From d0dfa38f6748d059ad18ddbf3a8586212b16a11b Mon Sep 17 00:00:00 2001 From: xiaorouji <60100640+xiaorouji@users.noreply.github.com> Date: Tue, 12 Sep 2023 21:55:28 +0800 Subject: [PATCH] luci: server: add REALITY option to sing-box --- .../cbi/passwall/server/type/sing-box.lua | 32 +++++++++++++++++-- .../luasrc/passwall/util_sing-box.lua | 16 ++++++++++ luci-app-passwall/po/zh-cn/passwall.po | 6 ++++ 3 files changed, 52 insertions(+), 2 deletions(-) diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/server/type/sing-box.lua b/luci-app-passwall/luasrc/model/cbi/passwall/server/type/sing-box.lua index 379519863..a6e1473be 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/server/type/sing-box.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/server/type/sing-box.lua @@ -202,6 +202,8 @@ o = s:option(Flag, option_name("tls"), translate("TLS")) o.default = 0 o.validate = function(self, value, t) if value then + local reality = s.fields[option_name("reality")]:formvalue(t) + if reality and reality == "1" then return value end if value == "1" then local ca = s.fields[option_name("tls_certificateFile")]:formvalue(t) or "" local key = s.fields[option_name("tls_keyFile")]:formvalue(t) or "" @@ -218,11 +220,37 @@ o:depends({ [option_name("protocol")] = "vmess" }) o:depends({ [option_name("protocol")] = "vless" }) o:depends({ [option_name("protocol")] = "trojan" }) +if singbox_tags:find("with_reality_server") then + -- [[ REALITY部分 ]] -- + o = s:option(Flag, option_name("reality"), translate("REALITY")) + o.default = 0 + o:depends({ [option_name("protocol")] = "vless", [option_name("tls")] = true }) + o:depends({ [option_name("protocol")] = "vmess", [option_name("tls")] = true }) + o:depends({ [option_name("protocol")] = "shadowsocks", [option_name("tls")] = true }) + o:depends({ [option_name("protocol")] = "http", [option_name("tls")] = true }) + o:depends({ [option_name("protocol")] = "trojan", [option_name("tls")] = true }) + + o = s:option(Value, option_name("reality_private_key"), translate("Private Key")) + o:depends({ [option_name("reality")] = true }) + + o = s:option(Value, option_name("reality_shortId"), translate("Short Id")) + o:depends({ [option_name("reality")] = true }) + + o = s:option(Value, option_name("reality_handshake_server"), translate("Handshake Server")) + o.default = "google.com" + o:depends({ [option_name("reality")] = true }) + + o = s:option(Value, option_name("reality_handshake_server_port"), translate("Handshake Server Port")) + o.datatype = "port" + o.default = "443" + o:depends({ [option_name("reality")] = true }) +end + -- [[ TLS部分 ]] -- o = s:option(FileUpload, option_name("tls_certificateFile"), translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem") o.default = m:get(s.section, "tls_certificateFile") or "/etc/config/ssl/" .. arg[1] .. ".pem" -o:depends({ [option_name("tls")] = true }) +o:depends({ [option_name("tls")] = true, [option_name("reality")] = false }) o:depends({ [option_name("protocol")] = "naive" }) o:depends({ [option_name("protocol")] = "hysteria" }) o:depends({ [option_name("protocol")] = "tuic" }) @@ -240,7 +268,7 @@ end o = s:option(FileUpload, option_name("tls_keyFile"), translate("Private key absolute path"), translate("as:") .. "/etc/ssl/private.key") o.default = m:get(s.section, "tls_keyFile") or "/etc/config/ssl/" .. arg[1] .. ".key" -o:depends({ [option_name("tls")] = true }) +o:depends({ [option_name("tls")] = true, [option_name("reality")] = false }) o:depends({ [option_name("protocol")] = "naive" }) o:depends({ [option_name("protocol")] = "hysteria" }) o:depends({ [option_name("protocol")] = "tuic" }) diff --git a/luci-app-passwall/luasrc/passwall/util_sing-box.lua b/luci-app-passwall/luasrc/passwall/util_sing-box.lua index 04cfbc2c1..a93ace433 100644 --- a/luci-app-passwall/luasrc/passwall/util_sing-box.lua +++ b/luci-app-passwall/luasrc/passwall/util_sing-box.lua @@ -353,6 +353,22 @@ function gen_config_server(node) key_path = node.tls_keyFile, } + if node.tls == "1" and node.reality == "1" then + tls.certificate_path = nil + tls.key_path = nil + tls.reality = { + enabled = true, + private_key = node.reality_private_key, + short_id = { + node.reality_shortId + }, + handshake = { + server = node.reality_handshake_server, + server_port = tonumber(node.reality_handshake_server_port) + } + } + end + local v2ray_transport = nil if node.transport == "http" then diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index 9a7ff7c98..13522b93e 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -1486,6 +1486,12 @@ msgstr "自定义geosite文件更新链接" msgid "Override the connection destination address" msgstr "覆盖连接目标地址" +msgid "Handshake Server" +msgstr "握手服务器" + +msgid "Handshake Server Port" +msgstr "握手服务器端口" + msgid "Override the connection destination address with the sniffed domain." msgstr "用探测出的域名覆盖连接目标地址。"