fix: trojan uri and tls

fix: servername/sni priority over wss host
2025-08-10 00:52:40 +00:00 · 2023-08-24 10:02:03 +08:00 · 2023-08-22 18:21:34 +08:00 · 2023-08-22 17:28:39 +08:00 · 2023-08-22 15:29:55 +08:00 · 2023-08-22 00:42:53 +08:00
21 changed files with 475 additions and 105 deletions
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "sub-store",
-  "version": "2.14.2",
+  "version": "2.14.22",
  "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and ShadowRocket.",
  "main": "src/main.js",
  "scripts": {
--- a/backend/src/core/proxy-utils/index.js
+++ b/backend/src/core/proxy-utils/index.js
@@ -1,5 +1,5 @@
 import download from '@/utils/download';
-
+import { isIPv4, isIPv6 } from '@/utils';
 import PROXY_PROCESSORS, { ApplyProcessor } from './processors';
 import PROXY_PREPROCESSORS from './preprocessors';
 import PROXY_PRODUCERS from './producers';
@@ -36,7 +36,7 @@ function parse(raw) {
        if (lastParser) {
            const [proxy, error] = tryParse(lastParser, line);
            if (!error) {
-                proxies.push(proxy);
+                proxies.push(lastParse(proxy));
                success = true;
            }
        }
@@ -46,7 +46,7 @@ function parse(raw) {
            for (const parser of PROXY_PARSERS) {
                const [proxy, error] = tryParse(parser, line);
                if (!error) {
-                    proxies.push(proxy);
+                    proxies.push(lastParse(proxy));
                    lastParser = parser;
                    success = true;
                    $.info(`${parser.name} is activated`);
@@ -182,3 +182,28 @@ function safeMatch(parser, line) {
        return false;
    }
 }
+
+function lastParse(proxy) {
+    if (proxy.type === 'trojan') {
+        proxy.tls = true;
+    }
+    if (proxy.tls && !proxy.sni) {
+        if (proxy.network) {
+            let transportHost = proxy[`${proxy.network}-opts`]?.headers?.Host;
+            transportHost = Array.isArray(transportHost)
+                ? transportHost[0]
+                : transportHost;
+            if (transportHost) {
+                proxy.sni = transportHost;
+            }
+        }
+        if (!proxy.sni && !isIP(proxy.server)) {
+            proxy.sni = proxy.server;
+        }
+    }
+    return proxy;
+}
+
+function isIP(ip) {
+    return isIPv4(ip) || isIPv6(ip);
+}
--- a/backend/src/core/proxy-utils/parsers/index.js
+++ b/backend/src/core/proxy-utils/parsers/index.js
@@ -23,12 +23,19 @@ function URI_SS() {
        };
        content = content.split('#')[0]; // strip proxy name
        // handle IPV4 and IPV6
-        const serverAndPort = content.match(/@([^/]*)(\/|$)/)[1];
+        let serverAndPortArray = content.match(/@([^/]*)(\/|$)/);
+        let userInfoStr = Base64.decode(content.split('@')[0]);
+        if (!serverAndPortArray) {
+            content = Base64.decode(content);
+            userInfoStr = content.split('@')[0];
+            serverAndPortArray = content.match(/@([^/]*)(\/|$)/);
+        }
+        const serverAndPort = serverAndPortArray[1];
        const portIdx = serverAndPort.lastIndexOf(':');
        proxy.server = serverAndPort.substring(0, portIdx);
        proxy.port = serverAndPort.substring(portIdx + 1);

-        const userInfo = Base64.decode(content.split('@')[0]).split(':');
+        const userInfo = userInfoStr.split(':');
        proxy.cipher = userInfo[0];
        proxy.password = userInfo[1];

@@ -209,14 +216,18 @@ function URI_VMess() {
                type: 'vmess',
                server: params.add,
                port: params.port,
-                cipher: 'auto', // V2rayN has no default cipher! use aes-128-gcm as default.
+                cipher: getIfPresent(params.scy, 'auto'),
                uuid: params.id,
-                alterId: getIfPresent(params.aid, 0),
+                alterId: parseInt(getIfPresent(params.aid, 0)),
                tls: params.tls === 'tls' || params.tls === true,
                'skip-cert-verify': isPresent(params.verify_cert)
                    ? !params.verify_cert
                    : undefined,
            };
+            // https://github.com/2dust/v2rayN/wiki/%E5%88%86%E4%BA%AB%E9%93%BE%E6%8E%A5%E6%A0%BC%E5%BC%8F%E8%AF%B4%E6%98%8E(ver-2)
+            if (proxy.tls && proxy.sni) {
+                proxy.sni = params.sni;
+            }
            // handle obfs
            if (params.net === 'ws') {
                proxy.network = 'ws';
@@ -224,7 +235,9 @@ function URI_VMess() {
                    path: getIfNotBlank(params.path),
                    headers: { Host: getIfNotBlank(params.host) },
                };
-                if (proxy.tls && params.host) {
+                // https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/docs/config.yaml#L413
+                // sni 优先级应高于 host
+                if (proxy.tls && !proxy.sni && params.host) {
                    proxy.sni = params.host;
                }
            }
@@ -270,6 +283,7 @@ function Clash_All() {
                'http',
                'snell',
                'trojan',
+                'tuic',
            ].includes(proxy.type)
        ) {
            throw new Error(
@@ -281,6 +295,16 @@ function Clash_All() {
        if (proxy.type === 'vmess') {
            proxy.sni = proxy.servername;
            delete proxy.servername;
+            if (proxy.tls && !proxy.sni) {
+                if (proxy.network === 'ws') {
+                    proxy.sni = proxy['ws-opts']?.headers?.Host;
+                } else if (proxy.network === 'http') {
+                    let httpHost = proxy['http-opts']?.headers?.Host;
+                    proxy.sni = Array.isArray(httpHost)
+                        ? httpHost[0]
+                        : httpHost;
+                }
+            }
        }

        return proxy;
@@ -474,6 +498,15 @@ function Surge_Snell() {
    return { name, test, parse };
 }

+function Surge_Tuic() {
+    const name = 'Surge Tuic Parser';
+    const test = (line) => {
+        return /^.*=\s*tuic(-v5)??/.test(line.split(',')[0]);
+    };
+    const parse = (line) => getSurgeParser().parse(line);
+    return { name, test, parse };
+}
+
 export default [
    URI_SS(),
    URI_SSR(),
@@ -485,6 +518,7 @@ export default [
    Surge_Trojan(),
    Surge_Http(),
    Surge_Snell(),
+    Surge_Tuic(),
    Surge_Socks5(),
    Loon_SS(),
    Loon_SSR(),
--- a/backend/src/core/proxy-utils/parsers/peggy/surge.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/surge.js
@@ -25,11 +25,14 @@ const grammars = String.raw`
            proxy.network = "ws";
            $set(proxy, "ws-opts.path", obfs.path);
            $set(proxy, "ws-opts.headers", obfs['ws-headers']);
+            if (proxy['ws-opts'] && proxy['ws-opts']['headers'] && proxy['ws-opts']['headers'].Host) {
+                proxy['ws-opts']['headers'].Host = proxy['ws-opts']['headers'].Host.replace(/^"(.*)"$/, '$1')
+            }
        }
    }
 }

-start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls) {
+start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5) {
    return proxy;
 }

@@ -73,6 +76,13 @@ snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_
        $set(proxy, "obfs-opts.path", obfs.path);
    }
 }
+tuic = tag equals "tuic" address (alpn/token/ip_version/tls_verification/sni/fast_open/tfo/others)* {
+    proxy.type = "tuic";
+}
+tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/tls_verification/sni/fast_open/tfo/others)* {
+    proxy.type = "tuic";
+    proxy.version = 5;
+}
 socks5 = tag equals "socks5" address (username password)? (fast_open/others)* {
    proxy.type = "socks5";
 }
@@ -175,6 +185,11 @@ uri = $[^,]+

 udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }
+tfo = comma "tfo" equals flag:bool { proxy.tfo = flag; }
+ip_version = comma "ip-version" equals match:[^,]+ { proxy["ip-version"] = match.join(""); }
+token = comma "token" equals match:[^,]+ { proxy.token = match.join(""); }
+alpn = comma "alpn" equals match:[^,]+ { proxy.alpn = match.join(""); }
+uuidk = comma "uuid" equals match:[^,]+ { proxy.uuid = match.join(""); }

 tag = match:[^=,]* { proxy.name = match.join("").trim(); }
 comma = _ "," _
--- a/backend/src/core/proxy-utils/parsers/peggy/surge.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/surge.peg
@@ -23,11 +23,14 @@
            proxy.network = "ws";
            $set(proxy, "ws-opts.path", obfs.path);
            $set(proxy, "ws-opts.headers", obfs['ws-headers']);
+            if (proxy['ws-opts'] && proxy['ws-opts']['headers'] && proxy['ws-opts']['headers'].Host) {
+                proxy['ws-opts']['headers'].Host = proxy['ws-opts']['headers'].Host.replace(/^"(.*)"$/, '$1')
+            }
        }
    }
 }

-start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls) {
+start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5) {
    return proxy;
 }

@@ -71,6 +74,13 @@ snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_
        $set(proxy, "obfs-opts.path", obfs.path);
    }
 }
+tuic = tag equals "tuic" address (alpn/token/ip_version/tls_verification/sni/fast_open/tfo/others)* {
+    proxy.type = "tuic";
+}
+tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/tls_verification/sni/fast_open/tfo/others)* {
+    proxy.type = "tuic";
+    proxy.version = 5;
+}
 socks5 = tag equals "socks5" address (username password)? (fast_open/others)* {
    proxy.type = "socks5";
 }
@@ -173,6 +183,11 @@ uri = $[^,]+

 udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }
+tfo = comma "tfo" equals flag:bool { proxy.tfo = flag; }
+ip_version = comma "ip-version" equals match:[^,]+ { proxy["ip-version"] = match.join(""); }
+token = comma "token" equals match:[^,]+ { proxy.token = match.join(""); }
+alpn = comma "alpn" equals match:[^,]+ { proxy.alpn = match.join(""); }
+uuidk = comma "uuid" equals match:[^,]+ { proxy.uuid = match.join(""); }

 tag = match:[^=,]* { proxy.name = match.join("").trim(); }
 comma = _ "," _
--- a/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.js
@@ -79,7 +79,7 @@ port = digits:[0-9]+ {
  }
 }

-params = "?" head:param tail:("&"@param)* {
+params = "/"? "?" head:param tail:("&"@param)* {
  proxy["skip-cert-verify"] = toBool(params["allowInsecure"]);
  proxy.sni = params["sni"] || params["peer"];

@@ -87,6 +87,15 @@ params = "?" head:param tail:("&"@param)* {
    proxy.network = "ws";
    $set(proxy, "ws-opts.path", params["wspath"]);
  }
+  if (params["type"]) {
+    proxy.network = params["type"]
+    if (params["path"]) {
+      $set(proxy, proxy.network+"-opts.path", decodeURIComponent(params["path"]));  
+    }
+    if (params["host"]) {
+      $set(proxy, proxy.network+"-opts.headers.Host", decodeURIComponent(params["host"])); 
+    }
+  }

  proxy.udp = toBool(params["udp"]);
  proxy.tfo = toBool(params["tfo"]);
--- a/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.peg
@@ -77,7 +77,7 @@ port = digits:[0-9]+ {
  }
 }

-params = "?" head:param tail:("&"@param)* {
+params = "/"? "?" head:param tail:("&"@param)* {
  proxy["skip-cert-verify"] = toBool(params["allowInsecure"]);
  proxy.sni = params["sni"] || params["peer"];

@@ -85,6 +85,16 @@ params = "?" head:param tail:("&"@param)* {
    proxy.network = "ws";
    $set(proxy, "ws-opts.path", params["wspath"]);
  }
+  
+  if (params["type"]) {
+    proxy.network = params["type"]
+    if (params["path"]) {
+      $set(proxy, proxy.network+"-opts.path", decodeURIComponent(params["path"]));  
+    }
+    if (params["host"]) {
+      $set(proxy, proxy.network+"-opts.headers.Host", decodeURIComponent(params["host"])); 
+    }
+  }

  proxy.udp = toBool(params["udp"]);
  proxy.tfo = toBool(params["tfo"]);
--- a/backend/src/core/proxy-utils/producers/clash.js
+++ b/backend/src/core/proxy-utils/producers/clash.js
@@ -4,11 +4,27 @@ export default function Clash_Producer() {
    const type = 'ALL';
    const produce = (proxies) => {
        // filter unsupported proxies
-        proxies = proxies.filter((proxy) =>
-            ['ss', 'ssr', 'vmess', 'socks', 'http', 'snell', 'trojan'].includes(
-                proxy.type,
-            ),
-        );
+        proxies = proxies.filter((proxy) => {
+            if (
+                ![
+                    'ss',
+                    'ssr',
+                    'vmess',
+                    'socks',
+                    'http',
+                    'snell',
+                    'trojan',
+                ].includes(proxy.type)
+            ) {
+                return false;
+            } else if (
+                proxy.type === 'snell' &&
+                String(proxy.version) === '4'
+            ) {
+                return false;
+            }
+            return true;
+        });
        return (
            'proxies:\n' +
            proxies
@@ -25,6 +41,38 @@ export default function Clash_Producer() {
                            proxy.servername = proxy.sni;
                            delete proxy.sni;
                        }
+                        // https://dreamacro.github.io/clash/configuration/outbound.html#vmess
+                        if (
+                            isPresent(proxy, 'cipher') &&
+                            ![
+                                'auto',
+                                'aes-128-gcm',
+                                'chacha20-poly1305',
+                                'none',
+                            ].includes(proxy.cipher)
+                        ) {
+                            proxy.cipher = 'auto';
+                        }
+                    }
+
+                    if (
+                        ['vmess', 'vless'].includes(proxy.type) &&
+                        proxy.network === 'http'
+                    ) {
+                        let httpPath = proxy['http-opts']?.path;
+                        if (
+                            isPresent(proxy, 'http-opts.path') &&
+                            !Array.isArray(httpPath)
+                        ) {
+                            proxy['http-opts'].path = [httpPath];
+                        }
+                        let httpHost = proxy['http-opts']?.headers?.Host;
+                        if (
+                            isPresent(proxy, 'http-opts.headers.Host') &&
+                            !Array.isArray(httpHost)
+                        ) {
+                            proxy['http-opts'].headers.Host = [httpHost];
+                        }
                    }

                    delete proxy['tls-fingerprint'];
--- a/backend/src/core/proxy-utils/producers/loon.js
+++ b/backend/src/core/proxy-utils/producers/loon.js
@@ -127,9 +127,7 @@ function trojan(proxy) {
 function vmess(proxy) {
    const result = new Result(proxy);
    result.append(
-        `${proxy.name}=vmess,${proxy.server},${proxy.port},${
-            proxy.cipher === 'auto' ? 'none' : proxy.cipher
-        },"${proxy.uuid}"`,
+        `${proxy.name}=vmess,${proxy.server},${proxy.port},${proxy.cipher},"${proxy.uuid}"`,
    );

    // transport
@@ -146,12 +144,14 @@ function vmess(proxy) {
            );
        } else if (proxy.network === 'http') {
            result.append(`,transport=http`);
+            let httpPath = proxy['http-opts']?.path;
+            let httpHost = proxy['http-opts']?.headers?.Host;
            result.appendIfPresent(
-                `,path=${proxy['http-opts'].path}`,
+                `,path=${Array.isArray(httpPath) ? httpPath[0] : httpPath}`,
                'http-opts.path',
            );
            result.appendIfPresent(
-                `,host=${proxy['http-opts'].headers.Host}`,
+                `,host=${Array.isArray(httpHost) ? httpHost[0] : httpHost}`,
                'http-opts.headers.Host',
            );
        } else {
@@ -208,12 +208,14 @@ function vless(proxy) {
            );
        } else if (proxy.network === 'http') {
            result.append(`,transport=http`);
+            let httpPath = proxy['http-opts']?.path;
+            let httpHost = proxy['http-opts']?.headers?.Host;
            result.appendIfPresent(
-                `,path=${proxy['http-opts'].path}`,
+                `,path=${Array.isArray(httpPath) ? httpPath[0] : httpPath}`,
                'http-opts.path',
            );
            result.appendIfPresent(
-                `,host=${proxy['http-opts'].headers.Host}`,
+                `,host=${Array.isArray(httpHost) ? httpHost[0] : httpHost}`,
                'http-opts.headers.Host',
            );
        } else {
--- a/backend/src/core/proxy-utils/producers/qx.js
+++ b/backend/src/core/proxy-utils/producers/qx.js
@@ -62,18 +62,20 @@ function shadowsocks(proxy) {
        );
    }

-    // tls fingerprint
-    appendIfPresent(
-        `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
-        'tls-fingerprint',
-    );
+    if (needTls(proxy)) {
+        // tls fingerprint
+        appendIfPresent(
+            `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
+            'tls-fingerprint',
+        );

-    // tls verification
-    appendIfPresent(
-        `,tls-verification=${!proxy['skip-cert-verify']}`,
-        'skip-cert-verify',
-    );
-    appendIfPresent(`,tls-host=${proxy.sni}`, 'sni');
+        // tls verification
+        appendIfPresent(
+            `,tls-verification=${!proxy['skip-cert-verify']}`,
+            'skip-cert-verify',
+        );
+        appendIfPresent(`,tls-host=${proxy.sni}`, 'sni');
+    }

    // tfo
    appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');
@@ -150,18 +152,20 @@ function trojan(proxy) {
        append(`,over-tls=true`);
    }

-    // tls fingerprint
-    appendIfPresent(
-        `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
-        'tls-fingerprint',
-    );
+    if (needTls(proxy)) {
+        // tls fingerprint
+        appendIfPresent(
+            `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
+            'tls-fingerprint',
+        );

-    // tls verification
-    appendIfPresent(
-        `,tls-verification=${!proxy['skip-cert-verify']}`,
-        'skip-cert-verify',
-    );
-    appendIfPresent(`,tls-host=${proxy.sni}`, 'sni');
+        // tls verification
+        appendIfPresent(
+            `,tls-verification=${!proxy['skip-cert-verify']}`,
+            'skip-cert-verify',
+        );
+        appendIfPresent(`,tls-host=${proxy.sni}`, 'sni');
+    }

    // tfo
    appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');
@@ -206,12 +210,18 @@ function vmess(proxy) {
        } else {
            throw new Error(`network ${proxy.network} is unsupported`);
        }
+        let transportPath = proxy[`${proxy.network}-opts`]?.path;
+        let transportHost = proxy[`${proxy.network}-opts`]?.headers?.Host;
        appendIfPresent(
-            `,obfs-uri=${proxy[`${proxy.network}-opts`].path}`,
+            `,obfs-uri=${
+                Array.isArray(transportPath) ? transportPath[0] : transportPath
+            }`,
            `${proxy.network}-opts.path`,
        );
        appendIfPresent(
-            `,obfs-host=${proxy[`${proxy.network}-opts`].headers.Host}`,
+            `,obfs-host=${
+                Array.isArray(transportHost) ? transportHost[0] : transportHost
+            }`,
            `${proxy.network}-opts.headers.Host`,
        );
    } else {
@@ -219,18 +229,20 @@ function vmess(proxy) {
        if (proxy.tls) append(`,obfs=over-tls`);
    }

-    // tls fingerprint
-    appendIfPresent(
-        `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
-        'tls-fingerprint',
-    );
+    if (needTls(proxy)) {
+        // tls fingerprint
+        appendIfPresent(
+            `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
+            'tls-fingerprint',
+        );

-    // tls verification
-    appendIfPresent(
-        `,tls-verification=${!proxy['skip-cert-verify']}`,
-        'skip-cert-verify',
-    );
-    appendIfPresent(`,tls-host=${proxy.sni}`, 'sni');
+        // tls verification
+        appendIfPresent(
+            `,tls-verification=${!proxy['skip-cert-verify']}`,
+            'skip-cert-verify',
+        );
+        appendIfPresent(`,tls-host=${proxy.sni}`, 'sni');
+    }

    // AEAD
    if (isPresent(proxy, 'aead')) {
@@ -266,18 +278,20 @@ function http(proxy) {
    }
    appendIfPresent(`,over-tls=${proxy.tls}`, 'tls');

-    // tls fingerprint
-    appendIfPresent(
-        `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
-        'tls-fingerprint',
-    );
+    if (needTls(proxy)) {
+        // tls fingerprint
+        appendIfPresent(
+            `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
+            'tls-fingerprint',
+        );

-    // tls verification
-    appendIfPresent(
-        `,tls-verification=${!proxy['skip-cert-verify']}`,
-        'skip-cert-verify',
-    );
-    appendIfPresent(`,tls-host=${proxy.sni}`, 'sni');
+        // tls verification
+        appendIfPresent(
+            `,tls-verification=${!proxy['skip-cert-verify']}`,
+            'skip-cert-verify',
+        );
+        appendIfPresent(`,tls-host=${proxy.sni}`, 'sni');
+    }

    // tfo
    appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');
@@ -306,18 +320,20 @@ function socks5(proxy) {
    }
    appendIfPresent(`,over-tls=${proxy.tls}`, 'tls');

-    // tls fingerprint
-    appendIfPresent(
-        `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
-        'tls-fingerprint',
-    );
+    if (needTls(proxy)) {
+        // tls fingerprint
+        appendIfPresent(
+            `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
+            'tls-fingerprint',
+        );

-    // tls verification
-    appendIfPresent(
-        `,tls-verification=${!proxy['skip-cert-verify']}`,
-        'skip-cert-verify',
-    );
-    appendIfPresent(`,tls-host=${proxy.sni}`, 'sni');
+        // tls verification
+        appendIfPresent(
+            `,tls-verification=${!proxy['skip-cert-verify']}`,
+            'skip-cert-verify',
+        );
+        appendIfPresent(`,tls-host=${proxy.sni}`, 'sni');
+    }

    // tfo
    appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');
@@ -332,11 +348,5 @@ function socks5(proxy) {
 }

 function needTls(proxy) {
-    return (
-        proxy.tls ||
-        proxy.sni ||
-        typeof proxy['skip-cert-verify'] !== 'undefined' ||
-        typeof proxy['tls-fingerprint'] !== 'undefined' ||
-        typeof proxy['tls-host'] !== 'undefined'
-    );
+    return proxy.tls;
 }
--- a/backend/src/core/proxy-utils/producers/stash.js
+++ b/backend/src/core/proxy-utils/producers/stash.js
@@ -6,6 +6,15 @@ export default function Stash_Producer() {
        return (
            'proxies:\n' +
            proxies
+                .filter((proxy) => {
+                    if (
+                        proxy.type === 'snell' &&
+                        String(proxy.version) === '4'
+                    ) {
+                        return false;
+                    }
+                    return true;
+                })
                .map((proxy) => {
                    if (proxy.type === 'vmess') {
                        // handle vmess aead
@@ -19,6 +28,54 @@ export default function Stash_Producer() {
                            proxy.servername = proxy.sni;
                            delete proxy.sni;
                        }
+                        // https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/docs/config.yaml#L400
+                        // https://stash.wiki/proxy-protocols/proxy-types#vmess
+                        if (
+                            isPresent(proxy, 'cipher') &&
+                            ![
+                                'auto',
+                                'aes-128-gcm',
+                                'chacha20-poly1305',
+                                'none',
+                            ].includes(proxy.cipher)
+                        ) {
+                            proxy.cipher = 'auto';
+                        }
+                    } else if (proxy.type === 'tuic') {
+                        if (isPresent(proxy, 'alpn')) {
+                            proxy.alpn = Array.isArray(proxy.alpn)
+                                ? proxy.alpn
+                                : [proxy.alpn];
+                        } else {
+                            proxy.alpn = ['h3'];
+                        }
+                        // https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/adapter/outbound/tuic.go#L197
+                        if (
+                            (!proxy.token || proxy.token.length === 0) &&
+                            !isPresent(proxy, 'version')
+                        ) {
+                            proxy.version = 5;
+                        }
+                    }
+
+                    if (
+                        ['vmess', 'vless'].includes(proxy.type) &&
+                        proxy.network === 'http'
+                    ) {
+                        let httpPath = proxy['http-opts']?.path;
+                        if (
+                            isPresent(proxy, 'http-opts.path') &&
+                            !Array.isArray(httpPath)
+                        ) {
+                            proxy['http-opts'].path = [httpPath];
+                        }
+                        let httpHost = proxy['http-opts']?.headers?.Host;
+                        if (
+                            isPresent(proxy, 'http-opts.headers.Host') &&
+                            !Array.isArray(httpHost)
+                        ) {
+                            proxy['http-opts'].headers.Host = [httpHost];
+                        }
                    }

                    delete proxy['tls-fingerprint'];
--- a/backend/src/core/proxy-utils/producers/surge.js
+++ b/backend/src/core/proxy-utils/producers/surge.js
@@ -4,6 +4,14 @@ import $ from '@/core/app';

 const targetPlatform = 'Surge';

+const ipVersions = {
+    dual: 'dual',
+    ipv4: 'v4-only',
+    ipv6: 'v6-only',
+    'ipv4-prefer': 'prefer-v4',
+    'ipv6-prefer': 'prefer-v6',
+};
+
 export default function Surge_Producer() {
    const produce = (proxy) => {
        switch (proxy.type) {
@@ -19,6 +27,8 @@ export default function Surge_Producer() {
                return socks5(proxy);
            case 'snell':
                return snell(proxy);
+            case 'tuic':
+                return tuic(proxy);
        }
        throw new Error(
            `Platform ${targetPlatform} does not support proxy type: ${proxy.type}`,
@@ -215,15 +225,15 @@ function snell(proxy) {

    // obfs
    result.appendIfPresent(
-        `,obfs=${proxy['obfs-opts'].mode}`,
+        `,obfs=${proxy['obfs-opts']?.mode}`,
        'obfs-opts.mode',
    );
    result.appendIfPresent(
-        `,obfs-host=${proxy['obfs-opts'].host}`,
+        `,obfs-host=${proxy['obfs-opts']?.host}`,
        'obfs-opts.host',
    );
    result.appendIfPresent(
-        `,obfs-uri=${proxy['obfs-opts'].path}`,
+        `,obfs-uri=${proxy['obfs-opts']?.path}`,
        'obfs-opts.path',
    );

@@ -233,6 +243,49 @@ function snell(proxy) {
    // test-url
    result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');

+    // reuse
+    result.appendIfPresent(`,reuse=${proxy['reuse']}`, 'reuse');
+
+    return result.toString();
+}
+
+function tuic(proxy) {
+    const result = new Result(proxy);
+    // https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/adapter/outbound/tuic.go#L197
+    let type = proxy.type;
+    if (!proxy.token || proxy.token.length === 0) {
+        type = 'tuic-v5';
+    }
+    result.append(`${proxy.name}=${type},${proxy.server},${proxy.port}`);
+
+    result.appendIfPresent(`,uuid=${proxy.uuid}`, 'uuid');
+    result.appendIfPresent(`,password=${proxy.password}`, 'password');
+    result.appendIfPresent(`,token=${proxy.token}`, 'token');
+
+    result.appendIfPresent(
+        `,alpn=${Array.isArray(proxy.alpn) ? proxy.alpn[0] : proxy.alpn}`,
+        'alpn',
+    );
+
+    result.appendIfPresent(
+        `,ip-version=${ipVersions[proxy['ip-version']] || proxy['ip-version']}`,
+        'ip-version',
+    );
+
+    // tls verification
+    result.appendIfPresent(`,sni=${proxy.sni}`, 'sni');
+    result.appendIfPresent(
+        `,skip-cert-verify=${proxy['skip-cert-verify']}`,
+        'skip-cert-verify',
+    );
+
+    // tfo
+    result.appendIfPresent(`,tfo=${proxy['fast-open']}`, 'fast-open');
+    result.appendIfPresent(`,tfo=${proxy.tfo}`, 'tfo');
+
+    // test-url
+    result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+
    return result.toString();
 }

@@ -248,7 +301,13 @@ function handleTransport(result, proxy) {
                if (isPresent(proxy, 'ws-opts.headers')) {
                    const headers = proxy['ws-opts'].headers;
                    const value = Object.keys(headers)
-                        .map((k) => `${k}:${headers[k]}`)
+                        .map((k) => {
+                            let v = headers[k];
+                            if (['Host'].includes(k)) {
+                                v = `"${v}"`;
+                            }
+                            return `${k}:${v}`;
+                        })
                        .join('|');
                    if (isNotBlank(value)) {
                        result.append(`,ws-headers=${value}`);
--- a/backend/src/core/proxy-utils/producers/uri.js
+++ b/backend/src/core/proxy-utils/producers/uri.js
@@ -65,17 +65,45 @@ export default function URI_Producer() {
                    net: proxy.network || 'tcp',
                    tls: proxy.tls ? 'tls' : '',
                };
+                if (proxy.tls && proxy.sni) {
+                    result.sni = proxy.sni;
+                }
                // obfs
                if (proxy.network === 'ws') {
                    result.path = proxy['ws-opts'].path || '/';
-                    result.host = proxy['ws-opts'].headers.Host || proxy.server;
+                    if (proxy['ws-opts'].headers.Host) {
+                        result.host = proxy['ws-opts'].headers.Host;
+                    }
                }
                result = 'vmess://' + Base64.encode(JSON.stringify(result));
                break;
            case 'trojan':
+                let transport = '';
+                if (proxy.network) {
+                    transport = `&type=${proxy.network}`;
+                    let transportPath = proxy[`${proxy.network}-opts`]?.path;
+                    let transportHost =
+                        proxy[`${proxy.network}-opts`]?.headers?.Host;
+                    if (transportPath) {
+                        transport += `&path=${encodeURIComponent(
+                            Array.isArray(transportPath)
+                                ? transportPath[0]
+                                : transportPath,
+                        )}`;
+                    }
+                    if (transportHost) {
+                        transport += `&host=${encodeURIComponent(
+                            Array.isArray(transportHost)
+                                ? transportHost[0]
+                                : transportHost,
+                        )}`;
+                    }
+                }
                result = `trojan://${proxy.password}@${proxy.server}:${
                    proxy.port
-                }#${encodeURIComponent(proxy.name)}`;
+                }?sni=${encodeURIComponent(proxy.sni || proxy.server)}${
+                    proxy['skip-cert-verify'] ? '&allowInsecure=1' : ''
+                }${transport}#${encodeURIComponent(proxy.name)}`;
                break;
        }
        return result;
--- a/backend/src/restful/artifacts.js
+++ b/backend/src/restful/artifacts.js
@@ -19,7 +19,10 @@ export default function register($app) {
    if (!$.read(ARTIFACTS_KEY)) $.write({}, ARTIFACTS_KEY);

    // RESTful APIs
-    $app.route('/api/artifacts').get(getAllArtifacts).post(createArtifact);
+    $app.route('/api/artifacts')
+        .get(getAllArtifacts)
+        .post(createArtifact)
+        .put(replaceArtifact);

    $app.route('/api/artifact/:name')
        .get(getArtifact)
@@ -32,6 +35,12 @@ function getAllArtifacts(req, res) {
    success(res, allArtifacts);
 }

+function replaceArtifact(req, res) {
+    const allArtifacts = req.body;
+    $.write(allArtifacts, ARTIFACTS_KEY);
+    success(res);
+}
+
 async function getArtifact(req, res) {
    let { name } = req.params;
    name = decodeURIComponent(name);
@@ -131,7 +140,12 @@ async function deleteArtifact(req, res) {
            files[encodeURIComponent(artifact.name)] = {
                content: '',
            };
-            await syncToGist(files);
+            // 当别的Sub 删了同步订阅 或 gist里面删了 当前设备没有删除 时 无法删除的bug
+            try {
+                await syncToGist(files);
+            } catch (i) {
+                $.error(`Function syncToGist: ${name} : ${i}`);
+            }
        }
        // delete local cache
        deleteByName(allArtifacts, name);
--- a/backend/src/restful/collections.js
+++ b/backend/src/restful/collections.js
@@ -14,7 +14,8 @@ export default function register($app) {

    $app.route('/api/collections')
        .get(getAllCollections)
-        .post(createCollection);
+        .post(createCollection)
+        .put(replaceCollection);
 }

 // collection API
@@ -111,3 +112,9 @@ function getAllCollections(req, res) {
    const allCols = $.read(COLLECTIONS_KEY);
    success(res, allCols);
 }
+
+function replaceCollection(req, res) {
+    const allCols = req.body;
+    $.write(allCols, COLLECTIONS_KEY);
+    success(res);
+}
--- a/backend/src/restful/subscriptions.js
+++ b/backend/src/restful/subscriptions.js
@@ -20,7 +20,10 @@ export default function register($app) {
        .patch(updateSubscription)
        .delete(deleteSubscription);

-    $app.route('/api/subs').get(getAllSubscriptions).post(createSubscription);
+    $app.route('/api/subs')
+        .get(getAllSubscriptions)
+        .post(createSubscription)
+        .put(replaceSubscriptions);
 }

 // subscriptions API
@@ -66,10 +69,10 @@ async function getFlowInfo(req, res) {
        }

        // unit is KB
-        const uploadMatch = flowHeaders.match(/upload=(-?)(\d+)/)
+        const uploadMatch = flowHeaders.match(/upload=(-?)(\d+)/);
        const upload = Number(uploadMatch[1] + uploadMatch[2]);

-        const downloadMatch = flowHeaders.match(/download=(-?)(\d+)/)
+        const downloadMatch = flowHeaders.match(/download=(-?)(\d+)/);
        const download = Number(downloadMatch[1] + downloadMatch[2]);

        const total = Number(flowHeaders.match(/total=(\d+)/)[1]);
@@ -202,3 +205,9 @@ function getAllSubscriptions(req, res) {
    const allSubs = $.read(SUBS_KEY);
    success(res, allSubs);
 }
+
+function replaceSubscriptions(req, res) {
+    const allSubs = req.body;
+    $.write(allSubs, SUBS_KEY);
+    success(res);
+}
--- a/backend/src/utils/geo.js
+++ b/backend/src/utils/geo.js
@@ -155,7 +155,7 @@ export function getFlag(name) {
        '🇲🇴': ['Macao', '澳门', '澳門', 'CTM'],
        '🇲🇹': ['Malta', '马耳他'],
        '🇲🇽': ['Mexico', '墨西哥'],
-        '🇲🇾': ['Malaysia', '马来西亚', '馬來西亞', '吉隆坡', '大馬'],
+        '🇲🇾': ['Malaysia', '马来', '馬來', '吉隆坡', '大馬'],
        '🇳🇱': ['Netherlands', '荷兰', '荷蘭', '尼德蘭', '阿姆斯特丹'],
        '🇳🇴': ['Norway', '挪威'],
        '🇳🇵': ['Nepal', '尼泊尔'],
--- a/backend/src/utils/gist.js
+++ b/backend/src/utils/gist.js
@@ -40,6 +40,10 @@ export default class Gist {
    }

    async upload(files) {
+        if (Object.keys(files).length === 0) {
+            return Promise.reject('未提供需上传的文件');
+        }
+
        const id = await this.locate();

        if (id === -1) {
--- a/config/Surge-Noability.sgmodule
+++ b/config/Surge-Noability.sgmodule
@@ -0,0 +1,12 @@
+#!name=Sub-Store
+#!desc=高级订阅管理工具 @Peng-YM  无 ability 参数版本,不会爆内存, 如果需要使用指定节点功能 例如[加国旗脚本或者cname脚本] 可以用带 ability 参数
+
+[MITM]
+hostname = %APPEND% sub.store
+
+[Script]
+# 主程序 已经去掉 Sub-Store Core 的参数 [,ability=http-client-policy] 不会爆内存，这个参数在 Surge 非常占用内存； 如果不需要使用指定节点功能 例如[加国旗脚本或者cname脚本] 则可以使用此脚本
+Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout=120
+Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true
+
+Sub-Store Sync=type=cron,cronexp=0 0 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
--- a/config/Surge-ability.sgmodule
+++ b/config/Surge-ability.sgmodule
@@ -0,0 +1,11 @@
+#!name=Sub-Store
+#!desc=高级订阅管理工具 @Peng-YM  带 ability 参数版本, 可能会爆内存, 如果不需要使用指定节点功能 例如[加国旗脚本或者cname脚本] 可以用不带 ability 参数版本
+
+[MITM]
+hostname = %APPEND% sub.store
+
+[Script]
+Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout=120,ability=http-client-policy
+Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true
+
+Sub-Store Sync=type=cron,cronexp=0 0 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
--- a/config/Surge.sgmodule
+++ b/config/Surge.sgmodule
@@ -1,10 +1,11 @@
 #!name=Sub-Store
-#!desc=高级订阅管理工具 @Peng-YM
+#!desc=高级订阅管理工具 @Peng-YM  无 ability 参数版本,不会爆内存, 如果需要使用指定节点功能 例如[加国旗脚本或者cname脚本] 可以用带 ability 参数
+
 [MITM]
-hostname=%APPEND% sub.store
+hostname = %APPEND% sub.store

 [Script]
-Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout=120,ability=http-client-policy
+Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout=120
 Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true

 Sub-Store Sync=type=cron,cronexp=0 0 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
Author	SHA1	Message	Date
xream	1f505752ae	fix: trojan uri and tls	2023-08-24 10:02:03 +08:00
xream	497bc264e3	fix: servername/sni priority over wss host	2023-08-22 18:21:34 +08:00
xream	feb207b333	fix: servername/sni priority over wss host	2023-08-22 17:28:39 +08:00
xream	9ac1112b37	fix: VMess URI alterId parseInt	2023-08-22 15:29:55 +08:00
xream	96769598ef	fix: QX tls	2023-08-22 00:42:53 +08:00
xream	f8ed6a3342	fix: QX tls	2023-08-22 00:08:53 +08:00
xream	99b19c410d	fix: vmess/vless http-opts.path/http-opts.headers.Host must be an array in some clients	2023-08-21 22:16:07 +08:00
xream	9e54507bbb	fix: double quotes in Surge vmess ws-headers Host	2023-08-21 21:20:31 +08:00
xream	20afa0ad22	Surge 默认模块不带 ability 参数; 分离出固定带参和不带参的模块	2023-08-20 17:22:51 +08:00
walkxspace	c5b6960b35	Update geo.js (#231 )	2023-08-19 11:44:55 +08:00
xream	4dd86cb368	feat: Added replaceArtifact API	2023-08-18 13:48:37 +08:00
xream	4a0319e95f	fix: flexible cipher for Loon	2023-08-15 21:22:33 +08:00
xream	090d8a978f	feat: Added support for scy of VMESS URI	2023-08-15 18:15:04 +08:00
xream	bc9fae6062	feat: Added support for SNI & allowInsecure of Trojan URI	2023-08-15 17:25:25 +08:00
xream	048344268c	feat: Added replaceSubscriptions, replaceCollection API	2023-08-15 15:48:57 +08:00
xream	c5746f6a6b	Fixed: fast-open tfo	2023-08-15 14:59:27 +08:00
xream	5cb226da62	feat: Added support for SS URI in other formats	2023-08-15 01:48:54 +08:00
xream	d229047744	Fixed: unsupported cipher for Clash/Stash	2023-08-14 10:04:47 +08:00
Hsiaoyi	cb21a8e6ec	Merge pull request #229 from xream/feature/tuic Adjust the logic for determining the tuic version	2023-08-13 17:03:40 +08:00
xream	537a00e8a9	Adjust the logic for determining the tuic version	2023-08-13 17:00:44 +08:00
Hsiaoyi	b770578cba	Merge pull request #228 from xream/feature/tuic feat: Added support for tuic and some compatibility adjustments	2023-08-13 15:56:52 +08:00
xream	47a95e5a3d	feat: Added support for tuic and some compatibility adjustments	2023-08-13 15:54:04 +08:00
Hsiaoyi	e99f13d487	Merge pull request #227 from xream/feature/snell feat: Added support for producing snell nodes with reuse and optional obfs	2023-07-31 18:44:53 +08:00
xream	fcab8401e0	feat: Added support for producing snell nodes with reuse and optional obfs	2023-07-31 18:41:48 +08:00
Hsiaoyi	431b1a3c8e	Merge pull request #226 from Keywos/master fixed deleted gist	2023-07-31 17:42:49 +08:00
Hsiaoyi	36d46003d6	Fixed: empty uploading files	2023-07-31 17:42:31 +08:00
K	ff71f12996	version 2.14.3	2023-07-31 16:41:22 +08:00
K	f7c08e3a56	fixed deleted gist	2023-07-31 16:38:07 +08:00
K	6eea8bb2d0	Merge branch 'sub-store-org:master' into master	2023-07-31 14:58:54 +08:00
Hsiaoyi	fc90e22a48	Added Surge-Noability.sgmodule	2023-07-28 22:38:36 +08:00
K	20d958d74f	Update Surge.sgmodule	2023-07-26 01:48:47 +08:00