luci-app-homeproxy: sync upstream

last commit: f05a3f39c9

luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js

@@ -63,7 +63,7 @@ function parseShareLink(uri, features) {
 				tls: '1',
 				tls_sni: params.get('peer'),
 				tls_alpn: params.get('alpn'),
-				tls_insecure: params.get('insecure') ? '1' : '0'
+				tls_insecure: (params.get('insecure') === '1') ? '1' : '0'
 			};
 
 			break;

luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.uc

@@ -0,0 +1,54 @@
+#!/usr/bin/ucode
+
+'use strict';
+
+import { writefile } from 'fs';
+import { cursor } from 'uci';
+import { isEmpty, RUN_DIR } from 'homeproxy';
+
+const cfgname = 'homeproxy';
+const uci = cursor();
+uci.load(cfgname);
+
+const routing_mode = uci.get(cfgname, 'config', 'routing_mode') || 'bypass_mainland_china',
+      proxy_mode = uci.get(cfgname, 'config', 'proxy_mode') || 'redirect_tproxy';
+
+let outbound_node, tun_name;
+if (match(proxy_mode, /tun/)) {
+	if (routing_mode === 'custom')
+		outbound_node = uci.get(cfgname, 'routing', 'default_outbound') || 'nil';
+	else
+		outbound_node = uci.get(cfgname, 'config', 'main_node') || 'nil';
+
+	if (outbound_node !== 'nil')
+		tun_name = uci.get(cfgname, 'infra', 'tun_name') || 'singtun0';
+}
+
+const server_enabled = uci.get(cfgname, 'server', 'enabled');
+let auto_firewall = '0';
+if (server_enabled === '1')
+	auto_firewall = uci.get(cfgname, 'server', 'auto_firewall') || '0';
+
+let forward = [],
+    input = [];
+
+if (tun_name) {
+	push(forward, `oifname ${tun_name} counter accept comment "!${cfgname}: accept tun forward"`);
+	push(input ,`iifname ${tun_name} counter accept comment "!${cfgname}: accept tun input"`);
+}
+
+if (auto_firewall === '1') {
+	uci.foreach(cfgname, 'server', (s) => {
+		if (s.enabled !== '1')
+			return;
+
+		let proto = s.network || '{ tcp, udp }';
+		push(input, `meta l4proto ${proto} th dport ${s.port} counter accept comment "!${cfgname}: accept server ${s['.name']}"`);
+	});
+}
+
+if (!isEmpty(forward))
+	writefile(RUN_DIR + '/fw4_forward.nft', join('\n', forward) + '\n');
+
+if (!isEmpty(input))
+	writefile(RUN_DIR + '/fw4_input.nft', join('\n', input) + '\n');

luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.ut

@@ -1,54 +0,0 @@
-#!/usr/bin/utpl -S
-
-{%-
-	import { cursor } from 'uci';
-
-	const cfgname = 'homeproxy';
-	const uci = cursor();
-	uci.load(cfgname);
-
-	const routing_mode = uci.get(cfgname, 'config', 'routing_mode') || 'bypass_mainland_china',
-	      proxy_mode = uci.get(cfgname, 'config', 'proxy_mode') || 'redirect_tproxy';
-
-	let outbound_node, tun_name;
-	if (match(proxy_mode, /tun/)) {
-		if (routing_mode === 'custom')
-			outbound_node = uci.get(cfgname, 'routing', 'default_outbound') || 'nil';
-		else
-			outbound_node = uci.get(cfgname, 'config', 'main_node') || 'nil';
-
-		if (outbound_node !== 'nil')
-			tun_name = uci.get(cfgname, 'infra', 'tun_name') || 'singtun0';
-	}
-
-	const server_enabled = uci.get(cfgname, 'server', 'enabled');
-	let auto_firewall = '0';
-	if (server_enabled === '1')
-		auto_firewall = uci.get(cfgname, 'server', 'auto_firewall') || '0';
-
--%}
-
-{% if (tun_name): %}
-chain forward {
-	oifname {{ tun_name }} counter accept comment "!{{ cfgname }}: accept tun forward"
-}
-{% endif %}
-
-{% if (tun_name || auto_firewall === '1'): %}
-chain input {
-	{% if (tun_name): %}
-	iifname {{ tun_name }} counter accept comment "!{{ cfgname }}: accept tun input"
-	{% endif %}
-{%
-	if (auto_firewall === '1')
-		uci.foreach(cfgname, 'server', (s) => {
-			if (s.enabled !== '1')
-				return;
-
-			let proto = s.network || '{ tcp, udp }';
-			printf('	meta l4proto %s th dport %s counter accept comment "!%s: accept server %s"\n',
-				proto, s.port, cfgname, s['.name']);
-		});
-%}
-}
-{% endif %}

luci-app-homeproxy/root/etc/homeproxy/scripts/update_subscriptions.uc

@@ -170,7 +170,7 @@ function parse_uri(uri) {
 				hysteria_obfs_type: params.obfs,
 				hysteria_obfs_password: params['obfs-password'],
 				tls: '1',
-				tls_insecure: params.insecure ? '1' : '0',
+				tls_insecure: (params.insecure === '1') ? '1' : '0',
 				tls_sni: params.sni
 			};
 

luci-app-homeproxy/root/etc/init.d/homeproxy

@@ -238,7 +238,7 @@ start_service() {
 	chown -R sing-box:sing-box "$RUN_DIR"
 
 	# Setup firewall
-	utpl -S "$HP_DIR/scripts/firewall_pre.ut" > "$RUN_DIR/fw4_pre.nft"
+	ucode "$HP_DIR/scripts/firewall_pre.uc"
 	[ "$outbound_node" = "nil" ] || utpl -S "$HP_DIR/scripts/firewall_post.ut" > "$RUN_DIR/fw4_post.nft"
 	fw4 reload >"/dev/null" 2>&1
 
@@ -291,7 +291,8 @@ stop_service() {
 		nft flush set inet fw4 "$i"
 		nft delete set inet fw4 "$i"
 	done 2>"/dev/null"
-	echo 2>"/dev/null" > "$RUN_DIR/fw4_pre.nft"
+	echo 2>"/dev/null" > "$RUN_DIR/fw4_forward.nft"
+	echo 2>"/dev/null" > "$RUN_DIR/fw4_input.nft"
 	echo 2>"/dev/null" > "$RUN_DIR/fw4_post.nft"
 	fw4 reload >"/dev/null" 2>&1
 

luci-app-homeproxy/root/etc/uci-defaults/luci-homeproxy

@@ -2,10 +2,20 @@
 
 uci -q batch <<-EOF >"/dev/null"
 	delete firewall.homeproxy_pre
-	set firewall.homeproxy_pre=include
-	set firewall.homeproxy_pre.type=nftables
-	set firewall.homeproxy_pre.path="/var/run/homeproxy/fw4_pre.nft"
-	set firewall.homeproxy_pre.position="table-pre"
+
+	delete firewall.homeproxy_forward
+	set firewall.homeproxy_forward=include
+	set firewall.homeproxy_forward.type=nftables
+	set firewall.homeproxy_forward.path="/var/run/homeproxy/fw4_forward.nft"
+	set firewall.homeproxy_forward.position="chain-pre"
+	set firewall.homeproxy_forward.chain="forward"
+
+	delete firewall.homeproxy_input
+	set firewall.homeproxy_input=include
+	set firewall.homeproxy_input.type=nftables
+	set firewall.homeproxy_input.path="/var/run/homeproxy/fw4_input.nft"
+	set firewall.homeproxy_input.position="chain-pre"
+	set firewall.homeproxy_input.chain="input"
 
 	delete firewall.homeproxy_post
 	set firewall.homeproxy_post=include