From f5c79a406182125ce5f06f35fd6dbf17b2267641 Mon Sep 17 00:00:00 2001 From: gitea-action Date: Mon, 5 May 2025 13:00:17 +0800 Subject: [PATCH] luci-app-homeproxy: sync upstream last commit: https://github.com/immortalwrt/homeproxy/commit/f05a3f39c907da2daac23b4b555a63cf77751475 --- .../resources/view/homeproxy/node.js | 2 +- .../etc/homeproxy/scripts/firewall_pre.uc | 54 +++++++++++++++++++ .../etc/homeproxy/scripts/firewall_pre.ut | 54 ------------------- .../homeproxy/scripts/update_subscriptions.uc | 2 +- luci-app-homeproxy/root/etc/init.d/homeproxy | 5 +- .../root/etc/uci-defaults/luci-homeproxy | 18 +++++-- 6 files changed, 73 insertions(+), 62 deletions(-) create mode 100755 luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.uc delete mode 100755 luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.ut diff --git a/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js b/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js index 2ccbfd91d..e332ee143 100644 --- a/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js +++ b/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js @@ -63,7 +63,7 @@ function parseShareLink(uri, features) { tls: '1', tls_sni: params.get('peer'), tls_alpn: params.get('alpn'), - tls_insecure: params.get('insecure') ? '1' : '0' + tls_insecure: (params.get('insecure') === '1') ? '1' : '0' }; break; diff --git a/luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.uc b/luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.uc new file mode 100755 index 000000000..a774f9841 --- /dev/null +++ b/luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.uc @@ -0,0 +1,54 @@ +#!/usr/bin/ucode + +'use strict'; + +import { writefile } from 'fs'; +import { cursor } from 'uci'; +import { isEmpty, RUN_DIR } from 'homeproxy'; + +const cfgname = 'homeproxy'; +const uci = cursor(); +uci.load(cfgname); + +const routing_mode = uci.get(cfgname, 'config', 'routing_mode') || 'bypass_mainland_china', + proxy_mode = uci.get(cfgname, 'config', 'proxy_mode') || 'redirect_tproxy'; + +let outbound_node, tun_name; +if (match(proxy_mode, /tun/)) { + if (routing_mode === 'custom') + outbound_node = uci.get(cfgname, 'routing', 'default_outbound') || 'nil'; + else + outbound_node = uci.get(cfgname, 'config', 'main_node') || 'nil'; + + if (outbound_node !== 'nil') + tun_name = uci.get(cfgname, 'infra', 'tun_name') || 'singtun0'; +} + +const server_enabled = uci.get(cfgname, 'server', 'enabled'); +let auto_firewall = '0'; +if (server_enabled === '1') + auto_firewall = uci.get(cfgname, 'server', 'auto_firewall') || '0'; + +let forward = [], + input = []; + +if (tun_name) { + push(forward, `oifname ${tun_name} counter accept comment "!${cfgname}: accept tun forward"`); + push(input ,`iifname ${tun_name} counter accept comment "!${cfgname}: accept tun input"`); +} + +if (auto_firewall === '1') { + uci.foreach(cfgname, 'server', (s) => { + if (s.enabled !== '1') + return; + + let proto = s.network || '{ tcp, udp }'; + push(input, `meta l4proto ${proto} th dport ${s.port} counter accept comment "!${cfgname}: accept server ${s['.name']}"`); + }); +} + +if (!isEmpty(forward)) + writefile(RUN_DIR + '/fw4_forward.nft', join('\n', forward) + '\n'); + +if (!isEmpty(input)) + writefile(RUN_DIR + '/fw4_input.nft', join('\n', input) + '\n'); diff --git a/luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.ut b/luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.ut deleted file mode 100755 index f53addd3b..000000000 --- a/luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.ut +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/utpl -S - -{%- - import { cursor } from 'uci'; - - const cfgname = 'homeproxy'; - const uci = cursor(); - uci.load(cfgname); - - const routing_mode = uci.get(cfgname, 'config', 'routing_mode') || 'bypass_mainland_china', - proxy_mode = uci.get(cfgname, 'config', 'proxy_mode') || 'redirect_tproxy'; - - let outbound_node, tun_name; - if (match(proxy_mode, /tun/)) { - if (routing_mode === 'custom') - outbound_node = uci.get(cfgname, 'routing', 'default_outbound') || 'nil'; - else - outbound_node = uci.get(cfgname, 'config', 'main_node') || 'nil'; - - if (outbound_node !== 'nil') - tun_name = uci.get(cfgname, 'infra', 'tun_name') || 'singtun0'; - } - - const server_enabled = uci.get(cfgname, 'server', 'enabled'); - let auto_firewall = '0'; - if (server_enabled === '1') - auto_firewall = uci.get(cfgname, 'server', 'auto_firewall') || '0'; - --%} - -{% if (tun_name): %} -chain forward { - oifname {{ tun_name }} counter accept comment "!{{ cfgname }}: accept tun forward" -} -{% endif %} - -{% if (tun_name || auto_firewall === '1'): %} -chain input { - {% if (tun_name): %} - iifname {{ tun_name }} counter accept comment "!{{ cfgname }}: accept tun input" - {% endif %} -{% - if (auto_firewall === '1') - uci.foreach(cfgname, 'server', (s) => { - if (s.enabled !== '1') - return; - - let proto = s.network || '{ tcp, udp }'; - printf(' meta l4proto %s th dport %s counter accept comment "!%s: accept server %s"\n', - proto, s.port, cfgname, s['.name']); - }); -%} -} -{% endif %} diff --git a/luci-app-homeproxy/root/etc/homeproxy/scripts/update_subscriptions.uc b/luci-app-homeproxy/root/etc/homeproxy/scripts/update_subscriptions.uc index e857c077a..1b18af2ec 100755 --- a/luci-app-homeproxy/root/etc/homeproxy/scripts/update_subscriptions.uc +++ b/luci-app-homeproxy/root/etc/homeproxy/scripts/update_subscriptions.uc @@ -170,7 +170,7 @@ function parse_uri(uri) { hysteria_obfs_type: params.obfs, hysteria_obfs_password: params['obfs-password'], tls: '1', - tls_insecure: params.insecure ? '1' : '0', + tls_insecure: (params.insecure === '1') ? '1' : '0', tls_sni: params.sni }; diff --git a/luci-app-homeproxy/root/etc/init.d/homeproxy b/luci-app-homeproxy/root/etc/init.d/homeproxy index 300dda590..770ebc6b7 100755 --- a/luci-app-homeproxy/root/etc/init.d/homeproxy +++ b/luci-app-homeproxy/root/etc/init.d/homeproxy @@ -238,7 +238,7 @@ start_service() { chown -R sing-box:sing-box "$RUN_DIR" # Setup firewall - utpl -S "$HP_DIR/scripts/firewall_pre.ut" > "$RUN_DIR/fw4_pre.nft" + ucode "$HP_DIR/scripts/firewall_pre.uc" [ "$outbound_node" = "nil" ] || utpl -S "$HP_DIR/scripts/firewall_post.ut" > "$RUN_DIR/fw4_post.nft" fw4 reload >"/dev/null" 2>&1 @@ -291,7 +291,8 @@ stop_service() { nft flush set inet fw4 "$i" nft delete set inet fw4 "$i" done 2>"/dev/null" - echo 2>"/dev/null" > "$RUN_DIR/fw4_pre.nft" + echo 2>"/dev/null" > "$RUN_DIR/fw4_forward.nft" + echo 2>"/dev/null" > "$RUN_DIR/fw4_input.nft" echo 2>"/dev/null" > "$RUN_DIR/fw4_post.nft" fw4 reload >"/dev/null" 2>&1 diff --git a/luci-app-homeproxy/root/etc/uci-defaults/luci-homeproxy b/luci-app-homeproxy/root/etc/uci-defaults/luci-homeproxy index 35abcd988..76d2880c7 100644 --- a/luci-app-homeproxy/root/etc/uci-defaults/luci-homeproxy +++ b/luci-app-homeproxy/root/etc/uci-defaults/luci-homeproxy @@ -2,10 +2,20 @@ uci -q batch <<-EOF >"/dev/null" delete firewall.homeproxy_pre - set firewall.homeproxy_pre=include - set firewall.homeproxy_pre.type=nftables - set firewall.homeproxy_pre.path="/var/run/homeproxy/fw4_pre.nft" - set firewall.homeproxy_pre.position="table-pre" + + delete firewall.homeproxy_forward + set firewall.homeproxy_forward=include + set firewall.homeproxy_forward.type=nftables + set firewall.homeproxy_forward.path="/var/run/homeproxy/fw4_forward.nft" + set firewall.homeproxy_forward.position="chain-pre" + set firewall.homeproxy_forward.chain="forward" + + delete firewall.homeproxy_input + set firewall.homeproxy_input=include + set firewall.homeproxy_input.type=nftables + set firewall.homeproxy_input.path="/var/run/homeproxy/fw4_input.nft" + set firewall.homeproxy_input.position="chain-pre" + set firewall.homeproxy_input.chain="input" delete firewall.homeproxy_post set firewall.homeproxy_post=include