nikki: sync upstream

last commit: 624cfe2ea5

luci-app-nikki/htdocs/luci-static/resources/tools/nikki.js

@@ -28,6 +28,7 @@ const callNikkiVersion = rpc.declare({
 const callNikkiProfile = rpc.declare({
     object: 'luci.nikki',
     method: 'profile',
+    params: [ 'defaults' ],
     expect: { '': {} }
 });
 
@@ -98,8 +99,8 @@ return baseclass.extend({
         return callNikkiVersion();
     },
 
-    profile: function () {
+    profile: function (defaults) {
-        return callNikkiProfile();
+        return callNikkiProfile(defaults);
     },
 
     updateSubscription: function (section_id) {
@@ -107,7 +108,7 @@ return baseclass.extend({
     },
 
     api: async function (method, path, query, body) {
-        const profile = await callNikkiProfile();
+        const profile = await callNikkiProfile({ 'external-controller': null, 'secret': null });
         const apiListen = profile['external-controller'];
         const apiSecret = profile['secret'] ?? '';
         const apiPort = apiListen.substring(apiListen.lastIndexOf(':') + 1);
@@ -121,7 +122,7 @@ return baseclass.extend({
     },
 
     openDashboard: async function () {
-        const profile = await callNikkiProfile();
+        const profile = await callNikkiProfile({ 'external-ui-name': null, 'external-controller': null, 'secret': null });
         const uiName = profile['external-ui-name'];
         const apiListen = profile['external-controller'];
         const apiSecret = profile['secret'] ?? '';

luci-app-nikki/htdocs/luci-static/resources/view/nikki/proxy.js

@@ -67,6 +67,8 @@ return view.extend({
         o.rmempty = false;
 
         o = s.taboption('router', form.SectionValue, '_router_access_control', form.TableSection, 'router_access_control', _('Access Control'));
+        o.retain = true;
+        o.depends('router_proxy', '1');
 
         o.subsection.addremove = true;
         o.subsection.anonymous = true;
@@ -102,7 +104,9 @@ return view.extend({
         o = s.taboption('lan', form.Flag, 'lan_proxy', _('Enable'));
 
         o = s.taboption('lan', form.DynamicList, 'lan_inbound_interface', _('Inbound Interface'));
+        o.retain = true;
         o.rmempty = false;
+        o.depends('lan_proxy', '1');
 
         for (const network of networks) {
             if (network.getName() === 'loopback') {
@@ -112,6 +116,8 @@ return view.extend({
         }
 
         o = s.taboption('lan', form.SectionValue, '_lan_access_control', form.TableSection, 'lan_access_control', _('Access Control'));
+        o.retain = true;
+        o.depends('lan_proxy', '1');
 
         o.subsection.addremove = true;
         o.subsection.anonymous = true;

luci-app-nikki/root/usr/share/rpcd/ucode/luci.nikki

@@ -2,7 +2,7 @@
 
 'use strict';
 
-import { access, popen } from 'fs';
+import { access, popen, writefile } from 'fs';
 import { get_users, get_groups, get_cgroups } from '/etc/nikki/ucode/include.uc';
 
 const methods = {
@@ -33,13 +33,18 @@ const methods = {
 		}
 	},
 	profile: {
-		call: function() {
+		args: { defaults: {} },
+		call: function(req) {
 			let profile = {};
+			const defaults = req.args?.defaults ?? {};
 			const filepath = '/etc/nikki/run/config.yaml';
+			const tmpFilepath = '/var/run/nikki/profile.json';
 			if (access(filepath, 'r')) {
-				const process = popen(`yq -p yaml -o json < ${filepath}`);
+				writefile(tmpFilepath, defaults);
+				const command = `yq -p yaml -o json eval-all 'select(fi == 0) *? select(fi == 1)' ${tmpFilepath} ${filepath}`;
+				const process = popen(command);
 				if (process) {
-					profile = json(trim(process.read('all')));
+					profile = json(process);
 					process.close();
 				}
 			}
@@ -67,7 +72,7 @@ const methods = {
 	},
 	debug: {
 		call: function() {
-			const success = system('/etc/nikki/scripts/debug.sh > /var/log/nikki/debug.log 2>&1') == 0;
+			const success = system('/etc/nikki/scripts/debug.sh > /var/log/nikki/debug.log') == 0;
 			return { success: success };
 		}
 	}

luci-app-passwall/luasrc/model/cbi/passwall/client/node_list.lua

@@ -27,7 +27,7 @@ local show_node_info = m:get("@global_other[0]", "show_node_info") or "0"
 if auto_detection_time ~= "0" then
 	local node_count = 0
 	for k, e in ipairs(api.get_valid_nodes()) do
-		if e.protocol ~= "_shunt" and e.protocol ~= "_balancing" and e.protocol ~= "_urltest" and e.protocol ~= "_iface" then
+		if e.node_type == "normal" then
 			node_count = node_count + 1
 		end
 	end
@@ -168,8 +168,10 @@ o = s:option(DummyValue, "ping", "Ping")
 o.width = "8%"
 o.rawhtml = true
 o.cfgvalue = function(t, n)
-	local protocol = m:get(n, "protocol")
+	local type = m:get(n, "type") or ""
-	if protocol == "_shunt" or protocol == "_balancing" or protocol == "_urltest" or protocol == "_iface" then
+	local protocol = m:get(n, "protocol") or ""
+	if (type == "sing-box" or type == "Xray") and
+	   (protocol == "_shunt" or protocol == "_balancing" or protocol == "_urltest" or protocol == "_iface") then
 		return string.format('<span class="ping_value" cbiid="%s">---</span>', n)
 	end
 	if auto_detection_time ~= "icmp" then
@@ -184,8 +186,10 @@ o = s:option(DummyValue, "tcping", "TCPing")
 o.width = "8%"
 o.rawhtml = true
 o.cfgvalue = function(t, n)
-	local protocol = m:get(n, "protocol")
+	local type = m:get(n, "type") or ""
-	if protocol == "_shunt" or protocol == "_balancing" or protocol == "_urltest" or protocol == "_iface" then
+	local protocol = m:get(n, "protocol") or ""
+	if (type == "sing-box" or type == "Xray") and
+	   (protocol == "_shunt" or protocol == "_balancing" or protocol == "_urltest" or protocol == "_iface") then
 		return string.format('<span class="tcping_value" cbiid="%s">---</span>', n)
 	end
 	if auto_detection_time ~= "tcping" then

nikki/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
-PKG_SOURCE_DATE:=2025-04-17
+PKG_SOURCE_DATE:=2025-04-18
-PKG_SOURCE_VERSION:=76052b5b26f532b916643edf0b24782fa3195fb2
+PKG_SOURCE_VERSION:=619c9dc0c633c12ac46e38b7b423e7c01f06197f
-PKG_MIRROR_HASH:=346ada947d1408bb81faf19cada29d2a70d71f1accf967221c7e1b362d4fbcab
+PKG_MIRROR_HASH:=907be1b4f33e71bd9aa36f0cd76aefbce39a1b346f80ff09730c47fa80be4658
 
 PKG_LICENSE:=GPL3.0+
 PKG_MAINTAINER:=Joseph Mory <morytyann@gmail.com>
@@ -16,7 +16,7 @@ PKG_BUILD_DEPENDS:=golang/host
 PKG_BUILD_PARALLEL:=1
 PKG_BUILD_FLAGS:=no-mips16
 
-PKG_BUILD_VERSION:=alpha-76052b5
+PKG_BUILD_VERSION:=alpha-619c9dc
 PKG_BUILD_TIME:=$(shell date -u -Iseconds)
 
 GO_PKG:=github.com/metacubex/mihomo

nikki/files/scripts/debug.sh

@@ -42,9 +42,12 @@ fi
 `
 ucode -S -e '
 import { cursor } from "uci";
+
 const uci = cursor();
+
 const config = uci.get_all("nikki");
 const result = {};
+
 for (let section_id in config) {
     const section = config[section_id];
     const section_type = section[".type"];
@@ -61,13 +64,45 @@ for (let section_type in result) {
 		delete section[".index"];
 	}
 }
-for (let x in result["subscription"]) {
+if (exists(result, "mixin")) {
-	x["url"] = "*";
+	for (let x in result["mixin"]) {
+		if (exists(x, "api_secret")) {
+			x["api_secret"] = "*";
+		}
+	}
 }
-for (let x in result["lan_access_control"]) {
+if (exists(result, "authentication")) {
-	x["ip"] = "*";
+	for (let x in result["authentication"]) {
-	x["ip6"] = "*";
+		if (exists(x, "password")) {
-	x["mac"] = "*";
+			x["password"] = "*";
+		}
+	}
+}
+if (exists(result, "subscription")) {
+	for (let x in result["subscription"]) {
+		if (exists(x, "url")) {
+			x["url"] = "*";
+		}
+	}
+}
+if (exists(result, "lan_access_control")) {
+	for (let x in result["lan_access_control"]) {
+		if (exists(x, "ip")) {
+			for (let i = 0; i < length(x["ip"]); i++) {
+				x["ip"][i] = "*";
+			}
+		}
+		if (exists(x, "ip6")) {
+			for (let i = 0; i < length(x["ip6"]); i++) {
+				x["ip6"][i] = "*";
+			}
+		}
+		if (exists(x, "mac")) {
+			for (let i = 0; i < length(x["mac"]); i++) {
+				x["mac"][i] = "*";
+			}
+		}
+	}
 }
 delete result["status"];
 delete result["editor"];
@@ -77,53 +112,83 @@ print(result);
 `
 \`\`\`
 ## profile
-\`\`\`yaml
+\`\`\`json
 `
-yq -M -P '
+ucode -S -e '
-. |= (
+import { popen } from "fs";
-	select(has("secret")) | .secret = "*" |
+
-	select(has("authentication")) | .authentication = []
+function desensitize_proxies(proxies) {
-) |
+	for (let x in proxies) {
-.proxy-providers.* |= (
+		if (exists(x, "server")) {
-	select(has("url")) |= .url = "*" |
+			x["server"] = "*";
-	select(has("payload")) |= .payload[] |= (
+		}
-		select(has("server")) |= .server = "*" |
+		if (exists(x, "servername")) {
-		select(has("servername")) |= .servername = "*" |
+			x["servername"] = "*";
-		select(has("sni")) |= .sni = "*" |
+		}
-		select(has("port")) |= .port = "*" |
+		if (exists(x, "sni")) {
-		select(has("ports")) |= .ports = "*" |
+			x["sni"] = "*";
-		select(has("port-range")) |= .port-range = "*" |
+		}
-		select(has("uuid")) |= .uuid = "*" |
+		if (exists(x, "port")) {
-		select(has("private-key")) |= .private-key = "*" |
+			x["port"] = "*";
-		select(has("public-key")) |= .public-key = "*" |
+		}
-		select(has("token")) |= .token="*" |
+		if (exists(x, "ports")) {
-		select(has("username")) |= .username = "*" |
+			x["ports"] = "*";
-		select(has("password")) |= .password = "*" |
+		}
-		select(has("peers")) |= .peers[] |= (
+		if (exists(x, "port-range")) {
-			select(has("server")) |= .server = "*" |
+			x["port-range"] = "*";
-			select(has("public-key")) |= .public-key = "*"
+		}
-		)
+		if (exists(x, "uuid")) {
-	)
+			x["uuid"] = "*";
-) |
+		}
-.proxies[] |= (
+		if (exists(x, "private-key")) {
-	select(has("server")) |= .server = "*" |
+			x["private-key"] = "*";
-	select(has("servername")) |= .servername = "*" |
+		}
-	select(has("sni")) |= .sni = "*" |
+		if (exists(x, "public-key")) {
-	select(has("port")) |= .port = "*" |
+			x["public-key"] = "*";
-	select(has("ports")) |= .ports = "*" |
+		}
-	select(has("port-range")) |= .port-range = "*" |
+		if (exists(x, "token")) {
-	select(has("uuid")) |= .uuid = "*" |
+			x["token"] = "*";
-	select(has("private-key")) |= .private-key = "*" |
+		}
-	select(has("public-key")) |= .public-key = "*" |
+		if (exists(x, "username")) {
-	select(has("token")) |= .token="*" |
+			x["username"] = "*";
-	select(has("username")) |= .username = "*" |
+		}
-	select(has("password")) |= .password = "*" |
+		if (exists(x, "password")) {
-	select(has("peers")) |= .peers[] |= (
+			x["password"] = "*";
-		select(has("server")) |= .server = "*" |
+		}
-		select(has("public-key")) |= .public-key = "*"
+	}
-	)
+}
-)
+
-' < /etc/nikki/run/config.yaml
+function desensitize_profile() {
+	let profile = {};
+	const process = popen("yq -p yaml -o json /etc/nikki/run/config.yaml");
+	if (process) {
+		profile = json(process);
+		if (exists(profile, "secret")) {
+			profile["secret"] = "*";
+		}
+		if (exists(profile, "authentication")) {
+			profile["authentication"] = [];
+		}
+		if (exists(profile, "proxy-providers")) {
+			for (let x in profile["proxy-providers"]) {
+				if (exists(x, "url")) {
+					x["url"] = "*";
+				}
+				if (exists(x, "payload")) {
+					desensitize_proxies(x["payload"]);
+				}
+			}
+		}
+		if (exists(profile, "proxies")) {
+			desensitize_proxies(profile["proxies"]);
+		}
+		process.close();
+	}
+	return profile;
+}
+
+print(desensitize_profile());
+'
 `
 \`\`\`
 ## ip rule