+
+-- [[ WebSocket部分 ]]--
+o = s:option(Value, option_name("ws_host"), translate("WebSocket Host"))
+o:depends({ [option_name("transport")] = "ws" })
+
+o = s:option(Value, option_name("ws_path"), translate("WebSocket Path"))
+o.placeholder = "/"
+o:depends({ [option_name("transport")] = "ws" })
+
+o = s:option(Flag, option_name("ws_enableEarlyData"), translate("Enable early data"))
+o:depends({ [option_name("transport")] = "ws" })
+
+o = s:option(Value, option_name("ws_maxEarlyData"), translate("Early data length"))
+o.default = "1024"
+o:depends({ [option_name("ws_enableEarlyData")] = true })
+
+o = s:option(Value, option_name("ws_earlyDataHeaderName"), translate("Early data header name"), translate("Recommended value: Sec-WebSocket-Protocol"))
+o:depends({ [option_name("ws_enableEarlyData")] = true })
+
+-- [[ HTTPUpgrade部分 ]]--
+o = s:option(Value, option_name("httpupgrade_host"), translate("HTTPUpgrade Host"))
+o:depends({ [option_name("transport")] = "httpupgrade" })
+
+o = s:option(Value, option_name("httpupgrade_path"), translate("HTTPUpgrade Path"))
+o.placeholder = "/"
+o:depends({ [option_name("transport")] = "httpupgrade" })
+
+-- [[ gRPC部分 ]]--
+o = s:option(Value, option_name("grpc_serviceName"), "ServiceName")
+o:depends({ [option_name("transport")] = "grpc" })
+
+o = s:option(Flag, option_name("grpc_health_check"), translate("Health check"))
+o:depends({ [option_name("transport")] = "grpc" })
+
+o = s:option(Value, option_name("grpc_idle_timeout"), translate("Idle timeout"))
+o.default = "10"
+o:depends({ [option_name("grpc_health_check")] = true })
+
+o = s:option(Value, option_name("grpc_health_check_timeout"), translate("Health check timeout"))
+o.default = "20"
+o:depends({ [option_name("grpc_health_check")] = true })
+
+o = s:option(Flag, option_name("grpc_permit_without_stream"), translate("Permit without stream"))
+o.default = "0"
+o:depends({ [option_name("grpc_health_check")] = true })
+
+-- [[ Mux ]]--
+o = s:option(Flag, option_name("mux"), translate("Mux"))
+o.rmempty = false
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless", [option_name("flow")] = "" })
+o:depends({ [option_name("protocol")] = "shadowsocks", [option_name("uot")] = "" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+o = s:option(ListValue, option_name("mux_type"), translate("Mux"))
+o:value("smux")
+o:value("yamux")
+o:value("h2mux")
+o:depends({ [option_name("mux")] = true })
+
+o = s:option(Value, option_name("mux_concurrency"), translate("Mux concurrency"))
+o.default = 4
+o:depends({ [option_name("mux")] = true, [option_name("tcpbrutal")] = false })
+
+o = s:option(Flag, option_name("mux_padding"), translate("Padding"))
+o.default = 0
+o:depends({ [option_name("mux")] = true })
+
+-- [[ TCP Brutal ]]--
+o = s:option(Flag, option_name("tcpbrutal"), translate("TCP Brutal"))
+o.default = 0
+o:depends({ [option_name("mux")] = true })
+
+o = s:option(Value, option_name("tcpbrutal_up_mbps"), translate("Max upload Mbps"))
+o.default = "10"
+o:depends({ [option_name("tcpbrutal")] = true })
+
+o = s:option(Value, option_name("tcpbrutal_down_mbps"), translate("Max download Mbps"))
+o.default = "50"
+o:depends({ [option_name("tcpbrutal")] = true })
+
+o = s:option(Flag, option_name("shadowtls"), "ShadowTLS")
+o.default = 0
+o:depends({ [option_name("protocol")] = "vmess", [option_name("tls")] = false })
+o:depends({ [option_name("protocol")] = "shadowsocks", [option_name("tls")] = false })
+
+o = s:option(ListValue, option_name("shadowtls_version"), "ShadowTLS " .. translate("Version"))
+o.default = "1"
+o:value("1", "ShadowTLS v1")
+o:value("2", "ShadowTLS v2")
+o:value("3", "ShadowTLS v3")
+o:depends({ [option_name("shadowtls")] = true })
+
+o = s:option(Value, option_name("shadowtls_password"), "ShadowTLS " .. translate("Password"))
+o.password = true
+o:depends({ [option_name("shadowtls")] = true, [option_name("shadowtls_version")] = "2" })
+o:depends({ [option_name("shadowtls")] = true, [option_name("shadowtls_version")] = "3" })
+
+o = s:option(Value, option_name("shadowtls_serverName"), "ShadowTLS " .. translate("Domain"))
+o:depends({ [option_name("shadowtls")] = true })
+
+if singbox_tags:find("with_utls") then
+	o = s:option(Flag, option_name("shadowtls_utls"), "ShadowTLS " .. translate("uTLS"))
+	o.default = "0"
+	o:depends({ [option_name("shadowtls")] = true })
+
+	o = s:option(ListValue, option_name("shadowtls_fingerprint"), "ShadowTLS " .. translate("Finger Print"))
+	o:value("chrome")
+	o:value("firefox")
+	o:value("edge")
+	o:value("safari")
+	-- o:value("360")
+	o:value("qq")
+	o:value("ios")
+	-- o:value("android")
+	o:value("random")
+	-- o:value("randomized")
+	o.default = "chrome"
+	o:depends({ [option_name("shadowtls")] = true, [option_name("shadowtls_utls")] = true })
+end
+
+-- [[ SIP003 plugin ]]--
+o = s:option(Flag, option_name("plugin_enabled"), translate("plugin"))
+o.default = 0
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+o = s:option(ListValue, option_name("plugin"), "SIP003 " .. translate("plugin"))
+o.default = "obfs-local"
+o:depends({ [option_name("plugin_enabled")] = true })
+o:value("obfs-local")
+o:value("v2ray-plugin")
+
+o = s:option(Value, option_name("plugin_opts"), translate("opts"))
+o:depends({ [option_name("plugin_enabled")] = true })
+
+o = s:option(ListValue, option_name("domain_strategy"), translate("Domain Strategy"), translate("If is domain name, The requested domain name will be resolved to IP before connect."))
+o.default = "prefer_ipv6"
+o:value("prefer_ipv4")
+o:value("prefer_ipv6")
+o:value("ipv4_only")
+o:value("ipv6_only")
+
+o = s:option(ListValue, option_name("to_node"), translate("Landing node"), translate("Only support a layer of proxy."))
+o.default = ""
+o:value("", translate("Close(Not use)"))
+for k, v in pairs(nodes_table) do
+	if v.type == "sing-box" then
+		o:value(v.id, v.remark)
+	end
+end
+for i, v in ipairs(s.fields[option_name("protocol")].keylist) do
+	if not v:find("_") then
+		o:depends({ [option_name("protocol")] = v })
+	end
+end
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ss-rust.lua

@@ -0,0 +1,57 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.is_finded("sslocal") then
+	return
+end
+
+local type_name = "SS-Rust"
+
+local option_prefix = "ssrust_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+local ssrust_encrypt_method_list = {
+	"plain", "none",
+	"aes-128-gcm", "aes-256-gcm", "chacha20-ietf-poly1305",
+	"2022-blake3-aes-128-gcm", "2022-blake3-aes-256-gcm", "2022-blake3-chacha8-poly1305", "2022-blake3-chacha20-poly1305"
+}
+
+-- [[ Shadowsocks Rust ]]
+
+s.fields["type"]:value(type_name, translate("Shadowsocks Rust"))
+
+o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
+
+o = s:option(Value, option_name("port"), translate("Port"))
+o.datatype = "port"
+
+o = s:option(Value, option_name("password"), translate("Password"))
+o.password = true
+
+o = s:option(Value, option_name("method"), translate("Encrypt Method"))
+for a, t in ipairs(ssrust_encrypt_method_list) do o:value(t) end
+
+o = s:option(Value, option_name("timeout"), translate("Connection Timeout"))
+o.datatype = "uinteger"
+o.default = 300
+
+o = s:option(ListValue, option_name("tcp_fast_open"), "TCP " .. translate("Fast Open"), translate("Need node support required"))
+o:value("false")
+o:value("true")
+
+o = s:option(ListValue, option_name("plugin"), translate("plugin"))
+o:value("none", translate("none"))
+if api.is_finded("xray-plugin") then o:value("xray-plugin") end
+if api.is_finded("v2ray-plugin") then o:value("v2ray-plugin") end
+if api.is_finded("obfs-local") then o:value("obfs-local") end
+
+o = s:option(Value, option_name("plugin_opts"), translate("opts"))
+o:depends({ [option_name("plugin")] = "xray-plugin"})
+o:depends({ [option_name("plugin")] = "v2ray-plugin"})
+o:depends({ [option_name("plugin")] = "obfs-local"})
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ss.lua

@@ -0,0 +1,58 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.is_finded("ss-local") then
+	return
+end
+
+local type_name = "SS"
+
+local option_prefix = "ss_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+local ss_encrypt_method_list = {
+	"rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr",
+	"aes-192-ctr", "aes-256-ctr", "bf-cfb", "salsa20", "chacha20", "chacha20-ietf",
+	"aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305",
+	"xchacha20-ietf-poly1305"
+}
+
+-- [[ Shadowsocks Libev ]]
+
+s.fields["type"]:value(type_name, translate("Shadowsocks Libev"))
+
+o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
+
+o = s:option(Value, option_name("port"), translate("Port"))
+o.datatype = "port"
+
+o = s:option(Value, option_name("password"), translate("Password"))
+o.password = true
+
+o = s:option(Value, option_name("method"), translate("Encrypt Method"))
+for a, t in ipairs(ss_encrypt_method_list) do o:value(t) end
+
+o = s:option(Value, option_name("timeout"), translate("Connection Timeout"))
+o.datatype = "uinteger"
+o.default = 300
+
+o = s:option(ListValue, option_name("tcp_fast_open"), "TCP " .. translate("Fast Open"), translate("Need node support required"))
+o:value("false")
+o:value("true")
+
+o = s:option(ListValue, option_name("plugin"), translate("plugin"))
+o:value("none", translate("none"))
+if api.is_finded("xray-plugin") then o:value("xray-plugin") end
+if api.is_finded("v2ray-plugin") then o:value("v2ray-plugin") end
+if api.is_finded("obfs-local") then o:value("obfs-local") end
+
+o = s:option(Value, option_name("plugin_opts"), translate("opts"))
+o:depends({ [option_name("plugin")] = "xray-plugin"})
+o:depends({ [option_name("plugin")] = "v2ray-plugin"})
+o:depends({ [option_name("plugin")] = "obfs-local"})
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ssr.lua

@@ -0,0 +1,69 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.is_finded("ssr-local") then
+	return
+end
+
+local type_name = "SSR"
+
+local option_prefix = "ssr_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+local ssr_encrypt_method_list = {
+	"none", "table", "rc2-cfb", "rc4", "rc4-md5", "rc4-md5-6", "aes-128-cfb",
+	"aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr",
+	"bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb",
+	"cast5-cfb", "des-cfb", "idea-cfb", "seed-cfb", "salsa20", "chacha20",
+	"chacha20-ietf"
+}
+
+local ssr_protocol_list = {
+	"origin", "verify_simple", "verify_deflate", "verify_sha1", "auth_simple",
+	"auth_sha1", "auth_sha1_v2", "auth_sha1_v4", "auth_aes128_md5",
+	"auth_aes128_sha1", "auth_chain_a", "auth_chain_b", "auth_chain_c",
+	"auth_chain_d", "auth_chain_e", "auth_chain_f"
+}
+local ssr_obfs_list = {
+	"plain", "http_simple", "http_post", "random_head", "tls_simple",
+	"tls1.0_session_auth", "tls1.2_ticket_auth"
+}
+
+-- [[ ShadowsocksR Libev ]]
+
+s.fields["type"]:value(type_name, translate("ShadowsocksR Libev"))
+
+o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
+
+o = s:option(Value, option_name("port"), translate("Port"))
+o.datatype = "port"
+
+o = s:option(Value, option_name("password"), translate("Password"))
+o.password = true
+
+o = s:option(ListValue, option_name("method"), translate("Encrypt Method"))
+for a, t in ipairs(ssr_encrypt_method_list) do o:value(t) end
+
+o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
+for a, t in ipairs(ssr_protocol_list) do o:value(t) end
+
+o = s:option(Value, option_name("protocol_param"), translate("Protocol_param"))
+
+o = s:option(ListValue, option_name("obfs"), translate("Obfs"))
+for a, t in ipairs(ssr_obfs_list) do o:value(t) end
+
+o = s:option(Value, option_name("obfs_param"), translate("Obfs_param"))
+
+o = s:option(Value, option_name("timeout"), translate("Connection Timeout"))
+o.datatype = "uinteger"
+o.default = 300
+
+o = s:option(ListValue, option_name("tcp_fast_open"), "TCP " .. translate("Fast Open"), translate("Need node support required"))
+o:value("false")
+o:value("true")
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/tuic.lua

@@ -0,0 +1,133 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.is_finded("tuic-client") then
+	return
+end
+
+local type_name = "TUIC"
+
+local option_prefix = "tuic_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+-- [[ TUIC ]]
+
+s.fields["type"]:value(type_name, translate("TUIC"))
+
+o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
+
+o = s:option(Value, option_name("port"), translate("Port"))
+o.datatype = "port"
+
+o = s:option(Value, option_name("uuid"), translate("ID"))
+o.password = true
+
+-- Tuic Password for remote server connect
+o = s:option(Value, option_name("password"), translate("TUIC User Password For Connect Remote Server"))
+o.password = true
+o.rmempty = true
+o.default = ""
+o.rewrite_option = o.option
+
+--[[
+-- Tuic username for local socks connect
+o = s:option(Value, option_name("socks_username"), translate("TUIC UserName For Local Socks"))
+o.rmempty = true
+o.default = ""
+o.rewrite_option = o.option
+
+-- Tuic Password for local socks connect
+o = s:option(Value, option_name("socks_password"), translate("TUIC Password For Local Socks"))
+o.password = true
+o.rmempty = true
+o.default = ""
+o.rewrite_option = o.option
+--]]
+
+o = s:option(Value, option_name("ip"), translate("Set the TUIC proxy server ip address"))
+o.datatype = "ipaddr"
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(ListValue, option_name("udp_relay_mode"), translate("UDP relay mode"))
+o:value("native", translate("native"))
+o:value("quic", translate("QUIC"))
+o.default = "native"
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(ListValue, option_name("congestion_control"), translate("Congestion control algorithm"))
+o:value("bbr", translate("BBR"))
+o:value("cubic", translate("CUBIC"))
+o:value("new_reno", translate("New Reno"))
+o.default = "cubic"
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("heartbeat"), translate("Heartbeat interval(second)"))
+o.datatype = "uinteger"
+o.default = "3"
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("timeout"), translate("Timeout for establishing a connection to server(second)"))
+o.datatype = "uinteger"
+o.default = "8"
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("gc_interval"), translate("Garbage collection interval(second)"))
+o.datatype = "uinteger"
+o.default = "3"
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("gc_lifetime"), translate("Garbage collection lifetime(second)"))
+o.datatype = "uinteger"
+o.default = "15"
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("send_window"), translate("TUIC send window"))
+o.datatype = "uinteger"
+o.default = 20971520
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("receive_window"), translate("TUIC receive window"))
+o.datatype = "uinteger"
+o.default = 10485760
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("max_package_size"), translate("TUIC Maximum packet size the socks5 server can receive from external, in bytes"))
+o.datatype = "uinteger"
+o.default = 1500
+o.rmempty = true
+o.rewrite_option = o.option
+
+--Tuic settings for the local inbound socks5 server
+o = s:option(Flag, option_name("dual_stack"), translate("Set if the listening socket should be dual-stack"))
+o.default = 0
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(Flag, option_name("disable_sni"), translate("Disable SNI"))
+o.default = 0
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(Flag, option_name("zero_rtt_handshake"), translate("Enable 0-RTT QUIC handshake"))
+o.default = 0
+o.rmempty = true
+o.rewrite_option = o.option
+
+o = s:option(DynamicList, option_name("tls_alpn"), translate("TLS ALPN"))
+o.rmempty = true
+o.rewrite_option = o.option
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/server/index.lua

@@ -0,0 +1,67 @@
+local api = require "luci.passwall2.api"
+
+m = Map("passwall2_server", translate("Server-Side"))
+api.set_apply_on_parse(m)
+
+t = m:section(NamedSection, "global", "global")
+t.anonymous = true
+t.addremove = false
+
+e = t:option(Flag, "enable", translate("Enable"))
+e.rmempty = false
+
+t = m:section(TypedSection, "user", translate("Users Manager"))
+t.anonymous = true
+t.addremove = true
+t.sortable = true
+t.template = "cbi/tblsection"
+t.extedit = api.url("server_user", "%s")
+function t.create(e, t)
+	local uuid = api.gen_uuid()
+	t = uuid
+	TypedSection.create(e, t)
+	luci.http.redirect(e.extedit:format(t))
+end
+function t.remove(e, t)
+	e.map.proceed = true
+	e.map:del(t)
+	luci.http.redirect(api.url("server"))
+end
+
+e = t:option(Flag, "enable", translate("Enable"))
+e.width = "5%"
+e.rmempty = false
+
+e = t:option(DummyValue, "status", translate("Status"))
+e.rawhtml = true
+e.cfgvalue = function(t, n)
+	return string.format('<font class="_users_status">%s</font>', translate("Collecting data..."))
+end
+
+e = t:option(DummyValue, "remarks", translate("Remarks"))
+e.width = "15%"
+
+---- Type
+e = t:option(DummyValue, "type", translate("Type"))
+e.cfgvalue = function(t, n)
+	local v = Value.cfgvalue(t, n)
+	if v then
+		if v == "sing-box" or v == "Xray" then
+			local protocol = m:get(n, "protocol")
+			return v .. " -> " .. protocol
+		end
+		return v
+	end
+end
+
+e = t:option(DummyValue, "port", translate("Port"))
+
+e = t:option(Flag, "log", translate("Log"))
+e.default = "1"
+e.rmempty = false
+
+m:append(Template("passwall2/server/log"))
+
+m:append(Template("passwall2/server/users_list_status"))
+return m
+

luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/hysteria2.lua

@@ -0,0 +1,75 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.finded_com("hysteria") then
+	return
+end
+
+local type_name = "Hysteria2"
+
+local option_prefix = "hysteria2_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+-- [[ Hysteria2 ]]
+
+s.fields["type"]:value(type_name, "Hysteria2")
+
+o = s:option(Value, option_name("port"), translate("Listen Port"))
+o.datatype = "port"
+
+o = s:option(Value, option_name("obfs"), translate("Obfs Password"))
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("auth_password"), translate("Auth Password"))
+o.password = true
+o.rewrite_option = o.option
+
+o = s:option(Flag, option_name("udp"), translate("UDP"))
+o.default = "1"
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("up_mbps"), translate("Max upload Mbps"))
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("down_mbps"), translate("Max download Mbps"))
+o.rewrite_option = o.option
+
+o = s:option(Flag, option_name("ignoreClientBandwidth"), translate("ignoreClientBandwidth"))
+o.default = "0"
+o.rewrite_option = o.option
+
+o = s:option(FileUpload, option_name("tls_certificateFile"), translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem")
+o.default = m:get(s.section, "tls_certificateFile") or "/etc/config/ssl/" .. arg[1] .. ".pem"
+o.validate = function(self, value, t)
+	if value and value ~= "" then
+		if not nixio.fs.access(value) then
+			return nil, translate("Can't find this file!")
+		else
+			return value
+		end
+	end
+	return nil
+end
+
+o = s:option(FileUpload, option_name("tls_keyFile"), translate("Private key absolute path"), translate("as:") .. "/etc/ssl/private.key")
+o.default = m:get(s.section, "tls_keyFile") or "/etc/config/ssl/" .. arg[1] .. ".key"
+o.validate = function(self, value, t)
+	if value and value ~= "" then
+		if not nixio.fs.access(value) then
+			return nil, translate("Can't find this file!")
+		else
+			return value
+		end
+	end
+	return nil
+end
+
+o = s:option(Flag, option_name("log"), translate("Log"))
+o.default = "1"
+o.rmempty = false
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/ray.lua

@@ -0,0 +1,410 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.finded_com("xray") then
+	return
+end
+
+local type_name = "Xray"
+
+local option_prefix = "xray_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+local x_ss_method_list = {
+	"aes-128-gcm", "aes-256-gcm", "chacha20-poly1305", "xchacha20-poly1305", "2022-blake3-aes-128-gcm", "2022-blake3-aes-256-gcm", "2022-blake3-chacha20-poly1305"
+}
+
+local header_type_list = {
+	"none", "srtp", "utp", "wechat-video", "dtls", "wireguard"
+}
+
+-- [[ Xray ]]
+
+s.fields["type"]:value(type_name, "Xray")
+
+o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
+o:value("vmess", "Vmess")
+o:value("vless", "VLESS")
+o:value("http", "HTTP")
+o:value("socks", "Socks")
+o:value("shadowsocks", "Shadowsocks")
+o:value("trojan", "Trojan")
+o:value("dokodemo-door", "dokodemo-door")
+
+o = s:option(Value, option_name("port"), translate("Listen Port"))
+o.datatype = "port"
+
+o = s:option(Flag, option_name("auth"), translate("Auth"))
+o.validate = function(self, value, t)
+	if value and value == "1" then
+		local user_v = s.fields[option_name("username")] and s.fields[option_name("username")]:formvalue(t) or ""
+		local pass_v = s.fields[option_name("password")] and s.fields[option_name("password")]:formvalue(t) or ""
+		if user_v == "" or pass_v == "" then
+			return nil, translate("Username and Password must be used together!")
+		end
+	end
+	return value
+end
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "http" })
+
+o = s:option(Value, option_name("username"), translate("Username"))
+o:depends({ [option_name("auth")] = true })
+
+o = s:option(Value, option_name("password"), translate("Password"))
+o.password = true
+o:depends({ [option_name("auth")] = true })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+o = s:option(ListValue, option_name("d_protocol"), translate("Destination protocol"))
+o:value("tcp", "TCP")
+o:value("udp", "UDP")
+o:value("tcp,udp", "TCP,UDP")
+o:depends({ [option_name("protocol")] = "dokodemo-door" })
+
+o = s:option(Value, option_name("d_address"), translate("Destination address"))
+o:depends({ [option_name("protocol")] = "dokodemo-door" })
+
+o = s:option(Value, option_name("d_port"), translate("Destination port"))
+o.datatype = "port"
+o:depends({ [option_name("protocol")] = "dokodemo-door" })
+
+o = s:option(Value, option_name("decryption"), translate("Encrypt Method"))
+o.default = "none"
+o:depends({ [option_name("protocol")] = "vless" })
+
+o = s:option(ListValue, option_name("x_ss_method"), translate("Encrypt Method"))
+o.rewrite_option = "method"
+for a, t in ipairs(x_ss_method_list) do o:value(t) end
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+o = s:option(Flag, option_name("iv_check"), translate("IV Check"))
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+o = s:option(ListValue, option_name("ss_network"), translate("Transport"))
+o.default = "tcp,udp"
+o:value("tcp", "TCP")
+o:value("udp", "UDP")
+o:value("tcp,udp", "TCP,UDP")
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+o = s:option(Flag, option_name("udp_forward"), translate("UDP Forward"))
+o.default = "1"
+o.rmempty = false
+o:depends({ [option_name("protocol")] = "socks" })
+
+o = s:option(DynamicList, option_name("uuid"), translate("ID") .. "/" .. translate("Password"))
+for i = 1, 3 do
+	o:value(api.gen_uuid(1))
+end
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+o = s:option(ListValue, option_name("flow"), translate("flow"))
+o.default = ""
+o:value("", translate("Disable"))
+o:value("xtls-rprx-vision")
+o:depends({ [option_name("protocol")] = "vless" })
+
+o = s:option(Flag, option_name("tls"), translate("TLS"))
+o.default = 0
+o.validate = function(self, value, t)
+	if value then
+		local reality = s.fields[option_name("reality")] and s.fields[option_name("reality")]:formvalue(t) or nil
+		if reality and reality == "1" then return value end
+		if value == "1" then
+			local ca = s.fields[option_name("tls_certificateFile")] and s.fields[option_name("tls_certificateFile")]:formvalue(t) or ""
+			local key = s.fields[option_name("tls_keyFile")] and s.fields[option_name("tls_keyFile")]:formvalue(t) or ""
+			if ca == "" or key == "" then
+				return nil, translate("Public key and Private key path can not be empty!")
+			end
+		end
+		return value
+	end
+end
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "http" })
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+-- [[ REALITY部分 ]] --
+o = s:option(Flag, option_name("reality"), translate("REALITY"))
+o.default = 0
+o:depends({ [option_name("tls")] = true })
+
+o = s:option(Value, option_name("reality_private_key"), translate("Private Key"))
+o:depends({ [option_name("reality")] = true })
+
+o = s:option(DynamicList, option_name("reality_shortId"), translate("Short Id"))
+o:depends({ [option_name("reality")] = true })
+
+o = s:option(Value, option_name("reality_dest"), translate("Dest"))
+o.default = "google.com:443"
+o:depends({ [option_name("reality")] = true })
+
+o = s:option(Value, option_name("reality_serverNames"), translate("serverNames"))
+o:depends({ [option_name("reality")] = true })
+
+o = s:option(ListValue, option_name("alpn"), translate("alpn"))
+o.default = "h2,http/1.1"
+o:value("h3,h2,http/1.1")
+o:value("h3,h2")
+o:value("h2,http/1.1")
+o:value("h3")
+o:value("h2")
+o:value("http/1.1")
+o:depends({ [option_name("tls")] = true })
+
+-- o = s:option(Value, option_name("minversion"), translate("minversion"))
+-- o.default = "1.3"
+-- o:value("1.3")
+--o:depends({ [option_name("tls")] = true })
+
+-- [[ TLS部分 ]] --
+o = s:option(FileUpload, option_name("tls_certificateFile"), translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem")
+o.default = m:get(s.section, "tls_certificateFile") or "/etc/config/ssl/" .. arg[1] .. ".pem"
+o:depends({ [option_name("tls")] = true, [option_name("reality")] = false })
+o.validate = function(self, value, t)
+	if value and value ~= "" then
+		if not nixio.fs.access(value) then
+			return nil, translate("Can't find this file!")
+		else
+			return value
+		end
+	end
+	return nil
+end
+
+o = s:option(FileUpload, option_name("tls_keyFile"), translate("Private key absolute path"), translate("as:") .. "/etc/ssl/private.key")
+o.default = m:get(s.section, "tls_keyFile") or "/etc/config/ssl/" .. arg[1] .. ".key"
+o:depends({ [option_name("tls")] = true, [option_name("reality")] = false })
+o.validate = function(self, value, t)
+	if value and value ~= "" then
+		if not nixio.fs.access(value) then
+			return nil, translate("Can't find this file!")
+		else
+			return value
+		end
+	end
+	return nil
+end
+
+o = s:option(ListValue, option_name("transport"), translate("Transport"))
+o:value("tcp", "TCP")
+o:value("mkcp", "mKCP")
+o:value("ws", "WebSocket")
+o:value("h2", "HTTP/2")
+o:value("ds", "DomainSocket")
+o:value("quic", "QUIC")
+o:value("grpc", "gRPC")
+o:value("httpupgrade", "HttpUpgrade")
+o:value("splithttp", "SplitHTTP")
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+-- [[ WebSocket部分 ]]--
+o = s:option(Value, option_name("ws_host"), translate("WebSocket Host"))
+o:depends({ [option_name("transport")] = "ws" })
+
+o = s:option(Value, option_name("ws_path"), translate("WebSocket Path"))
+o:depends({ [option_name("transport")] = "ws" })
+
+-- [[ HttpUpgrade部分 ]]--
+o = s:option(Value, option_name("httpupgrade_host"), translate("HttpUpgrade Host"))
+o:depends({ [option_name("transport")] = "httpupgrade" })
+
+o = s:option(Value, option_name("httpupgrade_path"), translate("HttpUpgrade Path"))
+o.placeholder = "/"
+o:depends({ [option_name("transport")] = "httpupgrade" })
+
+-- [[ HTTP/2部分 ]]--
+o = s:option(Value, option_name("h2_host"), translate("HTTP/2 Host"))
+o:depends({ [option_name("transport")] = "h2" })
+
+o = s:option(Value, option_name("h2_path"), translate("HTTP/2 Path"))
+o:depends({ [option_name("transport")] = "h2" })
+
+-- [[ SplitHTTP部分 ]]--
+o = s:option(Value, option_name("splithttp_host"), translate("SplitHTTP Host"))
+o:depends({ [option_name("transport")] = "splithttp" })
+
+o = s:option(Value, option_name("splithttp_path"), translate("SplitHTTP Path"))
+o.placeholder = "/"
+o:depends({ [option_name("transport")] = "splithttp" })
+
+o = s:option(Value, option_name("splithttp_maxuploadsize"), translate("maxUploadSize"))
+o.default = "1000000"
+o:depends({ [option_name("transport")] = "splithttp" })
+
+o = s:option(Value, option_name("splithttp_maxconcurrentuploads"), translate("maxConcurrentUploads"))
+o.default = "10"
+o:depends({ [option_name("transport")] = "splithttp" })
+
+-- [[ TCP部分 ]]--
+
+-- TCP伪装
+o = s:option(ListValue, option_name("tcp_guise"), translate("Camouflage Type"))
+o:value("none", "none")
+o:value("http", "http")
+o:depends({ [option_name("transport")] = "tcp" })
+
+-- HTTP域名
+o = s:option(DynamicList, option_name("tcp_guise_http_host"), translate("HTTP Host"))
+o:depends({ [option_name("tcp_guise")] = "http" })
+
+-- HTTP路径
+o = s:option(DynamicList, option_name("tcp_guise_http_path"), translate("HTTP Path"))
+o:depends({ [option_name("tcp_guise")] = "http" })
+
+-- [[ mKCP部分 ]]--
+o = s:option(ListValue, option_name("mkcp_guise"), translate("Camouflage Type"), translate('<br />none: default, no masquerade, data sent is packets with no characteristics.<br />srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br />utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br />wechat-video: packets disguised as WeChat video calls.<br />dtls: disguised as DTLS 1.2 packet.<br />wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)'))
+for a, t in ipairs(header_type_list) do o:value(t) end
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_mtu"), translate("KCP MTU"))
+o.default = "1350"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_tti"), translate("KCP TTI"))
+o.default = "20"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_uplinkCapacity"), translate("KCP uplinkCapacity"))
+o.default = "5"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_downlinkCapacity"), translate("KCP downlinkCapacity"))
+o.default = "20"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Flag, option_name("mkcp_congestion"), translate("KCP Congestion"))
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_readBufferSize"), translate("KCP readBufferSize"))
+o.default = "1"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_writeBufferSize"), translate("KCP writeBufferSize"))
+o.default = "1"
+o:depends({ [option_name("transport")] = "mkcp" })
+
+o = s:option(Value, option_name("mkcp_seed"), translate("KCP Seed"))
+o:depends({ [option_name("transport")] = "mkcp" })
+
+-- [[ DomainSocket部分 ]]--
+o = s:option(Value, option_name("ds_path"), "Path", translate("A legal file path. This file must not exist before running."))
+o:depends({ [option_name("transport")] = "ds" })
+
+-- [[ QUIC部分 ]]--
+o = s:option(ListValue, option_name("quic_security"), translate("Encrypt Method"))
+o:value("none")
+o:value("aes-128-gcm")
+o:value("chacha20-poly1305")
+o:depends({ [option_name("transport")] = "quic" })
+
+o = s:option(Value, option_name("quic_key"), translate("Encrypt Method") .. translate("Key"))
+o:depends({ [option_name("transport")] = "quic" })
+
+o = s:option(ListValue, option_name("quic_guise"), translate("Camouflage Type"))
+for a, t in ipairs(header_type_list) do o:value(t) end
+o:depends({ [option_name("transport")] = "quic" })
+
+-- [[ gRPC部分 ]]--
+o = s:option(Value, option_name("grpc_serviceName"), "ServiceName")
+o:depends({ [option_name("transport")] = "grpc" })
+
+o = s:option(Flag, option_name("acceptProxyProtocol"), translate("acceptProxyProtocol"), translate("Whether to receive PROXY protocol, when this node want to be fallback or forwarded by proxy, it must be enable, otherwise it cannot be used."))
+o.default = "0"
+
+-- [[ Fallback部分 ]]--
+o = s:option(Flag, option_name("fallback"), translate("Fallback"))
+o:depends({ [option_name("protocol")] = "vless", [option_name("transport")] = "tcp" })
+o:depends({ [option_name("protocol")] = "trojan", [option_name("transport")] = "tcp" })
+
+--[[
+o = s:option(Value, option_name("fallback_alpn"), "Fallback alpn")
+o:depends({ [option_name("fallback")] = true })
+
+o = s:option(Value, option_name("fallback_path"), "Fallback path")
+o:depends({ [option_name("fallback")] = true })
+
+o = s:option(Value, option_name("fallback_dest"), "Fallback dest")
+o:depends({ [option_name("fallback")] = true })
+
+o = s:option(Value, option_name("fallback_xver"), "Fallback xver")
+o.default = 0
+o:depends({ [option_name("fallback")] = true })
+]]--
+
+o = s:option(DynamicList, option_name("fallback_list"), "Fallback", translate("dest,path"))
+o:depends({ [option_name("fallback")] = true })
+
+o = s:option(Flag, option_name("bind_local"), translate("Bind Local"), translate("When selected, it can only be accessed localhost."))
+o.default = "0"
+
+o = s:option(Flag, option_name("accept_lan"), translate("Accept LAN Access"), translate("When selected, it can accessed lan , this will not be safe!"))
+o.default = "0"
+
+local nodes_table = {}
+for k, e in ipairs(api.get_valid_nodes()) do
+	if e.node_type == "normal" and e.type == type_name then
+		nodes_table[#nodes_table + 1] = {
+			id = e[".name"],
+			remarks = e["remark"]
+		}
+	end
+end
+
+o = s:option(ListValue, option_name("outbound_node"), translate("outbound node"))
+o:value("nil", translate("Close"))
+o:value("_socks", translate("Custom Socks"))
+o:value("_http", translate("Custom HTTP"))
+o:value("_iface", translate("Custom Interface"))
+for k, v in pairs(nodes_table) do o:value(v.id, v.remarks) end
+o.default = "nil"
+
+o = s:option(Value, option_name("outbound_node_address"), translate("Address (Support Domain Name)"))
+o:depends({ [option_name("outbound_node")] = "_socks"})
+o:depends({ [option_name("outbound_node")] = "_http"})
+
+o = s:option(Value, option_name("outbound_node_port"), translate("Port"))
+o.datatype = "port"
+o:depends({ [option_name("outbound_node")] = "_socks"})
+o:depends({ [option_name("outbound_node")] = "_http"})
+
+o = s:option(Value, option_name("outbound_node_username"), translate("Username"))
+o:depends({ [option_name("outbound_node")] = "_socks"})
+o:depends({ [option_name("outbound_node")] = "_http"})
+
+o = s:option(Value, option_name("outbound_node_password"), translate("Password"))
+o.password = true
+o:depends({ [option_name("outbound_node")] = "_socks"})
+o:depends({ [option_name("outbound_node")] = "_http"})
+
+o = s:option(Value, option_name("outbound_node_iface"), translate("Interface"))
+o.default = "eth1"
+o:depends({ [option_name("outbound_node")] = "_iface"})
+
+o = s:option(Flag, option_name("log"), translate("Log"))
+o.default = "1"
+o.rmempty = false
+
+o = s:option(ListValue, option_name("loglevel"), translate("Log Level"))
+o.default = "warning"
+o:value("debug")
+o:value("info")
+o:value("warning")
+o:value("error")
+o:depends({ [option_name("log")] = true })
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/sing-box.lua

@@ -0,0 +1,426 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+local singbox_bin = api.finded_com("singbox")
+
+if not singbox_bin then
+	return
+end
+
+local singbox_tags = luci.sys.exec(singbox_bin .. " version  | grep 'Tags:' | awk '{print $2}'")
+
+local type_name = "sing-box"
+
+local option_prefix = "singbox_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+local ss_method_list = {
+	"none", "aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", "xchacha20-ietf-poly1305",
+	"2022-blake3-aes-128-gcm", "2022-blake3-aes-256-gcm", "2022-blake3-chacha20-poly1305"
+}
+
+-- [[ Sing-Box ]]
+
+s.fields["type"]:value(type_name, "Sing-Box")
+
+o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
+o:value("mixed", "Mixed")
+o:value("socks", "Socks")
+o:value("http", "HTTP")
+o:value("shadowsocks", "Shadowsocks")
+o:value("vmess", "Vmess")
+o:value("vless", "VLESS")
+o:value("trojan", "Trojan")
+o:value("naive", "Naive")
+if singbox_tags:find("with_quic") then
+	o:value("hysteria", "Hysteria")
+end
+if singbox_tags:find("with_quic") then
+	o:value("tuic", "TUIC")
+end
+if singbox_tags:find("with_quic") then
+	o:value("hysteria2", "Hysteria2")
+end
+o:value("direct", "Direct")
+
+o = s:option(Value, option_name("port"), translate("Listen Port"))
+o.datatype = "port"
+
+o = s:option(Flag, option_name("auth"), translate("Auth"))
+o.validate = function(self, value, t)
+	if value and value == "1" then
+		local user_v = s.fields[option_name("username")] and s.fields[option_name("username")]:formvalue(t) or ""
+		local pass_v = s.fields[option_name("password")] and s.fields[option_name("password")]:formvalue(t) or ""
+		if user_v == "" or pass_v == "" then
+			return nil, translate("Username and Password must be used together!")
+		end
+	end
+	return value
+end
+o:depends({ [option_name("protocol")] = "mixed" })
+o:depends({ [option_name("protocol")] = "socks" })
+o:depends({ [option_name("protocol")] = "http" })
+
+o = s:option(Value, option_name("username"), translate("Username"))
+o:depends({ [option_name("auth")] = true })
+o:depends({ [option_name("protocol")] = "naive" })
+
+o = s:option(Value, option_name("password"), translate("Password"))
+o.password = true
+o:depends({ [option_name("auth")] = true })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+o:depends({ [option_name("protocol")] = "naive" })
+o:depends({ [option_name("protocol")] = "tuic" })
+
+if singbox_tags:find("with_quic") then
+	o = s:option(Value, option_name("hysteria_up_mbps"), translate("Max upload Mbps"))
+	o.default = "100"
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Value, option_name("hysteria_down_mbps"), translate("Max download Mbps"))
+	o.default = "100"
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Value, option_name("hysteria_obfs"), translate("Obfs Password"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(ListValue, option_name("hysteria_auth_type"), translate("Auth Type"))
+	o:value("disable", translate("Disable"))
+	o:value("string", translate("STRING"))
+	o:value("base64", translate("BASE64"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Value, option_name("hysteria_auth_password"), translate("Auth Password"))
+	o.password = true
+	o:depends({ [option_name("protocol")] = "hysteria", [option_name("hysteria_auth_type")] = "string"})
+	o:depends({ [option_name("protocol")] = "hysteria", [option_name("hysteria_auth_type")] = "base64"})
+
+	o = s:option(Value, option_name("hysteria_recv_window_conn"), translate("QUIC stream receive window"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Value, option_name("hysteria_recv_window_client"), translate("QUIC connection receive window"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Value, option_name("hysteria_max_conn_client"), translate("QUIC concurrent bidirectional streams"))
+	o.default = "1024"
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Flag, option_name("hysteria_disable_mtu_discovery"), translate("Disable MTU detection"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+
+	o = s:option(Value, option_name("hysteria_alpn"), translate("QUIC TLS ALPN"))
+	o:depends({ [option_name("protocol")] = "hysteria" })
+end
+
+if singbox_tags:find("with_quic") then
+	o = s:option(ListValue, option_name("tuic_congestion_control"), translate("Congestion control algorithm"))
+	o.default = "cubic"
+	o:value("bbr", translate("BBR"))
+	o:value("cubic", translate("CUBIC"))
+	o:value("new_reno", translate("New Reno"))
+	o:depends({ [option_name("protocol")] = "tuic" })
+
+	o = s:option(Flag, option_name("tuic_zero_rtt_handshake"), translate("Enable 0-RTT QUIC handshake"))
+	o.default = 0
+	o:depends({ [option_name("protocol")] = "tuic" })
+
+	o = s:option(Value, option_name("tuic_heartbeat"), translate("Heartbeat interval(second)"))
+	o.datatype = "uinteger"
+	o.default = "3"
+	o:depends({ [option_name("protocol")] = "tuic" })
+
+	o = s:option(Value, option_name("tuic_alpn"), translate("QUIC TLS ALPN"))
+	o:depends({ [option_name("protocol")] = "tuic" })
+end
+
+if singbox_tags:find("with_quic") then
+	o = s:option(Flag, option_name("hysteria2_ignore_client_bandwidth"), translate("Commands the client to use the BBR flow control algorithm"))
+	o.default = 0
+	o:depends({ [option_name("protocol")] = "hysteria2" })
+
+	o = s:option(Value, option_name("hysteria2_up_mbps"), translate("Max upload Mbps"))
+	o:depends({ [option_name("protocol")] = "hysteria2", [option_name("hysteria2_ignore_client_bandwidth")] = false })
+
+	o = s:option(Value, option_name("hysteria2_down_mbps"), translate("Max download Mbps"))
+	o:depends({ [option_name("protocol")] = "hysteria2", [option_name("hysteria2_ignore_client_bandwidth")] = false })
+
+	o = s:option(ListValue, option_name("hysteria2_obfs_type"), translate("Obfs Type"))
+	o:value("", translate("Disable"))
+	o:value("salamander")
+	o:depends({ [option_name("protocol")] = "hysteria2" })
+
+	o = s:option(Value, option_name("hysteria2_obfs_password"), translate("Obfs Password"))
+	o:depends({ [option_name("protocol")] = "hysteria2" })
+
+	o = s:option(Value, option_name("hysteria2_auth_password"), translate("Auth Password"))
+	o.password = true
+	o:depends({ [option_name("protocol")] = "hysteria2"})
+end
+
+o = s:option(ListValue, option_name("d_protocol"), translate("Destination protocol"))
+o:value("tcp", "TCP")
+o:value("udp", "UDP")
+o:value("tcp,udp", "TCP,UDP")
+o:depends({ [option_name("protocol")] = "direct" })
+
+o = s:option(Value, option_name("d_address"), translate("Destination address"))
+o:depends({ [option_name("protocol")] = "direct" })
+
+o = s:option(Value, option_name("d_port"), translate("Destination port"))
+o.datatype = "port"
+o:depends({ [option_name("protocol")] = "direct" })
+
+o = s:option(Value, option_name("decryption"), translate("Encrypt Method"))
+o.default = "none"
+o:depends({ [option_name("protocol")] = "vless" })
+
+o = s:option(ListValue, option_name("ss_method"), translate("Encrypt Method"))
+o.rewrite_option = "method"
+for a, t in ipairs(ss_method_list) do o:value(t) end
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+
+o = s:option(DynamicList, option_name("uuid"), translate("ID") .. "/" .. translate("Password"))
+for i = 1, 3 do
+	o:value(api.gen_uuid(1))
+end
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "trojan" })
+o:depends({ [option_name("protocol")] = "tuic" })
+
+o = s:option(ListValue, option_name("flow"), translate("flow"))
+o.default = ""
+o:value("", translate("Disable"))
+o:value("xtls-rprx-vision")
+o:depends({ [option_name("protocol")] = "vless" })
+
+o = s:option(Flag, option_name("tls"), translate("TLS"))
+o.default = 0
+o.validate = function(self, value, t)
+	if value then
+		local reality = s.fields[option_name("reality")] and s.fields[option_name("reality")]:formvalue(t) or nil
+		if reality and reality == "1" then return value end
+		if value == "1" then
+			local ca = s.fields[option_name("tls_certificateFile")] and s.fields[option_name("tls_certificateFile")]:formvalue(t) or ""
+			local key = s.fields[option_name("tls_keyFile")] and s.fields[option_name("tls_keyFile")]:formvalue(t) or ""
+			if ca == "" or key == "" then
+				return nil, translate("Public key and Private key path can not be empty!")
+			end
+		end
+		return value
+	end
+end
+o:depends({ [option_name("protocol")] = "http" })
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+if singbox_tags:find("with_reality_server") then
+	-- [[ REALITY部分 ]] --
+	o = s:option(Flag, option_name("reality"), translate("REALITY"))
+	o.default = 0
+	o:depends({ [option_name("protocol")] = "http", [option_name("tls")] = true })
+	o:depends({ [option_name("protocol")] = "vmess", [option_name("tls")] = true })
+	o:depends({ [option_name("protocol")] = "vless", [option_name("tls")] = true })
+	o:depends({ [option_name("protocol")] = "trojan", [option_name("tls")] = true })
+	
+	o = s:option(Value, option_name("reality_private_key"), translate("Private Key"))
+	o:depends({ [option_name("reality")] = true })
+	
+	o = s:option(Value, option_name("reality_shortId"), translate("Short Id"))
+	o:depends({ [option_name("reality")] = true })
+
+	o = s:option(Value, option_name("reality_handshake_server"), translate("Handshake Server"))
+	o.default = "google.com"
+	o:depends({ [option_name("reality")] = true })
+
+	o = s:option(Value, option_name("reality_handshake_server_port"), translate("Handshake Server Port"))
+	o.datatype = "port"
+	o.default = "443"
+	o:depends({ [option_name("reality")] = true })
+end
+
+-- [[ TLS部分 ]] --
+
+o = s:option(FileUpload, option_name("tls_certificateFile"), translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem")
+o.default = m:get(s.section, "tls_certificateFile") or "/etc/config/ssl/" .. arg[1] .. ".pem"
+o:depends({ [option_name("tls")] = true, [option_name("reality")] = false })
+o:depends({ [option_name("protocol")] = "naive" })
+o:depends({ [option_name("protocol")] = "hysteria" })
+o:depends({ [option_name("protocol")] = "tuic" })
+o:depends({ [option_name("protocol")] = "hysteria2" })
+o.validate = function(self, value, t)
+	if value and value ~= "" then
+		if not nixio.fs.access(value) then
+			return nil, translate("Can't find this file!")
+		else
+			return value
+		end
+	end
+	return nil
+end
+
+o = s:option(FileUpload, option_name("tls_keyFile"), translate("Private key absolute path"), translate("as:") .. "/etc/ssl/private.key")
+o.default = m:get(s.section, "tls_keyFile") or "/etc/config/ssl/" .. arg[1] .. ".key"
+o:depends({ [option_name("tls")] = true, [option_name("reality")] = false })
+o:depends({ [option_name("protocol")] = "naive" })
+o:depends({ [option_name("protocol")] = "hysteria" })
+o:depends({ [option_name("protocol")] = "tuic" })
+o:depends({ [option_name("protocol")] = "hysteria2" })
+o.validate = function(self, value, t)
+	if value and value ~= "" then
+		if not nixio.fs.access(value) then
+			return nil, translate("Can't find this file!")
+		else
+			return value
+		end
+	end
+	return nil
+end
+
+if singbox_tags:find("with_ech") then
+	o = s:option(Flag, option_name("ech"), translate("ECH"))
+	o.default = "0"
+	o:depends({ [option_name("tls")] = true, [option_name("flow")] = "", [option_name("reality")] = false })
+	o:depends({ [option_name("protocol")] = "naive" })
+	o:depends({ [option_name("protocol")] = "hysteria" })
+	o:depends({ [option_name("protocol")] = "tuic" })
+	o:depends({ [option_name("protocol")] = "hysteria2" })
+
+	o = s:option(Value, option_name("ech_key"), translate("ECH Key"))
+	o.default = ""
+	o:depends({ [option_name("ech")] = true })
+
+	o = s:option(Flag, option_name("pq_signature_schemes_enabled"), translate("PQ signature schemes"))
+	o.default = "0"
+	o:depends({ [option_name("ech")] = true })
+
+	o = s:option(Flag, option_name("dynamic_record_sizing_disabled"), translate("Disable adaptive sizing of TLS records"))
+	o.default = "0"
+	o:depends({ [option_name("ech")] = true })
+end
+
+o = s:option(ListValue, option_name("transport"), translate("Transport"))
+o:value("tcp", "TCP")
+o:value("http", "HTTP")
+o:value("ws", "WebSocket")
+o:value("httpupgrade", "HTTPUpgrade")
+o:value("quic", "QUIC")
+o:value("grpc", "gRPC")
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+-- [[ HTTP部分 ]]--
+
+o = s:option(Value, option_name("http_host"), translate("HTTP Host"))
+o:depends({ [option_name("transport")] = "http" })
+
+o = s:option(Value, option_name("http_path"), translate("HTTP Path"))
+o:depends({ [option_name("transport")] = "http" })
+
+-- [[ WebSocket部分 ]]--
+
+o = s:option(Value, option_name("ws_host"), translate("WebSocket Host"))
+o:depends({ [option_name("transport")] = "ws" })
+
+o = s:option(Value, option_name("ws_path"), translate("WebSocket Path"))
+o:depends({ [option_name("transport")] = "ws" })
+
+-- [[ HTTPUpgrade部分 ]]--
+
+o = s:option(Value, option_name("httpupgrade_host"), translate("HTTPUpgrade Host"))
+o:depends({ [option_name("transport")] = "httpupgrade" })
+
+o = s:option(Value, option_name("httpupgrade_path"), translate("HTTPUpgrade Path"))
+o:depends({ [option_name("transport")] = "httpupgrade" })
+
+-- [[ gRPC部分 ]]--
+o = s:option(Value, option_name("grpc_serviceName"), "ServiceName")
+o:depends({ [option_name("transport")] = "grpc" })
+
+-- [[ Mux ]]--
+o = s:option(Flag, option_name("mux"), translate("Mux"))
+o.rmempty = false
+o:depends({ [option_name("protocol")] = "vmess" })
+o:depends({ [option_name("protocol")] = "vless", [option_name("flow")] = "" })
+o:depends({ [option_name("protocol")] = "shadowsocks" })
+o:depends({ [option_name("protocol")] = "trojan" })
+
+-- [[ TCP Brutal ]]--
+o = s:option(Flag, option_name("tcpbrutal"), translate("TCP Brutal"))
+o.default = 0
+o:depends({ [option_name("mux")] = true })
+
+o = s:option(Value, option_name("tcpbrutal_up_mbps"), translate("Max upload Mbps"))
+o.default = "10"
+o:depends({ [option_name("tcpbrutal")] = true })
+
+o = s:option(Value, option_name("tcpbrutal_down_mbps"), translate("Max download Mbps"))
+o.default = "50"
+o:depends({ [option_name("tcpbrutal")] = true })
+
+o = s:option(Flag, option_name("bind_local"), translate("Bind Local"), translate("When selected, it can only be accessed localhost."))
+o.default = "0"
+
+o = s:option(Flag, option_name("accept_lan"), translate("Accept LAN Access"), translate("When selected, it can accessed lan , this will not be safe!"))
+o.default = "0"
+
+local nodes_table = {}
+for k, e in ipairs(api.get_valid_nodes()) do
+	if e.node_type == "normal" and e.type == type_name then
+		nodes_table[#nodes_table + 1] = {
+			id = e[".name"],
+			remarks = e["remark"]
+		}
+	end
+end
+
+o = s:option(ListValue, option_name("outbound_node"), translate("outbound node"))
+o:value("nil", translate("Close"))
+o:value("_socks", translate("Custom Socks"))
+o:value("_http", translate("Custom HTTP"))
+o:value("_iface", translate("Custom Interface"))
+for k, v in pairs(nodes_table) do o:value(v.id, v.remarks) end
+o.default = "nil"
+
+o = s:option(Value, option_name("outbound_node_address"), translate("Address (Support Domain Name)"))
+o:depends({ [option_name("outbound_node")] = "_socks" })
+o:depends({ [option_name("outbound_node")] = "_http" })
+
+o = s:option(Value, option_name("outbound_node_port"), translate("Port"))
+o.datatype = "port"
+o:depends({ [option_name("outbound_node")] = "_socks" })
+o:depends({ [option_name("outbound_node")] = "_http" })
+
+o = s:option(Value, option_name("outbound_node_username"), translate("Username"))
+o:depends({ [option_name("outbound_node")] = "_socks" })
+o:depends({ [option_name("outbound_node")] = "_http" })
+
+o = s:option(Value, option_name("outbound_node_password"), translate("Password"))
+o.password = true
+o:depends({ [option_name("outbound_node")] = "_socks" })
+o:depends({ [option_name("outbound_node")] = "_http" })
+
+o = s:option(Value, option_name("outbound_node_iface"), translate("Interface"))
+o.default = "eth1"
+o:depends({ [option_name("outbound_node")] = "_iface" })
+
+o = s:option(Flag, option_name("log"), translate("Log"))
+o.default = "1"
+o.rmempty = false
+
+o = s:option(ListValue, option_name("loglevel"), translate("Log Level"))
+o.default = "info"
+o:value("debug")
+o:value("info")
+o:value("warn")
+o:value("error")
+o:depends({ [option_name("log")] = true })
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/ss-rust.lua

@@ -0,0 +1,47 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.is_finded("ssserver") then
+	return
+end
+
+local type_name = "SS-Rust"
+
+local option_prefix = "ssrust_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+local ssrust_encrypt_method_list = {
+	"plain", "none",
+	"aes-128-gcm", "aes-256-gcm", "chacha20-ietf-poly1305",
+	"2022-blake3-aes-128-gcm", "2022-blake3-aes-256-gcm", "2022-blake3-chacha8-poly1305", "2022-blake3-chacha20-poly1305"
+}
+
+-- [[ Shadowsocks Rust ]]
+
+s.fields["type"]:value(type_name, translate("Shadowsocks Rust"))
+
+o = s:option(Value, option_name("port"), translate("Listen Port"))
+o.datatype = "port"
+
+o = s:option(Value, option_name("password"), translate("Password"))
+o.password = true
+
+o = s:option(ListValue, option_name("method"), translate("Encrypt Method"))
+for a, t in ipairs(ssrust_encrypt_method_list) do o:value(t) end
+
+o = s:option(Value, option_name("timeout"), translate("Connection Timeout"))
+o.datatype = "uinteger"
+o.default = 300
+
+o = s:option(Flag, option_name("tcp_fast_open"), "TCP " .. translate("Fast Open"))
+o.default = "0"
+
+o = s:option(Flag, option_name("log"), translate("Log"))
+o.default = "1"
+o.rmempty = false
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/ss.lua

@@ -0,0 +1,50 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.is_finded("ss-server") then
+	return
+end
+
+local type_name = "SS"
+
+local option_prefix = "ss_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+local ss_encrypt_method_list = {
+	"rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr",
+	"aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb",
+	"camellia-192-cfb", "camellia-256-cfb", "salsa20", "chacha20",
+	"chacha20-ietf", -- aead
+	"aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305",
+	"xchacha20-ietf-poly1305"
+}
+
+-- [[ Shadowsocks ]]
+
+s.fields["type"]:value(type_name, translate("Shadowsocks"))
+
+o = s:option(Value, option_name("port"), translate("Listen Port"))
+o.datatype = "port"
+
+o = s:option(Value, option_name("password"), translate("Password"))
+o.password = true
+
+o = s:option(ListValue, option_name("method"), translate("Encrypt Method"))
+for a, t in ipairs(ss_encrypt_method_list) do o:value(t) end
+
+o = s:option(Value, option_name("timeout"), translate("Connection Timeout"))
+o.datatype = "uinteger"
+o.default = 300
+
+o = s:option(Flag, option_name("tcp_fast_open"), "TCP " .. translate("Fast Open"))
+o.default = "0"
+
+o = s:option(Flag, option_name("log"), translate("Log"))
+o.default = "1"
+o.rmempty = false
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/ssr.lua

@@ -0,0 +1,74 @@
+local m, s = ...
+
+local api = require "luci.passwall2.api"
+
+if not api.is_finded("ssr-server") then
+	return
+end
+
+local type_name = "SSR"
+
+local option_prefix = "ssr_"
+
+local function option_name(name)
+	return option_prefix .. name
+end
+
+local ssr_encrypt_method_list = {
+	"none", "table", "rc2-cfb", "rc4", "rc4-md5", "rc4-md5-6", "aes-128-cfb",
+	"aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr",
+	"bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb",
+	"cast5-cfb", "des-cfb", "idea-cfb", "seed-cfb", "salsa20", "chacha20",
+	"chacha20-ietf"
+}
+
+local ssr_protocol_list = {
+	"origin", "verify_simple", "verify_deflate", "verify_sha1", "auth_simple",
+	"auth_sha1", "auth_sha1_v2", "auth_sha1_v4", "auth_aes128_md5",
+	"auth_aes128_sha1", "auth_chain_a", "auth_chain_b", "auth_chain_c",
+	"auth_chain_d", "auth_chain_e", "auth_chain_f"
+}
+local ssr_obfs_list = {
+	"plain", "http_simple", "http_post", "random_head", "tls_simple",
+	"tls1.0_session_auth", "tls1.2_ticket_auth"
+}
+
+-- [[ ShadowsocksR ]]
+
+s.fields["type"]:value(type_name, translate("ShadowsocksR"))
+
+o = s:option(Value, option_name("port"), translate("Listen Port"))
+o.datatype = "port"
+
+o = s:option(Value, option_name("password"), translate("Password"))
+o.password = true
+
+o = s:option(ListValue, option_name("method"), translate("Encrypt Method"))
+for a, t in ipairs(ssr_encrypt_method_list) do o:value(t) end
+
+o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
+for a, t in ipairs(ssr_protocol_list) do o:value(t) end
+
+o = s:option(Value, option_name("protocol_param"), translate("Protocol_param"))
+
+o = s:option(ListValue, option_name("obfs"), translate("Obfs"))
+for a, t in ipairs(ssr_obfs_list) do o:value(t) end
+
+o = s:option(Value, option_name("obfs_param"), translate("Obfs_param"))
+
+o = s:option(Value, option_name("timeout"), translate("Connection Timeout"))
+o.datatype = "uinteger"
+o.default = 300
+
+o = s:option(Flag, option_name("tcp_fast_open"), "TCP " .. translate("Fast Open"))
+o.default = "0"
+
+o = s:option(Flag, option_name("udp_forward"), translate("UDP Forward"))
+o.default = "1"
+o.rmempty = false
+
+o = s:option(Flag, option_name("log"), translate("Log"))
+o.default = "1"
+o.rmempty = false
+
+api.luci_types(arg[1], m, s, type_name, option_prefix)

luci-app-passwall2/luasrc/model/cbi/passwall2/server/user.lua

@@ -0,0 +1,34 @@
+local api = require "luci.passwall2.api"
+local fs = require "nixio.fs"
+local types_dir = "/usr/lib/lua/luci/model/cbi/passwall2/server/type/"
+
+m = Map("passwall2_server", translate("Server Config"))
+m.redirect = api.url("server")
+api.set_apply_on_parse(m)
+
+s = m:section(NamedSection, arg[1], "user", "")
+s.addremove = false
+s.dynamic = false
+
+o = s:option(Flag, "enable", translate("Enable"))
+o.default = "1"
+o.rmempty = false
+
+o = s:option(Value, "remarks", translate("Remarks"))
+o.default = translate("Remarks")
+o.rmempty = false
+
+o = s:option(ListValue, "type", translate("Type"))
+
+local type_table = {}
+for filename in fs.dir(types_dir) do
+	table.insert(type_table, filename)
+end
+table.sort(type_table)
+
+for index, value in ipairs(type_table) do
+	local p_func = loadfile(types_dir .. value)
+	setfenv(p_func, getfenv(1))(m, s)
+end
+
+return m

luci-app-passwall2/luasrc/passwall2/com.lua

@@ -0,0 +1,56 @@
+local _M = {}
+
+local function gh_release_url(self)
+	return "https://api.github.com/repos/" .. self.repo .. "/releases/latest"
+end
+
+local function gh_pre_release_url(self)
+	return "https://api.github.com/repos/" .. self.repo .. "/releases?per_page=1"
+end
+
+_M.hysteria = {
+	name = "Hysteria",
+	repo = "HyNetwork/hysteria",
+	get_url = gh_release_url,
+	cmd_version = "version | awk '/^Version:/ {print $2}'",
+	remote_version_str_replace = "app/",
+	zipped = false,
+	default_path = "/usr/bin/hysteria",
+	match_fmt_str = "linux%%-%s$",
+	file_tree = {
+		armv6 = "arm",
+		armv7 = "arm"
+	}
+}
+
+_M.singbox = {
+	name = "Sing-Box",
+	repo = "SagerNet/sing-box",
+	get_url = gh_release_url,
+	cmd_version = "version | awk '{print $3}' | sed -n 1P",
+	zipped = true,
+	zipped_suffix = "tar.gz",
+	default_path = "/usr/bin/sing-box",
+	match_fmt_str = "linux%%-%s",
+	file_tree = {
+		x86_64 = "amd64"
+	}
+}
+
+_M.xray = {
+	name = "Xray",
+	repo = "XTLS/Xray-core",
+	get_url = gh_pre_release_url,
+	cmd_version = "version | awk '{print $2}' | sed -n 1P",
+	zipped = true,
+	default_path = "/usr/bin/xray",
+	match_fmt_str = "linux%%-%s",
+	file_tree = {
+		x86_64 = "64",
+		x86    = "32",
+		mips   = "mips32",
+		mipsel = "mips32le"
+	}
+}
+
+return _M

luci-app-passwall2/luasrc/passwall2/server_app.lua

@@ -0,0 +1,221 @@
+#!/usr/bin/lua
+
+local action = arg[1]
+local api = require "luci.passwall2.api"
+local sys = api.sys
+local uci = api.uci
+local jsonc = api.jsonc
+
+local CONFIG = "passwall2_server"
+local CONFIG_PATH = "/tmp/etc/" .. CONFIG
+local NFT_INCLUDE_FILE = CONFIG_PATH .. "/" .. CONFIG .. ".nft"
+local LOG_APP_FILE = "/tmp/log/" .. CONFIG .. ".log"
+local TMP_BIN_PATH = CONFIG_PATH .. "/bin"
+local require_dir = "luci.passwall2."
+
+local ipt_bin = sys.exec("echo -n $(/usr/share/passwall2/iptables.sh get_ipt_bin)")
+local ip6t_bin = sys.exec("echo -n $(/usr/share/passwall2/iptables.sh get_ip6t_bin)")
+
+local nft_flag = api.is_finded("fw4") and "1" or "0"
+
+local function log(...)
+	local f, err = io.open(LOG_APP_FILE, "a")
+	if f and err == nil then
+		local str = os.date("%Y-%m-%d %H:%M:%S: ") .. table.concat({...}, " ")
+		f:write(str .. "\n")
+		f:close()
+	end
+end
+
+local function cmd(cmd)
+	sys.call(cmd)
+end
+
+local function ipt(arg)
+	if ipt_bin and #ipt_bin > 0 then
+		cmd(ipt_bin .. " -w " .. arg)
+	end
+end
+
+local function ip6t(arg)
+	if ip6t_bin and #ip6t_bin > 0 then
+		cmd(ip6t_bin .. " -w " .. arg)
+	end
+end
+
+local function ln_run(s, d, command, output)
+	if not output then
+		output = "/dev/null"
+	end
+	d = TMP_BIN_PATH .. "/" .. d
+	cmd(string.format('[ ! -f "%s" ] && ln -s %s %s 2>/dev/null', d, s, d))
+	return string.format("%s >%s 2>&1 &", d .. " " ..command, output)
+end
+
+local function gen_include()
+	cmd(string.format("echo '#!/bin/sh' > /tmp/etc/%s.include", CONFIG))
+	local function extract_rules(n, a)
+		local _ipt = ipt_bin
+		if n == "6" then
+			_ipt = ip6t_bin
+		end
+		local result = "*" .. a
+		result = result .. "\n" .. sys.exec(_ipt .. '-save -t ' .. a .. ' | grep "PSW2-SERVER" | sed -e "s/^-A \\(INPUT\\)/-I \\1 1/"')
+		result = result .. "COMMIT"
+		return result
+	end
+	local f, err = io.open("/tmp/etc/" .. CONFIG .. ".include", "a")
+	if f and err == nil then
+		if nft_flag == "0" then
+			f:write(ipt_bin .. '-save -c | grep -v "PSW2-SERVER" | ' .. ipt_bin .. '-restore -c' .. "\n")
+			f:write(ipt_bin .. '-restore -n <<-EOT' .. "\n")
+			f:write(extract_rules("4", "filter") .. "\n")
+			f:write("EOT" .. "\n")
+			f:write(ip6t_bin .. '-save -c | grep -v "PSW2-SERVER" | ' .. ip6t_bin .. '-restore -c' .. "\n")
+			f:write(ip6t_bin .. '-restore -n <<-EOT' .. "\n")
+			f:write(extract_rules("6", "filter") .. "\n")
+			f:write("EOT" .. "\n")
+			f:close()
+		else
+			f:write("nft -f " .. NFT_INCLUDE_FILE .. "\n")
+			f:close()
+		end
+	end
+end
+
+local function start()
+	local enabled = tonumber(uci:get(CONFIG, "@global[0]", "enable") or 0)
+	if enabled == nil or enabled == 0 then
+		return
+	end
+	cmd(string.format("mkdir -p %s %s", CONFIG_PATH, TMP_BIN_PATH))
+	cmd(string.format("touch %s", LOG_APP_FILE))
+	if nft_flag == "0" then
+		ipt("-N PSW2-SERVER")
+		ipt("-I INPUT -j PSW2-SERVER")
+		ip6t("-N PSW2-SERVER")
+		ip6t("-I INPUT -j PSW2-SERVER")
+	else
+		nft_file, err = io.open(NFT_INCLUDE_FILE, "w")
+		nft_file:write('#!/usr/sbin/nft -f\n')
+		nft_file:write('add chain inet fw4 PSW2-SERVER\n')
+		nft_file:write('flush chain inet fw4 PSW2-SERVER\n')
+		nft_file:write('insert rule inet fw4 input position 0 jump PSW2-SERVER comment "PSW2-SERVER"\n')
+	end
+	uci:foreach(CONFIG, "user", function(user)
+		local id = user[".name"]
+		local enable = user.enable
+		if enable and tonumber(enable) == 1 then
+			local enable_log = user.log
+			local log_path = nil
+			if enable_log and enable_log == "1" then
+				log_path = CONFIG_PATH .. "/" .. id .. ".log"
+			else
+				log_path = nil
+			end
+			local remarks = user.remarks
+			local port = tonumber(user.port)
+			local bin
+			local config = {}
+			local config_file = CONFIG_PATH .. "/" .. id .. ".json"
+			local udp_forward = 1
+			local type = user.type or ""
+			if type == "Socks" then
+				local auth = ""
+				if user.auth and user.auth == "1" then
+					local username = user.username or ""
+					local password = user.password or ""
+					if username ~= "" and password ~= "" then
+						username = "-u " .. username
+						password = "-P " .. password
+						auth = username .. " " .. password
+					end
+				end
+				bin = ln_run("/usr/bin/microsocks", "microsocks_" .. id, string.format("-i :: -p %s %s", port, auth), log_path)
+			elseif type == "SS" or type == "SSR" then
+				config = require(require_dir .. "util_shadowsocks").gen_config_server(user)
+				local udp_param = ""
+				udp_forward = tonumber(user.udp_forward) or 1
+				if udp_forward == 1 then
+					udp_param = "-u"
+				end
+				type = type:lower()
+				bin = ln_run("/usr/bin/" .. type .. "-server", type .. "-server", "-c " .. config_file .. " " .. udp_param, log_path)
+			elseif type == "SS-Rust" then
+				config = require(require_dir .. "util_shadowsocks").gen_config_server(user)
+				bin = ln_run("/usr/bin/ssserver", "ssserver", "-c " .. config_file, log_path)
+			elseif type == "Xray" then
+				config = require(require_dir .. "util_xray").gen_config_server(user)
+				bin = ln_run(api.get_app_path("xray"), "xray", "run -c " .. config_file, log_path)
+			elseif type == "sing-box" then
+				config = require(require_dir .. "util_sing-box").gen_config_server(user)
+				bin = ln_run(api.get_app_path("singbox"), "sing-box", "run -c " .. config_file, log_path)
+			elseif type == "Hysteria2" then
+				config = require(require_dir .. "util_hysteria2").gen_config_server(user)
+				bin = ln_run(api.get_app_path("hysteria"), "hysteria", "-c " .. config_file .. " server", log_path)
+			end
+
+			if next(config) then
+				local f, err = io.open(config_file, "w")
+				if f and err == nil then
+					f:write(jsonc.stringify(config, 1))
+					f:close()
+				end
+				log(string.format("%s %s 生成配置文件并运行 - %s", remarks, port, config_file))
+			end
+
+			if bin then
+				cmd(bin)
+			end
+
+			local bind_local = user.bind_local or 0
+			if bind_local and tonumber(bind_local) ~= 1 then
+				if nft_flag == "0" then
+					ipt(string.format('-A PSW2-SERVER -p tcp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks))
+					ip6t(string.format('-A PSW2-SERVER -p tcp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks))
+					if udp_forward == 1 then
+						ipt(string.format('-A PSW2-SERVER -p udp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks))
+						ip6t(string.format('-A PSW2-SERVER -p udp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks))
+					end
+				else
+					nft_file:write(string.format('add rule inet fw4 PSW2-SERVER meta l4proto tcp tcp dport {%s} counter accept comment "%s"\n', port, remarks))
+					if udp_forward == 1 then
+						nft_file:write(string.format('add rule inet fw4 PSW2-SERVER meta l4proto udp udp dport {%s} counter accept comment "%s"\n', port, remarks))
+					end
+				end
+			end
+		end
+	end)
+	if nft_flag == "1" then
+		nft_file:write("add rule inet fw4 PSW2-SERVER return\n")
+		nft_file:close()
+		cmd("nft -f " .. NFT_INCLUDE_FILE)
+	end
+	gen_include()
+end
+
+local function stop()
+	cmd(string.format("/bin/busybox top -bn1 | grep -v 'grep' | grep '%s/' | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1", CONFIG_PATH))
+	if nft_flag == "0" then
+		ipt("-D INPUT -j PSW2-SERVER 2>/dev/null")
+		ipt("-F PSW2-SERVER 2>/dev/null")
+		ipt("-X PSW2-SERVER 2>/dev/null")
+		ip6t("-D INPUT -j PSW2-SERVER 2>/dev/null")
+		ip6t("-F PSW2-SERVER 2>/dev/null")
+		ip6t("-X PSW2-SERVER 2>/dev/null")
+	else
+		local nft_cmd = "handles=$(nft -a list chain inet fw4 input | grep -E \"PSW2-SERVER\" | awk -F '# handle ' '{print$2}')\n for handle in $handles; do\n nft delete rule inet fw4 input handle ${handle} 2>/dev/null\n done"
+		cmd(nft_cmd)
+		cmd("nft flush chain inet fw4 PSW2-SERVER 2>/dev/null")
+		cmd("nft delete chain inet fw4 PSW2-SERVER 2>/dev/null")
+	end
+	cmd(string.format("rm -rf %s %s /tmp/etc/%s.include", CONFIG_PATH, LOG_APP_FILE, CONFIG))
+end
+
+if action then
+	if action == "start" then
+		start()
+	elseif action == "stop" then
+		stop()
+	end
+end

luci-app-passwall2/luasrc/passwall2/util_hysteria2.lua

@@ -0,0 +1,115 @@
+module("luci.passwall2.util_hysteria2", package.seeall)
+local api = require "luci.passwall2.api"
+local uci = api.uci
+local jsonc = api.jsonc
+
+function gen_config_server(node)
+	local config = {
+		listen = ":" .. node.port,
+		tls = {
+			cert = node.tls_certificateFile,
+			key = node.tls_keyFile,
+		},
+		obfs = (node.hysteria2_obfs) and {
+			type = "salamander",
+			salamander = {
+				password = node.hysteria2_obfs
+			}
+		} or nil,
+		auth = {
+			type = "password",
+			password = node.hysteria2_auth_password
+		},
+		bandwidth = (node.hysteria2_up_mbps or node.hysteria2_down_mbps) and {
+			up = node.hysteria2_up_mbps and node.hysteria2_up_mbps .. " mbps" or nil,
+			down = node.hysteria2_down_mbps and node.hysteria2_down_mbps .. " mbps" or nil
+		} or nil,
+		ignoreClientBandwidth = (node.hysteria2_ignoreClientBandwidth == "1") and true or false,
+		disableUDP = (node.hysteria2_udp == "0") and true or false,
+	}
+	return config
+end
+
+function gen_config(var)
+	local node_id = var["-node"]
+	if not node_id then
+		print("-node 不能为空")
+		return
+	end
+	local node = uci:get_all("passwall2", node_id)
+	local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
+	local local_socks_port = var["-local_socks_port"]
+	local local_socks_username = var["-local_socks_username"]
+	local local_socks_password = var["-local_socks_password"]
+	local local_http_address = var["-local_http_address"] or "0.0.0.0"
+	local local_http_port = var["-local_http_port"]
+	local local_http_username = var["-local_http_username"]
+	local local_http_password = var["-local_http_password"]
+	local server_host = var["-server_host"] or node.address
+	local server_port = var["-server_port"] or node.port
+
+	if api.is_ipv6(server_host) then
+		server_host = api.get_ipv6_full(server_host)
+	end
+	local server = server_host .. ":" .. server_port
+
+	if (node.hysteria2_hop) then
+		server = server .. "," .. node.hysteria2_hop
+	end
+
+	local config = {
+		server = server,
+		transport = {
+			type = node.protocol or "udp",
+			udp = {
+				hopInterval = node.hysteria2_hop_interval and node.hysteria2_hop_interval .. "s" or "30s"
+			}
+		},
+		obfs = (node.hysteria2_obfs) and {
+			type = "salamander",
+			salamander = {
+				password = node.hysteria2_obfs
+			}
+		} or nil,
+		auth = node.hysteria2_auth_password,
+		tls = {
+			sni = node.tls_serverName,
+			insecure = (node.tls_allowInsecure == "1") and true or false,
+			pinSHA256 = (node.hysteria2_tls_pinSHA256) and node.hysteria2_tls_pinSHA256 or nil,
+		},
+		quic = {
+			initStreamReceiveWindow = (node.hysteria2_recv_window) and tonumber(node.hysteria2_recv_window) or nil,
+			initConnReceiveWindow = (node.hysteria2_recv_window_conn) and tonumber(node.hysteria2_recv_window_conn) or nil,
+			maxIdleTimeout = (node.hysteria2_idle_timeout) and tonumber(node.hysteria2_idle_timeout) or nil,
+			disablePathMTUDiscovery = (node.hysteria2_disable_mtu_discovery) and true or false,
+		},
+		bandwidth = (node.hysteria2_up_mbps or node.hysteria2_down_mbps) and {
+			up = node.hysteria2_up_mbps and node.hysteria2_up_mbps .. " mbps" or nil,
+			down = node.hysteria2_down_mbps and node.hysteria2_down_mbps .. " mbps" or nil
+		} or nil,
+		fast_open = (node.fast_open == "1") and true or false,
+		lazy = (node.hysteria2_lazy_start == "1") and true or false,
+		socks5 = (local_socks_address and local_socks_port) and {
+			listen = local_socks_address .. ":" .. local_socks_port,
+			username = (local_socks_username and local_socks_password) and local_socks_username or nil,
+			password = (local_socks_username and local_socks_password) and local_socks_password or nil,
+			disableUDP = false,
+		} or nil,
+		http = (local_http_address and local_http_port) and {
+			listen = local_http_address .. ":" .. local_http_port,
+			username = (local_http_username and local_http_password) and local_http_username or nil,
+			password = (local_http_username and local_http_password) and local_http_password or nil,
+		} or nil
+	}
+
+	return jsonc.stringify(config, 1)
+end
+
+_G.gen_config = gen_config
+
+if arg[1] then
+	local func =_G[arg[1]]
+	if func then
+		print(func(api.get_function_args(arg)))
+	end
+end

luci-app-passwall2/luasrc/passwall2/util_naiveproxy.lua

@@ -0,0 +1,39 @@
+module("luci.passwall2.util_navieproxy", package.seeall)
+local api = require "luci.passwall2.api"
+local uci = api.uci
+local jsonc = api.jsonc
+
+function gen_config(var)
+	local node_id = var["-node"]
+	if not node_id then
+		print("-node 不能为空")
+		return
+	end
+	local node = uci:get_all("passwall2", node_id)
+	local run_type = var["-run_type"]
+	local local_addr = var["-local_addr"]
+	local local_port = var["-local_port"]
+	local server_host = var["-server_host"] or node.address
+	local server_port = var["-server_port"] or node.port
+
+	if api.is_ipv6(server_host) then
+		server_host = api.get_ipv6_full(server_host)
+	end
+	local server = server_host .. ":" .. server_port
+
+	local config = {
+		listen = run_type .. "://" .. local_addr .. ":" .. local_port,
+		proxy = node.protocol .. "://" .. node.username .. ":" .. node.password .. "@" .. server
+	}
+
+	return jsonc.stringify(config, 1)
+end
+
+_G.gen_config = gen_config
+
+if arg[1] then
+	local func =_G[arg[1]]
+	if func then
+		print(func(api.get_function_args(arg)))
+	end
+end

luci-app-passwall2/luasrc/passwall2/util_shadowsocks.lua

@@ -0,0 +1,123 @@
+module("luci.passwall2.util_shadowsocks", package.seeall)
+local api = require "luci.passwall2.api"
+local uci = api.uci
+local jsonc = api.jsonc
+
+function gen_config_server(node)
+	local config = {}
+	config.server_port = tonumber(node.port)
+	config.password = node.password
+	config.timeout = tonumber(node.timeout)
+	config.fast_open = (node.tcp_fast_open and node.tcp_fast_open == "1") and true or false
+	config.method = node.method
+
+	if node.type == "SS-Rust" then
+		config.server = "::"
+		config.mode = "tcp_and_udp"
+	else
+		config.server = {"[::0]", "0.0.0.0"}
+	end
+
+	if node.type == "SSR" then
+		config.protocol = node.protocol
+		config.protocol_param = node.protocol_param
+		config.obfs = node.obfs
+		config.obfs_param = node.obfs_param
+	end
+
+	return config
+end
+
+
+function gen_config(var)
+	local node_id = var["-node"]
+	if not node_id then
+		print("-node 不能为空")
+		return
+	end
+	local node = uci:get_all("passwall2", node_id)
+	local server_host = var["-server_host"] or node.address
+	local server_port = var["-server_port"] or node.port
+	local local_addr = var["-local_addr"]
+	local local_port = var["-local_port"]
+	local mode = var["-mode"]
+	local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
+	local local_socks_port = var["-local_socks_port"]
+	local local_socks_username = var["-local_socks_username"]
+	local local_socks_password = var["-local_socks_password"]
+	local local_http_address = var["-local_http_address"] or "0.0.0.0"
+	local local_http_port = var["-local_http_port"]
+	local local_http_username = var["-local_http_username"]
+	local local_http_password = var["-local_http_password"]
+	
+	if api.is_ipv6(server_host) then
+		server_host = api.get_ipv6_only(server_host)
+	end
+	local server = server_host
+	
+	local config = {
+		server = server,
+		server_port = tonumber(server_port),
+		local_address = local_addr,
+		local_port = tonumber(local_port),
+		password = node.password,
+		method = node.method,
+		timeout = tonumber(node.timeout),
+		fast_open = (node.tcp_fast_open and node.tcp_fast_open == "true") and true or false,
+		reuse_port = true
+	}
+	
+	if node.type == "SS" then
+		if node.plugin and node.plugin ~= "none" then
+			config.plugin = node.plugin
+			config.plugin_opts = node.plugin_opts or nil
+		end
+		config.mode = mode
+	elseif node.type == "SSR" then
+		config.protocol = node.protocol
+		config.protocol_param = node.protocol_param
+		config.obfs = node.obfs
+		config.obfs_param = node.obfs_param
+	elseif node.type == "SS-Rust" then
+		config = {
+			servers = {
+				{
+					address = server,
+					port = tonumber(server_port),
+					method = node.method,
+					password = node.password,
+					timeout = tonumber(node.timeout),
+					plugin = (node.plugin and node.plugin ~= "none") and node.plugin or nil,
+					plugin_opts = (node.plugin and node.plugin ~= "none") and node.plugin_opts or nil
+				}
+			},
+			locals = {},
+			fast_open = (node.tcp_fast_open and node.tcp_fast_open == "true") and true or false
+		}
+		if local_socks_address and local_socks_port then
+			table.insert(config.locals, {
+				local_address = local_socks_address,
+				local_port = tonumber(local_socks_port),
+				mode = "tcp_and_udp"
+			})
+		end
+		if local_http_address and local_http_port then
+			table.insert(config.locals, {
+				protocol = "http",
+				local_address = local_http_address,
+				local_port = tonumber(local_http_port)
+			})
+		end
+	end
+	
+	return jsonc.stringify(config, 1)
+end
+
+_G.gen_config = gen_config
+
+if arg[1] then
+	local func =_G[arg[1]]
+	if func then
+		print(func(api.get_function_args(arg)))
+	end
+end

luci-app-passwall2/luasrc/passwall2/util_tuic.lua

@@ -0,0 +1,57 @@
+module("luci.passwall2.util_tuic", package.seeall)
+local api = require "luci.passwall2.api"
+local uci = api.uci
+local json = api.jsonc
+
+function gen_config(var)
+	local node_id = var["-node"]
+	if not node_id then
+		print("-node 不能为空")
+		return
+	end
+	local node = uci:get_all("passwall2", node_id)
+	local local_addr = var["-local_addr"]
+	local local_port = var["-local_port"]
+	local server_host = var["-server_host"] or node.address
+	local server_port = var["-server_port"] or node.port
+	local loglevel = var["-loglevel"] or "warn"
+
+	local tuic= {
+			relay = {
+				server = server_host .. ":" .. server_port,
+				ip = node.tuic_ip,
+				uuid = node.uuid,
+				password = node.tuic_password,
+				-- certificates = node.tuic_certificate and { node.tuic_certpath } or nil,
+				udp_relay_mode = node.tuic_udp_relay_mode,
+				congestion_control = node.tuic_congestion_control,
+				heartbeat = node.tuic_heartbeat .. "s",
+				timeout = node.tuic_timeout .. "s",
+				gc_interval = node.tuic_gc_interval .. "s",
+				gc_lifetime = node.tuic_gc_lifetime .. "s",
+				alpn = node.tuic_tls_alpn,
+				disable_sni = (node.tuic_disable_sni == "1"),
+				zero_rtt_handshake = (node.tuic_zero_rtt_handshake == "1"),
+				send_window = tonumber(node.tuic_send_window),
+				receive_window = tonumber(node.tuic_receive_window)
+			},
+			["local"] = {
+				server = "[::]:" .. local_port,
+				username = node.tuic_socks_username,
+				password = node.tuic_socks_password,
+				dual_stack = (node.tuic_dual_stack == "1") and true or false,
+				max_packet_size = tonumber(node.tuic_max_package_size)
+			},
+			log_level = loglevel
+	}
+	return json.stringify(tuic, 1)
+end
+
+_G.gen_config = gen_config
+
+if arg[1] then
+	local func =_G[arg[1]]
+	if func then
+		print(func(api.get_function_args(arg)))
+	end
+end

luci-app-passwall2/luasrc/view/passwall2/app_update/app_version.htm

@@ -0,0 +1,192 @@
+<%
+local api = require "luci.passwall2.api"
+local com = require "luci.passwall2.com"
+local version = {}
+-%>
+
+<script type="text/javascript">
+	//<![CDATA[
+	var appInfoList = new Array();
+	var inProgressCount = 0;
+	var tokenStr = '<%=token%>';
+	var checkUpdateText = '<%:Check update%>';
+	var noUpdateText = '<%:It is the latest version%>';
+	var updateSuccessText = '<%:Update successful%>';
+	var clickToUpdateText = '<%:Click to update%>';
+	var inProgressText = '<%:Updating...%>';
+	var unexpectedErrorText = '<%:Unexpected error%>';
+	var updateInProgressNotice = '<%:Updating, are you sure to close?%>';
+	var downloadingText = '<%:Downloading...%>';
+	var decompressioningText = '<%:Unpacking...%>';
+	var movingText = '<%:Moving...%>';
+
+	//window.onload = function () {};
+
+	function addPageNotice() {
+		if (inProgressCount === 0) {
+			window.onbeforeunload = function (e) {
+				e.returnValue = updateInProgressNotice;
+				return updateInProgressNotice;
+			};
+		}
+		inProgressCount++;
+	}
+
+	function removePageNotice() {
+		inProgressCount--;
+		if (inProgressCount === 0) {
+			window.onbeforeunload = undefined;
+		}
+	}
+
+	function onUpdateSuccess(btn) {
+		if (btn) {
+			btn.value = updateSuccessText;
+			btn.placeholder = updateSuccessText;
+			btn.disabled = true;
+		}
+
+		if (inProgressCount === 0) {
+			window.setTimeout(function () {
+				window.location.reload();
+			}, 1000);
+		}
+	}
+
+	function onRequestError(btn, errorMessage) {
+		btn.disabled = false;
+		btn.value = checkUpdateText;
+
+		var ckeckDetailElm = document.getElementById(btn.id + '-detail');
+		if (errorMessage && ckeckDetailElm) {
+			ckeckDetailElm.textContent = errorMessage
+		}
+	}
+
+	function onBtnClick(btn, app) {
+		if (appInfoList[app] === undefined) {
+			checkUpdate(btn, app);
+		} else {
+			doUpdate(btn, app);
+		}
+	}
+
+	function checkUpdate(btn, app) {
+		btn.disabled = true;
+		btn.value = inProgressText;
+
+		addPageNotice();
+
+		var ckeckDetailElm = document.getElementById(btn.id + '-detail');
+		if (ckeckDetailElm) {
+			ckeckDetailElm.textContent = "";
+		}
+		XHR.get('<%=api.url("check_")%>' + app, {
+			token: tokenStr,
+			arch: ''
+		}, function (x, json) {
+			removePageNotice();
+			if (json.code) {
+				appInfoList[app] = undefined;
+				onRequestError(btn, json.error);
+			} else {
+				if (json.has_update) {
+					appInfoList[app] = json;
+					btn.disabled = false;
+					btn.value = clickToUpdateText;
+					btn.placeholder = clickToUpdateText;
+
+					if (ckeckDetailElm) {
+						var urlNode = '';
+						if (json.remote_version) {
+							urlNode = '<em style="color:red;">' + json.remote_version + '</em>';
+							if (json.html_url) {
+								urlNode = '<a href="' + json.html_url + '" target="_blank">' + urlNode + '</a>';
+							}
+						}
+						ckeckDetailElm.innerHTML = urlNode;
+					}
+				} else {
+					btn.disabled = true;
+					btn.value = noUpdateText;
+				}
+			}
+		}, 300);
+	}
+
+	function doUpdate(btn, app) {
+		btn.disabled = true;
+		btn.value = downloadingText;
+
+		addPageNotice();
+
+		var appUpdateUrl = '<%=api.url("update_")%>' + app;
+		var appInfo = appInfoList[app];
+		// Download file
+		XHR.get(appUpdateUrl, {
+			token: tokenStr,
+			url: appInfo ? appInfo.data.browser_download_url : '',
+			size: appInfo ? appInfo.data.size / 1024 : null
+		}, function (x, json) {
+			if (json.code) {
+				removePageNotice();
+				onRequestError(btn, json.error);
+			} else if (json.zip) {
+				btn.value = decompressioningText;
+
+				// Extract file
+				XHR.get(appUpdateUrl, {
+					token: tokenStr,
+					task: 'extract',
+					file: json.file,
+					subfix: appInfo ? appInfo.type : ''
+				}, function (x, json) {
+					if (json.code) {
+						removePageNotice();
+						onRequestError(btn, json.error);
+					} else {
+						move(btn, appUpdateUrl, json.file);
+					}
+				}, 300)
+			} else {
+				move(btn, appUpdateUrl, json.file);
+			}
+		}, 300)
+	}
+
+	function move(btn, url, file) {
+		btn.value = movingText;
+
+		// Move file to target dir
+		XHR.get(url, {
+			token: tokenStr,
+			task: 'move',
+			file: file
+		}, function (x, json) {
+			removePageNotice();
+			if (json.code) {
+				onRequestError(btn, json.error);
+			} else {
+				onUpdateSuccess(btn);
+			}
+		}, 300)
+	}
+//]]>
+</script>
+
+<%for k, v in pairs(com) do
+	version[k] = api.get_app_version(k)%>
+<div class="cbi-value">
+	<label class="cbi-value-title"><%=v.name%>
+		<%:Version%>
+	</label>
+	<div class="cbi-value-field">
+		<div class="cbi-value-description">
+			<span>【 <%=version[k] ~="" and version[k] or translate("Null") %> 】</span>
+			<input class="btn cbi-button cbi-button-apply" type="button" id="_<%=k%>-check_btn"
+				onclick="onBtnClick(this,'<%=k%>');" value="<%:Check update%>" />
+			<span id="_<%=k%>-check_btn-detail"></span>
+		</div>
+	</div>
+</div>
+<%end%>

luci-app-passwall2/luasrc/view/passwall2/global/faq.htm

@@ -0,0 +1,74 @@
+<%
+local api = require "luci.passwall2.api"
+-%>
+<style>
+    .dns-con {
+      padding: 1rem;
+    }
+    .faq-title {
+      color: var(--primary);
+      font-weight: bolder;
+      margin-bottom: 0.5rem;
+      display: inline-block;
+    }
+    .reset-title {
+     color: var(--primary)；
+     font-weight: bolder;
+     margin-bottom: 0.3rem;
+     display: inline-block;
+     margin-top: 1.2rem;
+     text-decoration: underline;
+    }
+    .dns-item {
+     margin-bottom: 0.8rem;
+     line-height:1.2rem;
+    }
+    .dns-list {
+		text-indent:1rem;
+		line-height: 1.2rem;
+}
+</style>
+<div class="cbi-section cbi-tblsection dns-con">
+	<div id="faq_dns">
+		<ul>
+            <b class="faq-title"><%:DNS related issues:%></b>
+			<li class="dns-item">1. <span><%:Certain browsers such as Chrome have built-in DNS service, which may affect DNS resolution settings. You can go to 'Settings -> Privacy and security -> Use secure DNS' menu to turn it off.%></span></li>
+			<li class="dns-item">2. <span><%:If you are unable to access the internet after reboot, please try clearing the cache of your terminal devices (make sure to close all open browser application windows first, this step is especially important):%></span>
+			    <ul><li class="dns-list"> ◦ <span><%:For Windows systems, open Command Prompt and run the command 'ipconfig /flushdns'.%></span></li>
+			        <li class="dns-list"> ◦ <span><%:For Mac systems, open Terminal and run the command 'sudo killall -HUP mDNSResponder'.%></span></li>
+			        <li class="dns-list"> ◦ <span><%:For mobile devices, you can clear it by reconnecting to the network, such as toggling Airplane Mode and reconnecting to WiFi.%></span></li>
+			    </ul>
+			</li>
+			<li class="dns-item">3. <span><%:Please make sure your device's network settings point both the DNS server and default gateway to this router, to ensure DNS queries are properly routed.%></span></li>
+		</ul>
+	</div>
+	<div id="faq_reset"></div>
+</div>
+
+<script>
+	var origin = window.location.origin;
+	var reset_url = origin + "<%=api.url("reset_config")%>";
+	var hide_url = origin + "<%=api.url("hide")%>";
+	var show_url = origin + "<%=api.url("show")%>";
+	
+	function reset(url) {
+		if (confirm('<%:Are you sure to reset?%>') == true) {
+			window.location.href = reset_url;
+		}
+	}
+	
+	function hide(url) {
+		if (confirm('<%:Are you sure to hide?%>') == true) {
+			window.location.href = hide_url;
+		}
+	}
+	
+	var dom = document.getElementById("faq_reset");
+    if (dom) {
+		var li = "";
+		li += "<a href='#' class='reset-title' onclick='reset()'>" + "<%: Restore to default configuration:%>"+ "</a>" + "<br />" + " <%: Browser access: %>" + "<a href='#' onclick='reset()'>" + reset_url + "</a>" + "<br />";
+		li += "<a href='#' class='reset-title' onclick='hide()'>" + "<%: Hide in main menu:%>"+ "</a>" + "<br />" + "<%: Browser access: %>" + "<a href='#' onclick='hide()'>" + hide_url + "</a>" + "<br />";
+		li += "<a href='#' class='reset-title'>" + "<%: Show in main menu:%>"+ "</a>" + "<br />" +"<%: Browser access: %>" + "<a href='#'>" + show_url + "</a>" + "<br />";
+		dom.innerHTML = li;
+	}
+</script>

luci-app-passwall2/luasrc/view/passwall2/global/footer.htm

@@ -0,0 +1,142 @@
+<%
+local api = require "luci.passwall2.api"
+-%>
+<script type="text/javascript">
+	//<![CDATA[
+	function go() {
+		var _status = document.getElementsByClassName('_status');
+		for (var i = 0; i < _status.length; i++) {
+			var id = _status[i].getAttribute("socks_id");
+			XHR.get('<%=api.url("socks_status")%>', {
+					index: i,
+					id: id
+				},
+				function(x, result) {
+					var index = result.index;
+					var div = '';
+					var div1 = '<font style="font-weight:bold;" color="green">✓</font>&nbsp';
+					var div2 = '<font style="font-weight:bold;" color="red">X</font>&nbsp';
+					
+					if (result.socks_status) {
+						div += div1;
+					} else {
+						div += div2;
+					}
+					if (result.use_http) {
+						if (result.http_status) {
+							div += div1;
+						} else {
+							div += div2;
+						}
+					}
+					_status[index].innerHTML = div;
+				}
+			);
+		}
+		
+		var global_id = null;
+		var global = document.getElementById("cbi-passwall2-global");
+		if (global) {
+			var node = global.getElementsByClassName("cbi-section-node")[0];
+			var node_id = node.getAttribute("id");
+			global_id = node_id;
+			var reg1 = new RegExp("(?<=" + node_id + "-).*?(?=(node))")
+			for (var i = 0; i < node.childNodes.length; i++) {
+				if (node.childNodes[i].childNodes && node.childNodes[i].childNodes.length > 0) {
+					for (var k = 0; k < node.childNodes[i].childNodes.length; k++) {
+						try {
+							var dom = node.childNodes[i].childNodes[k];
+							if (dom.id) {
+								var s = dom.id.match(reg1);
+								if (s) {
+									var cbi_id = global_id + "-"
+									var dom_id = dom.id.split(cbi_id).join(cbi_id.split("-").join(".")).split("cbi.").join("cbid.")
+									var node_select = document.getElementsByName(dom_id)[0];
+									var node_select_value = node_select.value;
+									if (node_select_value && node_select_value != "nil" && node_select_value.indexOf("_default") != 0 && node_select_value.indexOf("_direct") != 0 && node_select_value.indexOf("_blackhole") != 0) {
+										if (node_select.tagName == "INPUT") {
+											node_select = document.getElementById("cbi.combobox." + dom_id);
+										}
+										
+										if (true) {
+											var to_url = "<%=api.url("node_config")%>/" + node_select_value;
+											if (node_select_value.indexOf("Socks_") == 0) {
+												to_url = "<%=api.url("socks_config")%>/" + node_select_value.substring("Socks_".length);
+											}
+											var new_a = document.createElement("a");
+											new_a.innerHTML = "<%:Edit%>";
+											new_a.href = "#";
+											new_a.setAttribute("onclick", "location.href='" + to_url + "'");
+											var new_html = new_a.outerHTML;
+										}
+										
+										if (s[0] == "") {
+											var log_a = document.createElement("a");
+											log_a.innerHTML = "<%:Log%>";
+											log_a.href = "#";
+											log_a.setAttribute("onclick", "window.open('" + '<%=api.url("get_redir_log")%>' + "?id=default&name=global" + "', '_blank')");
+											new_html += "&nbsp&nbsp" + log_a.outerHTML;
+										}
+										
+										node_select.insertAdjacentHTML("afterend", "&nbsp&nbsp" + new_html);
+									}
+								}
+							}
+						} catch(err) {
+						}
+					}
+				}
+			}
+		}
+		
+		var socks = document.getElementById("cbi-passwall2-socks");
+		if (socks) {
+			var socks_enabled_dom = document.getElementById(global_id + "-socks_enabled");
+			socks_enabled_dom.parentNode.removeChild(socks_enabled_dom);
+			var descr = socks.getElementsByClassName("cbi-section-descr")[0];
+			descr.outerHTML = socks_enabled_dom.outerHTML;
+			rows = socks.getElementsByClassName("cbi-section-table-row");
+			for (var i = 0; i < rows.length; i++) {
+				try {
+					var row = rows[i];
+					var id = row.id;
+					if (!id) continue;
+					var dom_id = id + "-node";
+					var node = document.getElementById(dom_id);
+					var dom_id = dom_id.replace("cbi-", "cbid-").replace(new RegExp("-", 'g'), ".");
+					var node_select = document.getElementsByName(dom_id)[0];
+					var node_select_value = node_select.value;
+					if (node_select_value && node_select_value != "nil") {
+						var v = document.getElementById(dom_id + "-" + node_select_value);
+						if (v) {
+							node_select.title = v.text;
+						} else {
+							node_select.title = node_select.options[node_select.options.selectedIndex].text;
+						}
+						
+
+						var new_html = ""
+
+						var new_a = document.createElement("a");
+						new_a.innerHTML = "<%:Edit%>";
+						new_a.href = "#";
+						new_a.setAttribute("onclick","location.href='" + '<%=api.url("node_config")%>' + "/" + node_select_value + "'");
+						new_html = new_a.outerHTML;
+
+						var log_a = document.createElement("a");
+						log_a.innerHTML = "<%:Log%>";
+						log_a.href = "#";
+						log_a.setAttribute("onclick", "window.open('" + '<%=api.url("get_socks_log")%>' + "?name=" + id.replace("cbi-passwall2-", "") + "', '_blank')");
+						new_html += "&nbsp" + log_a.outerHTML;
+
+						node_select.insertAdjacentHTML("afterend", "&nbsp&nbsp" + new_html);
+					}
+				} catch(err) {
+				}
+			}
+		}
+	}
+	setTimeout("go()", 1000);
+
+	//]]>
+</script>

luci-app-passwall2/luasrc/view/passwall2/haproxy/status.htm

@@ -0,0 +1,26 @@
+<%
+local api = require "luci.passwall2.api"
+local console_port = api.uci_get_type("global_haproxy", "console_port", "")
+-%>
+<p id="_status"></p>
+
+<script type="text/javascript">//<![CDATA[
+	XHR.poll(3, '<%=api.url("haproxy_status")%>', null,
+		function(x, result) {
+			if (x && x.status == 200) {
+				var _status = document.getElementById('_status');
+				if (_status) {
+					if (result) {
+						_status.innerHTML = '<input type="button" class="btn cbi-button cbi-button-apply" value="<%:Enter interface%>" onclick="openwebui()" />';
+					} else {
+						_status.innerHTML = '';
+					}
+				}
+			}
+		});
+
+	function openwebui(){
+		var url = window.location.hostname + ":<%=console_port%>";
+		window.open('http://' + url, 'target', '');
+	}
+//]]></script>

luci-app-passwall2/luasrc/view/passwall2/log/log.htm

@@ -0,0 +1,30 @@
+<%
+local api = require "luci.passwall2.api"
+-%>
+<script type="text/javascript">
+	//<![CDATA[
+	function clearlog(btn) {
+		XHR.get('<%=api.url("clear_log")%>', null,
+			function(x, data) {
+				if(x && x.status == 200) {
+					var log_textarea = document.getElementById('log_textarea');
+					log_textarea.innerHTML = "";
+					log_textarea.scrollTop = log_textarea.scrollHeight;
+				}
+			}
+		);
+	}
+	XHR.poll(5, '<%=api.url("get_log")%>', null,
+		function(x, data) {
+			if(x && x.status == 200) {
+				var log_textarea = document.getElementById('log_textarea');
+				log_textarea.innerHTML = x.responseText;
+			}
+		}
+	);
+	//]]>
+</script>
+<fieldset class="cbi-section" id="_log_fieldset">
+	<input class="btn cbi-button cbi-button-remove" type="button" onclick="clearlog()" value="<%:Clear logs%>" />
+	<textarea id="log_textarea" class="cbi-input-textarea" style="width: 100%;margin-top: 10px;" data-update="change" rows="40" wrap="off" readonly="readonly"></textarea>
+</fieldset>

luci-app-passwall2/luasrc/view/passwall2/node_list/link_add_node.htm

@@ -0,0 +1,110 @@
+<%
+local api = require "luci.passwall2.api"
+-%>
+
+<style>
+#add_link_div{
+	display: none;
+	width: auto;
+	position: absolute;
+	left:50%;
+	top:50%;
+	transform: translate(-50%, -50%);
+	z-index: 99;
+	text-align: center;
+	background: white;
+    box-shadow: darkgrey 10px 10px 30px 5px;
+	padding: 30px 15px;
+}
+</style>
+
+<script type="text/javascript">
+	//<![CDATA[
+	function ajax_add_node(link) {
+		if (link) {
+			XHR.get('<%=api.url("link_add_node")%>', {
+				'link': link
+			},
+			function(x, data) {
+				if(x && x.status == 200) {
+					window.location.href = '<%=api.url("node_list")%>';
+				}
+				else {
+					alert("<%:Error%>");
+				}
+			});
+		}
+	}
+	
+	function open_add_link_div() {
+		document.getElementById("add_link_div").style.display = "block";
+		document.getElementById("nodes_link").focus();
+	}
+	
+	function close_add_link_div() {
+		document.getElementById("add_link_div").style.display = "none";
+	}
+	
+	function add_node() {
+		var nodes_link = document.getElementById("nodes_link").value;
+		if (nodes_link.trim() != "") {
+			var s = nodes_link.split('://');
+			if (s.length > 1) {
+				ajax_add_node(nodes_link);
+			}
+			else {
+				alert("<%:Please enter the correct link.%>");
+			}
+		}
+		else {
+			document.getElementById("nodes_link").focus();
+		}
+	}
+	
+	function clear_all_nodes() {
+		if (confirm('<%:Are you sure to clear all nodes?%>') == true){
+			XHR.get('<%=api.url("clear_all_nodes")%>', null,
+			function(x, data) {
+				if(x && x.status == 200) {
+					window.location.href = '<%=api.url("node_list")%>';
+				}
+				else {
+					alert("<%:Error%>");
+				}
+			});
+		}
+	}
+	
+	//]]>
+</script>
+
+<div id="add_link_div">
+	<div class="cbi-value">
+		<label class="cbi-value-title"><%:Share Link%></label>
+		<div class="cbi-value-field">
+			<p><textarea id="nodes_link" rows="5" cols="50"></textarea></p>
+			<font color="red"><%:Not a subscription link!!!%></font>
+		</div>
+	</div>
+	<div class="cbi-value">
+		<div class="cbi-value-field" style="display: unset">
+			<input class="btn cbi-button cbi-button-add" type="button" onclick="add_node()" value="<%:Add%>" />
+			<input class="btn cbi-button cbi-button-remove" type="button" onclick="close_add_link_div()" value="<%:Close%>" />
+		</div>
+	</div>
+</div>
+
+<div class="cbi-value">
+	<label class="cbi-value-title"></label>
+	<div class="cbi-value-field">
+		<input class="btn cbi-button cbi-button-add" type="submit" name="cbi.cts.<%=api.appname%>.nodes." value="<%:Add%>" />
+		<input class="btn cbi-button cbi-button-add" type="button" onclick="open_add_link_div()" value="<%:Add the node via the link%>" />
+		<input class="btn cbi-button cbi-button-remove" type="button" onclick="clear_all_nodes()" value="<%:Clear all nodes%>" />
+		<input class="btn cbi-button cbi-button-remove" type="button" onclick="delete_select_nodes()" value="<%:Delete select nodes%>" />
+		<input class="btn cbi-button" type="button" onclick="checked_all_node(this)" value="<%:Select all%>" />
+		<input class="btn cbi-button cbi-button-apply" type="submit" name="cbi.apply" value="<%:Save & Apply%>" />
+		<input class="btn cbi-button cbi-button-save" type="submit" name="cbi.save" value="<%:Save%>" />
+		<input class="btn cbi-button cbi-button-reset" type="button" value="<%:Reset%>" onclick="location.href='<%=REQUEST_URI%>'" />
+		<div id="div_node_count"></div>
+	</div>
+</div>

luci-app-passwall2/luasrc/view/passwall2/node_list/link_share_man.htm

@@ -0,0 +1,940 @@
+<%+cbi/valueheader%>
+<%
+local api = require "luci.passwall2.api"
+-%>
+<script src="<%=resource%>/qrcode.min.js"></script>
+<script type="text/javascript">//<![CDATA[
+	let has_singbox = "<%=api.finded_com("singbox")%>"
+	let has_xray = "<%=api.finded_com("xray")%>"
+	let has_hysteria2 = "<%=api.finded_com("hysteria")%>"
+	
+	function padright(str, cnt, pad) {
+		return str + Array(cnt + 1).join(pad);
+	}
+
+	function b64EncodeUnicode(str) {
+		return btoa(encodeURIComponent(str).replace(/%([0-9A-F]{2})/g, function (match, p1) {
+			return String.fromCharCode('0x' + p1);
+		}));
+	}
+
+	function b64encutf8safe(str) {
+		return b64EncodeUnicode(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, '');
+	}
+
+	function b64DecodeUnicode(str) {
+		return decodeURIComponent(Array.prototype.map.call(atob(str), function (c) {
+			return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
+		}).join(''));
+	}
+
+	function b64decutf8safe(str) {
+		var l;
+		str = str.replace(/-/g, "+").replace(/_/g, "/");
+		l = str.length;
+		l = (4 - l % 4) % 4;
+		if (l)
+			str = padright(str, l, "=");
+		return b64DecodeUnicode(str);
+	}
+
+	function b64encsafe(str) {
+		return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, '')
+	}
+
+	function b64decsafe(str) {
+		var l;
+		str = str.replace(/-/g, "+").replace(/_/g, "/");
+		l = str.length;
+		l = (4 - l % 4) % 4;
+		if (l)
+			str = padright(str, l, "=");
+		return atob(str);
+	}
+
+	function dictvalue(d, key) {
+		var v = d[key];
+		if (typeof (v) === 'undefined' || v === '')
+			return '';
+		return b64decsafe(v);
+	}
+
+	function parseNodeUrl(url) {
+		let protocol = url.substring(0, url.indexOf("://")) + ":"
+		let str = "http" + url.substring(url.indexOf("://"))
+		const parsedUrl = new URL(str);
+		var r = {
+			hash: parsedUrl.hash, // #asd
+			host: parsedUrl.host, // localhost:257
+			hostname: parsedUrl.hostname, // localhost
+			port: parsedUrl.port, // 257
+			search: parsedUrl.search, // ?asd=asd
+			passwd: parsedUrl.username || parsedUrl.password // username
+		};
+		return r;
+	}
+	
+	function genQrcode(btn, urlname, sid) {
+		var qrcode_div = document.getElementById("qrcode_div");
+		qrcode_div.style.display = null;
+		document.getElementById("qrcode").innerHTML = "";
+		var url = buildUrl(btn, urlname, sid);
+		if (url) {
+			var qrcode = new QRCode(document.getElementById("qrcode"), {
+				width: 150,
+				height: 150
+			});
+			qrcode.makeCode(url);
+		}
+	}
+
+	function buildUrl(btn, urlname, sid) {
+		var opt = {
+			base: "cbid.passwall2",
+			client: true,
+			get: function (opt) {
+				var id = this.base + "." + opt;
+				var obj = document.getElementsByName(id)[0] || document.getElementsByClassName(id)[0] || document.getElementById(id)
+				if (obj) {
+					return obj;
+				} else {
+					return null;
+				}
+			},
+			getlist: function (opt) {
+				var id = this.base + "." + opt;
+				var objs = document.getElementsByName(id) || document.getElementsByClassName(id);
+				var ret = [];
+				if (objs) {
+					for (var i = 0; i < objs.length; i++) {
+						ret[i] = objs[i].value;
+					}
+				} else {
+					alert("<%:Faltal on get option, please help in debug: %>" + opt);
+				}
+				return ret;
+			},
+			query: function (param, src, default_value) {
+				var obj = this.get(src);
+				if (obj) {
+					var ret = "&" + param + "=";
+					if (obj.type === "checkbox") {
+						return ret + (obj.checked === true ? "1" : "0");
+					} else {
+						var result = encodeURIComponent(obj.value);
+						if (result == null || result.trim() == "") {
+							if (default_value) {
+								return ret + default_value;
+							}
+							return "";
+						} else {
+							return ret + result;
+						}
+					}
+				}
+				return "";
+			}
+		}
+		opt.base = "cbid." + urlname + "." + sid;
+		opt.client = urlname.indexOf("server") === -1;
+		var v_type = opt.get("type").value;
+		var v_alias = opt.get("remarks");
+
+		var dom_prefix = null
+		var protocol = ""
+		if (v_type === "SS") {
+			dom_prefix = "ss_"
+			protocol = "ss"
+		} else if (v_type === "SS-Rust") {
+			dom_prefix = "ssrust_"
+			protocol = "ss"
+		} else if (v_type === "SSR") {
+			dom_prefix = "ssr_"
+			protocol = "ssr"
+		} else if (v_type === "Hysteria2") {
+			dom_prefix = "hysteria2_"
+			protocol = "hysteria2"
+		} else if (v_type === "Xray") {
+			dom_prefix = "xray_"
+		} else if (v_type === "sing-box") {
+			dom_prefix = "singbox_"
+		}
+		var _address = ""
+		if (dom_prefix && dom_prefix != null) {
+			try {
+				var v_server = opt.get(dom_prefix + "address");
+				const ipv6Regex = /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/;
+				if (ipv6Regex.test(v_server.value)) {
+					_address = "[" + v_server.value + "]"
+				} else {
+					_address = v_server.value
+				}
+			} catch (e) {
+			}
+		}
+		var url = null;
+		if (v_type === "SS" || v_type === "SS-Rust" || ((v_type === "sing-box" || v_type === "Xray") && opt.get(dom_prefix + "protocol").value === "shadowsocks")) {
+			protocol = "ss"
+			var v_port = opt.get(dom_prefix + "port");
+			var v_method = opt.get(dom_prefix + "method") || opt.get(dom_prefix + "ss_method");
+			var v_password = opt.get(dom_prefix + "password");
+
+			url = b64encsafe(v_method.value + ":" + v_password.value) + "@" +
+				_address + ":" +
+				v_port.value + "/?";
+
+			var params = "";
+			var v_plugin_dom = opt.get(dom_prefix + "plugin");
+			if (v_plugin_dom) {
+				var v_plugin = v_plugin_dom.value;
+				if (v_plugin && v_plugin != "none") {
+					if (v_plugin == "simple-obfs" || v_plugin == "obfs-local") {
+						v_plugin = "obfs-local";
+					}
+					var v_plugin_opts = opt.get(dom_prefix + "plugin_opts").value;
+					if (v_plugin_opts && v_plugin_opts != "") {
+						v_plugin += ";" + v_plugin_opts;
+					}
+					params += "&plugin=" + encodeURIComponent(v_plugin);
+				}
+			}
+			params += "&group="
+			params += "#" + encodeURIComponent(v_alias.value);
+			if (params[0] == "&") {
+				params = params.substring(1);
+			}
+			url += params;
+		} else if (v_type === "SSR") {
+			var v_port = opt.get(dom_prefix + "port");
+			var v_protocol = opt.get(dom_prefix + "protocol");
+			var v_method = opt.get(dom_prefix + "method");
+			var v_obfs = opt.get(dom_prefix + "obfs");
+			var v_password = opt.get(dom_prefix + "password");
+			var v_obfs_param = opt.get(dom_prefix + "obfs_param");
+			var v_protocol_param = opt.get(dom_prefix + "protocol_param");
+			var ssr_str = _address + ":" +
+				v_port.value + ":" +
+				v_protocol.value + ":" +
+				v_method.value + ":" +
+				v_obfs.value + ":" +
+				b64encsafe(v_password.value) +
+				"/?obfsparam=" + b64encsafe(v_obfs_param.value) +
+				"&protoparam=" + b64encsafe(v_protocol_param.value) +
+				"&remarks=" + b64encutf8safe(v_alias.value);
+			url = b64encsafe(ssr_str);
+		} else if ((v_type === "sing-box" || v_type === "Xray") && opt.get(dom_prefix + "protocol").value === "vmess") {
+			protocol = "vmess";
+			var info = {};
+			info.v = "2";
+			info.ps = v_alias.value;
+			info.add = opt.get(dom_prefix + "address").value;
+			//info.add = _address;
+			info.port = opt.get(dom_prefix + "port").value;
+			info.id = opt.get(dom_prefix + "uuid").value;
+
+			var v_transport = opt.get(dom_prefix + "transport").value;
+			if (v_transport === "ws") {
+				info.host = opt.get(dom_prefix + "ws_host").value;
+				info.path = opt.get(dom_prefix + "ws_path").value;
+				if (v_type == "sing-box" && opt.get(dom_prefix + "ws_enableEarlyData").checked) {
+					var ws_maxEarlyData = opt.get(dom_prefix + "ws_maxEarlyData").value;
+					info.path = info.path + "?ed=" + ws_maxEarlyData;
+				}
+			} else if (v_transport === "h2") {
+				info.host = opt.get(dom_prefix + "h2_host").value;
+				info.path = opt.get(dom_prefix + "h2_path").value;
+			} else if (v_transport === "tcp") {
+				info.type = opt.get(dom_prefix + "tcp_guise").value;
+				if (info.type === "http") {
+					info.host = opt.get(dom_prefix + "tcp_guise_http_host").value;
+					info.path = opt.get(dom_prefix + "tcp_guise_http_path").value;
+				}
+			} else if (v_transport === "mkcp") {
+				v_transport = "kcp";
+				info.type = opt.get(dom_prefix + "mkcp_guise").value;
+			} else if (v_transport === "quic") {
+				info.type = opt.get(dom_prefix + "quic_guise").value;
+				info.key = opt.get(dom_prefix + "quic_key").value;
+				info.securty = opt.get(dom_prefix + "quic_security").value;
+			} else if (v_transport === "grpc") {
+				info.path = opt.get(dom_prefix + "grpc_serviceName").value;
+			}
+			if (info.path && info.path != "") {
+				info.path = encodeURI(info.path);
+			}
+			info.net = v_transport;
+
+			info.security = opt.get(dom_prefix + "security").value || "auto";
+			if (opt.get(dom_prefix + "tls").checked) {
+				var v_security = "tls";
+				info.tls = "tls";
+				info.sni = opt.get(dom_prefix + "tls_serverName").value;
+			}
+			url = b64EncodeUnicode(JSON.stringify(info));
+		} else if ((v_type === "sing-box" || v_type === "Xray") && opt.get(dom_prefix + "protocol").value === "vless") {
+			protocol = "vless";
+			var v_password = opt.get(dom_prefix + "uuid");
+			var v_port = opt.get(dom_prefix + "port");
+			url = encodeURIComponent(v_password.value) +
+				"@" + _address +
+				":" + v_port.value + "?";
+
+			var params = "";
+			var v_transport = opt.get(dom_prefix + "transport").value;
+			if (v_transport === "ws") {
+				params += opt.query("host", dom_prefix + "ws_host");
+				params += opt.query("path", dom_prefix + "ws_path");
+				if (v_type == "sing-box" && opt.get(dom_prefix + "ws_enableEarlyData").checked) {
+					var ws_maxEarlyData = opt.get(dom_prefix + "ws_maxEarlyData").value;
+					params += "?ed=" + ws_maxEarlyData;
+				}
+			} else if (v_transport === "h2") {
+				v_transport = "http";
+				params += opt.query("host", dom_prefix + "h2_host");
+				params += opt.query("path", dom_prefix + "h2_path");
+			} else if (v_transport === "tcp") {
+				params += opt.query("headerType", dom_prefix + "tcp_guise");
+				params += opt.query("host", dom_prefix + "tcp_guise_http_host");
+				params += opt.query("path", dom_prefix + "tcp_guise_http_path");
+			} else if (v_transport === "mkcp") {
+				v_transport = "kcp";
+				params += opt.query("headerType", dom_prefix + "mkcp_guise");
+			} else if (v_transport === "quic") {
+				params += opt.query("headerType", dom_prefix + "quic_guise");
+				params += opt.query("key", dom_prefix + "quic_key");
+				params += opt.query("quicSecurity", dom_prefix + "quic_security");
+			} else if (v_transport === "grpc") {
+				params += opt.query("path", dom_prefix + "grpc_serviceName");
+				params += opt.query("serviceName", dom_prefix + "grpc_serviceName");
+				params += opt.query("mode", dom_prefix + "grpc_mode");
+			}
+			params += "&type=" + v_transport;
+
+			params += opt.query("encryption", dom_prefix + "encryption");
+
+			if (opt.get(dom_prefix + "tls").checked) {
+				var v_security = "tls";
+				if (opt.get(dom_prefix + "fingerprint") && opt.get(dom_prefix + "fingerprint").value != "") {
+					let v_fp = opt.get(dom_prefix + "fingerprint").value;
+					params += "&fp=" + v_fp;
+				}
+				if (opt.get(dom_prefix + "reality") && opt.get(dom_prefix + "reality").checked) {
+					v_security = "reality";
+					params += opt.query("pbk", dom_prefix + "reality_publicKey");
+					params += opt.query("sid", dom_prefix + "reality_shortId");
+					params += opt.query("spx", dom_prefix + "reality_spiderX");
+				}
+				if (opt.get(dom_prefix + "flow") && opt.get(dom_prefix + "flow").value) {
+					let v_flow = opt.get(dom_prefix + "flow").value;
+					params += "&flow=" + v_flow;
+				}
+				params += "&security=" + v_security;
+				params += opt.query("sni", dom_prefix + "tls_serverName");
+			}
+
+			params += "#" + encodeURI(v_alias.value);
+			if (params[0] == "&") {
+				params = params.substring(1);
+			}
+			url += params;
+		} else if ((v_type === "sing-box" || v_type === "Xray") && opt.get(dom_prefix + "protocol").value === "trojan") {
+			protocol = "trojan";
+			var v_password = opt.get(dom_prefix + "password");
+			var v_port = opt.get(dom_prefix + "port");
+			url = encodeURIComponent(v_password.value) +
+				"@" + _address +
+				":" + v_port.value + "/?";
+			var params = "";
+			if (opt.get(dom_prefix + "tls").checked) {
+				params += opt.query("sni", dom_prefix + "tls_serverName");
+				params += "&tls=1"
+				params += opt.query("allowinsecure", dom_prefix + "tls_allowInsecure");
+			}
+			params += "#" + encodeURI(v_alias.value);
+			if (params[0] == "&") {
+				params = params.substring(1);
+			}
+			url += params;
+		} else if ((v_type === "Hysteria2") || (v_type === "sing-box" && opt.get(dom_prefix + "protocol").value === "hysteria2")) {
+			protocol = "hysteria2";
+			var v_port = opt.get(dom_prefix + "port");
+			var params = "";
+			params += opt.query("sni", dom_prefix + "tls_serverName");
+			params += opt.query("insecure", dom_prefix + "tls_allowInsecure");
+			
+			var v_password = null;
+			params += opt.query("obfs", "salamander");
+			if (v_type === "Hysteria2") {
+				v_password = opt.get("hysteria2_auth_password");
+				params += opt.query("obfs-password", "hysteria2_obfs");
+				params += opt.query("pinSHA256", "hysteria2_tls_pinSHA256");
+			} else {
+				v_password = opt.get(dom_prefix + "hysteria2_auth_password");
+				params += opt.query("obfs-password", dom_prefix + "hysteria2_obfs_password");
+			}
+			url =
+				_address + ":" +
+				v_port.value + "?" +
+				params +
+				"#" + encodeURI(v_alias.value);
+			if (v_password) {
+				url = encodeURIComponent(v_password.value) + "@" + url
+			}
+		}
+		if (url) {
+			url = protocol.toLowerCase() + "://" + url;
+			return url;
+		} else {
+			alert("<%:Not a supported scheme:%> " + v_type);
+		}
+		return false;
+	}
+	
+	function exportUrl(btn, urlname, sid) {
+		var url = buildUrl(btn, urlname, sid);
+		if (url) {
+			var textarea = document.createElement("textarea");
+			textarea.textContent = url;
+			textarea.style.position = "fixed";
+			document.body.appendChild(textarea);
+			textarea.select();
+			try {
+				var s = document.getElementById(urlname + "-status");
+				if (!s) {
+					alert("Never");
+					return false;
+				}
+				document.execCommand("copy"); // Security exception may be thrown by some browsers.
+				s.innerHTML = "<font color='green'><%:Share URL to clipboard successfully.%></font>";
+			} catch (ex) {
+				s.innerHTML = "<font color='red'><%:Share URL to clipboard unable.%></font>";
+			} finally {
+				document.body.removeChild(textarea);
+			}
+		}
+	}
+
+	function fromUrl(btn, urlname, sid) {
+		var opt = {
+			base: 'cbid.passwall2',
+			client: true,
+			get: function (opt) {
+				var obj;
+				var id = this.base + '.' + opt;
+				obj = document.getElementsByName(id)[0] || document.getElementById(id);
+				if (obj) {
+					var combobox = document.getElementById('cbi.combobox.' + id);
+					if (combobox) {
+						obj.combobox = combobox;
+					}
+					var div = document.getElementById(id);
+					if (div && div.getElementsByTagName("li").length > 0) {
+						obj = div;
+					}
+					return obj;
+				} else {
+					return null;
+				}
+			},
+			set: function (opt, val) {
+				var obj;
+				obj = this.get(opt);
+				if (obj) {
+					var event = document.createEvent("HTMLEvents");
+					event.initEvent("change", true, true);
+					if (obj.type === 'checkbox') {
+						obj.checked = val;
+					} else {
+						obj.value = val;
+						if (obj.combobox) {
+							obj.combobox.value = val;
+						}
+
+						var list = obj.getElementsByTagName("li");
+						if (list.length > 0) {
+							for (var i = 0; i < list.length; i++) {
+								var li = list[i];
+								var data = li.getAttribute("data-value");
+								li.removeAttribute("selected");
+								li.removeAttribute("display");
+								if (data && data == val) {
+									li.setAttribute("selected", true);
+									li.setAttribute("display", "0");
+								}
+							}
+							var input = document.getElementsByName(obj.id)[0];
+							if (input) {
+								input.value = val;
+							} else {
+								var input = document.createElement("input");
+								input.setAttribute("type", "hidden");
+								input.setAttribute("name", obj.id);
+								input.setAttribute("value", val);
+								obj.appendChild(input);
+							}
+						}
+					}
+					try {
+						obj.dispatchEvent(event);
+					} catch (err) {
+					}
+				} else {
+					//alert('<%:Faltal on set option, please help in debug: %>' + opt + ' = ' + val);
+				}
+			},
+			setlist: function (opt, vlist) {
+				var id = this.base + "." + opt;
+				var objs = document.getElementsByName(id) || document.getElementsByClassName(id);
+				if (objs) {
+					var values = "";
+					for (var i = 0; i < vlist.length; i++) {
+						values += vlist[i] + ", ";
+					}
+					alert("Manually input the option:\n" + opt + "s:\n[" + values + "]");
+				} else {
+					//alert("<%:Faltal on set option, please help in debug: %>" + opt);
+				}
+			}
+		}
+
+		var s = document.getElementById(urlname + '-status');
+		if (!s) {
+			alert("Never");
+			return false;
+		}
+		opt.base = "cbid." + urlname + "." + sid;
+		opt.client = urlname.indexOf("server") === -1;
+		var ssrurl = prompt('<%:Paste Share URL Here%>', '');
+		if (ssrurl === null || ssrurl === "") {
+			return false;
+		}
+		s.innerHTML = "";
+		var ssu = ssrurl.split('://');
+		var event = document.createEvent("HTMLEvents");
+		event.initEvent("change", true, true);
+
+		var dom_prefix = null
+
+		if (ssu[0] === "ssr") {
+			dom_prefix = "ssr_"
+			//var b64c = ssu[1].match(/([A-Za-z0-9_-]+)/);
+			var sstr = b64decsafe(ssu[1]);
+			var ploc = sstr.indexOf("/?");
+			var url0 = "", param = "";
+			if (ploc > 0) {
+				url0 = sstr.substr(0, ploc);
+				param = sstr.substr(ploc + 2);
+			} else {
+				var url0 = sstr;
+			}
+			var ssm = url0.match(/^(.+):([^:]+):([^:]*):([^:]+):([^:]*):([^:]+)/);
+			if (!ssm || ssm.length < 7) {
+				s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>";
+				return false;
+			}
+			var pdict = {};
+			if (param.length > 2) {
+				var a = param.split('&');
+				for (var i = 0; i < a.length; i++) {
+					var b = a[i].split('=');
+					pdict[decodeURIComponent(b[0])] = decodeURIComponent(b[1] || '');
+				}
+			}
+			opt.set('type', "SSR");
+			opt.set(dom_prefix + 'address', ssm[1]);
+			opt.set(dom_prefix + 'port', ssm[2]);
+			opt.set(dom_prefix + 'protocol', ssm[3]);
+			opt.set(dom_prefix + 'method', ssm[4]);
+			opt.set(dom_prefix + 'obfs', ssm[5]);
+			opt.set(dom_prefix + 'password', b64decsafe(ssm[6]));
+			opt.set(dom_prefix + 'obfs_param', dictvalue(pdict, 'obfsparam'));
+			opt.set(dom_prefix + 'protocol_param', dictvalue(pdict, 'protoparam'));
+			var rem = pdict['remarks'];
+			if (typeof (rem) !== 'undefined' && rem !== '' && rem.length > 0)
+				opt.set('remarks', b64decutf8safe(rem));
+		}
+		if (ssu[0] === "ss") {
+			dom_prefix = "ss_"
+			var url0 = "", param = "";
+			var sipIndex = ssu[1].indexOf("@");
+			var ploc = ssu[1].indexOf("#");
+			if (ploc > 0) {
+				url0 = ssu[1].substr(0, ploc);
+				param = ssu[1].substr(ploc + 1);
+			} else {
+				url0 = ssu[1];
+			}
+			if (sipIndex !== -1) {
+				// SIP002
+				var userInfo = b64decsafe(url0.substr(0, sipIndex));
+				var temp = url0.substr(sipIndex + 1).split("/?");
+				var serverInfo = temp[0].split(":");
+				var server = serverInfo[0];
+				var port = serverInfo[1];
+				var method, password, plugin, pluginOpts;
+				if (temp[1]) {
+					var pluginInfo = decodeURIComponent(temp[1]);
+					var pluginIndex = pluginInfo.indexOf(";");
+					var pluginNameInfo = pluginInfo.substr(0, pluginIndex);
+					plugin = pluginNameInfo.substr(pluginNameInfo.indexOf("=") + 1)
+					pluginOpts = pluginInfo.substr(pluginIndex + 1).split("&")[0];
+				}
+				var userInfoSplitIndex = userInfo.indexOf(":");
+				if (userInfoSplitIndex !== -1) {
+					method = userInfo.substr(0, userInfoSplitIndex);
+					password = userInfo.substr(userInfoSplitIndex + 1);
+				}
+				if (has_singbox) {
+					dom_prefix = "singbox_"
+					opt.set('type', "sing-box");
+					opt.set(dom_prefix + 'protocol', "shadowsocks");
+				} else if (has_xray) {
+					dom_prefix = "xray_"
+					opt.set('type', "Xray");
+					opt.set(dom_prefix + 'protocol', "shadowsocks");
+				} else {
+					if (["2022-blake3-aes-128-gcm", "2022-blake3-aes-256-gcm", "2022-blake3-chacha20-poly1305"].includes(method)) {
+						dom_prefix = "ssrust_"
+						opt.set('type', "SS-Rust");
+					} else {
+						dom_prefix = "ss_"
+						opt.set('type', "SS");
+					}
+				}
+				opt.set(dom_prefix + 'address', server);
+				opt.set(dom_prefix + 'port', port);
+				opt.set(dom_prefix + 'password', password || "");
+				opt.set(dom_prefix + 'method', method || "");
+				opt.set(dom_prefix + 'plugin', plugin || "none");
+				if (plugin && plugin != "none") {
+					opt.set(dom_prefix + 'plugin_opts', pluginOpts || "");
+				}
+				if (param !== undefined) {
+					opt.set('remarks', decodeURI(param));
+				}
+			} else {
+				var sstr = b64decsafe(url0);
+				var team = sstr.split('@');
+				var part1 = team[0].split(':');
+				var part2 = team[1].split(':');
+				
+				if (has_singbox) {
+					dom_prefix = "singbox_"
+					opt.set('type', "sing-box");
+					opt.set(dom_prefix + 'protocol', "shadowsocks");
+				} else if (has_xray) {
+					dom_prefix = "xray_"
+					opt.set('type', "Xray");
+					opt.set(dom_prefix + 'protocol', "shadowsocks");
+				} else {
+					dom_prefix = "ss_"
+					opt.set('type', "SS");
+				}
+				
+				opt.set(dom_prefix + 'address', part2[0]);
+				opt.set(dom_prefix + 'port', part2[1]);
+				opt.set(dom_prefix + 'password', part1[1]);
+				opt.set(dom_prefix + 'method', part1[0]);
+				opt.set(dom_prefix + 'plugin', "none");
+				//opt.set(dom_prefix + 'plugin_opts', "");
+				if (param !== undefined) {
+					opt.set('remarks', decodeURI(param));
+				}
+			}
+		}
+		if (ssu[0] === "trojan") {
+			var m = parseNodeUrl(ssrurl);
+			var password = m.passwd;
+			if (password === "") {
+				s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>";
+				return false;
+			}
+			var queryParam = {};
+			if (m.search.length > 1) {
+				var query = m.search.split('?');
+				var queryParams = query[1];
+				var queryArray = queryParams.split('&');
+				var params;
+				for (i = 0; i < queryArray.length; i++) {
+					params = queryArray[i].split('=');
+					queryParam[decodeURIComponent(params[0]).toLowerCase()] = decodeURIComponent(params[1] || '');
+				}
+			}
+			if (has_singbox) {
+				dom_prefix = "singbox_"
+				opt.set('type', "sing-box");
+			} else if (has_xray) {
+				dom_prefix = "xray_"
+				opt.set('type', "Xray");
+			}
+			opt.set(dom_prefix + 'protocol', "trojan");
+			opt.set(dom_prefix + 'address', m.hostname);
+			opt.set(dom_prefix + 'port', m.port || "443");
+			opt.set(dom_prefix + 'password', decodeURIComponent(password));
+			opt.set(dom_prefix + 'tls', queryParam.tls === "1");
+			opt.set(dom_prefix + 'tls_serverName', queryParam.peer || queryParam.sni || '');
+			opt.set(dom_prefix + 'tls_allowInsecure', queryParam.allowinsecure === '1');
+			opt.set(dom_prefix + 'mux', queryParam.mux === '1');
+			if (m.hash) {
+				opt.set('remarks', decodeURI(m.hash.substr(1)));
+			}
+		}
+		if (ssu[0] === "vmess") {
+			var sstr = b64DecodeUnicode(ssu[1]);
+			var ploc = sstr.indexOf("/?");
+			if (has_singbox) {
+				dom_prefix = "singbox_"
+				opt.set('type', "sing-box");
+			}
+			if (has_xray) {
+				dom_prefix = "xray_"
+				opt.set('type', "Xray");
+			}
+			opt.set(dom_prefix + 'protocol', "vmess");
+			var url0, param = "";
+			if (ploc > 0) {
+				url0 = sstr.substr(0, ploc);
+				param = sstr.substr(ploc + 2);
+			}
+			var ssm = JSON.parse(sstr);
+			opt.set('remarks', ssm.ps);
+			opt.set(dom_prefix + 'address', ssm.add);
+			opt.set(dom_prefix + 'port', ssm.port);
+			opt.set(dom_prefix + 'uuid', ssm.id);
+			opt.set(dom_prefix + 'tls', ssm.tls === "tls");
+			if (ssm.tls === "tls") {
+				var tls_serverName = ssm.host;
+				if (ssm.sni) {
+					tls_serverName = ssm.sni
+				}
+				opt.set(dom_prefix + 'tls_serverName', tls_serverName);
+			}
+			ssm.net = ssm.net.toLowerCase();
+			if (ssm.net === "kcp" || ssm.net === "mkcp")
+				ssm.net = "mkcp"
+			opt.set(dom_prefix + 'transport', ssm.net);
+			if (ssm.net === "tcp") {
+				opt.set(dom_prefix + 'tcp_guise', (ssm.host && ssm.path) ? "http" : "none");
+				if (ssm.host && ssm.path) {
+					opt.set(dom_prefix + 'tcp_guise_http_host', ssm.host);
+					opt.set(dom_prefix + 'tcp_guise_http_path', ssm.path);
+				}
+			} else if (ssm.net === "ws") {
+				opt.set(dom_prefix + 'ws_host', ssm.host);
+				opt.set(dom_prefix + 'ws_path', ssm.path);
+				if (dom_prefix == "singbox_" && ssm.path && ssm.path.length > 1) {
+					var ws_path_params = {};
+					var ws_path_dat = ssm.path.split('?');
+					var ws_path = ws_path_dat[0];
+					var ws_path_params = {};
+					var ws_path_params_array = ws_path_dat[1].split('&');
+					for (i = 0; i < ws_path_params_array.length; i++) {
+						var kv = ws_path_params_array[i].split('=');
+						ws_path_params[decodeURIComponent(kv[0]).toLowerCase()] = decodeURIComponent(kv[1] || '');
+					}
+					
+					if (ws_path_params.ed) {
+						opt.set(dom_prefix + 'ws_path', ws_path);
+						opt.set(dom_prefix + 'ws_enableEarlyData', true);
+						opt.set(dom_prefix + 'ws_maxEarlyData', ws_path_params.ed);
+						opt.set(dom_prefix + 'ws_earlyDataHeaderName', 'Sec-WebSocket-Protocol');
+					}
+				}
+			} else if (ssm.net === "h2") {
+				opt.set(dom_prefix + 'h2_host', ssm.host);
+				opt.set(dom_prefix + 'h2_path', ssm.path);
+			} else if (ssm.net === "quic") {
+				opt.set(dom_prefix + 'quic_security', ssm.securty);
+				opt.set(dom_prefix + 'quic_key', ssm.key);
+			} else if (ssm.net === "kcp" || ssm.net === "mkcp") {
+				opt.set(dom_prefix + 'mkcp_guise', ssm.type);
+			} else if (ssm.net === "grpc") {
+				opt.set(dom_prefix + 'grpc_serviceName', ssm.path);
+			}
+		}
+		if (ssu[0] === "vless") {
+			if (has_singbox) {
+				dom_prefix = "singbox_"
+				opt.set('type', "sing-box");
+			}
+			if (has_xray) {
+				dom_prefix = "xray_"
+				opt.set('type', "Xray");
+			}
+			opt.set(dom_prefix + 'protocol', "vless");
+			var m = parseNodeUrl(ssrurl);
+			var password = m.passwd;
+			if (password === "") {
+				s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>";
+				return false;
+			}
+			opt.set(dom_prefix + 'uuid', password);
+			opt.set(dom_prefix + 'address', m.hostname);
+			opt.set(dom_prefix + 'port', m.port || "443");
+			var queryParam = {};
+			if (m.search.length > 1) {
+				var query = m.search.split('?');
+				var queryParams = query[1];
+				var queryArray = queryParams.split('&');
+				var params;
+				for (i = 0; i < queryArray.length; i++) {
+					params = queryArray[i].split('=');
+					queryParam[decodeURIComponent(params[0])] = decodeURIComponent(params[1] || '');
+				}
+			}
+
+			opt.set(dom_prefix + 'encryption', queryParam.encryption);
+			if (queryParam.security) {
+				if (queryParam.security == "tls") {
+					opt.set(dom_prefix + 'tls', true);
+					opt.set(dom_prefix + 'reality', false)
+					opt.set(dom_prefix + 'flow', queryParam.flow || '');
+					opt.set(dom_prefix + 'tls_serverName', queryParam.sni || '');
+					opt.set(dom_prefix + 'tls_allowInsecure', true);
+					if (queryParam.allowinsecure === '0') {
+						opt.set(dom_prefix + 'tls_allowInsecure', false);
+					}
+					if (queryParam.fp && queryParam.fp.trim() != "") {
+						opt.set(dom_prefix + 'fingerprint', queryParam.fp);
+					}
+				}
+
+				if (queryParam.security == "reality") {
+					opt.set(dom_prefix + 'tls', true);
+					opt.set(dom_prefix + 'reality', true)
+					opt.set(dom_prefix + 'flow', queryParam.flow || '');
+					opt.set(dom_prefix + 'tls_serverName', queryParam.sni || '');
+					if (queryParam.fp && queryParam.fp.trim() != "") {
+						opt.set(dom_prefix + 'fingerprint', queryParam.fp);
+					}
+					opt.set(dom_prefix + 'reality_publicKey', queryParam.pbk || '');
+					opt.set(dom_prefix + 'reality_shortId', queryParam.sid || '');
+					opt.set(dom_prefix + 'reality_spiderX', queryParam.spx || '');
+				}
+
+			}
+
+			queryParam.type = queryParam.type.toLowerCase();
+			if (queryParam.type === "kcp" || queryParam.type === "mkcp")
+				queryParam.type = "mkcp"
+			if (queryParam.type === "h2" || queryParam.type === "http")
+				queryParam.type = "h2"
+			opt.set(dom_prefix + 'transport', queryParam.type);
+			if (queryParam.type === "tcp") {
+				opt.set(dom_prefix + 'tcp_guise', queryParam.headerType || "none");
+				if (queryParam.headerType && queryParam.headerType != "none") {
+					opt.set(dom_prefix + 'tcp_guise_http_host', queryParam.host || "");
+					opt.set(dom_prefix + 'tcp_guise_http_path', queryParam.path || "");
+				}
+			} else if (queryParam.type === "ws") {
+				opt.set(dom_prefix + 'ws_host', queryParam.host || "");
+				opt.set(dom_prefix + 'ws_path', queryParam.path || "");
+				if (dom_prefix == "singbox_" && queryParam.path && queryParam.path.length > 1) {
+					var ws_path_params = {};
+					var ws_path_dat = queryParam.path.split('?');
+					var ws_path = ws_path_dat[0];
+					var ws_path_params = {};
+					var ws_path_params_array = ws_path_dat[1].split('&');
+					for (i = 0; i < ws_path_params_array.length; i++) {
+						var kv = ws_path_params_array[i].split('=');
+						ws_path_params[decodeURIComponent(kv[0]).toLowerCase()] = decodeURIComponent(kv[1] || '');
+					}
+					
+					if (ws_path_params.ed) {
+						opt.set(dom_prefix + 'ws_path', ws_path);
+						opt.set(dom_prefix + 'ws_enableEarlyData', true);
+						opt.set(dom_prefix + 'ws_maxEarlyData', ws_path_params.ed);
+						opt.set(dom_prefix + 'ws_earlyDataHeaderName', 'Sec-WebSocket-Protocol');
+					}
+				}
+			} else if (queryParam.type === "h2" || queryParam.type === "http") {
+				opt.set(dom_prefix + 'h2_host', queryParam.host || "");
+				opt.set(dom_prefix + 'h2_path', queryParam.path || "");
+			} else if (queryParam.type === "quic") {
+				opt.set(dom_prefix + 'quic_guise', queryParam.headerType || "none");
+				opt.set(dom_prefix + 'quic_security', queryParam.quicSecurity);
+				opt.set(dom_prefix + 'quic_key', queryParam.key);
+			} else if (queryParam.type === "kcp" || queryParam.type === "mkcp") {
+				opt.set(dom_prefix + 'mkcp_guise', queryParam.headerType || "none");
+			} else if (queryParam.type === "grpc") {
+				opt.set(dom_prefix + 'grpc_serviceName', (queryParam.serviceName || queryParam.path) || "");
+				opt.set(dom_prefix + 'grpc_mode', queryParam.mode);
+			}
+
+			if (m.hash) {
+				opt.set('remarks', decodeURI(m.hash.substr(1)));
+			}
+		}
+		if (ssu[0] === "hysteria2" || ssu[0] === "hy2") {
+			var m = parseNodeUrl(ssrurl);
+			var password = m.passwd;
+			if (password === "") {
+				s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>";
+				return false;
+			}
+			var queryParam = {};
+			if (m.search.length > 1) {
+				var query = m.search.split('?');
+				var queryParams = query[1];
+				var queryArray = queryParams.split('&');
+				var params;
+				for (i = 0; i < queryArray.length; i++) {
+					params = queryArray[i].split('=');
+					queryParam[decodeURIComponent(params[0])] = decodeURIComponent(params[1] || '');
+				}
+			}
+			if (has_singbox) {
+				dom_prefix = "singbox_"
+				opt.set('type', "sing-box");
+				opt.set(dom_prefix + 'protocol', "hysteria2");
+				opt.set(dom_prefix + 'hysteria2_auth_password', decodeURIComponent(password));
+				if (queryParam["obfs-password"]) {
+					opt.set(dom_prefix + 'hysteria2_obfs_type', "salamander");
+					opt.set(dom_prefix + 'hysteria2_obfs_password', queryParam["obfs-password"]);
+				}
+			}
+			if (has_hysteria2) {
+				opt.set('type', "Hysteria2");
+				dom_prefix = "hysteria2_"
+				opt.set(dom_prefix + 'auth_password', decodeURIComponent(password));
+				if (queryParam["obfs-password"]) {
+					opt.set(dom_prefix + 'obfs', queryParam["obfs-password"]);
+				}
+				if (queryParam.pinSHA256) {
+					opt.set(dom_prefix + 'tls_pinSHA256', queryParam.pinSHA256);
+				}
+			}
+			
+			opt.set(dom_prefix + 'address', m.hostname);
+			opt.set(dom_prefix + 'port', m.port || "443");
+			
+			opt.set(dom_prefix + 'tls_serverName', queryParam.sni);
+			if (queryParam.insecure && queryParam.insecure == "1") {
+				opt.set(dom_prefix + 'tls_allowInsecure', true);
+			}
+			if (m.hash) {
+				opt.set('remarks', decodeURI(m.hash.substr(1)));
+			}
+		}
+		if (dom_prefix && dom_prefix != null) {
+			if (opt.get(dom_prefix + 'port').value) {
+				opt.get(dom_prefix + 'port').focus();
+				opt.get(dom_prefix + 'port').blur();
+			}
+		} else {
+			s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>: " + ssu[0];
+			return false;
+		}
+		s.innerHTML = "<font color='green'><%:Import Finished %></font>";
+		return false;
+	}
+
+//]]></script>
+<input type="button" class="btn cbi-button cbi-button-apply" value='<%:From Share URL%>' onclick="return fromUrl(this, '<%=self.option%>', '<%=self.value%>')" />
+<input type="button" class="btn cbi-button cbi-button-apply" value='<%:Build Share URL%>' onclick="return exportUrl(this, '<%=self.option%>', '<%=self.value%>')" />
+<input type="button" class="btn cbi-button cbi-button-apply" value='<%:Generate QRCode%>' onclick="return genQrcode(this, '<%=self.option%>', '<%=self.value%>')" />
+<div id="qrcode_div" style="margin-top: 1rem;display:none">
+	<div id="qrcode"></div>
+</div>
+<span id="<%=self.option%>-status"></span>
+<%+cbi/valuefooter%>

luci-app-passwall2/luasrc/view/passwall2/node_list/node_list.htm

@@ -0,0 +1,462 @@
+<%
+local api = require "luci.passwall2.api"
+local uci = api.uci
+
+local default_node_type = ""
+local shunt_rule_list = {}
+local node = api.uci_get_type("global", "node", "nil")
+if node ~= "nil" then
+	local node_type = api.uci_get_type_id(node, "type")
+	local node_protocol = api.uci_get_type_id(node, "protocol")
+	if node_type == "Xray" and node_protocol == "_shunt" then
+		default_node_type = node_protocol
+		uci:foreach("passwall2", "shunt_rules", function(e)
+			if e[".name"] and e.remarks then
+				shunt_rule_list[#shunt_rule_list + 1] = e
+			end
+		end)
+	end
+end
+-%>
+
+<style>
+table th, .table .th {
+	text-align: center;
+}
+
+table td, .table .td {
+	text-align: center;
+    /* white-space: nowrap; */
+    word-break: keep-all;
+}
+
+#set_node_div {
+	display: none;
+	width: 30rem;
+	position: fixed;
+	top:50%;
+	padding-top: 30px;
+	z-index: 99;
+	text-align: center;
+	background: white;
+    box-shadow: darkgrey 10px 10px 30px 5px;
+}
+
+._now_use {
+	background: #94e1ff !important;
+}
+
+.ping a:hover{
+	text-decoration : underline;
+}
+</style>
+
+<script type="text/javascript">
+	//<![CDATA[
+	let auto_detection_time = "<%=api.uci_get_type("global_other", "auto_detection_time", "0")%>"
+	var node_list = {};
+	var node_count = 0;
+	
+	var ajax = {
+		post: function(url, data, fn_success, timeout, fn_timeout) {
+			var xhr = new XMLHttpRequest();
+			var code = ajax.encode(data);
+			xhr.open("POST", url, true);
+			xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+			
+			if (timeout && timeout > 1000) {
+				xhr.timeout = timeout;
+			}
+			if (fn_timeout) {
+				xhr.ontimeout = function() {
+					fn_timeout(xhr);
+				}
+			}
+			xhr.onreadystatechange = function() {
+				if(xhr.readyState == 4 && (xhr.status == 200 || xhr.status == 304)) {
+					var json = null;
+					if (xhr.getResponseHeader("Content-Type") == "application/json") {
+						try {
+							json = eval('(' + xhr.responseText + ')');
+						}
+						catch(e) {
+							json = null;
+						}
+					}
+					fn_success(xhr, json);
+				}
+			};
+			xhr.send(code);
+		},
+		encode: function(obj) {
+			obj = obj ? obj : { };
+			obj['_'] = Math.random();
+
+			if (typeof obj == 'object')
+			{
+				var code = '';
+				var self = this;
+
+				for (var k in obj)
+					code += (code ? '&' : '') +
+						k + '=' + encodeURIComponent(obj[k]);
+
+				return code;
+			}
+
+			return obj;
+		}
+	}
+	
+	function copy_node(cbi_id) {
+		window.location.href = '<%=api.url("copy_node")%>' + "?section=" + cbi_id;
+	}
+	
+	var section = "";
+	function open_set_node_div(cbi_id) {
+		section = cbi_id;
+		document.getElementById("set_node_div").style.display="block";
+		var node_name = document.getElementById("cbid.passwall2." + cbi_id + ".remarks").value;
+		document.getElementById("set_node_name").innerHTML = node_name;
+	}
+	
+	function close_set_node_div() {
+		document.getElementById("set_node_div").style.display="none";
+		document.getElementById("set_node_name").innerHTML = "";
+	}
+	
+	function _cbi_row_top(id) {
+		var dom = document.getElementById("cbi-passwall2-" + id);
+		if (dom) {
+			var trs = document.getElementById("cbi-passwall2-nodes").getElementsByClassName("cbi-section-table-row");
+			if (trs && trs.length > 0) {
+				for (var i = 0; i < trs.length; i++) {
+					var up = dom.getElementsByClassName("cbi-button-up");
+					if (up) {
+						cbi_row_swap(up[0], true, 'cbi.sts.passwall2.nodes');
+					}
+				}
+			}
+		}
+	}
+	
+	function checked_all_node(btn) {
+		var doms = document.getElementById("cbi-passwall2-nodes").getElementsByClassName("nodes_select");
+		if (doms && doms.length > 0) {
+			for (var i = 0 ; i < doms.length; i++) {
+				doms[i].checked = true;
+			}
+			btn.value = "<%:DeSelect all%>";
+			btn.setAttribute("onclick", "dechecked_all_node(this)");
+		}
+	}
+	
+	function dechecked_all_node(btn) {
+		var doms = document.getElementById("cbi-passwall2-nodes").getElementsByClassName("nodes_select");
+		if (doms && doms.length > 0) {
+			for (var i = 0 ; i < doms.length; i++) {
+				doms[i].checked = false;
+			}
+			btn.value = "<%:Select all%>";
+			btn.setAttribute("onclick", "checked_all_node(this)");
+		}
+	}
+	
+	function delete_select_nodes() {
+		var ids = [];
+		var doms = document.getElementById("cbi-passwall2-nodes").getElementsByClassName("nodes_select");
+		if (doms && doms.length > 0) {
+			for (var i = 0 ; i < doms.length; i++) {
+				if (doms[i].checked) {
+					ids.push(doms[i].getAttribute("cbid"))
+				}
+			}
+			if (ids.length > 0) {
+				if (confirm('<%:Are you sure to delete select nodes?%>') == true){
+					XHR.get('<%=api.url("delete_select_nodes")%>', {
+						ids: ids.join()
+					},
+					function(x, data) {
+						if (x && x.status == 200) {
+							/*
+							for (var i = 0 ; i < ids.length; i++) {
+								var box = document.getElementById("cbi-passwall2-" + ids[i]);
+								box.remove();
+							}
+							*/
+							window.location.href = '<%=api.url("node_list")%>';
+						}
+						else {
+							alert("<%:Error%>");
+						}
+					});
+				}
+			}
+		}
+		if (ids.length <= 0) {
+			alert("<%:You no select nodes !%>");
+		}
+	}
+	
+	function set_node(type, config) {
+		if (confirm('<%:Are you sure set this server?%>')==true){
+			window.location.href = '<%=api.url("set_node")%>?type=' + type + '&config=' + config + '&section=' + section;
+		}
+	}
+	
+	function get_address_full(id) {
+		try {
+			var address = document.getElementById("cbid.passwall2." + id + ".address").value;
+			var port = document.getElementById("cbid.passwall2." + id + ".port").value;
+		}
+		catch(err){}
+		//判断是否含有汉字
+		var reg = new RegExp("[\\u4E00-\\u9FFF]+","g");
+		if ((address != null && address != "") && (port != null && port != "") && reg.test(address) == false) {
+			return { address: address, port: port };
+		} else {
+			return null;
+		}
+	}
+	
+	//获取当前使用的节点
+	function get_now_use_node() {
+		XHR.get('<%=api.url("get_now_use_node")%>', null,
+			function(x, result) {
+				var id = result["TCP"];
+				if (id) {
+					var dom = document.getElementById("cbi-passwall2-" + id);
+					if (dom) {
+						dom.classList.add("_now_use");
+						dom.title = "当前TCP节点";
+						//var v = "<a style='color: red'>当前TCP节点：</a>" + document.getElementById("cbid.passwall2." + id + ".remarks").value;
+						//document.getElementById("cbi-passwall2-" + id + "-remarks").innerHTML = v;
+					}
+				}
+				id = result["UDP"];
+				if (id) {
+					var dom = document.getElementById("cbi-passwall2-" + id);
+					if (dom) {
+						dom.classList.add("_now_use");
+						dom.title = "当前UDP节点";
+					}
+				}
+			}
+		);
+	}
+	
+	function urltest_node(cbi_id, dom) {
+		if (cbi_id != null) {
+			dom.onclick = null
+			dom.innerText = "<%:Check...%>";
+			XHR.get('<%=api.url("urltest_node")%>', {
+					id: cbi_id
+				},
+				function(x, result) {
+					if(x && x.status == 200) {
+						if (result.use_time == null || result.use_time.trim() == "") {
+							dom.outerHTML = "<font style='color:red'><%:Timeout%></font>";
+						} else {
+							var color = "red";
+							var use_time = result.use_time;
+							use_time = parseInt(use_time) + 1;
+							if (use_time < 1000) {
+								color = "green";
+							} else if (use_time < 2000) {
+								color = "#fb9a05";
+							} else {
+								color = "red";
+							}
+							dom.outerHTML = "<font style='color:" + color + "'>" + use_time + " ms" + "</font>";
+						}
+					} else {
+						dom.outerHTML = "<font style='color:red'><%:Error%></font>";
+					}
+				}
+			);
+		}
+	}
+	
+	function ping_node(cbi_id, dom, type) {
+		var full = get_address_full(cbi_id);
+		if (full != null) {
+			dom.onclick = null
+			dom.innerText = "<%:Check...%>";
+			XHR.get('<%=api.url("ping_node")%>', {
+					address: full.address,
+					port: full.port,
+					type: type
+				},
+				function(x, result) {
+					if(x && x.status == 200) {
+						if (result.ping == null || result.ping.trim() == "") {
+							dom.outerHTML = "<font style='color:red'><%:Timeout%></font>";
+						} else {
+							var ping = parseInt(result.ping);
+							if (ping < 100)
+								dom.outerHTML = "<font style='color:green'>" + result.ping + " ms" + "</font>";
+							else if (ping < 200)
+								dom.outerHTML = "<font style='color:#fb9a05'>" + result.ping + " ms" + "</font>";
+							else if (ping >= 200)
+								dom.outerHTML = "<font style='color:red'>" + result.ping + " ms" + "</font>";
+						}
+					}
+				}
+			);
+		}
+	}
+	
+	get_now_use_node();
+	
+	/* 自动Ping */
+	if (auto_detection_time == "icmp" || auto_detection_time == "tcping") {
+		var nodes = [];
+		const ping_value = document.getElementsByClassName(auto_detection_time == "tcping" ? 'tcping_value' : 'ping_value');
+		for (var i = 0; i < ping_value.length; i++) {
+			var cbi_id = ping_value[i].getAttribute("cbiid");
+			var full = get_address_full(cbi_id);
+			if (full != null) {
+				var flag = false;
+				//当有多个相同地址和端口时合在一起
+				for (var j = 0; j < nodes.length; j++) {
+					if (nodes[j].address == full.address && nodes[j].port == full.port) {
+						nodes[j].indexs = nodes[j].indexs + "," + i;
+						flag = true;
+						break;
+					}
+				}
+				if (flag)
+					continue;
+				nodes.push({
+					indexs: i + "",
+					address: full.address,
+					port: full.port
+				});
+			}
+		}
+		
+		const _xhr = (index) => {
+			return new Promise((res) => {
+				const dom = nodes[index];
+				if (!dom) res()
+				ajax.post('<%=api.url("ping_node")%>', {
+						index: dom.indexs,
+						address: dom.address,
+						port: dom.port,
+						type: auto_detection_time
+					},
+					function(x, result) {
+						if (x && x.status == 200) {
+							var strs = dom.indexs.split(",");
+							for (var i = 0; i < strs.length; i++) {
+								if (result.ping == null || result.ping.trim() == "") {
+									ping_value[strs[i]].innerHTML = "<font style='color:red'><%:Timeout%></font>";
+								} else {
+									var ping = parseInt(result.ping);
+									if (ping < 100)
+										ping_value[strs[i]].innerHTML = "<font style='color:green'>" + result.ping + " ms" + "</font>";
+									else if (ping < 200)
+										ping_value[strs[i]].innerHTML = "<font style='color:#fb9a05'>" + result.ping + " ms" + "</font>";
+									else if (ping >= 200)
+										ping_value[strs[i]].innerHTML = "<font style='color:red'>" + result.ping + " ms" + "</font>";
+								}
+							}
+						}
+						res();
+					},
+					5000,
+					function(x) {
+						var strs = dom.indexs.split(",");
+						for (var i = 0; i < strs.length; i++) {
+							ping_value[strs[i]].innerHTML = "<font style='color:red'><%:Timeout%></font>";
+						}
+						res();
+					}
+				);
+			})
+		}
+		
+		let task = -1;
+		const thread = () => {
+			task = task + 1
+			if (nodes[task]) {
+				_xhr(task).then(thread);
+			}
+		}
+		for (let i = 0; i < 20; i++) {
+			thread()
+		}
+	}
+	
+	var edit_btn = document.getElementById("cbi-passwall2-nodes").getElementsByClassName("cbi-button cbi-button-edit");
+	for (var i = 0; i < edit_btn.length; i++) {
+		try {
+			var onclick_str = edit_btn[i].getAttribute("onclick");
+			var id = onclick_str.substring(onclick_str.lastIndexOf('/') + 1, onclick_str.length - 1);
+			var td = edit_btn[i].parentNode;
+			var new_div = "";
+			//添加"勾选"框
+			new_div += '<input class="cbi-input-checkbox nodes_select" type="checkbox" cbid="' + id + '" />&nbsp;&nbsp;';
+			//添加"置顶"按钮
+			new_div += '<input class="btn cbi-button" type="button" value="<%:To Top%>" onclick="_cbi_row_top(\'' + id + '\')"/>&nbsp;&nbsp;';
+			//添加"应用"按钮
+			new_div += '<input class="btn cbi-button cbi-button-apply" type="button" value="<%:Use%>" id="apply_' + id + '" onclick="open_set_node_div(\'' + id + '\')"/>&nbsp;&nbsp;';
+			//添加"复制"按钮
+			new_div += '<input class="btn cbi-button cbi-button-add" type="button" value="<%:Copy%>" onclick="copy_node(\'' + id + '\')"/>&nbsp;&nbsp;';
+			td.innerHTML = new_div + td.innerHTML;
+			
+			var obj = {};
+			obj.id = id;
+			obj.type = document.getElementById("cbid.passwall2." + id + ".type").value;
+			var address_dom = document.getElementById("cbid.passwall2." + id + ".address");
+			var port_dom = document.getElementById("cbid.passwall2." + id + ".port");
+			if (address_dom && port_dom) {
+				obj.address = address_dom.value;
+				obj.port = port_dom.value;
+			}
+			
+			node_count++;
+			var add_from = document.getElementById("cbid.passwall2." + id + ".add_from").value;
+			if (node_list[add_from])
+				node_list[add_from].push(obj);
+			else
+				node_list[add_from] = [];
+			
+		}
+		catch(err) {
+			console.error(err);
+		}
+	}
+	
+	if (true) {
+		var str = "";
+		for (var add_from in node_list) {
+			var num = node_list[add_from].length + 1;
+			if (add_from == "") {
+				add_from = "<%:Self add%>";
+			}
+			str += add_from + " " + "<%:Node num%>: <a style='color: red'>" + num + "</a>&nbsp&nbsp&nbsp";
+		}
+		document.getElementById("div_node_count").innerHTML = "<div style='margin-top:5px'>" + str + "</div>";
+	}
+	//]]>
+</script>
+
+<div style="display: -webkit-flex; display: flex; -webkit-align-items: center; align-items: center; -webkit-justify-content: center; justify-content: center;">
+	<div id="set_node_div">
+		<div class="cbi-value"><%:You choose node is:%><a style="color: red" id="set_node_name"></a></div>
+		<div class="cbi-value">
+			<%- if default_node_type == "_shunt" then
+				for i, v in ipairs(shunt_rule_list) do
+			-%>
+				<input class="btn cbi-button cbi-button-edit" type="button" onclick="set_node('<%=node%>', '<%=v[".name"]%>')" value="<%=v.remarks%>" />
+			<%-
+				end
+			-%>
+			<% else %>
+				<input class="btn cbi-button cbi-button-edit" type="button" onclick="set_node('@global[0]', 'node')" value="<%:Node%>" />
+			<% end %>
+			<input class="btn cbi-button cbi-button-remove" type="button" onclick="close_set_node_div()" value="<%:Close%>" />
+		</div>
+	</div>
+</div>

luci-app-passwall2/luasrc/view/passwall2/rule/rule_version.htm

@@ -0,0 +1,56 @@
+<%
+local api = require "luci.passwall2.api"
+
+local geoip_update = api.uci_get_type("global_rules", "geoip_update", "1") == "1" and "checked='checked'" or ""
+local geosite_update = api.uci_get_type("global_rules", "geosite_update", "1") == "1" and "checked='checked'" or ""
+-%>
+
+<script type="text/javascript">
+	//<![CDATA[
+	function update_rules(btn) {
+		btn.disabled = true;
+		btn.value = '<%:Updating...%>';
+		var div = document.getElementById('_rule_div');
+		var domList = div.getElementsByTagName('input');
+		var checkBoxList = [];
+		var len = domList.length;
+		while(len--) {
+			var dom = domList[len];　　
+			if(dom.type == 'checkbox' && dom.checked) {　　
+				checkBoxList.push(dom.name);　　
+			}
+		}
+		XHR.get('<%=api.url("update_rules")%>', {
+				update: checkBoxList.join(",")
+			},
+			function(x, data) {
+				if(x && x.status == 200) {
+					window.location.href = '<%=api.url("log")%>';
+				} else {
+					alert("<%:Error%>");
+					btn.disabled = false;
+					btn.value = '<%:Manually update%>';
+				}
+			}
+		);
+	}
+	//]]>
+</script>
+<div class="cbi-value" id="_rule_div">
+	<label class="cbi-value-title">
+		<%:Manually update%>
+	</label>
+	<div class="cbi-value-field">
+		<div>
+			<label>
+				<input class="cbi-input-checkbox" type="checkbox" name="geoip" value="1" <%=geoip_update%> />
+				geoip
+			</label>
+			<label>
+				<input class="cbi-input-checkbox" type="checkbox" name="geosite" value="1" <%=geosite_update%> />
+				geosite
+			</label>
+			<input class="btn cbi-button cbi-button-apply" type="button" id="update_rules_btn" onclick="update_rules(this)" value="<%:Manually update%>" />
+		</div>
+	</div>
+</div>

luci-app-passwall2/luasrc/view/passwall2/server/log.htm

@@ -0,0 +1,34 @@
+<%
+local api = require "luci.passwall2.api"
+-%>
+<script type="text/javascript">
+	//<![CDATA[
+	function clear_log(btn) {
+		XHR.get('<%=api.url("server_clear_log")%>', null,
+			function(x, data) {
+				if(x && x.status == 200) {
+					var log_textarea = document.getElementById('log_textarea');
+					log_textarea.innerHTML = "";
+					log_textarea.scrollTop = log_textarea.scrollHeight;
+				}
+			}
+		);
+	}
+	XHR.poll(3, '<%=api.url("server_get_log")%>', null,
+		function(x, data) {
+			if(x && x.status == 200) {
+				var log_textarea = document.getElementById('log_textarea');
+				log_textarea.innerHTML = x.responseText;
+				log_textarea.scrollTop = log_textarea.scrollHeight;
+			}
+		}
+	);
+	//]]>
+</script>
+<fieldset class="cbi-section" id="_log_fieldset">
+	<legend>
+		<%:Logs%>
+	</legend>
+	<input class="btn cbi-button cbi-button-remove" type="button" onclick="clear_log()" value="<%:Clear logs%>" />
+	<textarea id="log_textarea" class="cbi-input-textarea" style="width: 100%;margin-top: 10px;" data-update="change" rows="20" wrap="off" readonly="readonly"></textarea>
+</fieldset>

luci-app-passwall2/luasrc/view/passwall2/server/users_list_status.htm

@@ -0,0 +1,38 @@
+<%
+local api = require "luci.passwall2.api"
+-%>
+<script type="text/javascript">
+	//<![CDATA[
+	var _users_status = document.getElementsByClassName('_users_status');
+	for(var i = 0; i < _users_status.length; i++) {
+		var id = _users_status[i].parentElement.parentElement.parentElement.id;
+		id = id.substr(id.lastIndexOf("-") + 1);
+		XHR.get('<%=api.url("server_user_status")%>', {
+				index: i,
+				id: id
+			},
+			function(x, result) {
+				_users_status[result.index].setAttribute("style","font-weight:bold;");
+				_users_status[result.index].setAttribute("color",result.status ? "green":"red");
+				_users_status[result.index].innerHTML = (result.status ? '✓' : 'X');
+			}
+		);
+	}
+	
+	var edit_btn = document.getElementById("cbi-passwall2_server-user").getElementsByClassName("cbi-button cbi-button-edit");
+	for (var i = 0; i < edit_btn.length; i++) {
+		try {
+			var onclick_str = edit_btn[i].getAttribute("onclick");
+			var id = onclick_str.substring(onclick_str.lastIndexOf('/') + 1, onclick_str.length - 1);
+			var td = edit_btn[i].parentNode;
+			var new_div = "";
+			//添加"日志"按钮
+			new_div += '<input class="btn cbi-button cbi-button-add" type="button" value="<%:Log%>" onclick="window.open(\'' + '<%=api.url("server_user_log")%>' + '?id=' + id + '\', \'_blank\')"/>&nbsp;&nbsp;';
+			td.innerHTML = new_div + td.innerHTML;
+		}
+		catch(err) {
+			console.error(err);
+		}
+	}
+	//]]>
+</script>

luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/footer.htm

@@ -0,0 +1,23 @@
+<%
+local api = require "luci.passwall2.api"
+-%>
+
+<script type="text/javascript">
+	//<![CDATA[
+	let socks_id = window.location.pathname.substring(window.location.pathname.lastIndexOf("/") + 1)
+	function add_node_by_key() {
+		var key = prompt("<%:Please enter the node keyword, pay attention to distinguish between spaces, uppercase and lowercase.%>", "");
+		if (key) {
+			window.location.href = '<%=api.url("socks_autoswitch_add_node")%>' + "?id=" + socks_id + "&key=" + key;
+		}
+	}
+	function remove_node_by_key() {
+		var key = prompt("<%:Please enter the node keyword, pay attention to distinguish between spaces, uppercase and lowercase.%>", "");
+		if (key) {
+			window.location.href = '<%=api.url("socks_autoswitch_remove_node")%>' + "?id=" + socks_id + "&key=" + key;
+		}
+	}
+	//]]>
+</script>
+<input class="btn cbi-button cbi-button-add" type="button" onclick="add_node_by_key()" value="<%:Add nodes to the standby node list by keywords%>" />
+<input class="btn cbi-button cbi-button-remove" type="button" onclick="remove_node_by_key()" value="<%:Delete nodes in the standby node list by keywords%>" />

luci-app-passwall2/po/zh_Hans

@@ -0,0 +1 @@
+zh-cn

luci-app-passwall2/root/etc/config/passwall2_server

@@ -0,0 +1,4 @@
+
+config global 'global'
+	option enable '0'
+

luci-app-passwall2/root/etc/hotplug.d/iface/98-passwall2

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+[[ "$ACTION" == "ifup" && $(uci get "passwall2.@global[0].enabled") == "1" ]] && [ -f /var/lock/passwall2_ready.lock ] && {
+	default_device=$(ip route | grep default | awk -F 'dev ' '{print $2}' | awk '{print $1}')
+	[ "$default_device" == "$DEVICE" ] && {
+		LOCK_FILE_DIR=/var/lock
+		[ ! -d ${LOCK_FILE_DIR} ] && mkdir -p ${LOCK_FILE_DIR}
+		LOCK_FILE="${LOCK_FILE_DIR}/passwall2_ifup.lock"
+		if [ -s ${LOCK_FILE} ]; then
+			SPID=$(cat ${LOCK_FILE})
+			if [ -e /proc/${SPID}/status ]; then
+				exit 1
+			fi
+			cat /dev/null > ${LOCK_FILE}
+		fi
+		echo $$ > ${LOCK_FILE}
+		
+		/etc/init.d/passwall2 restart >/dev/null 2>&1 &
+		logger -p notice -t network -s "passwall2: restart when $INTERFACE ifup"
+		
+		rm -rf ${LOCK_FILE}
+	}
+}

luci-app-passwall2/root/etc/init.d/passwall2

@@ -0,0 +1,70 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=15
+
+CONFIG=passwall2
+APP_FILE=/usr/share/${CONFIG}/app.sh
+LOCK_FILE_DIR=/var/lock
+LOCK_FILE=${LOCK_FILE_DIR}/${CONFIG}.lock
+
+set_lock() {
+	[ ! -d "$LOCK_FILE_DIR" ] && mkdir -p $LOCK_FILE_DIR
+	exec 999>"$LOCK_FILE"
+	flock -xn 999
+}
+
+unset_lock() {
+	flock -u 999
+	rm -rf "$LOCK_FILE"
+}
+
+unlock() {
+	failcount=1
+	while [ "$failcount" -le 10 ]; do
+		if [ -f "$LOCK_FILE" ]; then
+			let "failcount++"
+			sleep 1s
+			[ "$failcount" -ge 10 ] && unset_lock
+		else
+			break
+		fi
+	done
+}
+
+boot_func() {
+	local delay=$(uci -q get ${CONFIG}.@global_delay[0].start_delay || echo 1)
+	if [ "$delay" -gt 0 ]; then
+		$APP_FILE echolog "执行启动延时 $delay 秒后再启动!"
+		sleep $delay
+	fi
+	restart
+	touch ${LOCK_FILE_DIR}/${CONFIG}_ready.lock
+}
+
+boot() {
+	boot_func >/dev/null 2>&1 &
+}
+
+start() {
+	set_lock
+	[ $? == 1 ] && $APP_FILE echolog "脚本已经在运行，不重复运行，退出." && exit 0
+	$APP_FILE start
+	unset_lock
+}
+
+stop() {
+	unlock
+	set_lock
+	[ $? == 1 ] && $APP_FILE echolog "停止脚本等待超时，不重复运行，退出." && exit 0
+	$APP_FILE stop
+	unset_lock
+}
+
+restart() {
+	set_lock
+	[ $? == 1 ] && $APP_FILE echolog "脚本已经在运行，不重复运行，退出." && exit 0
+	$APP_FILE stop
+	$APP_FILE start
+	unset_lock
+}

luci-app-passwall2/root/etc/init.d/passwall2_server

@@ -0,0 +1,16 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+
+start() {
+	lua /usr/lib/lua/luci/passwall2/server_app.lua start
+}
+
+stop() {
+	lua /usr/lib/lua/luci/passwall2/server_app.lua stop
+}
+
+restart() {
+	stop
+	start
+}

luci-app-passwall2/root/etc/uci-defaults/luci-passwall2

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	set dhcp.@dnsmasq[0].localuse=1
+	commit dhcp
+	[ -e "/etc/config/ucitrack" ] && {
+	delete ucitrack.@passwall2[-1]
+	add ucitrack passwall2
+	set ucitrack.@passwall2[-1].init=passwall2
+	commit ucitrack
+	}
+	delete firewall.passwall2
+	set firewall.passwall2=include
+	set firewall.passwall2.type=script
+	set firewall.passwall2.path=/var/etc/passwall2.include
+	set firewall.passwall2.reload=1
+	commit firewall
+	[ -e "/etc/config/ucitrack" ] && {
+	delete ucitrack.@passwall2_server[-1]
+	add ucitrack passwall2_server
+	set ucitrack.@passwall2_server[-1].init=passwall2_server
+	commit ucitrack
+	}
+	delete firewall.passwall2_server
+	set firewall.passwall2_server=include
+	set firewall.passwall2_server.type=script
+	set firewall.passwall2_server.path=/var/etc/passwall2_server.include
+	set firewall.passwall2_server.reload=1
+	commit firewall
+	set uhttpd.main.max_requests=50
+	commit uhttpd
+EOF
+
+[ ! -s "/etc/config/passwall2" ] && cp -f /usr/share/passwall2/0_default_config /etc/config/passwall2
+
+chmod +x /usr/share/passwall2/*.sh
+
+[ -e "/etc/config/passwall2_show" ] && rm -rf /etc/config/passwall2_show
+
+[ "$(uci -q get passwall2.@global_xray[0].sniffing)" == "1" ] && [ "$(uci -q get passwall2.@global_xray[0].route_only)" != "1" ] && uci -q set passwall2.@global_xray[0].sniffing_override_dest=1
+uci -q delete passwall2.@global_xray[0].sniffing
+uci -q delete passwall2.@global_xray[0].route_only
+uci -q commit passwall2
+
+rm -f /tmp/luci-indexcache
+rm -rf /tmp/luci-modulecache/
+killall -HUP rpcd 2>/dev/null
+
+exit 0

luci-app-passwall2/root/usr/share/passwall2/0_default_config

@@ -0,0 +1,235 @@
+
+config global
+	option enabled '0'
+	option node_socks_port '1070'
+	option localhost_proxy '1'
+	option client_proxy '1'
+	option socks_enabled '0'
+	option acl_enable '0'
+	option node 'myshunt'
+	option direct_dns_protocol 'auto'
+	option direct_dns_query_strategy 'UseIP'
+	option remote_dns_protocol 'tcp'
+	option remote_dns '1.1.1.1'
+	option remote_dns_query_strategy 'UseIPv4'
+	option dns_hosts 'cloudflare-dns.com 1.1.1.1
+dns.google.com 8.8.8.8'
+	option log_node '1'
+	option loglevel 'error'
+	
+config global_haproxy
+	option balancing_enable '0'
+
+config global_delay
+	option auto_on '0'
+	option start_daemon '1'
+	option start_delay '60'
+
+config global_forwarding
+	option tcp_no_redir_ports 'disable'
+	option udp_no_redir_ports 'disable'
+	option tcp_redir_ports '22,25,53,143,465,587,853,993,995,80,443'
+	option udp_redir_ports '1:65535'
+	option accept_icmp '0'
+	option use_nft '0'
+	option tcp_proxy_way 'redirect'
+	option ipv6_tproxy '0'
+
+config global_xray
+	option sniffing_override_dest '0'
+
+config global_other
+	option auto_detection_time 'tcping'
+	option show_node_info '0'
+
+config global_rules
+	option auto_update '0'
+	option geosite_update '1'
+	option geoip_update '1'
+	option v2ray_location_asset '/usr/share/v2ray/'
+
+config global_app
+	option xray_file '/usr/bin/xray'
+	option hysteria_file '/usr/bin/hysteria'
+	option singbox_file '/usr/bin/sing-box'
+
+config global_subscribe
+	option filter_keyword_mode '1'
+	list filter_discard_list '过期时间'
+	list filter_discard_list '剩余流量'
+	list filter_discard_list 'QQ群'
+	list filter_discard_list '官网'
+	
+config global_singbox
+	option sniff_override_destination '0'
+	option geoip_path '/usr/share/singbox/geoip.db'
+	option geoip_url 'https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.db'
+	option geosite_path '/usr/share/singbox/geosite.db'
+	option geosite_url 'https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.db'
+
+config nodes 'myshunt'
+	option remarks '分流总节点'
+	option type 'Xray'
+	option protocol '_shunt'
+	option DirectGame '_direct'
+	option ProxyGame '_default'
+	option Direct '_direct'
+	option GooglePlay '_default'
+	option Netflix 'nil'
+	option OpenAI 'nil'
+	option Proxy '_default'
+	option China '_direct'
+	option QUIC '_blackhole'
+	option UDP 'nil'
+	option default_node 'nil'
+	option domainStrategy 'IPOnDemand'
+	option domainMatcher 'hybrid'
+
+config shunt_rules 'DirectGame'
+	option remarks 'DirectGame'
+	option network 'tcp,udp'
+	option domain_list 'api.steampowered.com
+regexp:\.cm.steampowered.com$
+regexp:\.steamserver.net$
+geosite:category-games@cn
+'
+
+	option ip_list '103.10.124.0/24
+103.10.125.0/24
+103.28.54.0/24
+146.66.152.0/24
+146.66.155.0/24
+153.254.86.0/24
+155.133.224.0/23
+155.133.226.0/24
+155.133.227.0/24
+155.133.230.0/24
+155.133.232.0/24
+155.133.233.0/24
+155.133.234.0/24
+155.133.236.0/23
+155.133.238.0/24
+155.133.239.0/24
+155.133.240.0/23
+155.133.245.0/24
+155.133.246.0/24
+155.133.248.0/24
+155.133.249.0/24
+155.133.250.0/24
+155.133.251.0/24
+155.133.252.0/24
+155.133.253.0/24
+155.133.254.0/24
+155.133.255.0/24
+162.254.192.0/24
+162.254.193.0/24
+162.254.194.0/23
+162.254.195.0/24
+162.254.196.0/24
+162.254.197.0/24
+162.254.198.0/24
+162.254.199.0/24
+185.25.182.0/24
+185.25.183.0/24
+190.217.33.0/24
+192.69.96.0/22
+205.185.194.0/24
+205.196.6.0/24
+208.64.200.0/24
+208.64.201.0/24
+208.64.202.0/24
+208.64.203.0/24
+208.78.164.0/22'
+
+config shunt_rules 'ProxyGame'
+	option remarks 'ProxyGame'
+	option domain_list 'geosite:category-games
+domain:store.steampowered.com
+'
+
+config shunt_rules 'Direct'
+	option network 'tcp,udp'
+	option remarks 'Direct'
+	option ip_list 'geoip:private
+114.114.114.114
+114.114.115.115
+223.5.5.5
+223.6.6.6
+119.29.29.29
+180.76.76.76
+'
+	option domain_list 'apple.com
+microsoft.com
+dyndns.com
+steamcontent.com
+dl.steam.clngaa.com
+dl.steam.ksyna.com
+st.dl.bscstorage.net
+st.dl.eccdnx.com
+st.dl.pinyuncloud.com
+cdn.mileweb.cs.steampowered.com.8686c.com
+cdn-ws.content.steamchina.com
+cdn-qc.content.steamchina.com
+cdn-ali.content.steamchina.com
+epicgames-download1-1251447533.file.myqcloud.com'
+
+config shunt_rules 'GooglePlay'
+	option remarks 'GooglePlay'
+	option network 'tcp,udp'
+	option domain_list 'domain:googleapis.cn
+domain:googleapis.com
+domain:xn--ngstr-lra8j.com'
+
+config shunt_rules 'Netflix'
+	option remarks 'Netflix'
+	option network 'tcp,udp'
+	option domain_list 'geosite:netflix'
+	
+config shunt_rules 'OpenAI'
+	option remarks 'OpenAI'
+	option network 'tcp,udp'
+	option domain_list 'geosite:openai'
+
+config shunt_rules 'Proxy'
+	option network 'tcp,udp'
+	option remarks 'Proxy'
+	option domain_list 'geosite:geolocation-!cn'
+	option ip_list '149.154.160.0/20
+91.108.4.0/22
+91.108.56.0/24
+109.239.140.0/24
+67.198.55.0/24
+8.8.4.4
+8.8.8.8
+208.67.222.222
+208.67.220.220
+1.1.1.1
+1.1.1.2
+1.0.0.1
+9.9.9.9
+149.112.112.112
+2001:67c:4e8::/48
+2001:b28:f23c::/48
+2001:b28:f23d::/48
+2001:b28:f23f::/48
+2001:b28:f242::/48
+2001:4860:4860::8888
+2001:4860:4860::8844
+2606:4700:4700::1111
+2606:4700:4700::1001
+'
+
+config shunt_rules 'China'
+	option remarks 'China'
+	option network 'tcp,udp'
+	option ip_list 'geoip:cn'
+	option domain_list 'geosite:cn'
+
+config shunt_rules 'QUIC'
+	option remarks 'QUIC'
+	option port '443'
+	option network 'udp'
+
+config shunt_rules 'UDP'
+	option remarks 'UDP'
+	option network 'udp'

luci-app-passwall2/root/usr/share/passwall2/domains_excluded

@@ -0,0 +1,24 @@
+courier.push.apple.com
+rbsxbxp-mim.vivox.com
+rbsxbxp.www.vivox.com
+rbsxbxp-ws.vivox.com
+rbspsxp.www.vivox.com
+rbspsxp-mim.vivox.com
+rbspsxp-ws.vivox.com
+rbswxp.www.vivox.com
+rbswxp-mim.vivox.com
+disp-rbspsp-5-1.vivox.com
+disp-rbsxbp-5-1.vivox.com
+proxy.rbsxbp.vivox.com
+proxy.rbspsp.vivox.com
+proxy.rbswp.vivox.com
+rbswp.vivox.com
+rbsxbp.vivox.com
+rbspsp.vivox.com
+rbspsp.www.vivox.com
+rbswp.www.vivox.com
+rbsxbp.www.vivox.com
+rbsxbxp.vivox.com
+rbspsxp.vivox.com
+rbswxp.vivox.com
+Mijia Cloud

luci-app-passwall2/root/usr/share/passwall2/haproxy.lua

@@ -0,0 +1,222 @@
+#!/usr/bin/lua
+
+local api = require ("luci.passwall2.api")
+local appname = api.appname
+local fs = api.fs
+local jsonc = api.jsonc
+local uci = api.uci
+local sys = api.sys
+
+local log = function(...)
+	api.log(...)
+end
+
+function get_ip_port_from(str)
+	local result_port = sys.exec("echo -n " .. str .. " | sed -n 's/^.*[:#]\\([0-9]*\\)$/\\1/p'")
+	local result_ip = sys.exec(string.format("__host=%s;__varport=%s;", str, result_port) .. "echo -n ${__host%%${__varport:+[:#]${__varport}*}}")
+	return result_ip, result_port
+end
+
+local new_port
+local function get_new_port()
+	if new_port then
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
+	else
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
+	end
+	return new_port
+end
+
+local var = api.get_args(arg)
+local haproxy_path = var["-path"]
+local haproxy_conf = var["-conf"]
+local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
+
+local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
+local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
+local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
+local bind_local = uci:get(appname, "@global_haproxy[0]", "bind_local") or "0"
+local bind_address = "0.0.0.0"
+if bind_local == "1" then bind_address = "127.0.0.1" end
+
+log("HAPROXY 负载均衡...")
+fs.mkdir(haproxy_path)
+local haproxy_file = haproxy_path .. "/" .. haproxy_conf
+
+local f_out = io.open(haproxy_file, "a")
+
+local haproxy_config = [[
+global
+	daemon
+	log         127.0.0.1 local2
+	maxconn     60000
+	stats socket  {{path}}/haproxy.sock
+	nbthread {{nbthread}}
+	external-check
+	insecure-fork-wanted
+
+defaults
+	mode                    tcp
+	log                     global
+	option                  tcplog
+	option                  dontlognull
+	option http-server-close
+	#option forwardfor       except 127.0.0.0/8
+	option                  redispatch
+	retries                 2
+	timeout http-request    10s
+	timeout queue           1m
+	timeout connect         10s
+	timeout client          1m
+	timeout server          1m
+	timeout http-keep-alive 10s
+	timeout check           10s
+	maxconn                 3000
+	
+resolvers mydns
+	resolve_retries       1
+	timeout resolve       5s
+	hold valid           600s
+{{dns}}
+]]
+
+haproxy_config = haproxy_config:gsub("{{path}}",  haproxy_path)
+haproxy_config = haproxy_config:gsub("{{nbthread}}",  cpu_thread)
+
+local mydns = ""
+local index = 0
+string.gsub(haproxy_dns, '[^' .. "," .. ']+', function(w)
+	index = index + 1
+	local s = w:gsub("#", ":")
+	if not s:find(":") then
+		s = s .. ":53"
+	end
+	mydns = mydns .. (index > 1 and "\n" or "") .. "    " .. string.format("nameserver dns%s %s", index, s)
+end)
+haproxy_config = haproxy_config:gsub("{{dns}}",  mydns)
+
+f_out:write(haproxy_config)
+
+local listens = {}
+
+uci:foreach(appname, "haproxy_config", function(t)
+	if t.enabled == "1" then
+		local server_remark
+		local server_address
+		local server_port
+		local lbss = t.lbss
+		local listen_port = tonumber(t.haproxy_port) or 0
+		local server_node = uci:get_all(appname, lbss)
+		if server_node and server_node.address and server_node.port then
+			server_remark = server_node.address .. ":" .. server_node.port
+			server_address = server_node.address
+			server_port = server_node.port
+			t.origin_address = server_address
+			t.origin_port = server_port
+			if health_check_type == "passwall_logic" then
+				if server_node.type ~= "Socks" then
+					local relay_port = server_node.port
+					new_port = get_new_port()
+					local config_file = string.format("haproxy_%s_%s.json", t[".name"], new_port)
+					sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
+						appname,
+						string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s",
+							new_port, --flag
+							server_node[".name"], --node
+							"127.0.0.1", --bind
+							new_port, --socks port
+							config_file --config file
+							)
+						)
+					)
+					server_address = "127.0.0.1"
+					server_port = new_port
+				end
+			end
+		else
+			server_address, server_port = get_ip_port_from(lbss)
+			server_remark = server_address .. ":" .. server_port
+			t.origin_address = server_address
+			t.origin_port = server_port
+		end
+		if server_address and server_port and listen_port > 0 then
+			if not listens[listen_port] then
+				listens[listen_port] = {}
+			end
+			t.server_remark = server_remark
+			t.server_address = server_address
+			t.server_port = server_port
+			table.insert(listens[listen_port], t)
+		else
+			log("  - 丢弃1个明显无效的节点")
+		end
+	end
+end)
+
+local sortTable = {}
+for i in pairs(listens) do
+	if i ~= nil then
+		table.insert(sortTable, i)
+	end
+end
+table.sort(sortTable, function(a,b) return (a < b) end)
+
+for i, port in pairs(sortTable) do
+	log("  + 入口 %s:%s" % {bind_address, port})
+
+	f_out:write("\n" .. string.format([[
+listen %s
+	bind %s:%s
+	mode tcp
+	balance roundrobin
+]], port, bind_address, port))
+
+	if health_check_type == "passwall_logic" then
+		f_out:write(string.format([[
+	option external-check
+	external-check command "/usr/share/passwall2/haproxy_check.sh"
+]], port, port))
+	end
+
+	for i, o in ipairs(listens[port]) do
+		local remark = o.server_remark
+		local server = o.server_address .. ":" .. o.server_port
+		local server_conf = "server {{remark}} {{server}} weight {{weight}} {{resolvers}} check inter {{inter}} rise 1 fall 3 {{backup}}"
+		server_conf = server_conf:gsub("{{remark}}", remark)
+		server_conf = server_conf:gsub("{{server}}", server)
+		server_conf = server_conf:gsub("{{weight}}",  o.lbweight)
+		local resolvers = "resolvers mydns"
+		if api.is_ip(o.server_address) then
+			resolvers = ""
+		end
+		server_conf = server_conf:gsub("{{resolvers}}",  resolvers)
+		server_conf = server_conf:gsub("{{inter}}",  tonumber(health_check_inter) .. "s")
+		server_conf = server_conf:gsub("{{backup}}",  o.backup == "1" and "backup" or "")
+
+		f_out:write("    " .. server_conf .. "\n")
+
+		if o.export ~= "0" then
+			sys.call(string.format("/usr/share/passwall2/app.sh add_ip2route %s %s", o.origin_address, o.export))
+		end
+
+		log(string.format("  | - 出口节点：%s:%s，权重：%s", o.origin_address, o.origin_port, o.lbweight))
+	end
+end
+
+--控制台配置
+local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
+local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
+local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
+local str = [[
+listen console
+	bind 0.0.0.0:%s
+	mode http
+	stats refresh 30s
+	stats uri /
+	stats admin if TRUE
+	%s
+]]
+f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
+log(string.format("  * 控制台端口：%s", console_port))
+
+f_out:close()

luci-app-passwall2/root/usr/share/passwall2/haproxy_check.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+listen_address=$1
+listen_port=$2
+server_address=$3
+server_port=$4
+status=$(/usr/bin/curl -I -o /dev/null -skL -x socks5h://${server_address}:${server_port} --connect-timeout 3 --retry 3 -w %{http_code} "https://www.google.com/generate_204")
+case "$status" in
+	204|\
+	200)
+		status=200
+	;;
+esac
+return_code=1
+if [ "$status" = "200" ]; then
+	return_code=0
+fi
+exit ${return_code}

luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.sh

@@ -0,0 +1,146 @@
+#!/bin/sh
+
+stretch() {
+	#zhenduiluanshezhiDNSderen
+	local dnsmasq_server=$(uci -q get dhcp.@dnsmasq[0].server)
+	local dnsmasq_noresolv=$(uci -q get dhcp.@dnsmasq[0].noresolv)
+	local _flag
+	for server in $dnsmasq_server; do
+		[ -z "$(echo $server | grep '\/')" ] && _flag=1
+	done
+	[ -z "$_flag" ] && [ "$dnsmasq_noresolv" = "1" ] && {
+		uci -q delete dhcp.@dnsmasq[0].noresolv
+		uci -q set dhcp.@dnsmasq[0].resolvfile="$RESOLVFILE"
+		uci commit dhcp
+	}
+}
+
+backup_servers() {
+	DNSMASQ_DNS=$(uci show dhcp.@dnsmasq[0] | grep ".server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',')
+	if [ -n "${DNSMASQ_DNS}" ]; then
+		uci -q set $CONFIG.@global[0].dnsmasq_servers="${DNSMASQ_DNS}"
+		uci commit $CONFIG
+	fi
+}
+
+restore_servers() {
+	OLD_SERVER=$(uci -q get $CONFIG.@global[0].dnsmasq_servers | tr "," " ")
+	for server in $OLD_SERVER; do
+		uci -q del_list dhcp.@dnsmasq[0].server=$server
+		uci -q add_list dhcp.@dnsmasq[0].server=$server
+	done
+	uci commit dhcp
+	uci -q delete $CONFIG.@global[0].dnsmasq_servers
+	uci commit $CONFIG
+}
+
+logic_restart() {
+	local no_log
+	eval_set_val $@
+	_LOG_FILE=$LOG_FILE
+	[ -n "$no_log" ] && LOG_FILE="/dev/null"
+	if [ -f "$TMP_PATH/default_DNS" ]; then
+		backup_servers
+		#sed -i "/list server/d" /etc/config/dhcp >/dev/null 2>&1
+		for server in $(uci -q get dhcp.@dnsmasq[0].server); do
+			[ -n "$(echo $server | grep '\/')" ] || uci -q del_list dhcp.@dnsmasq[0].server="$server" 
+		done
+		/etc/init.d/dnsmasq restart >/dev/null 2>&1
+		restore_servers
+	else
+		/etc/init.d/dnsmasq restart >/dev/null 2>&1
+	fi
+	echolog "重启 dnsmasq 服务"
+	LOG_FILE=${_LOG_FILE}
+}
+
+restart() {
+	local no_log
+	eval_set_val $@
+	_LOG_FILE=$LOG_FILE
+	[ -n "$no_log" ] && LOG_FILE="/dev/null"
+	/etc/init.d/dnsmasq restart >/dev/null 2>&1
+	echolog "重启 dnsmasq 服务"
+	LOG_FILE=${_LOG_FILE}
+}
+
+gen_items() {
+	local dnss settype setnames outf ipsetoutf
+	eval_set_val $@
+	
+	awk -v dnss="${dnss}" -v settype="${settype}" -v setnames="${setnames}" -v outf="${outf}" -v ipsetoutf="${ipsetoutf}" '
+		BEGIN {
+			if(outf == "") outf="/dev/stdout";
+			if(ipsetoutf == "") ipsetoutf=outf;
+			split(dnss, dns, ","); setdns=length(dns)>0; setlist=length(setnames)>0;
+			if(setdns) for(i in dns) if(length(dns[i])==0) delete dns[i];
+			fail=1;
+		}
+		! /^$/&&!/^#/ {
+			fail=0
+			if(setdns) for(i in dns) printf("server=/.%s/%s\n", $0, dns[i]) >>outf;
+			if(setlist) printf("%s=/.%s/%s\n", settype, $0, setnames) >>ipsetoutf;
+		}
+		END {fflush(outf); close(outf); fflush(ipsetoutf); close(ipsetoutf); exit(fail);}
+	'
+}
+
+add() {
+	local TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_DNS TUN_DNS NFTFLAG NO_LOGIC_LOG
+	eval_set_val $@
+	_LOG_FILE=$LOG_FILE
+	[ -n "$NO_LOGIC_LOG" ] && LOG_FILE="/dev/null"
+	mkdir -p "${TMP_DNSMASQ_PATH}" "${DNSMASQ_PATH}" "/tmp/dnsmasq.d"
+	
+	local set_type="ipset"
+	[ "${NFTFLAG}" = "1" ] && {
+		set_type="nftset"
+		local setflag_4="4#inet#fw4#"
+		local setflag_6="6#inet#fw4#"
+	}
+	
+	#始终用国内DNS解析节点域名
+	servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2)
+	hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | grep -v "engage.cloudflareclient.com" | gen_items settype="${set_type}" setnames="${setflag_4}passwall2_vpslist,${setflag_6}passwall2_vpslist6" dnss="${LOCAL_DNS:-${DEFAULT_DNS}}" outf="${TMP_DNSMASQ_PATH}/10-vpslist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
+	echolog "  - [$?]节点列表中的域名(vpslist)：${DEFAULT_DNS:-默认}"
+	
+	echo "conf-dir=${TMP_DNSMASQ_PATH}" > $DNSMASQ_CONF_FILE
+	[ -n "${TUN_DNS}" ] && {
+		echo "${DEFAULT_DNS}" > $TMP_PATH/default_DNS
+		cat <<-EOF >> $DNSMASQ_CONF_FILE
+			server=${TUN_DNS}
+			all-servers
+			no-poll
+			no-resolv
+		EOF
+		echolog "  - [$?]默认：${TUN_DNS}"
+	}
+	LOG_FILE=${_LOG_FILE}
+}
+
+del() {
+	rm -rf /tmp/dnsmasq.d/dnsmasq-$CONFIG.conf
+	rm -rf $DNSMASQ_PATH/dnsmasq-$CONFIG.conf
+	rm -rf $TMP_DNSMASQ_PATH
+}
+
+arg1=$1
+shift
+case $arg1 in
+stretch)
+	stretch $@
+	;;
+add)
+	add $@
+	;;
+del)
+	del $@
+	;;
+restart)
+	restart $@
+	;;
+logic_restart)
+	logic_restart $@
+	;;
+*) ;;
+esac

luci-app-passwall2/root/usr/share/passwall2/monitor.sh

@@ -0,0 +1,47 @@
+#!/bin/sh
+
+CONFIG=passwall2
+TMP_PATH=/tmp/etc/$CONFIG
+TMP_SCRIPT_FUNC_PATH=$TMP_PATH/script_func
+LOCK_FILE_DIR=/tmp/lock
+LOCK_FILE=${LOCK_FILE_DIR}/${CONFIG}_script.lock
+
+config_n_get() {
+	local ret=$(uci -q get $CONFIG.$1.$2 2>/dev/null)
+	echo ${ret:=$3}
+}
+
+config_t_get() {
+	local index=0
+	[ -n "$4" ] && index=$4
+	local ret=$(uci -q get $CONFIG.@$1[$index].$2 2>/dev/null)
+	echo ${ret:=$3}
+}
+
+ENABLED=$(config_t_get global enabled 0)
+[ "$ENABLED" != 1 ] && return 1
+ENABLED=$(config_t_get global_delay start_daemon 0)
+[ "$ENABLED" != 1 ] && return 1
+sleep 58s
+while [ "$ENABLED" -eq 1 ]; do
+	[ -f "$LOCK_FILE" ] && {
+		sleep 6s
+		continue
+	}
+	touch $LOCK_FILE
+	[ -d ${TMP_SCRIPT_FUNC_PATH} ] && {
+		for filename in $(ls ${TMP_SCRIPT_FUNC_PATH} | grep -v "^_"); do
+			cmd=$(cat ${TMP_SCRIPT_FUNC_PATH}/${filename})
+			cmd_check=$(echo $cmd | awk -F '>' '{print $1}')
+			[ -n "$(echo $cmd_check | grep "dns2socks")" ] && cmd_check=$(echo $cmd_check | sed "s#:# #g")
+			icount=$(pgrep -f "$(echo $cmd_check)" | wc -l)
+			if [ $icount = 0 ]; then
+				#echo "${cmd} 进程挂掉，重启" >> /tmp/log/passwall2.log
+				eval $(echo "nohup ${cmd} 2>&1 &") >/dev/null 2>&1 &
+			fi
+		done
+	}
+	
+	rm -f $LOCK_FILE
+	sleep 58s
+done

luci-app-passwall2/root/usr/share/passwall2/rule_update.lua

@@ -0,0 +1,206 @@
+#!/usr/bin/lua
+
+require 'nixio'
+require 'luci.sys'
+local luci = luci
+local ucic = luci.model.uci.cursor()
+local jsonc = require "luci.jsonc"
+local name = 'passwall2'
+local api = require "luci.passwall2.api"
+local arg1 = arg[1]
+local arg2 = arg[2]
+local arg3 = arg[3]
+
+local reboot = 0
+local geoip_update = 0
+local geosite_update = 0
+local asset_location = ucic:get_first(name, 'global_rules', "v2ray_location_asset", "/usr/share/v2ray/")
+
+-- Custom geo file
+local geoip_api = ucic:get_first(name, 'global_rules', "geoip_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
+local geosite_api = ucic:get_first(name, 'global_rules', "geosite_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
+--
+local use_nft = ucic:get(name, "@global_forwarding[0]", "use_nft") or "0"
+
+if arg3 == "cron" then
+	arg2 = nil
+end
+
+local log = function(...)
+	if arg1 then
+		if arg1 == "log" then
+			api.log(...)
+		elseif arg1 == "print" then
+			local result = os.date("%Y-%m-%d %H:%M:%S: ") .. table.concat({...}, " ")
+			print(result)
+		end
+	end
+end
+
+-- curl
+local function curl(url, file)
+	local args = {
+		"-skL", "-w %{http_code}", "--retry 3", "--connect-timeout 3"
+	}
+	if file then
+		args[#args + 1] = "-o " .. file
+	end
+	local return_code, result = api.curl_logic(url, nil, args)
+	return tonumber(result)
+end
+
+--获取geoip
+local function fetch_geoip()
+	--请求geoip
+	xpcall(function()
+		local return_code, content = api.curl_logic(geoip_api)
+		local json = jsonc.parse(content)
+		if json.tag_name and json.assets then
+			for _, v in ipairs(json.assets) do
+				if v.name and v.name == "geoip.dat.sha256sum" then
+					local sret = curl(v.browser_download_url, "/tmp/geoip.dat.sha256sum")
+					if sret == 200 then
+						local f = io.open("/tmp/geoip.dat.sha256sum", "r")
+						local content = f:read()
+						f:close()
+						f = io.open("/tmp/geoip.dat.sha256sum", "w")
+						f:write(content:gsub("geoip.dat", "/tmp/geoip.dat"), "")
+						f:close()
+
+						if nixio.fs.access(asset_location .. "geoip.dat") then
+							luci.sys.call(string.format("cp -f %s %s", asset_location .. "geoip.dat", "/tmp/geoip.dat"))
+							if luci.sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
+								log("geoip 版本一致，无需更新。")
+								return 1
+							end
+						end
+						for _2, v2 in ipairs(json.assets) do
+							if v2.name and v2.name == "geoip.dat" then
+								sret = curl(v2.browser_download_url, "/tmp/geoip.dat")
+								if luci.sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
+									luci.sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geoip.dat", asset_location .. "geoip.dat"))
+									reboot = 1
+									log("geoip 更新成功。")
+									return 1
+								else
+									log("geoip 更新失败，请稍后再试。")
+								end
+								break
+							end
+						end
+					end
+					break
+				end
+			end
+		end
+	end,
+	function(e)
+	end)
+
+	return 0
+end
+
+--获取geosite
+local function fetch_geosite()
+	--请求geosite
+	xpcall(function()
+		local return_code, content = api.curl_logic(geosite_api)
+		local json = jsonc.parse(content)
+		if json.tag_name and json.assets then
+			for _, v in ipairs(json.assets) do
+				if v.name and v.name == "geosite.dat.sha256sum" then
+					local sret = curl(v.browser_download_url, "/tmp/geosite.dat.sha256sum")
+					if sret == 200 then
+						local f = io.open("/tmp/geosite.dat.sha256sum", "r")
+						local content = f:read()
+						f:close()
+						f = io.open("/tmp/geosite.dat.sha256sum", "w")
+						f:write(content:gsub("geosite.dat", "/tmp/geosite.dat"), "")
+						f:close()
+
+						if nixio.fs.access(asset_location .. "geosite.dat") then
+							luci.sys.call(string.format("cp -f %s %s", asset_location .. "geosite.dat", "/tmp/geosite.dat"))
+							if luci.sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
+								log("geosite 版本一致，无需更新。")
+								return 1
+							end
+						end
+						for _2, v2 in ipairs(json.assets) do
+							if v2.name and v2.name == "geosite.dat" then
+								sret = curl(v2.browser_download_url, "/tmp/geosite.dat")
+								if luci.sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
+									luci.sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geosite.dat", asset_location .. "geosite.dat"))
+									reboot = 1
+									log("geosite 更新成功。")
+									return 1
+								else
+									log("geosite 更新失败，请稍后再试。")
+								end
+								break
+							end
+						end
+					end
+					break
+				end
+			end
+		end
+	end,
+	function(e)
+	end)
+
+	return 0
+end
+
+if arg2 then
+	string.gsub(arg2, '[^' .. "," .. ']+', function(w)
+		if w == "geoip" then
+			geoip_update = 1
+		end
+		if w == "geosite" then
+			geosite_update = 1
+		end
+	end)
+else
+	geoip_update = ucic:get_first(name, 'global_rules', "geoip_update", 1)
+	geosite_update = ucic:get_first(name, 'global_rules', "geosite_update", 1)
+end
+if geoip_update == 0 and geosite_update == 0 then
+	os.exit(0)
+end
+
+log("开始更新规则...")
+
+if tonumber(geoip_update) == 1 then
+	log("geoip 开始更新...")
+	local status = fetch_geoip()
+	os.remove("/tmp/geoip.dat")
+	os.remove("/tmp/geoip.dat.sha256sum")
+end
+
+if tonumber(geosite_update) == 1 then
+	log("geosite 开始更新...")
+	local status = fetch_geosite()
+	os.remove("/tmp/geosite.dat")
+	os.remove("/tmp/geosite.dat.sha256sum")
+end
+
+ucic:set(name, ucic:get_first(name, 'global_rules'), "geoip_update", geoip_update)
+ucic:set(name, ucic:get_first(name, 'global_rules'), "geosite_update", geosite_update)
+ucic:save(name)
+luci.sys.call("uci commit " .. name)
+
+if reboot == 1 then
+	if arg3 == "cron" then
+		if not nixio.fs.access("/var/lock/" .. name .. ".lock") then
+			luci.sys.call("touch /tmp/lock/" .. name .. "_cron.lock")
+		end
+	end
+
+	log("重启服务，应用新的规则。")
+	if use_nft == "1" then
+		luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &")
+	else
+		luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &")
+	end
+end
+log("规则更新完毕...")

luci-app-passwall2/root/usr/share/passwall2/socks_auto_switch.sh

@@ -0,0 +1,180 @@
+#!/bin/sh
+
+CONFIG=passwall2
+LOG_FILE=/tmp/log/$CONFIG.log
+LOCK_FILE_DIR=/tmp/lock
+
+flag=0
+
+echolog() {
+	local d="$(date "+%Y-%m-%d %H:%M:%S")"
+	#echo -e "$d: $1"
+	echo -e "$d: $1" >> $LOG_FILE
+}
+
+config_n_get() {
+	local ret=$(uci -q get "${CONFIG}.${1}.${2}" 2>/dev/null)
+	echo "${ret:=$3}"
+}
+
+test_url() {
+	local url=$1
+	local try=1
+	[ -n "$2" ] && try=$2
+	local timeout=2
+	[ -n "$3" ] && timeout=$3
+	local extra_params=$4
+	curl --help all | grep "\-\-retry-all-errors" > /dev/null
+	[ $? == 0 ] && extra_params="--retry-all-errors ${extra_params}"
+	status=$(/usr/bin/curl -I -o /dev/null -skL --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" ${extra_params} --connect-timeout ${timeout} --retry ${try} -w %{http_code} "$url")
+	case "$status" in
+		204)
+			status=200
+		;;
+	esac
+	echo $status
+}
+
+test_proxy() {
+	result=0
+	status=$(test_url "${probe_url}" ${retry_num} ${connect_timeout} "-x socks5h://127.0.0.1:${socks_port}")
+	if [ "$status" = "200" ]; then
+		result=0
+	else
+		status2=$(test_url "https://www.baidu.com" ${retry_num} ${connect_timeout})
+		if [ "$status2" = "200" ]; then
+			result=1
+		else
+			result=2
+			ping -c 3 -W 1 223.5.5.5 > /dev/null 2>&1
+			[ $? -eq 0 ] && {
+				result=1
+			}
+		fi
+	fi
+	echo $result
+}
+
+test_node() {
+	local node_id=$1
+	local _type=$(echo $(config_n_get ${node_id} type nil) | tr 'A-Z' 'a-z')
+	[ "${_type}" != "nil" ] && {
+		local _tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp,udp)
+		/usr/share/${CONFIG}/app.sh run_socks flag="test_node_${node_id}" node=${node_id} bind=127.0.0.1 socks_port=${_tmp_port} config_file=test_node_${node_id}.json
+		local curlx="socks5h://127.0.0.1:${_tmp_port}"
+		sleep 1s
+		_proxy_status=$(test_url "${probe_url}" ${retry_num} ${connect_timeout} "-x $curlx")
+		pgrep -af "test_node_${node_id}" | awk '! /socks_auto_switch\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
+		rm -rf "/tmp/etc/${CONFIG}/test_node_${node_id}.json"
+		if [ "${_proxy_status}" -eq 200 ]; then
+			return 0
+		fi
+	}
+	return 1
+}
+
+test_auto_switch() {
+	flag=$(expr $flag + 1)
+	local b_nodes=$1
+	local now_node=$2
+	[ -z "$now_node" ] && {
+		local f="/tmp/etc/$CONFIG/id/socks_${id}"
+		if [ -f "${f}" ]; then
+			now_node=$(cat ${f})
+		else
+			#echolog "自动切换检测：未知错误"
+			return 1
+		fi
+	}
+	
+	[ $flag -le 1 ] && {
+		main_node=$now_node
+	}
+
+	status=$(test_proxy)
+	if [ "$status" == 2 ]; then
+		echolog "自动切换检测：无法连接到网络，请检查网络是否正常！"
+		return 2
+	fi
+	
+	#检测主节点是否能使用
+	if [ "$restore_switch" == "1" ] && [ "$main_node" != "nil" ] && [ "$now_node" != "$main_node" ]; then
+		test_node ${main_node}
+		[ $? -eq 0 ] && {
+			#主节点正常，切换到主节点
+			echolog "自动切换检测：${id}主节点【$(config_n_get $main_node type)：[$(config_n_get $main_node remarks)]】正常，切换到主节点！"
+			/usr/share/${CONFIG}/app.sh socks_node_switch flag=${id} new_node=${main_node}
+			[ $? -eq 0 ] && {
+				echolog "自动切换检测：${id}节点切换完毕！"
+			}
+			return 0
+		}
+	fi
+	
+	if [ "$status" == 0 ]; then
+		#echolog "自动切换检测：${id}【$(config_n_get $now_node type)：[$(config_n_get $now_node remarks)]】正常。"
+		return 0
+	elif [ "$status" == 1 ]; then
+		echolog "自动切换检测：${id}【$(config_n_get $now_node type)：[$(config_n_get $now_node remarks)]】异常，切换到下一个备用节点检测！"
+		local new_node
+		in_backup_nodes=$(echo $b_nodes | grep $now_node)
+		# 判断当前节点是否存在于备用节点列表里
+		if [ -z "$in_backup_nodes" ]; then
+			# 如果不存在，设置第一个节点为新的节点
+			new_node=$(echo $b_nodes | awk -F ' ' '{print $1}')
+		else
+			# 如果存在，设置下一个备用节点为新的节点
+			#local count=$(expr $(echo $b_nodes | grep -o ' ' | wc -l) + 1)
+			local next_node=$(echo $b_nodes | awk -F "$now_node" '{print $2}' | awk -F " " '{print $1}')
+			if [ -z "$next_node" ]; then
+				new_node=$(echo $b_nodes | awk -F ' ' '{print $1}')
+			else
+				new_node=$next_node
+			fi
+		fi
+		test_node ${new_node}
+		if [ $? -eq 0 ]; then
+			[ "$restore_switch" == "0" ] && {
+				uci set $CONFIG.${id}.node=$new_node
+				[ -z "$(echo $b_nodes | grep $main_node)" ] && uci add_list $CONFIG.${id}.autoswitch_backup_node=$main_node
+				uci commit $CONFIG
+			}
+			echolog "自动切换检测：${id}【$(config_n_get $new_node type)：[$(config_n_get $new_node remarks)]】正常，切换到此节点！"
+			/usr/share/${CONFIG}/app.sh socks_node_switch flag=${id} new_node=${new_node}
+			[ $? -eq 0 ] && {
+				echolog "自动切换检测：${id}节点切换完毕！"
+			}
+			return 0
+		else
+			test_auto_switch "${b_nodes}" ${new_node}
+		fi
+	fi
+}
+
+start() {
+	id=$1
+	LOCK_FILE=${LOCK_FILE_DIR}/${CONFIG}_socks_auto_switch_${id}.lock
+	main_node=$(config_n_get $id node nil)
+	socks_port=$(config_n_get $id port 0)
+	delay=$(config_n_get $id autoswitch_testing_time 30)
+	sleep 5s
+	connect_timeout=$(config_n_get $id autoswitch_connect_timeout 3)
+	retry_num=$(config_n_get $id autoswitch_retry_num 1)
+	restore_switch=$(config_n_get $id autoswitch_restore_switch 0)
+	probe_url=$(config_n_get $id autoswitch_probe_url "https://www.google.com/generate_204")
+	backup_node=$(config_n_get $id autoswitch_backup_node nil)
+	while [ -n "$backup_node" -a "$backup_node" != "nil" ]; do
+		[ -f "$LOCK_FILE" ] && {
+			sleep 6s
+			continue
+		}
+		touch $LOCK_FILE
+		backup_node=$(echo $backup_node | tr -s ' ' '\n' | uniq | tr -s '\n' ' ')
+		test_auto_switch "$backup_node"
+		rm -f $LOCK_FILE
+		sleep ${delay}
+	done
+}
+
+start $@
+

luci-app-passwall2/root/usr/share/passwall2/tasks.sh

@@ -0,0 +1,75 @@
+#!/bin/sh
+
+## 循环更新脚本
+
+CONFIG=passwall2
+APP_PATH=/usr/share/$CONFIG
+TMP_PATH=/tmp/etc/$CONFIG
+LOCK_FILE=/tmp/lock/${CONFIG}_tasks.lock
+CFG_UPDATE_INT=0
+
+config_n_get() {
+	local ret=$(uci -q get "${CONFIG}.${1}.${2}" 2>/dev/null)
+	echo "${ret:=$3}"
+}
+
+config_t_get() {
+	local index=${4:-0}
+	local ret=$(uci -q get "${CONFIG}.@${1}[${index}].${2}" 2>/dev/null)
+	echo "${ret:=${3}}"
+}
+
+exec 99>"$LOCK_FILE"
+flock -n 99
+if [ "$?" != 0 ]; then
+	exit 0
+fi
+
+while true
+do
+
+	if [ "$CFG_UPDATE_INT" -ne 0 ]; then
+
+		autoupdate=$(config_t_get global_rules auto_update)
+		weekupdate=$(config_t_get global_rules week_update)
+		hourupdate=$(config_t_get global_rules interval_update)
+		hourupdate=$(expr "$hourupdate" \* 60)
+		if [ "$autoupdate" = "1" ]; then
+			[ "$weekupdate" = "8" ] && {
+				[ "$(expr "$CFG_UPDATE_INT" % "$hourupdate")" -eq 0 ] && lua $APP_PATH/rule_update.lua log all cron > /dev/null 2>&1 &
+			}
+		fi
+
+		TMP_SUB_PATH=$TMP_PATH/sub_tasks
+		mkdir -p $TMP_SUB_PATH
+		for item in $(uci show ${CONFIG} | grep "=subscribe_list" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do
+			if [ "$(config_n_get $item auto_update 0)" = "1" ]; then
+				cfgid=$(uci show ${CONFIG}.$item | head -n 1 | cut -d '.' -sf 2 | cut -d '=' -sf 1)
+				remark=$(config_n_get $item remark)
+				week_update=$(config_n_get $item week_update)
+				hour_update=$(config_n_get $item interval_update)
+				echo "$cfgid" >> $TMP_SUB_PATH/${week_update}_${hour_update}
+			fi
+		done
+
+		[ -d "${TMP_SUB_PATH}" ] && {
+			for name in $(ls ${TMP_SUB_PATH}); do
+				week_update=$(echo $name | awk -F '_' '{print $1}')
+				hour_update=$(echo $name | awk -F '_' '{print $2}')
+				hour_update=$(expr "$hour_update" \* 60)
+				cfgids=$(echo -n $(cat ${TMP_SUB_PATH}/${name}) | sed 's# #,#g')
+				[ "$week_update" = "8" ] && {
+					[ "$(expr "$CFG_UPDATE_INT" % "$hour_update")" -eq 0 ] && lua $APP_PATH/subscribe.lua start $cfgids cron > /dev/null 2>&1 &
+				}
+
+			done
+			rm -rf $TMP_SUB_PATH
+		}
+
+	fi
+
+	CFG_UPDATE_INT=$(expr "$CFG_UPDATE_INT" + 10)
+
+	sleep 600
+
+done 2>/dev/null

luci-app-passwall2/root/usr/share/passwall2/test.sh

@@ -0,0 +1,106 @@
+#!/bin/sh
+
+CONFIG=passwall2
+LOG_FILE=/tmp/log/$CONFIG.log
+
+echolog() {
+	local d="$(date "+%Y-%m-%d %H:%M:%S")"
+	#echo -e "$d: $1"
+	echo -e "$d: $1" >> $LOG_FILE
+}
+
+config_n_get() {
+	local ret=$(uci -q get "${CONFIG}.${1}.${2}" 2>/dev/null)
+	echo "${ret:=$3}"
+}
+
+config_t_get() {
+	local index=0
+	[ -n "$4" ] && index=$4
+	local ret=$(uci -q get $CONFIG.@$1[$index].$2 2>/dev/null)
+	echo ${ret:=$3}
+}
+
+test_url() {
+	local url=$1
+	local try=1
+	[ -n "$2" ] && try=$2
+	local timeout=2
+	[ -n "$3" ] && timeout=$3
+	local extra_params=$4
+	curl --help all | grep "\-\-retry-all-errors" > /dev/null
+	[ $? == 0 ] && extra_params="--retry-all-errors ${extra_params}"
+	status=$(/usr/bin/curl -I -o /dev/null -skL $extra_params --connect-timeout ${timeout} --retry ${try} -w %{http_code} "$url")
+	case "$status" in
+		204|\
+		200)
+			status=200
+		;;
+	esac
+	echo $status
+}
+
+test_proxy() {
+	result=0
+	status=$(test_url "https://www.google.com/generate_204" ${retry_num} ${connect_timeout})
+	if [ "$status" = "200" ]; then
+		result=0
+	else
+		status2=$(test_url "https://www.baidu.com" ${retry_num} ${connect_timeout})
+		if [ "$status2" = "200" ]; then
+			result=1
+		else
+			result=2
+			ping -c 3 -W 1 223.5.5.5 > /dev/null 2>&1
+			[ $? -eq 0 ] && {
+				result=1
+			}
+		fi
+	fi
+	echo $result
+}
+
+url_test_node() {
+	result=0
+	local node_id=$1
+	local _type=$(echo $(config_n_get ${node_id} type nil) | tr 'A-Z' 'a-z')
+	[ "${_type}" != "nil" ] && {
+		local _tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp,udp)
+		/usr/share/${CONFIG}/app.sh run_socks flag="url_test_${node_id}" node=${node_id} bind=127.0.0.1 socks_port=${_tmp_port} config_file=url_test_${node_id}.json
+		local curlx="socks5h://127.0.0.1:${_tmp_port}"
+		sleep 1s
+		result=$(curl --connect-timeout 3 -o /dev/null -I -skL -w "%{http_code}:%{time_starttransfer}" -x $curlx "https://www.google.com/generate_204")
+		pgrep -af "url_test_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
+		rm -rf "/tmp/etc/${CONFIG}/url_test_${node_id}.json"
+	}
+	echo $result
+}
+
+test_node() {
+	local node_id=$1
+	local _type=$(echo $(config_n_get ${node_id} type nil) | tr 'A-Z' 'a-z')
+	[ "${_type}" != "nil" ] && {
+		local _tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp,udp)
+		/usr/share/${CONFIG}/app.sh run_socks flag="test_node_${node_id}" node=${node_id} bind=127.0.0.1 socks_port=${_tmp_port} config_file=test_node_${node_id}.json
+		local curlx="socks5h://127.0.0.1:${_tmp_port}"
+		sleep 1s
+		_proxy_status=$(test_url "https://www.google.com/generate_204" ${retry_num} ${connect_timeout} "-x $curlx")
+		pgrep -af "test_node_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
+		rm -rf "/tmp/etc/${CONFIG}/test_node_${node_id}.json"
+		if [ "${_proxy_status}" -eq 200 ]; then
+			return 0
+		fi
+	}
+	return 1
+}
+
+arg1=$1
+shift
+case $arg1 in
+test_url)
+	test_url $@
+	;;
+url_test_node)
+	url_test_node $@
+	;;
+esac

luci-app-passwall2/root/usr/share/rpcd/acl.d/luci-app-passwall2.json

@@ -0,0 +1,11 @@
+{
+	"luci-app-passwall2": {
+		"description": "Grant UCI access for luci-app-passwall2",
+		"read": {
+			"uci": [ "passwall2", "passwall2_server" ]
+		},
+		"write": {
+			"uci": [ "passwall2", "passwall2_server" ]
+		}
+	}
+}

luci-app-passwall2/root/usr/share/ucitrack/luci-app-passwall2-server.json

@@ -0,0 +1,4 @@
+{
+	"config": "passwall2_server",
+	"init": "passwall2_server"
+}

luci-app-passwall2/root/usr/share/ucitrack/luci-app-passwall2.json

@@ -0,0 +1,4 @@
+{
+	"config": "passwall2",
+	"init": "passwall2"
+}