feat: geo 更新

feat: UDP 协议跳过设置 utls
doc: demo.js
2025-08-10 00:52:40 +00:00 · 2024-12-26 03:40:53 +08:00 · 2024-12-24 21:43:23 +08:00 · 2024-12-24 20:49:41 +08:00 · 2024-12-24 15:10:38 +08:00 · 2024-12-24 15:08:28 +08:00
63 changed files with 10186 additions and 8003 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -76,8 +76,8 @@ jobs:
          git commit -m "release: ${{ steps.tag.outputs.release_tag }}"
          git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}"
          git push -f -u origin release
-      - name: Sync to GitLab
-        env:
-          GITLAB_PIPELINE_TOKEN: ${{ secrets.GITLAB_PIPELINE_TOKEN }}
-        run: |
-          curl -X POST --fail -F token=$GITLAB_PIPELINE_TOKEN -F ref=master https://gitlab.com/api/v4/projects/48891296/trigger/pipeline
+      # - name: Sync to GitLab
+      #   env:
+      #     GITLAB_PIPELINE_TOKEN: ${{ secrets.GITLAB_PIPELINE_TOKEN }}
+      #   run: |
+      #     curl -X POST --fail -F token=$GITLAB_PIPELINE_TOKEN -F ref=master https://gitlab.com/api/v4/projects/48891296/trigger/pipeline
--- a/README.md
+++ b/README.md
@@ -7,13 +7,13 @@
 </div>

 <p align="center" color="#6a737d">
-Advanced Subscription Manager for QX, Loon, Surge, Stash and Shadowrocket.
+Advanced Subscription Manager for QX, Loon, Surge, Stash, Egern and Shadowrocket.
 </p>

-[![Build](https://github.com/sub-store-org/Sub-Store/actions/workflows/main.yml/badge.svg)](https://github.com/sub-store-org/Sub-Store/actions/workflows/main.yml) ![GitHub](https://img.shields.io/github/license/sub-store-org/Sub-Store) ![GitHub issues](https://img.shields.io/github/issues/sub-store-org/Sub-Store) ![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed-raw/Peng-Ym/Sub-Store) ![Lines of code](https://img.shields.io/tokei/lines/github/sub-store-org/Sub-Store) ![Size](https://img.shields.io/github/languages/code-size/sub-store-org/Sub-Store) 
+[![Build](https://github.com/sub-store-org/Sub-Store/actions/workflows/main.yml/badge.svg)](https://github.com/sub-store-org/Sub-Store/actions/workflows/main.yml) ![GitHub](https://img.shields.io/github/license/sub-store-org/Sub-Store) ![GitHub issues](https://img.shields.io/github/issues/sub-store-org/Sub-Store) ![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed-raw/Peng-Ym/Sub-Store) ![Lines of code](https://img.shields.io/tokei/lines/github/sub-store-org/Sub-Store) ![Size](https://img.shields.io/github/languages/code-size/sub-store-org/Sub-Store)
 <a href="https://trendshift.io/repositories/4572" target="_blank"><img src="https://trendshift.io/api/badge/repositories/4572" alt="sub-store-org%2FSub-Store | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>
 [!["Buy Me A Coffee"](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/PengYM)
-   
+
 Core functionalities:

 1. Conversion among various formats.
@@ -21,21 +21,26 @@ Core functionalities:
 3. Collect multiple subscriptions in one URL.

 > The following descriptions of features may not be updated in real-time. Please refer to the actual available features for accurate information.
-   
+
 ## 1. Subscription Conversion

 ### Supported Input Formats

+> ⚠️ Do not use `Shadowrocket` to export URI and then import it as input. It is not a standard URI.
+
+- [x] Normal Proxy(`socks5`, `socks5+tls`, `http`, `https`(it's ok))
+
+  example: `socks5+tls://user:pass@ip:port#name`
+
 - [x] URI(SS, SSR, VMess, VLESS, Trojan, Hysteria, Hysteria 2, TUIC v5, WireGuard)
 - [x] Clash Proxies YAML
 - [x] Clash Proxy JSON(single line)
 - [x] QX (SS, SSR, VMess, Trojan, HTTP, SOCKS5, VLESS)
 - [x] Loon (SS, SSR, VMess, Trojan, HTTP, SOCKS5, SOCKS5-TLS, WireGuard, VLESS, Hysteria 2)
- [x] Surge (SS, VMess, Trojan, HTTP, SOCKS5, SOCKS5-TLS, TUIC, Snell, Hysteria 2, SSH(Password authentication only), SSR(external, only for macOS), External Proxy Program(only for macOS), WireGuard(Surge to Surge))
+- [x] Surge (Direct, SS, VMess, Trojan, HTTP, SOCKS5, SOCKS5-TLS, TUIC, Snell, Hysteria 2, SSH(Password authentication only), External Proxy Program(only for macOS), WireGuard(Surge to Surge))
 - [x] Surfboard (SS, VMess, Trojan, HTTP, SOCKS5, SOCKS5-TLS, WireGuard(Surfboard to Surfboard))
- [x] Shadowrocket (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, Hysteria 2, TUIC)
- [x] Clash.Meta (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, Hysteria 2, TUIC)
- [x] Stash (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, TUIC)
+- [x] Clash.Meta (Direct, SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, Hysteria 2, TUIC, SSH, mieru)
+- [x] Stash (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, TUIC, Juicity, SSH)
 - [x] Clash (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard)

 ### Supported Target Platforms
@@ -46,7 +51,9 @@ Core functionalities:
 - [x] Clash
 - [x] Surfboard
 - [x] Surge
+- [x] SurgeMac(Use mihomo to support protocols that are not supported by Surge itself)
 - [x] Loon
+- [x] Egern
 - [x] Shadowrocket
 - [x] QX
 - [x] sing-box
@@ -98,7 +105,7 @@ or
 esbuild(experimental)

 ```
-pnpm run --parallel "/^dev:.*/"
+SUB_STORE_BACKEND_API_PORT=3000 pnpm run --parallel "/^dev:.*/"
 ```

 ## LICENSE
@@ -111,7 +118,6 @@ This project is under the GPL V3 LICENSE.

 [![Star History Chart](https://api.star-history.com/svg?repos=sub-store-org/sub-store&type=Date)](https://star-history.com/#sub-store-org/sub-store&Date)

-
 ## Acknowledgements

 - Special thanks to @KOP-XIAO for his awesome resource-parser. Please give a [star](https://github.com/KOP-XIAO/QuantumultX) for his great work!
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "sub-store",
-  "version": "2.14.317",
+  "version": "2.14.452",
  "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and ShadowRocket.",
  "main": "src/main.js",
  "scripts": {
@@ -20,17 +20,20 @@
    "@maxmind/geoip2-node": "^5.0.0",
    "automerge": "1.0.1-preview.7",
    "body-parser": "^1.19.0",
+    "buffer": "^6.0.3",
    "connect-history-api-fallback": "^2.0.0",
    "cron": "^3.1.6",
+    "dns-packet": "^5.6.1",
    "express": "^4.17.1",
    "http-proxy-middleware": "^2.0.6",
+    "ip-address": "^9.0.5",
    "js-base64": "^3.7.2",
+    "jsrsasign": "^11.1.0",
    "lodash": "^4.17.21",
+    "ms": "^2.1.3",
+    "nanoid": "^3.3.3",
    "request": "^2.88.2",
-    "requests": "^0.3.0",
-    "semver": "^7.3.7",
-    "static-js-yaml": "^1.0.0",
-    "uuid": "^8.3.2"
+    "static-js-yaml": "^1.0.0"
  },
  "devDependencies": {
    "@babel/core": "^7.18.0",
--- a/backend/pnpm-lock.yaml
+++ b/backend/pnpm-lock.yaml
--- a/backend/src/constants.js
+++ b/backend/src/constants.js
@@ -6,6 +6,7 @@ export const FILES_KEY = 'files';
 export const MODULES_KEY = 'modules';
 export const ARTIFACTS_KEY = 'artifacts';
 export const RULES_KEY = 'rules';
+export const TOKENS_KEY = 'tokens';
 export const GIST_BACKUP_KEY = 'Auto Generated Sub-Store Backup';
 export const GIST_BACKUP_FILE_NAME = 'Sub-Store';
 export const ARTIFACT_REPOSITORY_KEY = 'Sub-Store Artifacts Repository';
--- a/backend/src/core/proxy-utils/index.js
+++ b/backend/src/core/proxy-utils/index.js
@@ -1,3 +1,5 @@
+import { Buffer } from 'buffer';
+import rs from '@/utils/rs';
 import YAML from '@/utils/yaml';
 import download from '@/utils/download';
 import {
@@ -5,7 +7,9 @@ import {
    isIPv6,
    isValidPortNumber,
    isNotBlank,
-    utf8ArrayToStr,
+    ipAddress,
+    getRandomPort,
+    numberToString,
 } from '@/utils';
 import PROXY_PROCESSORS, { ApplyProcessor } from './processors';
 import PROXY_PREPROCESSORS from './preprocessors';
@@ -15,7 +19,7 @@ import $ from '@/core/app';
 import { FILES_KEY, MODULES_KEY } from '@/constants';
 import { findByName } from '@/utils/database';
 import { produceArtifact } from '@/restful/sync';
-import { getFlag, getISO, MMDB } from '@/utils/geo';
+import { getFlag, removeFlag, getISO, MMDB } from '@/utils/geo';
 import Gist from '@/utils/gist';

 function preprocess(raw) {
@@ -74,8 +78,24 @@ function parse(raw) {
    return proxies;
 }

-async function processFn(proxies, operators = [], targetPlatform, source) {
+async function processFn(
+    proxies,
+    operators = [],
+    targetPlatform,
+    source,
+    $options,
+) {
    for (const item of operators) {
+        if (item.disabled) {
+            $.log(
+                `Skipping disabled operator: "${
+                    item.type
+                }" with arguments:\n >>> ${
+                    JSON.stringify(item.args, null, 2) || 'None'
+                }`,
+            );
+            continue;
+        }
        // process script
        let script;
        let $arguments = {};
@@ -83,7 +103,7 @@ async function processFn(proxies, operators = [], targetPlatform, source) {
            const { mode, content } = item.args;
            if (mode === 'link') {
                let noCache;
-                let url = content;
+                let url = content || '';
                if (url.endsWith('#noCache')) {
                    url = url.replace(/#noCache$/, '');
                    noCache = true;
@@ -173,6 +193,7 @@ async function processFn(proxies, operators = [], targetPlatform, source) {
                targetPlatform,
                $arguments,
                source,
+                $options,
            );
        } else {
            processor = PROXY_PROCESSORS[item.type](item.args || {});
@@ -199,6 +220,8 @@ function produce(proxies, targetPlatform, type, opts = {}) {
    );

    proxies = proxies.map((proxy) => {
+        proxy._resolved = proxy.resolved;
+
        if (!isNotBlank(proxy.name)) {
            proxy.name = `${proxy.type} ${proxy.server}:${proxy.port}`;
        }
@@ -214,26 +237,27 @@ function produce(proxies, targetPlatform, type, opts = {}) {
                delete proxy['tls-fingerprint'];
            }
        }
+
+        // 处理 端口跳跃
+        if (proxy.ports) {
+            proxy.ports = String(proxy.ports);
+            if (!['ClashMeta'].includes(targetPlatform)) {
+                proxy.ports = proxy.ports.replace(/\//g, ',');
+            }
+            if (!proxy.port) {
+                proxy.port = getRandomPort(proxy.ports);
+            }
+        }
+
        return proxy;
    });

    $.log(`Producing proxies for target: ${targetPlatform}`);
    if (typeof producer.type === 'undefined' || producer.type === 'SINGLE') {
-        let localPort = 10000;
        let list = proxies
            .map((proxy) => {
                try {
-                    let line = producer.produce(proxy, type, opts);
-                    if (
-                        line.length > 0 &&
-                        line.includes('__SubStoreLocalPort__')
-                    ) {
-                        line = line.replace(
-                            /__SubStoreLocalPort__/g,
-                            localPort++,
-                        );
-                    }
-                    return line;
+                    return producer.produce(proxy, type, opts);
                } catch (err) {
                    $.error(
                        `Cannot produce proxy: ${JSON.stringify(
@@ -252,7 +276,7 @@ function produce(proxies, targetPlatform, type, opts = {}) {
            proxies.length > 0 &&
            proxies.every((p) => p.type === 'wireguard')
        ) {
-            list = `#!name=${proxies[0]?.subName}
+            list = `#!name=${proxies[0]?._subName}
 #!desc=${proxies[0]?._desc ?? ''}
 #!category=${proxies[0]?._category ?? ''}
 ${list}`;
@@ -267,14 +291,18 @@ export const ProxyUtils = {
    parse,
    process: processFn,
    produce,
+    ipAddress,
+    getRandomPort,
    isIPv4,
    isIPv6,
    isIP,
    yaml: YAML,
    getFlag,
+    removeFlag,
    getISO,
    MMDB,
    Gist,
+    download,
 };

 function tryParse(parser, line) {
@@ -295,7 +323,26 @@ function safeMatch(parser, line) {
    }
 }

+function formatTransportPath(path) {
+    if (typeof path === 'string' || typeof path === 'number') {
+        path = String(path).trim();
+
+        if (path === '') {
+            return '/';
+        } else if (!path.startsWith('/')) {
+            return '/' + path;
+        }
+    }
+    return path;
+}
+
 function lastParse(proxy) {
+    if (typeof proxy.cipher === 'string') {
+        proxy.cipher = proxy.cipher.toLowerCase();
+    }
+    if (typeof proxy.password === 'number') {
+        proxy.password = numberToString(proxy.password);
+    }
    if (proxy.interface) {
        proxy['interface-name'] = proxy.interface;
        delete proxy.interface;
@@ -323,6 +370,17 @@ function lastParse(proxy) {
        delete proxy['ws-headers'];
    }

+    const transportPath = proxy[`${proxy.network}-opts`]?.path;
+
+    if (Array.isArray(transportPath)) {
+        proxy[`${proxy.network}-opts`].path = transportPath.map((item) =>
+            formatTransportPath(item),
+        );
+    } else if (transportPath != null) {
+        proxy[`${proxy.network}-opts`].path =
+            formatTransportPath(transportPath);
+    }
+
    if (proxy.type === 'trojan') {
        if (proxy.network === 'tcp') {
            delete proxy.network;
@@ -333,7 +391,11 @@ function lastParse(proxy) {
            proxy.network = 'tcp';
        }
    }
-    if (['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(proxy.type)) {
+    if (
+        ['trojan', 'tuic', 'hysteria', 'hysteria2', 'juicity'].includes(
+            proxy.type,
+        )
+    ) {
        proxy.tls = true;
    }
    if (proxy.network) {
@@ -359,20 +421,7 @@ function lastParse(proxy) {
            proxy['h2-opts'].path = path[0];
        }
    }
-    if (proxy.tls && !proxy.sni) {
-        if (proxy.network) {
-            let transportHost = proxy[`${proxy.network}-opts`]?.headers?.Host;
-            transportHost = Array.isArray(transportHost)
-                ? transportHost[0]
-                : transportHost;
-            if (transportHost) {
-                proxy.sni = transportHost;
-            }
-        }
-        if (!proxy.sni && !isIP(proxy.server)) {
-            proxy.sni = proxy.server;
-        }
-    }
+
    // 非 tls, 有 ws/http 传输层, 使用域名的节点, 将设置传输层 Host 防止之后域名解析后丢失域名(不覆盖现有的 Host)
    if (
        !proxy.tls &&
@@ -399,10 +448,51 @@ function lastParse(proxy) {
            proxy[`${proxy.network}-opts`].path = [transportPath];
        }
    }
-    if (['hysteria', 'hysteria2'].includes(proxy.type) && !proxy.ports) {
+    if (proxy.tls && !proxy.sni) {
+        if (!isIP(proxy.server)) {
+            proxy.sni = proxy.server;
+        }
+        if (!proxy.sni && proxy.network) {
+            let transportHost = proxy[`${proxy.network}-opts`]?.headers?.Host;
+            transportHost = Array.isArray(transportHost)
+                ? transportHost[0]
+                : transportHost;
+            if (transportHost) {
+                proxy.sni = transportHost;
+            }
+        }
+    }
+    // if (['hysteria', 'hysteria2', 'tuic'].includes(proxy.type)) {
+    if (proxy.ports) {
+        proxy.ports = String(proxy.ports).replace(/\//g, ',');
+    } else {
        delete proxy.ports;
    }
+    // }
+    if (
+        ['hysteria2'].includes(proxy.type) &&
+        proxy.obfs &&
+        !['salamander'].includes(proxy.obfs) &&
+        !proxy['obfs-password']
+    ) {
+        proxy['obfs-password'] = proxy.obfs;
+        proxy.obfs = 'salamander';
+    }
    if (['vless'].includes(proxy.type)) {
+        // 删除 reality-opts: {}
+        if (
+            proxy['reality-opts'] &&
+            Object.keys(proxy['reality-opts']).length === 0
+        ) {
+            delete proxy['reality-opts'];
+        }
+        // 删除 grpc-opts: {}
+        if (
+            proxy['grpc-opts'] &&
+            Object.keys(proxy['grpc-opts']).length === 0
+        ) {
+            delete proxy['grpc-opts'];
+        }
        // 非 reality, 空 flow 没有意义
        if (!proxy['reality-opts'] && !proxy.flow) {
            delete proxy.flow;
@@ -417,6 +507,7 @@ function lastParse(proxy) {
            }
        }
    }
+
    if (typeof proxy.name !== 'string') {
        if (/^\d+$/.test(proxy.name)) {
            proxy.name = `${proxy.name}`;
@@ -425,7 +516,7 @@ function lastParse(proxy) {
                if (proxy.name?.data) {
                    proxy.name = Buffer.from(proxy.name.data).toString('utf8');
                } else {
-                    proxy.name = utf8ArrayToStr(proxy.name);
+                    proxy.name = Buffer.from(proxy.name).toString('utf8');
                }
            } catch (e) {
                $.error(`proxy.name decode failed\nReason: ${e}`);
@@ -433,9 +524,46 @@ function lastParse(proxy) {
            }
        }
    }
+    if (['ws', 'http', 'h2'].includes(proxy.network)) {
+        if (
+            ['ws', 'h2'].includes(proxy.network) &&
+            !proxy[`${proxy.network}-opts`]?.path
+        ) {
+            proxy[`${proxy.network}-opts`] =
+                proxy[`${proxy.network}-opts`] || {};
+            proxy[`${proxy.network}-opts`].path = '/';
+        } else if (
+            proxy.network === 'http' &&
+            (!Array.isArray(proxy[`${proxy.network}-opts`]?.path) ||
+                proxy[`${proxy.network}-opts`]?.path.every((i) => !i))
+        ) {
+            proxy[`${proxy.network}-opts`] =
+                proxy[`${proxy.network}-opts`] || {};
+            proxy[`${proxy.network}-opts`].path = ['/'];
+        }
+    }
    if (['', 'off'].includes(proxy.sni)) {
        proxy['disable-sni'] = true;
    }
+    let caStr = proxy['ca_str'];
+    if (proxy['ca-str']) {
+        caStr = proxy['ca-str'];
+    } else if (caStr) {
+        delete proxy['ca_str'];
+        proxy['ca-str'] = caStr;
+    }
+    try {
+        if ($.env.isNode && !caStr && proxy['_ca']) {
+            caStr = $.node.fs.readFileSync(proxy['_ca'], {
+                encoding: 'utf8',
+            });
+        }
+    } catch (e) {
+        $.error(`Read ca file failed\nReason: ${e}`);
+    }
+    if (!proxy['tls-fingerprint'] && caStr) {
+        proxy['tls-fingerprint'] = rs.generateFingerprint(caStr);
+    }
    return proxy;
 }

--- a/backend/src/core/proxy-utils/parsers/index.js
+++ b/backend/src/core/proxy-utils/parsers/index.js
@@ -5,6 +5,7 @@ import {
    isPresent,
    isNotBlank,
    getIfPresent,
+    getRandomPort,
 } from '@/utils';
 import getSurgeParser from './peggy/surge';
 import getLoonParser from './peggy/loon';
@@ -13,6 +14,55 @@ import getTrojanURIParser from './peggy/trojan-uri';

 import { Base64 } from 'js-base64';

+function surge_port_hopping(raw) {
+    const [parts, port_hopping] =
+        raw.match(
+            /,\s*?port-hopping\s*?=\s*?["']?\s*?((\d+(-\d+)?)([,;]\d+(-\d+)?)*)\s*?["']?\s*?/,
+        ) || [];
+    return {
+        port_hopping: port_hopping
+            ? port_hopping.replace(/;/g, ',')
+            : undefined,
+        line: parts ? raw.replace(parts, '') : raw,
+    };
+}
+
+function URI_PROXY() {
+    // socks5+tls
+    // socks5
+    // http, https(可以这么写)
+    const name = 'URI PROXY Parser';
+    const test = (line) => {
+        return /^(socks5\+tls|socks5|http|https):\/\//.test(line);
+    };
+    const parse = (line) => {
+        // parse url
+        // eslint-disable-next-line no-unused-vars
+        let [__, type, tls, username, password, server, port, query, name] =
+            line.match(
+                /^(socks5|http|http)(\+tls|s)?:\/\/(?:(.*?):(.*?)@)?(.*?):(\d+?)(\?.*?)?(?:#(.*?))?$/,
+            );
+
+        const proxy = {
+            name:
+                name != null
+                    ? decodeURIComponent(name)
+                    : `${type} ${server}:${port}`,
+            type,
+            tls: tls ? true : false,
+            server,
+            port,
+            username:
+                username != null ? decodeURIComponent(username) : undefined,
+            password:
+                password != null ? decodeURIComponent(password) : undefined,
+        };
+
+        return proxy;
+    };
+    return { name, test, parse };
+}
+
 // Parse SS URI format (only supports new SIP002, legacy format is depreciated).
 // reference: https://github.com/shadowsocks/shadowsocks-org/wiki/SIP002-URI-Scheme
 function URI_SS() {
@@ -32,7 +82,15 @@ function URI_SS() {
        content = content.split('#')[0]; // strip proxy name
        // handle IPV4 and IPV6
        let serverAndPortArray = content.match(/@([^/]*)(\/|$)/);
-        let userInfoStr = Base64.decode(content.split('@')[0]);
+
+        let rawUserInfoStr = decodeURIComponent(content.split('@')[0]); // 其实应该分隔之后, 用户名和密码再 decodeURIComponent. 但是问题不大
+        let userInfoStr;
+        if (rawUserInfoStr?.startsWith('2022-blake3-')) {
+            userInfoStr = rawUserInfoStr;
+        } else {
+            userInfoStr = Base64.decode(rawUserInfoStr);
+        }
+
        let query = '';
        if (!serverAndPortArray) {
            if (content.includes('?')) {
@@ -57,16 +115,21 @@ function URI_SS() {
            userInfoStr = content.split('@')[0];
            serverAndPortArray = content.match(/@([^/]*)(\/|$)/);
        }
+
        const serverAndPort = serverAndPortArray[1];
        const portIdx = serverAndPort.lastIndexOf(':');
        proxy.server = serverAndPort.substring(0, portIdx);
        proxy.port = `${serverAndPort.substring(portIdx + 1)}`.match(
            /\d+/,
        )?.[0];
-
-        const userInfo = userInfoStr.match(/(^.*?):(.*$)/);
-        proxy.cipher = userInfo[1];
-        proxy.password = userInfo[2];
+        let userInfo = userInfoStr.match(/(^.*?):(.*$)/);
+        proxy.cipher = userInfo?.[1];
+        proxy.password = userInfo?.[2];
+        // if (!proxy.cipher || !proxy.password) {
+        //     userInfo = rawUserInfoStr.match(/(^.*?):(.*$)/);
+        //     proxy.cipher = userInfo?.[1];
+        //     proxy.password = userInfo?.[2];
+        // }

        // handle obfs
        const idx = content.indexOf('?plugin=');
@@ -158,7 +221,7 @@ function URI_SSR() {
            for (const item of line) {
                let [key, val] = item.split('=');
                val = val.trim();
-                if (val.length > 0) {
+                if (val.length > 0 && val !== '(null)') {
                    other_params[key] = val;
                }
            }
@@ -296,8 +359,13 @@ function URI_VMess() {
                    ? !params.verify_cert
                    : undefined,
            };
+            if (!proxy['skip-cert-verify'] && isPresent(params.allowInsecure)) {
+                proxy['skip-cert-verify'] = /(TRUE)|1/i.test(
+                    params.allowInsecure,
+                );
+            }
            // https://github.com/2dust/v2rayN/wiki/%E5%88%86%E4%BA%AB%E9%93%BE%E6%8E%A5%E6%A0%BC%E5%BC%8F%E8%AF%B4%E6%98%8E(ver-2)
-            if (proxy.tls && proxy.sni) {
+            if (proxy.tls && params.sni && params.sni !== '') {
                proxy.sni = params.sni;
            }
            let httpupgrade = false;
@@ -305,8 +373,9 @@ function URI_VMess() {
            if (params.net === 'ws' || params.obfs === 'websocket') {
                proxy.network = 'ws';
            } else if (
-                ['tcp', 'http'].includes(params.net) ||
-                params.obfs === 'http'
+                ['http'].includes(params.net) ||
+                ['http'].includes(params.obfs) ||
+                ['http'].includes(params.type)
            ) {
                proxy.network = 'http';
            } else if (['grpc'].includes(params.net)) {
@@ -317,7 +386,13 @@ function URI_VMess() {
            ) {
                proxy.network = 'ws';
                httpupgrade = true;
+            } else if (params.net === 'h2' || proxy.network === 'h2') {
+                proxy.network = 'h2';
            }
+            // 暂不支持 tcp + host + path
+            // else if (params.net === 'tcp' || proxy.network === 'tcp') {
+            //     proxy.network = 'tcp';
+            // }
            if (proxy.network) {
                let transportHost = params.host ?? params.obfsParam;
                try {
@@ -332,6 +407,10 @@ function URI_VMess() {

                if (proxy.network === 'http') {
                    if (transportHost) {
+                        // 1)http(tcp)->host中间逗号(,)隔开
+                        transportHost = transportHost
+                            .split(',')
+                            .map((i) => i.trim());
                        transportHost = Array.isArray(transportHost)
                            ? transportHost[0]
                            : transportHost;
@@ -340,13 +419,17 @@ function URI_VMess() {
                        transportPath = Array.isArray(transportPath)
                            ? transportPath[0]
                            : transportPath;
+                    } else {
+                        transportPath = '/';
                    }
                }
+                // 传输层应该有配置, 暂时不考虑兼容不给配置的节点
                if (transportPath || transportHost) {
                    if (['grpc'].includes(proxy.network)) {
                        proxy[`${proxy.network}-opts`] = {
                            'grpc-service-name': getIfNotBlank(transportPath),
                            '_grpc-type': getIfNotBlank(params.type),
+                            '_grpc-authority': getIfNotBlank(params.authority),
                        };
                    } else {
                        const opts = {
@@ -362,12 +445,6 @@ function URI_VMess() {
                } else {
                    delete proxy.network;
                }
-
-                // https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/docs/config.yaml#L413
-                // sni 优先级应高于 host
-                if (proxy.tls && !proxy.sni && transportHost) {
-                    proxy.sni = transportHost;
-                }
            }
            return proxy;
        }
@@ -488,6 +565,9 @@ function URI_VLESS() {
            }
            if (params.serviceName) {
                opts[`${proxy.network}-service-name`] = params.serviceName;
+                if (['grpc'].includes(proxy.network) && params.authority) {
+                    opts['_grpc-authority'] = params.authority;
+                }
            } else if (isShadowrocket && params.path) {
                if (!['ws', 'http', 'h2'].includes(proxy.network)) {
                    opts[`${proxy.network}-service-name`] = params.path;
@@ -508,14 +588,13 @@ function URI_VLESS() {
            if (Object.keys(opts).length > 0) {
                proxy[`${proxy.network}-opts`] = opts;
            }
-        }
-
-        if (proxy.tls && !proxy.sni) {
-            if (proxy.network === 'ws') {
-                proxy.sni = proxy['ws-opts']?.headers?.Host;
-            } else if (proxy.network === 'http') {
-                let httpHost = proxy['http-opts']?.headers?.Host;
-                proxy.sni = Array.isArray(httpHost) ? httpHost[0] : httpHost;
+            if (proxy.network === 'kcp') {
+                // mKCP 种子。省略时不使用种子，但不可以为空字符串。建议 mKCP 用户使用 seed。
+                if (params.seed) {
+                    proxy.seed = params.seed;
+                }
+                // mKCP 的伪装头部类型。当前可选值有 none / srtp / utp / wechat-video / dtls / wireguard。省略时默认值为 none，即不使用伪装头部，但不可以为空字符串。
+                proxy.headerType = params.headerType || 'none';
            }
        }

@@ -530,13 +609,42 @@ function URI_Hysteria2() {
    };
    const parse = (line) => {
        line = line.split(/(hysteria2|hy2):\/\//)[2];
-        // eslint-disable-next-line no-unused-vars
-        let [__, password, server, ___, port, ____, addons = '', name] =
-            /^(.*?)@(.*?)(:(\d+))?\/?(\?(.*?))?(?:#(.*?))?$/.exec(line);
-        port = parseInt(`${port}`, 10);
-        if (isNaN(port)) {
+        // 端口跳跃有两种写法:
+        // 1. 服务器的地址和可选端口。如果省略端口，则默认为 443。
+        // 端口部分支持 端口跳跃 的「多端口地址格式」。
+        // https://hysteria.network/zh/docs/advanced/Port-Hopping
+        // 2. 参数 mport
+        let ports;
+        /* eslint-disable no-unused-vars */
+        let [
+            __,
+            password,
+            server,
+            ___,
+            port,
+            ____,
+            _____,
+            ______,
+            _______,
+            ________,
+            addons = '',
+            name,
+        ] = /^(.*?)@(.*?)(:((\d+(-\d+)?)([,;]\d+(-\d+)?)*))?\/?(\?(.*?))?(?:#(.*?))?$/.exec(
+            line,
+        );
+        /* eslint-enable no-unused-vars */
+        if (/^\d+$/.test(port)) {
+            port = parseInt(`${port}`, 10);
+            if (isNaN(port)) {
+                port = 443;
+            }
+        } else if (port) {
+            ports = port;
+            port = getRandomPort(ports);
+        } else {
            port = 443;
        }
+
        password = decodeURIComponent(password);
        if (name != null) {
            name = decodeURIComponent(name);
@@ -548,6 +656,7 @@ function URI_Hysteria2() {
            name,
            server,
            port,
+            ports,
            password,
        };

@@ -786,6 +895,11 @@ function URI_Trojan() {
    };

    const parse = (line) => {
+        const matched = /^(trojan:\/\/.*?@.*?)(:(\d+))?\/?(\?.*?)?$/.exec(line);
+        const port = matched?.[2];
+        if (!port) {
+            line = line.replace(matched[1], `${matched[1]}:443`);
+        }
        let [newLine, name] = line.split(/#(.+)/, 2);
        const parser = getTrojanURIParser();
        const proxy = parser.parse(newLine);
@@ -815,6 +929,8 @@ function Clash_All() {
        const proxy = JSON.parse(line);
        if (
            ![
+                'mieru',
+                'juicity',
                'ss',
                'ssr',
                'vmess',
@@ -828,6 +944,7 @@ function Clash_All() {
                'hysteria2',
                'wireguard',
                'ssh',
+                'direct',
            ].includes(proxy.type)
        ) {
            throw new Error(
@@ -839,18 +956,7 @@ function Clash_All() {
        if (['vmess', 'vless'].includes(proxy.type)) {
            proxy.sni = proxy.servername;
            delete proxy.servername;
-            if (proxy.tls && !proxy.sni) {
-                if (proxy.network === 'ws') {
-                    proxy.sni = proxy['ws-opts']?.headers?.Host;
-                } else if (proxy.network === 'http') {
-                    let httpHost = proxy['http-opts']?.headers?.Host;
-                    proxy.sni = Array.isArray(httpHost)
-                        ? httpHost[0]
-                        : httpHost;
-                }
-            }
        }
-
        if (proxy['server-cert-fingerprint']) {
            proxy['tls-fingerprint'] = proxy['server-cert-fingerprint'];
        }
@@ -1137,6 +1243,14 @@ function Loon_WireGuard() {
    return { name, test, parse };
 }

+function Surge_Direct() {
+    const name = 'Surge Direct Parser';
+    const test = (line) => {
+        return /^.*=\s*direct/.test(line.split(',')[0]);
+    };
+    const parse = (line) => getSurgeParser().parse(line);
+    return { name, test, parse };
+}
 function Surge_SSH() {
    const name = 'Surge SSH Parser';
    const test = (line) => {
@@ -1280,7 +1394,12 @@ function Surge_Tuic() {
    const test = (line) => {
        return /^.*=\s*tuic(-v5)?/.test(line.split(',')[0]);
    };
-    const parse = (line) => getSurgeParser().parse(line);
+    const parse = (raw) => {
+        const { port_hopping, line } = surge_port_hopping(raw);
+        const proxy = getSurgeParser().parse(line);
+        proxy['ports'] = port_hopping;
+        return proxy;
+    };
    return { name, test, parse };
 }
 function Surge_WireGuard() {
@@ -1297,7 +1416,12 @@ function Surge_Hysteria2() {
    const test = (line) => {
        return /^.*=\s*hysteria2/.test(line.split(',')[0]);
    };
-    const parse = (line) => getSurgeParser().parse(line);
+    const parse = (raw) => {
+        const { port_hopping, line } = surge_port_hopping(raw);
+        const proxy = getSurgeParser().parse(line);
+        proxy['ports'] = port_hopping;
+        return proxy;
+    };
    return { name, test, parse };
 }

@@ -1306,6 +1430,7 @@ function isIP(ip) {
 }

 export default [
+    URI_PROXY(),
    URI_SS(),
    URI_SSR(),
    URI_VMess(),
@@ -1316,6 +1441,7 @@ export default [
    URI_Hysteria2(),
    URI_Trojan(),
    Clash_All(),
+    Surge_Direct(),
    Surge_SSH(),
    Surge_SS(),
    Surge_VMess(),
--- a/backend/src/core/proxy-utils/parsers/peggy/loon.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/loon.js
@@ -54,31 +54,31 @@ shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs
        $set(proxy, "plugin-opts.path", obfs.path);
    }
 }
-vmess = tag equals "vmess"i address method uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/vmess_alterId/fast_open/udp_relay/others)* {
+vmess = tag equals "vmess"i address method uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/vmess_alterId/fast_open/udp_relay/others)* {
    proxy.type = "vmess";
    proxy.cipher = proxy.cipher || "none";
    proxy.alterId = proxy.alterId || 0;
    handleTransport();
 }
-vless = tag equals "vless"i address uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/fast_open/udp_relay/others)* {
+vless = tag equals "vless"i address uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
    proxy.type = "vless";
    handleTransport();
 }
-trojan = tag equals "trojan"i address password (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/fast_open/udp_relay/others)* {
+trojan = tag equals "trojan"i address password (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
    proxy.type = "trojan";
    handleTransport();
 }
-hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/udp_relay/fast_open/download_bandwidth/ecn/others)* {
+hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/udp_relay/fast_open/download_bandwidth/salamander_password/ecn/others)* {
    proxy.type = "hysteria2";
 }
-https = tag equals "https"i address (username password)? (tls_host/tls_verification/fast_open/udp_relay/others)* {
+https = tag equals "https"i address (username password)? (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
    proxy.type = "http";
    proxy.tls = true;
 }
 http = tag equals "http"i address (username password)? (fast_open/udp_relay/others)* {
    proxy.type = "http";
 }
-socks5 = tag equals "socks5"i address (username password)? (over_tls/tls_host/tls_verification/fast_open/udp_relay/others)* {
+socks5 = tag equals "socks5"i address (username password)? (over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
    proxy.type = "socks5";
 }

@@ -120,7 +120,7 @@ port = digits:[0-9]+ {
 method = comma cipher:cipher { 
    proxy.cipher = cipher;
 }
-cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"auto"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"none"/"rc4-md5"/"rc4"/"salsa20"/"xchacha20-ietf-poly1305");
+cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"auto"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"none"/"rc4-md5"/"rc4"/"salsa20"/"xchacha20-ietf-poly1305"/"2022-blake3-aes-128-gcm"/"2022-blake3-aes-256-gcm");

 username = & {
    let j = peg$currPos; 
@@ -172,12 +172,15 @@ vmess_alterId = comma "alterId" equals alterId:$[0-9]+ { proxy.alterId = parseIn
 over_tls = comma "over-tls" equals flag:bool { proxy.tls = flag; }
 tls_host = comma sni:("tls-name"/"sni") equals host:domain { proxy.sni = host; }
 tls_verification = comma "skip-cert-verify" equals flag:bool { proxy["skip-cert-verify"] = flag; }
+tls_cert_sha256 = comma "tls-cert-sha256" equals match:[^,]+ { proxy["tls-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
+tls_pubkey_sha256 = comma "tls-pubkey-sha256" equals match:[^,]+ { proxy["tls-pubkey-sha256"] = match.join("").replace(/^"(.*)"$/, '$1'); }

 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }
 udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }

 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
 download_bandwidth = comma "download-bandwidth" equals match:[^,]+ { proxy.down = match.join(""); }
+salamander_password = comma "salamander-password" equals match:[^,]+ { proxy['obfs-password'] = match.join(""); proxy.obfs = 'salamander'; }

 tag = match:[^=,]* { proxy.name = match.join("").trim(); }
 comma = _ "," _
--- a/backend/src/core/proxy-utils/parsers/peggy/loon.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/loon.peg
@@ -52,31 +52,31 @@ shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs
        $set(proxy, "plugin-opts.path", obfs.path);
    }
 }
-vmess = tag equals "vmess"i address method uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/vmess_alterId/fast_open/udp_relay/others)* {
+vmess = tag equals "vmess"i address method uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/vmess_alterId/fast_open/udp_relay/others)* {
    proxy.type = "vmess";
    proxy.cipher = proxy.cipher || "none";
    proxy.alterId = proxy.alterId || 0;
    handleTransport();
 }
-vless = tag equals "vless"i address uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/fast_open/udp_relay/others)* {
+vless = tag equals "vless"i address uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
    proxy.type = "vless";
    handleTransport();
 }
-trojan = tag equals "trojan"i address password (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/fast_open/udp_relay/others)* {
+trojan = tag equals "trojan"i address password (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
    proxy.type = "trojan";
    handleTransport();
 }
-hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/udp_relay/fast_open/download_bandwidth/ecn/others)* {
+hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/udp_relay/fast_open/download_bandwidth/salamander_password/ecn/others)* {
    proxy.type = "hysteria2";
 }
-https = tag equals "https"i address (username password)? (tls_host/tls_verification/fast_open/udp_relay/others)* {
+https = tag equals "https"i address (username password)? (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
    proxy.type = "http";
    proxy.tls = true;
 }
 http = tag equals "http"i address (username password)? (fast_open/udp_relay/others)* {
    proxy.type = "http";
 }
-socks5 = tag equals "socks5"i address (username password)? (over_tls/tls_host/tls_verification/fast_open/udp_relay/others)* {
+socks5 = tag equals "socks5"i address (username password)? (over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
    proxy.type = "socks5";
 }

@@ -118,7 +118,7 @@ port = digits:[0-9]+ {
 method = comma cipher:cipher { 
    proxy.cipher = cipher;
 }
-cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"auto"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"none"/"rc4-md5"/"rc4"/"salsa20"/"xchacha20-ietf-poly1305");
+cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"auto"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"none"/"rc4-md5"/"rc4"/"salsa20"/"xchacha20-ietf-poly1305"/"2022-blake3-aes-128-gcm"/"2022-blake3-aes-256-gcm");

 username = & {
    let j = peg$currPos; 
@@ -170,12 +170,15 @@ vmess_alterId = comma "alterId" equals alterId:$[0-9]+ { proxy.alterId = parseIn
 over_tls = comma "over-tls" equals flag:bool { proxy.tls = flag; }
 tls_host = comma sni:("tls-name"/"sni") equals host:domain { proxy.sni = host; }
 tls_verification = comma "skip-cert-verify" equals flag:bool { proxy["skip-cert-verify"] = flag; }
+tls_cert_sha256 = comma "tls-cert-sha256" equals match:[^,]+ { proxy["tls-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
+tls_pubkey_sha256 = comma "tls-pubkey-sha256" equals match:[^,]+ { proxy["tls-pubkey-sha256"] = match.join("").replace(/^"(.*)"$/, '$1'); }

 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }
 udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }

 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
 download_bandwidth = comma "download-bandwidth" equals match:[^,]+ { proxy.down = match.join(""); }
+salamander_password = comma "salamander-password" equals match:[^,]+ { proxy['obfs-password'] = match.join(""); proxy.obfs = 'salamander'; }

 tag = match:[^=,]* { proxy.name = match.join("").trim(); }
 comma = _ "," _
--- a/backend/src/core/proxy-utils/parsers/peggy/surge.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/surge.js
@@ -37,11 +37,11 @@ const grammars = String.raw`
    }
 }

-start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2/ssh) {
+start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2/ssh/direct) {
    return proxy;
 }

-shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/udp_port/others)* {
    proxy.type = "ss";
    // handle obfs
    if (obfs.type == "http" || obfs.type === "tls") {
@@ -91,11 +91,11 @@ snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_
    }
    handleShadowTLS();
 }
-tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "tuic";
    handleShadowTLS();
 }
-tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "tuic";
    proxy.version = 5;
    handleShadowTLS();
@@ -104,19 +104,22 @@ wireguard = tag equals "wireguard" (section_name/no_error_alert/ip_version/under
    proxy.type = "wireguard-surge";
    handleShadowTLS();
 }
-hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "hysteria2";
    handleShadowTLS();
 }
-socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (udp_relay/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "socks5";
    handleShadowTLS();
 }
-socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_fingerprint/tls_verification/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (udp_relay/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_fingerprint/tls_verification/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "socks5";
    proxy.tls = true;
    handleShadowTLS();
 }
+direct = tag equals "direct" (udp_relay/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/block_quic/others)* {
+    proxy.type = "direct";
+}

 address = comma server:server comma port:port {
    proxy.server = server;
@@ -151,6 +154,8 @@ port = digits:[0-9]+ {
    }
 }

+port_hopping_interval = comma "port-hopping-interval" equals match:$[0-9]+ { proxy["hop-interval"] = parseInt(match.trim()); }
+
 username = & {
    let j = peg$currPos; 
    let start, end;
@@ -191,14 +196,14 @@ snell_psk = comma "psk" equals match:[^,]+ { proxy.psk = match.join(""); }
 snell_version = comma "version" equals match:$[0-9]+ { proxy.version = parseInt(match.trim()); }

 usernamek = comma "username" equals match:[^,]+ { proxy.username = match.join(""); }
-passwordk = comma "password" equals match:[^,]+ { proxy.password = match.join(""); }
+passwordk = comma "password" equals match:[^,]+ { proxy.password = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
 vmess_uuid = comma "username" equals match:[^,]+ { proxy.uuid = match.join(""); }
 vmess_aead = comma "vmess-aead" equals flag:bool { proxy.aead = flag; }

 method = comma "encrypt-method" equals cipher:cipher {
    proxy.cipher = cipher;
 }
-cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"idea-cfb"/"none"/"rc2-cfb"/"rc4-md5"/"rc4"/"salsa20"/"seed-cfb"/"xchacha20-ietf-poly1305");
+cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"idea-cfb"/"none"/"rc2-cfb"/"rc4-md5"/"rc4"/"salsa20"/"seed-cfb"/"xchacha20-ietf-poly1305"/"2022-blake3-aes-128-gcm"/"2022-blake3-aes-256-gcm");

 ws = comma "ws" equals flag:bool { obfs.type = "ws"; }
 ws_headers = comma "ws-headers" equals headers:$[^,]+ {
@@ -217,7 +222,7 @@ obfs_host = comma "obfs-host" equals host:domain { obfs.host = host; };
 obfs_uri = comma "obfs-uri" equals path:uri { obfs.path = path }
 uri = $[^,]+

-udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
+udp_relay = comma "udp-relay" equals flag:bool { proxy.udp = flag; }
 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }
 reuse = comma "reuse" equals flag:bool { proxy.reuse = flag; }
 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
@@ -238,6 +243,7 @@ idle_timeout = comma "idle-timeout" equals match:$[0-9]+ { proxy["idle-timeout"]
 private_key = comma "private-key" equals match:[^,]+ { proxy["keystore-private-key"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 server_fingerprint = comma "server-fingerprint" equals match:[^,]+ { proxy["server-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 block_quic = comma "block-quic" equals match:[^,]+ { proxy["block-quic"] = match.join(""); }
+udp_port = comma "udp-port" equals match:$[0-9]+ { proxy["udp-port"] = parseInt(match.trim()); }
 shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
 shadow_tls_sni = comma "shadow-tls-sni" equals match:[^,]+ { proxy["shadow-tls-sni"] = match.join(""); }
 shadow_tls_password = comma "shadow-tls-password" equals match:[^,]+ { proxy["shadow-tls-password"] = match.join(""); }
--- a/backend/src/core/proxy-utils/parsers/peggy/surge.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/surge.peg
@@ -35,11 +35,11 @@
    }
 }

-start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2/ssh) {
+start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2/ssh/direct) {
    return proxy;
 }

-shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/udp_port/others)* {
    proxy.type = "ss";
    // handle obfs
    if (obfs.type == "http" || obfs.type === "tls") {
@@ -89,11 +89,11 @@ snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_
    }
    handleShadowTLS();
 }
-tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "tuic";
    handleShadowTLS();
 }
-tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "tuic";
    proxy.version = 5;
    handleShadowTLS();
@@ -102,20 +102,22 @@ wireguard = tag equals "wireguard" (section_name/no_error_alert/ip_version/under
    proxy.type = "wireguard-surge";
    handleShadowTLS();
 }
-hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "hysteria2";
    handleShadowTLS();
 }
-socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (udp_relay/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "socks5";
    handleShadowTLS();
 }
-socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_fingerprint/tls_verification/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (udp_relay/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_fingerprint/tls_verification/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "socks5";
    proxy.tls = true;
    handleShadowTLS();
 }
-
+direct = tag equals "direct" (udp_relay/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/block_quic/others)* {
+    proxy.type = "direct";
+}
 address = comma server:server comma port:port {
    proxy.server = server;
    proxy.port = port;
@@ -149,6 +151,8 @@ port = digits:[0-9]+ {
    }
 }

+port_hopping_interval = comma "port-hopping-interval" equals match:$[0-9]+ { proxy["hop-interval"] = parseInt(match.trim()); }
+
 username = & {
    let j = peg$currPos; 
    let start, end;
@@ -189,14 +193,14 @@ snell_psk = comma "psk" equals match:[^,]+ { proxy.psk = match.join(""); }
 snell_version = comma "version" equals match:$[0-9]+ { proxy.version = parseInt(match.trim()); }

 usernamek = comma "username" equals match:[^,]+ { proxy.username = match.join(""); }
-passwordk = comma "password" equals match:[^,]+ { proxy.password = match.join(""); }
+passwordk = comma "password" equals match:[^,]+ { proxy.password = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
 vmess_uuid = comma "username" equals match:[^,]+ { proxy.uuid = match.join(""); }
 vmess_aead = comma "vmess-aead" equals flag:bool { proxy.aead = flag; }

 method = comma "encrypt-method" equals cipher:cipher {
    proxy.cipher = cipher;
 }
-cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"idea-cfb"/"none"/"rc2-cfb"/"rc4-md5"/"rc4"/"salsa20"/"seed-cfb"/"xchacha20-ietf-poly1305");
+cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"idea-cfb"/"none"/"rc2-cfb"/"rc4-md5"/"rc4"/"salsa20"/"seed-cfb"/"xchacha20-ietf-poly1305"/"2022-blake3-aes-128-gcm"/"2022-blake3-aes-256-gcm");

 ws = comma "ws" equals flag:bool { obfs.type = "ws"; }
 ws_headers = comma "ws-headers" equals headers:$[^,]+ {
@@ -215,7 +219,7 @@ obfs_host = comma "obfs-host" equals host:domain { obfs.host = host; };
 obfs_uri = comma "obfs-uri" equals path:uri { obfs.path = path }
 uri = $[^,]+

-udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
+udp_relay = comma "udp-relay" equals flag:bool { proxy.udp = flag; }
 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }
 reuse = comma "reuse" equals flag:bool { proxy.reuse = flag; }
 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
@@ -236,6 +240,7 @@ idle_timeout = comma "idle-timeout" equals match:$[0-9]+ { proxy["idle-timeout"]
 private_key = comma "private-key" equals match:[^,]+ { proxy["keystore-private-key"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 server_fingerprint = comma "server-fingerprint" equals match:[^,]+ { proxy["server-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 block_quic = comma "block-quic" equals match:[^,]+ { proxy["block-quic"] = match.join(""); }
+udp_port = comma "udp-port" equals match:$[0-9]+ { proxy["udp-port"] = parseInt(match.trim()); }
 shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
 shadow_tls_sni = comma "shadow-tls-sni" equals match:[^,]+ { proxy["shadow-tls-sni"] = match.join(""); }
 shadow_tls_password = comma "shadow-tls-password" equals match:[^,]+ { proxy["shadow-tls-password"] = match.join(""); }
--- a/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.js
@@ -82,6 +82,8 @@ port = digits:[0-9]+ {
 params = "?" head:param tail:("&"@param)* {
  proxy["skip-cert-verify"] = toBool(params["allowInsecure"]);
  proxy.sni = params["sni"] || params["peer"];
+  proxy['client-fingerprint'] = params.fp;
+  proxy.alpn = params.alpn ? decodeURIComponent(params.alpn).split(',') : undefined;

  if (toBool(params["ws"])) {
    proxy.network = "ws";
@@ -99,6 +101,7 @@ params = "?" head:param tail:("&"@param)* {
        proxy[proxy.network + '-opts'] = {
            'grpc-service-name': params["serviceName"],
            '_grpc-type': params["mode"],
+            '_grpc-authority': params["authority"],
        };
    } else {
      if (params["path"]) {
--- a/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.peg
@@ -80,6 +80,8 @@ port = digits:[0-9]+ {
 params = "?" head:param tail:("&"@param)* {
  proxy["skip-cert-verify"] = toBool(params["allowInsecure"]);
  proxy.sni = params["sni"] || params["peer"];
+  proxy['client-fingerprint'] = params.fp;
+  proxy.alpn = params.alpn ? decodeURIComponent(params.alpn).split(',') : undefined;

  if (toBool(params["ws"])) {
    proxy.network = "ws";
@@ -97,6 +99,7 @@ params = "?" head:param tail:("&"@param)* {
        proxy[proxy.network + '-opts'] = {
            'grpc-service-name': params["serviceName"],
            '_grpc-type': params["mode"],
+            '_grpc-authority': params["authority"],
        };
    } else {
      if (params["path"]) {
--- a/backend/src/core/proxy-utils/preprocessors/index.js
+++ b/backend/src/core/proxy-utils/preprocessors/index.js
@@ -50,10 +50,32 @@ function Clash() {
    };
    const parse = function (raw) {
        // Clash YAML format
+
+        // 防止 VLESS节点 reality-opts 选项中的 short-id 被解析成 Infinity
+        // 匹配 short-id 冒号后面的值(包含空格和引号)
+        const afterReplace = raw.replace(
+            /short-id:([ ]*[^,\n}]*)/g,
+            (matched, value) => {
+            const afterTrim = value.trim();
+        
+            // 为空
+            if (!afterTrim || afterTrim === '') {
+                return 'short-id: ""'
+            }
+        
+            // 是否被引号包裹
+            if (/^(['"]).*\1$/.test(afterTrim)) {
+                return `short-id: ${afterTrim}`;
+            } else {
+                return `short-id: "${afterTrim}"`
+            }
+            }
+        );
+
        const {
            proxies,
            'global-client-fingerprint': globalClientFingerprint,
-        } = safeLoad(raw);
+        } = safeLoad(afterReplace);
        return proxies
            .map((p) => {
                // https://github.com/MetaCubeX/mihomo/blob/Alpha/docs/config.yaml#L73C1-L73C26
--- a/backend/src/core/proxy-utils/processors/index.js
+++ b/backend/src/core/proxy-utils/processors/index.js
@@ -1,13 +1,15 @@
 import resourceCache from '@/utils/resource-cache';
 import scriptResourceCache from '@/utils/script-resource-cache';
-import { isIPv4, isIPv6 } from '@/utils';
+import { isIPv4, isIPv6, ipAddress } from '@/utils';
 import { FULL } from '@/utils/logical';
-import { getFlag } from '@/utils/geo';
+import { getFlag, removeFlag } from '@/utils/geo';
+import { doh } from '@/utils/dns';
 import lodash from 'lodash';
 import $ from '@/core/app';
 import { hex_md5 } from '@/vendor/md5';
 import { ProxyUtils } from '@/core/proxy-utils';
 import { produceArtifact } from '@/restful/sync';
+import { SETTINGS_KEY } from '@/constants';

 import env from '@/utils/env';
 import {
@@ -314,7 +316,7 @@ function RegexDeleteOperator(regex) {
 1. This function name should be `operator`!
 2. Always declare variables before using them!
 */
-function ScriptOperator(script, targetPlatform, $arguments, source) {
+function ScriptOperator(script, targetPlatform, $arguments, source, $options) {
    return {
        name: 'Script Operator',
        func: async (proxies) => {
@@ -324,6 +326,7 @@ function ScriptOperator(script, targetPlatform, $arguments, source) {
                    'operator',
                    script,
                    $arguments,
+                    $options,
                );
                output = operator(proxies, targetPlatform, { source, ...env });
            })();
@@ -336,9 +339,9 @@ function ScriptOperator(script, targetPlatform, $arguments, source) {
                    'operator',
                    `async function operator(input = []) {
                        if (input && (input.$files || input.$content)) {
-                            let { $content, $files } = input
+                            let { $content, $files, $options } = input
                            ${script}
-                            return { $content, $files }
+                            return { $content, $files, $options }
                        } else {
                            let proxies = input
                            let list = []
@@ -350,6 +353,7 @@ function ScriptOperator(script, targetPlatform, $arguments, source) {
                        }
                      }`,
                    $arguments,
+                    $options,
                );
                output = operator(proxies, targetPlatform, { source, ...env });
            })();
@@ -362,9 +366,6 @@ function parseIP4P(IP4P) {
    let server;
    let port;
    try {
-        if (!/^2001::[^:]+:[^:]+:[^:]+$/.test(IP4P)) {
-            throw new Error(`Invalid IP4P: ${IP4P}`);
-        }
        let array = IP4P.split(':');

        port = parseInt(array[2], 16);
@@ -389,31 +390,61 @@ function parseIP4P(IP4P) {
 }

 const DOMAIN_RESOLVERS = {
-    Google: async function (domain, type, noCache) {
-        const id = hex_md5(`GOOGLE:${domain}:${type}`);
+    Custom: async function (domain, type, noCache, timeout, edns, url) {
+        const id = hex_md5(`CUSTOM:${url}:${domain}:${type}`);
        const cached = resourceCache.get(id);
        if (!noCache && cached) return cached;
-        const resp = await $.http.get({
-            url: `https://8.8.4.4/resolve?name=${encodeURIComponent(
-                domain,
-            )}&type=${type === 'IPv6' ? 'AAAA' : 'A'}`,
-            headers: {
-                accept: 'application/dns-json',
-            },
+        const answerType = type === 'IPv6' ? 'AAAA' : 'A';
+        const res = await doh({
+            url,
+            domain,
+            type: answerType,
+            timeout,
+            edns,
        });
-        const body = JSON.parse(resp.body);
-        if (body['Status'] !== 0) {
-            throw new Error(`Status is ${body['Status']}`);
-        }
-        const answers = body['Answer'];
-        if (answers.length === 0) {
+
+        const { answers } = res;
+        if (!Array.isArray(answers) || answers.length === 0) {
+            throw new Error('No answers');
+        }
+        const result = answers
+            .filter((i) => i?.type === answerType)
+            .map((i) => i?.data)
+            .filter((i) => i);
+        if (result.length === 0) {
            throw new Error('No answers');
        }
-        const result = answers[answers.length - 1].data;
        resourceCache.set(id, result);
        return result;
    },
-    'IP-API': async function (domain, type, noCache) {
+    Google: async function (domain, type, noCache, timeout, edns) {
+        const id = hex_md5(`GOOGLE:${domain}:${type}`);
+        const cached = resourceCache.get(id);
+        if (!noCache && cached) return cached;
+        const answerType = type === 'IPv6' ? 'AAAA' : 'A';
+        const res = await doh({
+            url: 'https://8.8.4.4/dns-query',
+            domain,
+            type: answerType,
+            timeout,
+            edns,
+        });
+
+        const { answers } = res;
+        if (!Array.isArray(answers) || answers.length === 0) {
+            throw new Error('No answers');
+        }
+        const result = answers
+            .filter((i) => i?.type === answerType)
+            .map((i) => i?.data)
+            .filter((i) => i);
+        if (result.length === 0) {
+            throw new Error('No answers');
+        }
+        resourceCache.set(id, result);
+        return result;
+    },
+    'IP-API': async function (domain, type, noCache, timeout) {
        if (['IPv6'].includes(type)) {
            throw new Error(`域名解析服务提供方 IP-API 不支持 ${type}`);
        }
@@ -424,100 +455,138 @@ const DOMAIN_RESOLVERS = {
            url: `http://ip-api.com/json/${encodeURIComponent(
                domain,
            )}?lang=zh-CN`,
+            timeout,
        });
        const body = JSON.parse(resp.body);
        if (body['status'] !== 'success') {
            throw new Error(`Status is ${body['status']}`);
        }
-        const result = body.query;
+        if (!body.query || body.query === 0) {
+            throw new Error('No answers');
+        }
+        const result = [body.query];
+        if (result.length === 0) {
+            throw new Error('No answers');
+        }
        resourceCache.set(id, result);
        return result;
    },
-    Cloudflare: async function (domain, type, noCache) {
+    Cloudflare: async function (domain, type, noCache, timeout, edns) {
        const id = hex_md5(`CLOUDFLARE:${domain}:${type}`);
        const cached = resourceCache.get(id);
        if (!noCache && cached) return cached;
-        const resp = await $.http.get({
-            url: `https://1.0.0.1/dns-query?name=${encodeURIComponent(
-                domain,
-            )}&type=${type === 'IPv6' ? 'AAAA' : 'A'}`,
-            headers: {
-                accept: 'application/dns-json',
-            },
+        const answerType = type === 'IPv6' ? 'AAAA' : 'A';
+        const res = await doh({
+            url: 'https://1.0.0.1/dns-query',
+            domain,
+            type: answerType,
+            timeout,
+            edns,
        });
-        const body = JSON.parse(resp.body);
-        if (body['Status'] !== 0) {
-            throw new Error(`Status is ${body['Status']}`);
-        }
-        const answers = body['Answer'];
-        if (answers.length === 0) {
+
+        const { answers } = res;
+        if (!Array.isArray(answers) || answers.length === 0) {
+            throw new Error('No answers');
+        }
+        const result = answers
+            .filter((i) => i?.type === answerType)
+            .map((i) => i?.data)
+            .filter((i) => i);
+        if (result.length === 0) {
            throw new Error('No answers');
        }
-        const result = answers[answers.length - 1].data;
        resourceCache.set(id, result);
        return result;
    },
-    Ali: async function (domain, type, noCache) {
+    Ali: async function (domain, type, noCache, timeout, edns) {
        const id = hex_md5(`ALI:${domain}:${type}`);
        const cached = resourceCache.get(id);
        if (!noCache && cached) return cached;
        const resp = await $.http.get({
-            url: `http://223.6.6.6/resolve?edns_client_subnet=223.6.6.6/24&name=${encodeURIComponent(
+            url: `http://223.6.6.6/resolve?edns_client_subnet=${edns}/24&name=${encodeURIComponent(
                domain,
            )}&type=${type === 'IPv6' ? 'AAAA' : 'A'}&short=1`,
            headers: {
                accept: 'application/dns-json',
            },
+            timeout,
        });
        const answers = JSON.parse(resp.body);
-        if (answers.length === 0) {
+        if (!Array.isArray(answers) || answers.length === 0) {
+            throw new Error('No answers');
+        }
+        const result = answers;
+        if (result.length === 0) {
            throw new Error('No answers');
        }
-        const result = answers[answers.length - 1];
        resourceCache.set(id, result);
        return result;
    },
-    Tencent: async function (domain, type, noCache) {
-        const id = hex_md5(`ALI:${domain}:${type}`);
+    Tencent: async function (domain, type, noCache, timeout, edns) {
+        const id = hex_md5(`TENCENT:${domain}:${type}`);
        const cached = resourceCache.get(id);
        if (!noCache && cached) return cached;
        const resp = await $.http.get({
-            url: `http://119.28.28.28/d?ip=119.28.28.28&type=${
+            url: `http://119.28.28.28/d?ip=${edns}&type=${
                type === 'IPv6' ? 'AAAA' : 'A'
            }&dn=${encodeURIComponent(domain)}`,
            headers: {
                accept: 'application/dns-json',
            },
+            timeout,
        });
        const answers = resp.body.split(';').map((i) => i.split(',')[0]);
        if (answers.length === 0 || String(answers) === '0') {
            throw new Error('No answers');
        }
-        const result = answers[answers.length - 1];
+        const result = answers;
+        if (result.length === 0) {
+            throw new Error('No answers');
+        }
        resourceCache.set(id, result);
        return result;
    },
 };

-function ResolveDomainOperator({ provider, type: _type, filter, cache }) {
+function ResolveDomainOperator({
+    provider,
+    type: _type,
+    filter,
+    cache,
+    url,
+    timeout,
+    edns: _edns,
+}) {
    if (['IPv6', 'IP4P'].includes(_type) && ['IP-API'].includes(provider)) {
        throw new Error(`域名解析服务提供方 ${provider} 不支持 ${_type}`);
    }
+    const { defaultTimeout } = $.read(SETTINGS_KEY);
+    const requestTimeout = timeout || defaultTimeout || 8000;
    let type = ['IPv6', 'IP4P'].includes(_type) ? 'IPv6' : 'IPv4';

    const resolver = DOMAIN_RESOLVERS[provider];
    if (!resolver) {
        throw new Error(`找不到域名解析服务提供方: ${provider}`);
    }
+    let edns = _edns || '223.6.6.6';
+    if (!isIP(edns)) throw new Error(`域名解析 EDNS 应为 IP`);
+    $.info(
+        `Domain Resolver: [${_type}] ${provider} ${edns || ''} ${url || ''}`,
+    );
    return {
        name: 'Resolve Domain Operator',
        func: async (proxies) => {
+            proxies.forEach((p, i) => {
+                if (!p['_no-resolve'] && p['no-resolve']) {
+                    proxies[i]['_no-resolve'] = p['no-resolve'];
+                }
+            });
            const results = {};
            const limit = 15; // more than 20 concurrency may result in surge TCP connection shortage.
            const totalDomain = [
                ...new Set(
                    proxies
-                        .filter((p) => !isIP(p.server) && !p['no-resolve'])
+                        .filter((p) => !isIP(p.server) && !p['_no-resolve'])
                        .map((c) => c.server),
                ),
            ];
@@ -526,7 +595,14 @@ function ResolveDomainOperator({ provider, type: _type, filter, cache }) {
                const currentBatch = [];
                for (let domain of totalDomain.splice(0, limit)) {
                    currentBatch.push(
-                        resolver(domain, type, cache === 'disabled')
+                        resolver(
+                            domain,
+                            type,
+                            cache === 'disabled',
+                            requestTimeout,
+                            edns,
+                            url,
+                        )
                            .then((ip) => {
                                results[domain] = ip;
                                $.info(
@@ -543,34 +619,58 @@ function ResolveDomainOperator({ provider, type: _type, filter, cache }) {
                await Promise.all(currentBatch);
            }
            proxies.forEach((p) => {
-                if (!p['no-resolve']) {
+                if (!p['_no-resolve']) {
                    if (results[p.server]) {
-                        if (_type === 'IP4P') {
-                            const { server, port } = parseIP4P(
-                                results[p.server],
-                            );
-                            if (server && port) {
+                        p._resolved_ips = results[p.server];
+                        let ip = Array.isArray(results[p.server])
+                            ? results[p.server][
+                                  Math.floor(
+                                      Math.random() * results[p.server].length,
+                                  )
+                              ]
+                            : results[p.server];
+                        if (type === 'IPv6' && isIPv6(ip)) {
+                            try {
+                                ip = new ipAddress.Address6(ip).correctForm();
+                            } catch (e) {
+                                $.error(
+                                    `Failed to parse IPv6 address: ${ip}: ${e}`,
+                                );
+                            }
+                            if (/^2001::[^:]+:[^:]+:[^:]+$/.test(ip)) {
+                                p._IP4P = ip;
+                                const { server, port } = parseIP4P(ip);
+                                if (server && port) {
+                                    p._domain = p.server;
+                                    p.server = server;
+                                    p.port = port;
+                                    p.resolved = true;
+                                    p._IPv4 = p.server;
+                                    if (!isIP(p._IP)) {
+                                        p._IP = p.server;
+                                    }
+                                } else if (!p.resolved) {
+                                    p.resolved = false;
+                                }
+                            } else {
                                p._domain = p.server;
-                                p.server = server;
-                                p.port = port;
+                                p.server = ip;
                                p.resolved = true;
-                                p._IPv4 = p.server;
+                                p[`_${type}`] = p.server;
                                if (!isIP(p._IP)) {
                                    p._IP = p.server;
                                }
-                            } else {
-                                p.resolved = false;
                            }
                        } else {
                            p._domain = p.server;
-                            p.server = results[p.server];
+                            p.server = ip;
                            p.resolved = true;
                            p[`_${type}`] = p.server;
                            if (!isIP(p._IP)) {
                                p._IP = p.server;
                            }
                        }
-                    } else {
+                    } else if (!p.resolved) {
                        p.resolved = false;
                    }
                }
@@ -578,7 +678,7 @@ function ResolveDomainOperator({ provider, type: _type, filter, cache }) {

            return proxies.filter((p) => {
                if (filter === 'removeFailed') {
-                    return isIP(p.server) || p['no-resolve'] || p.resolved;
+                    return isIP(p.server) || p['_no-resolve'] || p.resolved;
                } else if (filter === 'IPOnly') {
                    return isIP(p.server);
                } else if (filter === 'IPv4Only') {
@@ -599,24 +699,45 @@ function isIP(ip) {

 ResolveDomainOperator.resolver = DOMAIN_RESOLVERS;

+function isAscii(str) {
+    // eslint-disable-next-line no-control-regex
+    var pattern = /^[\x00-\x7F]+$/; // ASCII 范围的 Unicode 编码
+    return pattern.test(str);
+}
+
 /**************************** Filters ***************************************/
 // filter useless proxies
 function UselessFilter() {
-    const KEYWORDS = [
-        '网址',
-        '流量',
-        '时间',
-        '应急',
-        '过期',
-        'Bandwidth',
-        'expire',
-    ];
    return {
        name: 'Useless Filter',
-        func: RegexFilter({
-            regex: KEYWORDS,
-            keep: false,
-        }).func,
+        func: (proxies) => {
+            return proxies.map((proxy) => {
+                if (proxy.cipher && !isAscii(proxy.cipher)) {
+                    return false;
+                } else if (proxy.password && !isAscii(proxy.password)) {
+                    return false;
+                } else {
+                    if (proxy.network) {
+                        let transportHosts =
+                            proxy[`${proxy.network}-opts`]?.headers?.Host ||
+                            proxy[`${proxy.network}-opts`]?.headers?.host;
+                        transportHosts = Array.isArray(transportHosts)
+                            ? transportHosts
+                            : [transportHosts];
+                        if (
+                            transportHosts.some(
+                                (host) => host && !isAscii(host),
+                            )
+                        ) {
+                            return false;
+                        }
+                    }
+                    return !/网址|流量|时间|应急|过期|Bandwidth|expire/.test(
+                        proxy.name,
+                    );
+                }
+            });
+        },
    };
 }

@@ -692,7 +813,7 @@ function TypeFilter(types) {
 1. This function name should be `filter`!
 2. Always declare variables before using them!
 */
-function ScriptFilter(script, targetPlatform, $arguments, source) {
+function ScriptFilter(script, targetPlatform, $arguments, source, $options) {
    return {
        name: 'Script Filter',
        func: async (proxies) => {
@@ -702,6 +823,7 @@ function ScriptFilter(script, targetPlatform, $arguments, source) {
                    'filter',
                    script,
                    $arguments,
+                    $options,
                );
                output = filter(proxies, targetPlatform, { source, ...env });
            })();
@@ -724,6 +846,7 @@ function ScriptFilter(script, targetPlatform, $arguments, source) {
                        return list
                      }`,
                    $arguments,
+                    $options,
                );
                output = filter(proxies, targetPlatform, { source, ...env });
            })();
@@ -864,14 +987,7 @@ function clone(object) {
    return JSON.parse(JSON.stringify(object));
 }

-// remove flag
-function removeFlag(str) {
-    return str
-        .replace(/[\uD83C][\uDDE6-\uDDFF][\uD83C][\uDDE6-\uDDFF]|🏴‍☠️|🏳️‍🌈/g, '')
-        .trim();
-}
-
-function createDynamicFunction(name, script, $arguments) {
+function createDynamicFunction(name, script, $arguments, $options) {
    const flowUtils = {
        getFlowField,
        getFlowHeaders,
@@ -883,6 +999,7 @@ function createDynamicFunction(name, script, $arguments) {
    if ($.env.isLoon) {
        return new Function(
            '$arguments',
+            '$options',
            '$substore',
            'lodash',
            '$persistentStore',
@@ -892,9 +1009,11 @@ function createDynamicFunction(name, script, $arguments) {
            'scriptResourceCache',
            'flowUtils',
            'produceArtifact',
+            'require',
            `${script}\n return ${name}`,
        )(
            $arguments,
+            $options,
            $,
            lodash,
            // eslint-disable-next-line no-undef
@@ -907,26 +1026,30 @@ function createDynamicFunction(name, script, $arguments) {
            scriptResourceCache,
            flowUtils,
            produceArtifact,
+            eval(`typeof require !== "undefined"`) ? require : undefined,
        );
    } else {
        return new Function(
            '$arguments',
+            '$options',
            '$substore',
            'lodash',
            'ProxyUtils',
            'scriptResourceCache',
            'flowUtils',
            'produceArtifact',
-
+            'require',
            `${script}\n return ${name}`,
        )(
            $arguments,
+            $options,
            $,
            lodash,
            ProxyUtils,
            scriptResourceCache,
            flowUtils,
            produceArtifact,
+            eval(`typeof require !== "undefined"`) ? require : undefined,
        );
    }
 }
--- a/backend/src/core/proxy-utils/producers/clash.js
+++ b/backend/src/core/proxy-utils/producers/clash.js
@@ -133,9 +133,13 @@ export default function Clash_Producer() {
                    }
                }
                if (
-                    ['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(
-                        proxy.type,
-                    )
+                    [
+                        'trojan',
+                        'tuic',
+                        'hysteria',
+                        'hysteria2',
+                        'juicity',
+                    ].includes(proxy.type)
                ) {
                    delete proxy.tls;
                }
@@ -158,9 +162,12 @@ export default function Clash_Producer() {
                delete proxy.collectionName;
                delete proxy.id;
                delete proxy.resolved;
-                for (const key in proxy) {
-                    if (proxy[key] == null || /^_/i.test(key)) {
-                        delete proxy[key];
+                delete proxy['no-resolve'];
+                if (type !== 'internal') {
+                    for (const key in proxy) {
+                        if (proxy[key] == null || /^_/i.test(key)) {
+                            delete proxy[key];
+                        }
                    }
                }
                if (
@@ -168,6 +175,7 @@ export default function Clash_Producer() {
                    proxy[`${proxy.network}-opts`]
                ) {
                    delete proxy[`${proxy.network}-opts`]['_grpc-type'];
+                    delete proxy[`${proxy.network}-opts`]['_grpc-authority'];
                }
                return proxy;
            });
--- a/backend/src/core/proxy-utils/producers/clashmeta.js
+++ b/backend/src/core/proxy-utils/producers/clashmeta.js
@@ -8,6 +8,8 @@ export default function ClashMeta_Producer() {
                if (opts['include-unsupported-proxy']) return true;
                if (proxy.type === 'snell' && String(proxy.version) === '4') {
                    return false;
+                } else if (['juicity'].includes(proxy.type)) {
+                    return false;
                }
                return true;
            })
@@ -149,9 +151,13 @@ export default function ClashMeta_Producer() {
                    }
                }
                if (
-                    ['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(
-                        proxy.type,
-                    )
+                    [
+                        'trojan',
+                        'tuic',
+                        'hysteria',
+                        'hysteria2',
+                        'juicity',
+                    ].includes(proxy.type)
                ) {
                    delete proxy.tls;
                }
@@ -173,9 +179,12 @@ export default function ClashMeta_Producer() {
                delete proxy.collectionName;
                delete proxy.id;
                delete proxy.resolved;
-                for (const key in proxy) {
-                    if (proxy[key] == null || /^_/i.test(key)) {
-                        delete proxy[key];
+                delete proxy['no-resolve'];
+                if (type !== 'internal') {
+                    for (const key in proxy) {
+                        if (proxy[key] == null || /^_/i.test(key)) {
+                            delete proxy[key];
+                        }
                    }
                }
                if (
@@ -183,6 +192,7 @@ export default function ClashMeta_Producer() {
                    proxy[`${proxy.network}-opts`]
                ) {
                    delete proxy[`${proxy.network}-opts`]['_grpc-type'];
+                    delete proxy[`${proxy.network}-opts`]['_grpc-authority'];
                }
                return proxy;
            });
--- a/backend/src/core/proxy-utils/producers/egern.js
+++ b/backend/src/core/proxy-utils/producers/egern.js
@@ -0,0 +1,298 @@
+export default function Egern_Producer() {
+    const type = 'ALL';
+    const produce = (proxies, type, opts = {}) => {
+        // https://egernapp.com/zh-CN/docs/configuration/proxies
+        const list = proxies
+            .filter((proxy) => {
+                if (opts['include-unsupported-proxy']) return true;
+                if (
+                    ![
+                        'http',
+                        'socks5',
+                        'ss',
+                        'trojan',
+                        'hysteria2',
+                        'vless',
+                        'vmess',
+                    ].includes(proxy.type) ||
+                    (proxy.type === 'ss' &&
+                        ((proxy.plugin === 'obfs' &&
+                            !['http', 'tls'].includes(
+                                proxy['plugin-opts']?.mode,
+                            )) ||
+                            ![
+                                'chacha20-ietf-poly1305',
+                                'chacha20-poly1305',
+                                'aes-256-gcm',
+                                'aes-128-gcm',
+                                'none',
+                                'tbale',
+                                'rc4',
+                                'rc4-md5',
+                                'aes-128-cfb',
+                                'aes-192-cfb',
+                                'aes-256-cfb',
+                                'aes-128-ctr',
+                                'aes-192-ctr',
+                                'aes-256-ctr',
+                                'bf-cfb',
+                                'camellia-128-cfb',
+                                'camellia-192-cfb',
+                                'camellia-256-cfb',
+                                'cast5-cfb',
+                                'des-cfb',
+                                'idea-cfb',
+                                'rc2-cfb',
+                                'seed-cfb',
+                                'salsa20',
+                                'chacha20',
+                                'chacha20-ietf',
+                            ].includes(proxy.cipher))) ||
+                    (proxy.type === 'vmess' &&
+                        (![
+                            'auto',
+                            'aes-128-gcm',
+                            'chacha20-poly1305',
+                            'none',
+                            'zero',
+                        ].includes(proxy.cipher) ||
+                            (!['http', 'ws', 'tcp'].includes(proxy.network) &&
+                                proxy.network))) ||
+                    (proxy.type === 'trojan' &&
+                        !['http', 'ws', 'tcp'].includes(proxy.network) &&
+                        proxy.network) ||
+                    (proxy.type === 'vless' &&
+                        (typeof proxy.flow !== 'undefined' ||
+                            proxy['reality-opts'] ||
+                            (!['http', 'ws', 'tcp'].includes(proxy.network) &&
+                                proxy.network)))
+                ) {
+                    return false;
+                }
+                return true;
+            })
+            .map((proxy) => {
+                if (proxy.type === 'http') {
+                    proxy = {
+                        type: 'http',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        username: proxy.username,
+                        password: proxy.password,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        next_hop: proxy.next_hop,
+                    };
+                } else if (proxy.type === 'socks5') {
+                    proxy = {
+                        type: 'socks5',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        username: proxy.username,
+                        password: proxy.password,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                    };
+                } else if (proxy.type === 'ss') {
+                    proxy = {
+                        type: 'shadowsocks',
+                        name: proxy.name,
+                        method:
+                            proxy.cipher === 'chacha20-ietf-poly1305'
+                                ? 'chacha20-poly1305'
+                                : proxy.cipher,
+                        server: proxy.server,
+                        port: proxy.port,
+                        password: proxy.password,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                    };
+                    if (proxy.plugin === 'obfs') {
+                        proxy.obfs = proxy['plugin-opts'].mode;
+                        proxy.obfs_host = proxy['plugin-opts'].host;
+                        proxy.obfs_uri = proxy['plugin-opts'].path;
+                    }
+                } else if (proxy.type === 'hysteria2') {
+                    proxy = {
+                        type: 'hysteria2',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        auth: proxy.password,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                        sni: proxy.sni,
+                        skip_tls_verify: proxy['skip-cert-verify'],
+                    };
+                    if (proxy['obfs-password'] && proxy.obfs == 'salamander') {
+                        proxy.obfs = 'salamander';
+                        proxy.obfs_password = proxy['obfs-password'];
+                    }
+                } else if (proxy.type === 'trojan') {
+                    if (proxy.network === 'ws') {
+                        proxy.websocket = {
+                            path: proxy['ws-opts']?.path,
+                            host: proxy['ws-opts']?.headers?.Host,
+                        };
+                    }
+                    proxy = {
+                        type: 'trojan',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        password: proxy.password,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                        sni: proxy.sni,
+                        skip_tls_verify: proxy['skip-cert-verify'],
+                        websocket: proxy.websocket,
+                    };
+                } else if (proxy.type === 'vmess') {
+                    if (proxy.network === 'ws') {
+                        proxy.transport = {
+                            [proxy.tls ? 'wss' : 'ws']: {
+                                path: proxy['ws-opts']?.path,
+                                headers: {
+                                    Host: proxy['ws-opts']?.headers?.Host,
+                                },
+                                sni: proxy.tls ? proxy.sni : undefined,
+                                skip_tls_verify: proxy.tls
+                                    ? proxy['skip-cert-verify']
+                                    : undefined,
+                            },
+                        };
+                    } else if (proxy.network === 'http') {
+                        proxy.transport = {
+                            http: {
+                                method: proxy['http-opts']?.method,
+                                path: proxy['http-opts']?.path,
+                                headers: {
+                                    Host: Array.isArray(
+                                        proxy['http-opts']?.headers?.Host,
+                                    )
+                                        ? proxy['http-opts']?.headers?.Host[0]
+                                        : proxy['http-opts']?.headers?.Host,
+                                },
+                                skip_tls_verify: proxy['skip-cert-verify'],
+                            },
+                        };
+                    } else if (proxy.network === 'tcp' || !proxy.network) {
+                        proxy.transport = {
+                            [proxy.tls ? 'tls' : 'tcp']: {
+                                sni: proxy.tls ? proxy.sni : undefined,
+                                skip_tls_verify: proxy.tls
+                                    ? proxy['skip-cert-verify']
+                                    : undefined,
+                            },
+                        };
+                    }
+                    proxy = {
+                        type: 'vmess',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        user_id: proxy.uuid,
+                        security: proxy.cipher,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        legacy: proxy.legacy,
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                        transport: proxy.transport,
+                        // sni: proxy.sni,
+                        // skip_tls_verify: proxy['skip-cert-verify'],
+                    };
+                } else if (proxy.type === 'vless') {
+                    if (proxy.network === 'ws') {
+                        proxy.transport = {
+                            [proxy.tls ? 'wss' : 'ws']: {
+                                path: proxy['ws-opts']?.path,
+                                headers: {
+                                    Host: proxy['ws-opts']?.headers?.Host,
+                                },
+                                sni: proxy.tls ? proxy.sni : undefined,
+                                skip_tls_verify: proxy.tls
+                                    ? proxy['skip-cert-verify']
+                                    : undefined,
+                            },
+                        };
+                    } else if (proxy.network === 'http') {
+                        proxy.transport = {
+                            http: {
+                                method: proxy['http-opts']?.method,
+                                path: proxy['http-opts']?.path,
+                                headers: {
+                                    Host: Array.isArray(
+                                        proxy['http-opts']?.headers?.Host,
+                                    )
+                                        ? proxy['http-opts']?.headers?.Host[0]
+                                        : proxy['http-opts']?.headers?.Host,
+                                },
+                                skip_tls_verify: proxy['skip-cert-verify'],
+                            },
+                        };
+                    } else if (proxy.network === 'tcp' || !proxy.network) {
+                        proxy.transport = {
+                            [proxy.tls ? 'tls' : 'tcp']: {
+                                sni: proxy.tls ? proxy.sni : undefined,
+                                skip_tls_verify: proxy.tls
+                                    ? proxy['skip-cert-verify']
+                                    : undefined,
+                            },
+                        };
+                    }
+                    proxy = {
+                        type: 'vless',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        user_id: proxy.uuid,
+                        security: proxy.cipher,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        legacy: proxy.legacy,
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                        transport: proxy.transport,
+                        // sni: proxy.sni,
+                        // skip_tls_verify: proxy['skip-cert-verify'],
+                    };
+                }
+
+                delete proxy.subName;
+                delete proxy.collectionName;
+                delete proxy.id;
+                delete proxy.resolved;
+                delete proxy['no-resolve'];
+                if (type !== 'internal') {
+                    for (const key in proxy) {
+                        if (proxy[key] == null || /^_/i.test(key)) {
+                            delete proxy[key];
+                        }
+                    }
+                }
+                return {
+                    [proxy.type]: {
+                        ...proxy,
+                        type: undefined,
+                    },
+                };
+            });
+        return type === 'internal'
+            ? list
+            : 'proxies:\n' +
+                  list
+                      .map((proxy) => '  - ' + JSON.stringify(proxy) + '\n')
+                      .join('');
+    };
+    return { type, produce };
+}
--- a/backend/src/core/proxy-utils/producers/index.js
+++ b/backend/src/core/proxy-utils/producers/index.js
@@ -10,6 +10,7 @@ import QX_Producer from './qx';
 import Shadowrocket_Producer from './shadowrocket';
 import Surfboard_Producer from './surfboard';
 import singbox_Producer from './sing-box';
+import Egern_Producer from './egern';

 function JSON_Producer() {
    const type = 'ALL';
@@ -34,4 +35,5 @@ export default {
    ShadowRocket: Shadowrocket_Producer(),
    Surfboard: Surfboard_Producer(),
    'sing-box': singbox_Producer(),
+    Egern: Egern_Producer(),
 };
--- a/backend/src/core/proxy-utils/producers/loon.js
+++ b/backend/src/core/proxy-utils/producers/loon.js
@@ -4,10 +4,10 @@ import { isPresent, Result } from './utils';
 import { isIPv4, isIPv6 } from '@/utils';

 export default function Loon_Producer() {
-    const produce = (proxy) => {
+    const produce = (proxy, type, opts = {}) => {
        switch (proxy.type) {
            case 'ss':
-                return shadowsocks(proxy);
+                return shadowsocks(proxy, opts['include-unsupported-proxy']);
            case 'ssr':
                return shadowsocksr(proxy);
            case 'trojan':
@@ -32,7 +32,7 @@ export default function Loon_Producer() {
    return { produce };
 }

-function shadowsocks(proxy) {
+function shadowsocks(proxy, includeUnsupportedProxy) {
    const result = new Result(proxy);
    if (
        ![
@@ -56,6 +56,9 @@ function shadowsocks(proxy) {
            'aes-256-gcm',
            'chacha20-ietf-poly1305',
            'xchacha20-ietf-poly1305',
+            ...(includeUnsupportedProxy
+                ? ['2022-blake3-aes-128-gcm', '2022-blake3-aes-256-gcm']
+                : []),
        ].includes(proxy.cipher)
    ) {
        throw new Error(`cipher ${proxy.cipher} is not supported`);
@@ -153,6 +156,14 @@ function trojan(proxy) {

    // sni
    result.appendIfPresent(`,tls-name=${proxy.sni}`, 'sni');
+    result.appendIfPresent(
+        `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
+        'tls-fingerprint',
+    );
+    result.appendIfPresent(
+        `,tls-pubkey-sha256=${proxy['tls-pubkey-sha256']}`,
+        'tls-pubkey-sha256',
+    );

    // tfo
    result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');
@@ -215,6 +226,14 @@ function vmess(proxy) {

    // sni
    result.appendIfPresent(`,tls-name=${proxy.sni}`, 'sni');
+    result.appendIfPresent(
+        `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
+        'tls-fingerprint',
+    );
+    result.appendIfPresent(
+        `,tls-pubkey-sha256=${proxy['tls-pubkey-sha256']}`,
+        'tls-pubkey-sha256',
+    );

    // AEAD
    if (isPresent(proxy, 'aead')) {
@@ -286,6 +305,14 @@ function vless(proxy) {

    // sni
    result.appendIfPresent(`,tls-name=${proxy.sni}`, 'sni');
+    result.appendIfPresent(
+        `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
+        'tls-fingerprint',
+    );
+    result.appendIfPresent(
+        `,tls-pubkey-sha256=${proxy['tls-pubkey-sha256']}`,
+        'tls-pubkey-sha256',
+    );

    // tfo
    result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');
@@ -339,6 +366,11 @@ function socks5(proxy) {
    // tfo
    result.appendIfPresent(`,tfo=${proxy.tfo}`, 'tfo');

+    // udp
+    if (proxy.udp) {
+        result.append(`,udp=true`);
+    }
+
    return result.toString();
 }

@@ -408,8 +440,8 @@ function wireguard(proxy) {
 }

 function hysteria2(proxy) {
-    if (proxy.obfs || proxy['obfs-password']) {
-        throw new Error(`obfs is unsupported`);
+    if (proxy['obfs-password'] && proxy.obfs != 'salamander') {
+        throw new Error(`only salamander obfs is supported`);
    }
    const result = new Result(proxy);
    result.append(`${proxy.name}=Hysteria2,${proxy.server},${proxy.port}`);
@@ -418,11 +450,23 @@ function hysteria2(proxy) {

    // sni
    result.appendIfPresent(`,tls-name=${proxy.sni}`, 'sni');
+    result.appendIfPresent(
+        `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
+        'tls-fingerprint',
+    );
+    result.appendIfPresent(
+        `,tls-pubkey-sha256=${proxy['tls-pubkey-sha256']}`,
+        'tls-pubkey-sha256',
+    );
    result.appendIfPresent(
        `,skip-cert-verify=${proxy['skip-cert-verify']}`,
        'skip-cert-verify',
    );

+    if (proxy['obfs-password'] && proxy.obfs == 'salamander') {
+        result.append(`,salamander-password=${proxy['obfs-password']}`);
+    }
+
    // tfo
    result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');

--- a/backend/src/core/proxy-utils/producers/shadowrocket.js
+++ b/backend/src/core/proxy-utils/producers/shadowrocket.js
@@ -8,6 +8,8 @@ export default function ShadowRocket_Producer() {
                if (opts['include-unsupported-proxy']) return true;
                if (proxy.type === 'snell' && String(proxy.version) === '4') {
                    return false;
+                } else if (['mieru'].includes(proxy.type)) {
+                    return false;
                }
                return true;
            })
@@ -152,9 +154,13 @@ export default function ShadowRocket_Producer() {
                    }
                }
                if (
-                    ['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(
-                        proxy.type,
-                    )
+                    [
+                        'trojan',
+                        'tuic',
+                        'hysteria',
+                        'hysteria2',
+                        'juicity',
+                    ].includes(proxy.type)
                ) {
                    delete proxy.tls;
                }
@@ -176,9 +182,12 @@ export default function ShadowRocket_Producer() {
                delete proxy.collectionName;
                delete proxy.id;
                delete proxy.resolved;
-                for (const key in proxy) {
-                    if (proxy[key] == null || /^_/i.test(key)) {
-                        delete proxy[key];
+                delete proxy['no-resolve'];
+                if (type !== 'internal') {
+                    for (const key in proxy) {
+                        if (proxy[key] == null || /^_/i.test(key)) {
+                            delete proxy[key];
+                        }
                    }
                }
                if (
@@ -186,6 +195,7 @@ export default function ShadowRocket_Producer() {
                    proxy[`${proxy.network}-opts`]
                ) {
                    delete proxy[`${proxy.network}-opts`]['_grpc-type'];
+                    delete proxy[`${proxy.network}-opts`]['_grpc-authority'];
                }
                return proxy;
            });
--- a/backend/src/core/proxy-utils/producers/sing-box.js
+++ b/backend/src/core/proxy-utils/producers/sing-box.js
@@ -3,7 +3,7 @@ import $ from '@/core/app';
 import { isIPv4, isIPv6 } from '@/utils';

 const detourParser = (proxy, parsedProxy) => {
-    if (proxy['dialer-proxy']) parsedProxy.detour = proxy['dialer-proxy'];
+    parsedProxy.detour = proxy['dialer-proxy'] || proxy.detour;
 };
 const tfoParser = (proxy, parsedProxy) => {
    parsedProxy.tcp_fast_open = false;
@@ -202,13 +202,8 @@ const tlsParser = (proxy, parsedProxy) => {
        parsedProxy.tls.alpn = [proxy.alpn];
    } else if (Array.isArray(proxy.alpn)) parsedProxy.tls.alpn = proxy.alpn;
    if (proxy.ca) parsedProxy.tls.certificate_path = `${proxy.ca}`;
-    if (proxy.ca_str) parsedProxy.tls.certificate = proxy.ca_sStr;
-    if (proxy['ca-str']) parsedProxy.tls.certificate = proxy['ca-str'];
-    if (proxy['client-fingerprint'] && proxy['client-fingerprint'] !== '')
-        parsedProxy.tls.utls = {
-            enabled: true,
-            fingerprint: proxy['client-fingerprint'],
-        };
+    if (proxy.ca_str) parsedProxy.tls.certificate = [proxy.ca_str];
+    if (proxy['ca-str']) parsedProxy.tls.certificate = [proxy['ca-str']];
    if (proxy['reality-opts']) {
        parsedProxy.tls.reality = { enabled: true };
        if (proxy['reality-opts']['public-key'])
@@ -217,7 +212,17 @@ const tlsParser = (proxy, parsedProxy) => {
        if (proxy['reality-opts']['short-id'])
            parsedProxy.tls.reality.short_id =
                proxy['reality-opts']['short-id'];
+        parsedProxy.tls.utls = { enabled: true };
    }
+    if (
+        !['hysteria', 'hysteria2', 'tuic'].includes(proxy.type) &&
+        proxy['client-fingerprint'] &&
+        proxy['client-fingerprint'] !== ''
+    )
+        parsedProxy.tls.utls = {
+            enabled: true,
+            fingerprint: proxy['client-fingerprint'],
+        };
    if (!parsedProxy.tls.enabled) delete parsedProxy.tls;
 };

--- a/backend/src/core/proxy-utils/producers/stash.js
+++ b/backend/src/core/proxy-utils/producers/stash.js
@@ -6,7 +6,6 @@ export default function Stash_Producer() {
        // https://stash.wiki/proxy-protocols/proxy-types#shadowsocks
        const list = proxies
            .filter((proxy) => {
-                if (opts['include-unsupported-proxy']) return true;
                if (
                    ![
                        'ss',
@@ -21,6 +20,8 @@ export default function Stash_Producer() {
                        'wireguard',
                        'hysteria',
                        'hysteria2',
+                        'ssh',
+                        'juicity',
                    ].includes(proxy.type) ||
                    (proxy.type === 'ss' &&
                        ![
@@ -38,6 +39,12 @@ export default function Stash_Producer() {
                            'xchacha20',
                            'chacha20-ietf-poly1305',
                            'xchacha20-ietf-poly1305',
+                            ...(opts['include-unsupported-proxy']
+                                ? [
+                                      '2022-blake3-aes-128-gcm',
+                                      '2022-blake3-aes-256-gcm',
+                                  ]
+                                : []),
                        ].includes(proxy.cipher)) ||
                    (proxy.type === 'snell' && String(proxy.version) === '4') ||
                    (proxy.type === 'vless' && proxy['reality-opts'])
@@ -232,9 +239,13 @@ export default function Stash_Producer() {
                    }
                }
                if (
-                    ['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(
-                        proxy.type,
-                    )
+                    [
+                        'trojan',
+                        'tuic',
+                        'hysteria',
+                        'hysteria2',
+                        'juicity',
+                    ].includes(proxy.type)
                ) {
                    delete proxy.tls;
                }
@@ -265,9 +276,12 @@ export default function Stash_Producer() {
                delete proxy.collectionName;
                delete proxy.id;
                delete proxy.resolved;
-                for (const key in proxy) {
-                    if (proxy[key] == null || /^_/i.test(key)) {
-                        delete proxy[key];
+                delete proxy['no-resolve'];
+                if (type !== 'internal') {
+                    for (const key in proxy) {
+                        if (proxy[key] == null || /^_/i.test(key)) {
+                            delete proxy[key];
+                        }
                    }
                }
                if (
@@ -275,6 +289,7 @@ export default function Stash_Producer() {
                    proxy[`${proxy.network}-opts`]
                ) {
                    delete proxy[`${proxy.network}-opts`]['_grpc-type'];
+                    delete proxy[`${proxy.network}-opts`]['_grpc-authority'];
                }
                return proxy;
            });
--- a/backend/src/core/proxy-utils/producers/surfboard.js
+++ b/backend/src/core/proxy-utils/producers/surfboard.js
@@ -6,7 +6,7 @@ const targetPlatform = 'Surfboard';

 export default function Surfboard_Producer() {
    const produce = (proxy) => {
-        proxy.name = proxy.name.replace(/=/g, '');
+        proxy.name = proxy.name.replace(/=|,/g, '');
        switch (proxy.type) {
            case 'ss':
                return shadowsocks(proxy);
--- a/backend/src/core/proxy-utils/producers/surge.js
+++ b/backend/src/core/proxy-utils/producers/surge.js
@@ -14,15 +14,21 @@ const ipVersions = {

 export default function Surge_Producer() {
    const produce = (proxy, type, opts = {}) => {
+        proxy.name = proxy.name.replace(/=|,/g, '');
+        if (proxy.ports) {
+            proxy.ports = String(proxy.ports);
+        }
        switch (proxy.type) {
            case 'ss':
-                return shadowsocks(proxy);
+                return shadowsocks(proxy, opts['include-unsupported-proxy']);
            case 'trojan':
                return trojan(proxy);
            case 'vmess':
-                return vmess(proxy);
+                return vmess(proxy, opts['include-unsupported-proxy']);
            case 'http':
                return http(proxy);
+            case 'direct':
+                return direct(proxy);
            case 'socks5':
                return socks5(proxy);
            case 'snell':
@@ -47,7 +53,7 @@ export default function Surge_Producer() {
    return { produce };
 }

-function shadowsocks(proxy) {
+function shadowsocks(proxy, includeUnsupportedProxy) {
    const result = new Result(proxy);
    result.append(`${proxy.name}=${proxy.type},${proxy.server},${proxy.port}`);
    if (!proxy.cipher) {
@@ -81,12 +87,15 @@ function shadowsocks(proxy) {
            'chacha20',
            'chacha20-ietf',
            'none',
+            ...(includeUnsupportedProxy
+                ? ['2022-blake3-aes-128-gcm', '2022-blake3-aes-256-gcm']
+                : []),
        ].includes(proxy.cipher)
    ) {
        throw new Error(`cipher ${proxy.cipher} is not supported`);
    }
    result.append(`,encrypt-method=${proxy.cipher}`);
-    result.appendIfPresent(`,password=${proxy.password}`, 'password');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
@@ -118,6 +127,8 @@ function shadowsocks(proxy) {

    // udp
    result.appendIfPresent(`,udp-relay=${proxy.udp}`, 'udp');
+    // udp-port
+    result.appendIfPresent(`,udp-port=${proxy['udp-port']}`, 'udp-port');

    // test-url
    result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
@@ -184,7 +195,7 @@ function shadowsocks(proxy) {
 function trojan(proxy) {
    const result = new Result(proxy);
    result.append(`${proxy.name}=${proxy.type},${proxy.server},${proxy.port}`);
-    result.appendIfPresent(`,password=${proxy.password}`, 'password');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
@@ -263,7 +274,7 @@ function trojan(proxy) {
    return result.toString();
 }

-function vmess(proxy) {
+function vmess(proxy, includeUnsupportedProxy) {
    const result = new Result(proxy);
    result.append(`${proxy.name}=${proxy.type},${proxy.server},${proxy.port}`);
    result.appendIfPresent(`,username=${proxy.uuid}`, 'uuid');
@@ -277,7 +288,7 @@ function vmess(proxy) {
    );

    // transport
-    handleTransport(result, proxy);
+    handleTransport(result, proxy, includeUnsupportedProxy);

    // AEAD
    if (isPresent(proxy, 'aead')) {
@@ -357,7 +368,7 @@ function ssh(proxy) {
    result.append(`${proxy.name}=ssh,${proxy.server},${proxy.port}`);
    result.appendIfPresent(`,${proxy.username}`, 'username');
    // 所有的类似的字段都有双引号的问题 暂不处理
-    result.appendIfPresent(`,${proxy.password}`, 'password');
+    result.appendIfPresent(`,"${proxy.password}"`, 'password');

    // https://manual.nssurge.com/policy/ssh.html
    // 需配合 Keystore
@@ -422,7 +433,7 @@ function http(proxy) {
    const type = proxy.tls ? 'https' : 'http';
    result.append(`${proxy.name}=${type},${proxy.server},${proxy.port}`);
    result.appendIfPresent(`,${proxy.username}`, 'username');
-    result.appendIfPresent(`,${proxy.password}`, 'password');
+    result.appendIfPresent(`,"${proxy.password}"`, 'password');

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
@@ -494,13 +505,61 @@ function http(proxy) {

    return result.toString();
 }
+function direct(proxy) {
+    const result = new Result(proxy);
+    const type = 'direct';
+    result.append(`${proxy.name}=${type}`);
+
+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
+
+    result.appendIfPresent(
+        `,no-error-alert=${proxy['no-error-alert']}`,
+        'no-error-alert',
+    );
+
+    // tfo
+    result.appendIfPresent(`,tfo=${proxy.tfo}`, 'tfo');
+
+    // udp
+    result.appendIfPresent(`,udp-relay=${proxy.udp}`, 'udp');
+
+    // test-url
+    result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(
+        `,interface=${proxy['interface-name']}`,
+        'interface-name',
+    );
+
+    // block-quic
+    result.appendIfPresent(`,block-quic=${proxy['block-quic']}`, 'block-quic');
+
+    // underlying-proxy
+    result.appendIfPresent(
+        `,underlying-proxy=${proxy['underlying-proxy']}`,
+        'underlying-proxy',
+    );
+
+    return result.toString();
+}

 function socks5(proxy) {
    const result = new Result(proxy);
    const type = proxy.tls ? 'socks5-tls' : 'socks5';
    result.append(`${proxy.name}=${type},${proxy.server},${proxy.port}`);
    result.appendIfPresent(`,${proxy.username}`, 'username');
-    result.appendIfPresent(`,${proxy.password}`, 'password');
+    result.appendIfPresent(`,"${proxy.password}"`, 'password');

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
@@ -666,7 +725,7 @@ function tuic(proxy) {
    result.append(`${proxy.name}=${type},${proxy.server},${proxy.port}`);

    result.appendIfPresent(`,uuid=${proxy.uuid}`, 'uuid');
-    result.appendIfPresent(`,password=${proxy.password}`, 'password');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');
    result.appendIfPresent(`,token=${proxy.token}`, 'token');

    result.appendIfPresent(
@@ -674,6 +733,15 @@ function tuic(proxy) {
        'alpn',
    );

+    if (isPresent(proxy, 'ports')) {
+        result.append(`,port-hopping="${proxy.ports.replace(/,/g, ';')}"`);
+    }
+
+    result.appendIfPresent(
+        `,port-hopping-interval=${proxy['hop-interval']}`,
+        'hop-interval',
+    );
+
    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');

@@ -932,7 +1000,16 @@ function hysteria2(proxy) {
    const result = new Result(proxy);
    result.append(`${proxy.name}=hysteria2,${proxy.server},${proxy.port}`);

-    result.appendIfPresent(`,password=${proxy.password}`, 'password');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');
+
+    if (isPresent(proxy, 'ports')) {
+        result.append(`,port-hopping="${proxy.ports.replace(/,/g, ';')}"`);
+    }
+
+    result.appendIfPresent(
+        `,port-hopping-interval=${proxy['hop-interval']}`,
+        'hop-interval',
+    );

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
@@ -1012,7 +1089,7 @@ function hysteria2(proxy) {
    return result.toString();
 }

-function handleTransport(result, proxy) {
+function handleTransport(result, proxy, includeUnsupportedProxy) {
    if (isPresent(proxy, 'network')) {
        if (proxy.network === 'ws') {
            result.append(`,ws=true`);
@@ -1038,7 +1115,13 @@ function handleTransport(result, proxy) {
                }
            }
        } else {
-            throw new Error(`network ${proxy.network} is unsupported`);
+            if (includeUnsupportedProxy && ['http'].includes(proxy.network)) {
+                $.info(
+                    `Include Unsupported Proxy: nework ${proxy.network} -> tcp`,
+                );
+            } else {
+                throw new Error(`network ${proxy.network} is unsupported`);
+            }
        }
    }
 }
--- a/backend/src/core/proxy-utils/producers/surgemac.js
+++ b/backend/src/core/proxy-utils/producers/surgemac.js
@@ -1,6 +1,8 @@
-import { Result } from './utils';
+import { Base64 } from 'js-base64';
+import { Result, isPresent } from './utils';
 import Surge_Producer from './surge';
-import { isIPv4, isIPv6, isPresent } from '@/utils';
+import ClashMeta_Producer from './clashmeta';
+import { isIPv4, isIPv6 } from '@/utils';
 import $ from '@/core/app';

 const targetPlatform = 'SurgeMac';
@@ -8,14 +10,28 @@ const targetPlatform = 'SurgeMac';
 const surge_Producer = Surge_Producer();

 export default function SurgeMac_Producer() {
-    const produce = (proxy) => {
+    const produce = (proxy, type, opts = {}) => {
        switch (proxy.type) {
            case 'external':
                return external(proxy);
-            case 'ssr':
-                return shadowsocksr(proxy);
-            default:
-                return surge_Producer.produce(proxy);
+            // case 'ssr':
+            //     return shadowsocksr(proxy);
+            default: {
+                try {
+                    return surge_Producer.produce(proxy, type, opts);
+                } catch (e) {
+                    if (opts.useMihomoExternal) {
+                        $.log(
+                            `${proxy.name} is not supported on ${targetPlatform}, try to use Mihomo(SurgeMac - External Proxy Program) instead`,
+                        );
+                        return mihomo(proxy, type, opts);
+                    } else {
+                        throw new Error(
+                            `Surge for macOS 可手动指定链接参数 target=SurgeMac 或在 同步配置 中指定 SurgeMac 来启用 mihomo 支援 Surge 本身不支持的协议`,
+                        );
+                    }
+                }
+            }
        }
    };
    return { produce };
@@ -60,6 +76,7 @@ function external(proxy) {

    return result.toString();
 }
+// eslint-disable-next-line no-unused-vars
 function shadowsocksr(proxy) {
    const external_proxy = {
        ...proxy,
@@ -84,6 +101,7 @@ function shadowsocksr(proxy) {
    for (const [key, value] of Object.entries({
        cipher: '-m',
        obfs: '-o',
+        'obfs-param': '-g',
        password: '-k',
        port: '-p',
        protocol: '-O',
@@ -92,12 +110,73 @@ function shadowsocksr(proxy) {
        'local-port': '-l',
        'local-address': '-b',
    })) {
-        external_proxy.args.push(value);
-        external_proxy.args.push(external_proxy[key]);
+        if (external_proxy[key] != null) {
+            external_proxy.args.push(value);
+            external_proxy.args.push(external_proxy[key]);
+        }
    }

    return external(external_proxy);
 }
+// eslint-disable-next-line no-unused-vars
+function mihomo(proxy, type, opts) {
+    const clashProxy = ClashMeta_Producer().produce([proxy], 'internal')?.[0];
+    if (clashProxy) {
+        const localPort = opts?.localPort || proxy._localPort || 65535;
+        const ipv6 = ['ipv4', 'v4-only'].includes(proxy['ip-version'])
+            ? false
+            : true;
+        const external_proxy = {
+            name: proxy.name,
+            type: 'external',
+            exec: proxy._exec || '/usr/local/bin/mihomo',
+            'local-port': localPort,
+            args: [
+                '-config',
+                Base64.encode(
+                    JSON.stringify({
+                        'mixed-port': localPort,
+                        ipv6,
+                        mode: 'global',
+                        dns: {
+                            enable: true,
+                            ipv6,
+                            nameserver: [
+                                'https://223.6.6.6/dns-query',
+                                'https://120.53.53.53/dns-query',
+                            ],
+                        },
+                        proxies: [
+                            {
+                                ...clashProxy,
+                                name: 'proxy',
+                            },
+                        ],
+                        'proxy-groups': [
+                            {
+                                name: 'GLOBAL',
+                                type: 'select',
+                                proxies: ['proxy'],
+                            },
+                        ],
+                    }),
+                ),
+            ],
+            addresses: [],
+        };
+
+        // https://manual.nssurge.com/policy/external-proxy.html
+        if (isIP(proxy.server)) {
+            external_proxy.addresses.push(proxy.server);
+        } else {
+            $.log(
+                `Platform ${targetPlatform}, proxy type ${proxy.type}: addresses should be an IP address, but got ${proxy.server}`,
+            );
+        }
+        opts.localPort = localPort - 1;
+        return external(external_proxy);
+    }
+}

 function isIP(ip) {
    return isIPv4(ip) || isIPv6(ip);
--- a/backend/src/core/proxy-utils/producers/uri.js
+++ b/backend/src/core/proxy-utils/producers/uri.js
@@ -10,12 +10,17 @@ export default function URI_Producer() {
        delete proxy.collectionName;
        delete proxy.id;
        delete proxy.resolved;
+        delete proxy['no-resolve'];
        for (const key in proxy) {
            if (proxy[key] == null || /^_/i.test(key)) {
                delete proxy[key];
            }
        }
-        if (['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(proxy.type)) {
+        if (
+            ['trojan', 'tuic', 'hysteria', 'hysteria2', 'juicity'].includes(
+                proxy.type,
+            )
+        ) {
            delete proxy.tls;
        }
        if (proxy.server && isIPv6(proxy.server)) {
@@ -24,9 +29,13 @@ export default function URI_Producer() {
        switch (proxy.type) {
            case 'ss':
                const userinfo = `${proxy.cipher}:${proxy.password}`;
-                result = `ss://${Base64.encode(userinfo)}@${proxy.server}:${
-                    proxy.port
-                }${proxy.plugin ? '/' : ''}`;
+                result = `ss://${
+                    proxy.cipher?.startsWith('2022-blake3-')
+                        ? `${encodeURIComponent(
+                              proxy.cipher,
+                          )}:${encodeURIComponent(proxy.password)}`
+                        : Base64.encode(userinfo)
+                }@${proxy.server}:${proxy.port}${proxy.plugin ? '/' : ''}`;
                if (proxy.plugin) {
                    result += '?plugin=';
                    const opts = proxy['plugin-opts'];
@@ -97,7 +106,7 @@ export default function URI_Producer() {
                    port: proxy.port,
                    id: proxy.uuid,
                    type,
-                    aid: 0,
+                    aid: proxy.alterId || 0,
                    net,
                    tls: proxy.tls ? 'tls' : '',
                };
@@ -129,6 +138,8 @@ export default function URI_Producer() {
                        result.type =
                            proxy[`${proxy.network}-opts`]?.['_grpc-type'] ||
                            'gun';
+                        result.host =
+                            proxy[`${proxy.network}-opts`]?.['_grpc-authority'];
                    }
                }
                result = 'vmess://' + Base64.encode(JSON.stringify(result));
@@ -191,6 +202,13 @@ export default function URI_Producer() {
                    vlessTransport += `&mode=${encodeURIComponent(
                        proxy[`${proxy.network}-opts`]?.['_grpc-type'] || 'gun',
                    )}`;
+                    const authority =
+                        proxy[`${proxy.network}-opts`]?.['_grpc-authority'];
+                    if (authority) {
+                        vlessTransport += `&authority=${encodeURIComponent(
+                            authority,
+                        )}`;
+                    }
                }

                let vlessTransportServiceName =
@@ -219,6 +237,18 @@ export default function URI_Producer() {
                        vlessTransportServiceName,
                    )}`;
                }
+                if (proxy.network === 'kcp') {
+                    if (proxy.seed) {
+                        vlessTransport += `&seed=${encodeURIComponent(
+                            proxy.seed,
+                        )}`;
+                    }
+                    if (proxy.headerType) {
+                        vlessTransport += `&headerType=${encodeURIComponent(
+                            proxy.headerType,
+                        )}`;
+                    }
+                }

                result = `vless://${proxy.uuid}@${proxy.server}:${
                    proxy.port
@@ -244,11 +274,18 @@ export default function URI_Producer() {
                            proxy[`${proxy.network}-opts`]?.[
                                `${proxy.network}-service-name`
                            ];
+                        let trojanTransportAuthority =
+                            proxy[`${proxy.network}-opts`]?.['_grpc-authority'];
                        if (trojanTransportServiceName) {
                            trojanTransport += `&serviceName=${encodeURIComponent(
                                trojanTransportServiceName,
                            )}`;
                        }
+                        if (trojanTransportAuthority) {
+                            trojanTransport += `&authority=${encodeURIComponent(
+                                trojanTransportAuthority,
+                            )}`;
+                        }
                        trojanTransport += `&mode=${encodeURIComponent(
                            proxy[`${proxy.network}-opts`]?.['_grpc-type'] ||
                                'gun',
@@ -273,11 +310,27 @@ export default function URI_Producer() {
                        )}`;
                    }
                }
+                let trojanFp = '';
+                if (proxy['client-fingerprint']) {
+                    trojanFp = `&fp=${encodeURIComponent(
+                        proxy['client-fingerprint'],
+                    )}`;
+                }
+                let trojanAlpn = '';
+                if (proxy.alpn) {
+                    trojanAlpn = `&alpn=${encodeURIComponent(
+                        Array.isArray(proxy.alpn)
+                            ? proxy.alpn
+                            : proxy.alpn.join(','),
+                    )}`;
+                }
                result = `trojan://${proxy.password}@${proxy.server}:${
                    proxy.port
                }?sni=${encodeURIComponent(proxy.sni || proxy.server)}${
                    proxy['skip-cert-verify'] ? '&allowInsecure=1' : ''
-                }${trojanTransport}#${encodeURIComponent(proxy.name)}`;
+                }${trojanTransport}${trojanAlpn}${trojanFp}#${encodeURIComponent(
+                    proxy.name,
+                )}`;
                break;
            case 'hysteria2':
                let hysteria2params = [];
--- a/backend/src/core/proxy-utils/producers/v2ray.js
+++ b/backend/src/core/proxy-utils/producers/v2ray.js
@@ -1,12 +1,30 @@
 /* eslint-disable no-case-declarations */
 import { Base64 } from 'js-base64';
 import URI_Producer from './uri';
+import $ from '@/core/app';

 const URI = URI_Producer();

 export default function V2Ray_Producer() {
    const type = 'ALL';
-    const produce = (proxies) =>
-        Base64.encode(proxies.map((proxy) => URI.produce(proxy)).join('\n'));
+    const produce = (proxies) => {
+        let result = [];
+        proxies.map((proxy) => {
+            try {
+                result.push(URI.produce(proxy));
+            } catch (err) {
+                $.error(
+                    `Cannot produce proxy: ${JSON.stringify(
+                        proxy,
+                        null,
+                        2,
+                    )}\nReason: ${err}`,
+                );
+            }
+        });
+
+        return Base64.encode(result.join('\n'));
+    };
+
    return { type, produce };
 }
--- a/backend/src/products/cron-sync-artifacts.js
+++ b/backend/src/products/cron-sync-artifacts.js
@@ -11,17 +11,65 @@ import { syncToGist } from '@/restful/artifacts';
 import { findByName } from '@/utils/database';

 !(async function () {
-    const settings = $.read(SETTINGS_KEY);
-    // if GitHub token is not configured
-    if (!settings.githubUser || !settings.gistToken) return;
+    let arg;
+    if (typeof $argument != 'undefined') {
+        arg = Object.fromEntries(
+            // eslint-disable-next-line no-undef
+            $argument.split('&').map((item) => item.split('=')),
+        );
+    } else {
+        arg = {};
+    }
+    let sub_names = (arg?.subscription ?? arg?.sub ?? '')
+        .split(/,|，/g)
+        .map((i) => i.trim())
+        .filter((i) => i.length > 0)
+        .map((i) => decodeURIComponent(i));
+    let col_names = (arg?.collection ?? arg?.col ?? '')
+        .split(/,|，/g)
+        .map((i) => i.trim())
+        .filter((i) => i.length > 0)
+        .map((i) => decodeURIComponent(i));
+    if (sub_names.length > 0 || col_names.length > 0) {
+        if (sub_names.length > 0)
+            await produceArtifacts(sub_names, 'subscription');
+        if (col_names.length > 0)
+            await produceArtifacts(col_names, 'collection');
+    } else {
+        const settings = $.read(SETTINGS_KEY);
+        // if GitHub token is not configured
+        if (!settings.githubUser || !settings.gistToken) return;

-    const artifacts = $.read(ARTIFACTS_KEY);
-    if (!artifacts || artifacts.length === 0) return;
+        const artifacts = $.read(ARTIFACTS_KEY);
+        if (!artifacts || artifacts.length === 0) return;

-    const shouldSync = artifacts.some((artifact) => artifact.sync);
-    if (shouldSync) await doSync();
+        const shouldSync = artifacts.some((artifact) => artifact.sync);
+        if (shouldSync) await doSync();
+    }
 })().finally(() => $.done());

+async function produceArtifacts(names, type) {
+    try {
+        if (names.length > 0) {
+            $.info(`produceArtifacts ${type} 开始: ${names.join(', ')}`);
+            await Promise.all(
+                names.map(async (name) => {
+                    try {
+                        await produceArtifact({
+                            type,
+                            name,
+                        });
+                    } catch (e) {
+                        $.error(`${type} ${name} error: ${e.message ?? e}`);
+                    }
+                }),
+            );
+            $.info(`produceArtifacts ${type} 完成: ${names.join(', ')}`);
+        }
+    } catch (e) {
+        $.error(`produceArtifacts error: ${e.message ?? e}`);
+    }
+}
 async function doSync() {
    console.log(
        `
@@ -69,6 +117,7 @@ async function doSync() {
                        await produceArtifact({
                            type: 'subscription',
                            name: subName,
+                            awaitCustomCache: true,
                        });
                    } catch (e) {
                        // $.error(`${e.message ?? e}`);
@@ -81,6 +130,15 @@ async function doSync() {
                try {
                    if (artifact.sync && artifact.source) {
                        $.info(`正在同步云配置：${artifact.name}...`);
+
+                        const useMihomoExternal =
+                            artifact.platform === 'SurgeMac';
+
+                        if (useMihomoExternal) {
+                            $.info(
+                                `手动指定了 target 为 SurgeMac, 将使用 Mihomo External`,
+                            );
+                        }
                        const output = await produceArtifact({
                            type: artifact.type,
                            name: artifact.source,
@@ -88,6 +146,7 @@ async function doSync() {
                            produceOpts: {
                                'include-unsupported-proxy':
                                    artifact.includeUnsupportedProxy,
+                                useMihomoExternal,
                            },
                        });

--- a/backend/src/products/resource-parser.loon.js
+++ b/backend/src/products/resource-parser.loon.js
@@ -37,7 +37,9 @@ let resourceUrl = typeof $resourceUrl !== 'undefined' ? $resourceUrl : '';
    if (resourceType === RESOURCE_TYPE.PROXY) {
        try {
            let proxies = ProxyUtils.parse(resource);
-            result = ProxyUtils.produce(proxies, 'Loon');
+            result = ProxyUtils.produce(proxies, 'Loon', undefined, {
+                'include-unsupported-proxy': arg?.includeUnsupportedProxy,
+            });
        } catch (e) {
            console.log('解析器: 使用 resource 出现错误');
            console.log(e.message ?? e);
@@ -47,7 +49,9 @@ let resourceUrl = typeof $resourceUrl !== 'undefined' ? $resourceUrl : '';
            try {
                let raw = await download(resourceUrl, arg?.ua, arg?.timeout);
                let proxies = ProxyUtils.parse(raw);
-                result = ProxyUtils.produce(proxies, 'Loon');
+                result = ProxyUtils.produce(proxies, 'Loon', undefined, {
+                    'include-unsupported-proxy': arg?.includeUnsupportedProxy,
+                });
            } catch (e) {
                console.log(e.message ?? e);
            }
--- a/backend/src/products/sub-store-0.js
+++ b/backend/src/products/sub-store-0.js
@@ -21,6 +21,7 @@ import registerSettingRoutes from '@/restful/settings';
 import registerMiscRoutes from '@/restful/miscs';
 import registerSortRoutes from '@/restful/sort';
 import registerFileRoutes from '@/restful/file';
+import registerTokenRoutes from '@/restful/token';
 import registerModuleRoutes from '@/restful/module';

 migrate();
@@ -32,6 +33,7 @@ function serve() {
    // register routes
    registerCollectionRoutes($app);
    registerSubscriptionRoutes($app);
+    registerTokenRoutes($app);
    registerFileRoutes($app);
    registerModuleRoutes($app);
    registerArtifactRoutes($app);
--- a/backend/src/restful/download.js
+++ b/backend/src/restful/download.js
@@ -13,6 +13,9 @@ import { getISO } from '@/utils/geo';
 import env from '@/utils/env';

 export default function register($app) {
+    $app.get('/share/col/:name', downloadCollection);
+    $app.get('/share/sub/:name', downloadSubscription);
+
    $app.get('/download/collection/:name', downloadCollection);
    $app.get('/download/:name', downloadSubscription);
    $app.get(
@@ -52,6 +55,8 @@ async function downloadSubscription(req, res) {
    name = decodeURIComponent(name);
    nezhaIndex = decodeURIComponent(nezhaIndex);

+    const useMihomoExternal = req.query.target === 'SurgeMac';
+
    const platform =
        req.query.target || getPlatformFromHeaders(req.headers) || 'JSON';

@@ -69,11 +74,35 @@ async function downloadSubscription(req, res) {
        produceType,
        includeUnsupportedProxy,
        resultFormat,
+        proxy,
+        noCache,
    } = req.query;
+    let $options = {};
+    if (req.query.$options) {
+        try {
+            // 支持 `#${encodeURIComponent(JSON.stringify({arg1: "1"}))}`
+            $options = JSON.parse(decodeURIComponent(req.query.$options));
+        } catch (e) {
+            for (const pair of req.query.$options.split('&')) {
+                const key = pair.split('=')[0];
+                const value = pair.split('=')[1];
+                // 部分兼容之前的逻辑 const value = pair.split('=')[1] || true;
+                $options[key] =
+                    value == null || value === ''
+                        ? true
+                        : decodeURIComponent(value);
+            }
+        }
+        $.info(`传入 $options: ${JSON.stringify($options)}`);
+    }
    if (url) {
        url = decodeURIComponent(url);
        $.info(`指定远程订阅 URL: ${url}`);
    }
+    if (proxy) {
+        proxy = decodeURIComponent(proxy);
+        $.info(`指定远程订阅使用代理/策略 proxy: ${proxy}`);
+    }
    if (ua) {
        ua = decodeURIComponent(ua);
        $.info(`指定远程订阅 User-Agent: ${ua}`);
@@ -99,6 +128,14 @@ async function downloadSubscription(req, res) {
        $.info(`包含不支持的节点: ${includeUnsupportedProxy}`);
    }

+    if (useMihomoExternal) {
+        $.info(`手动指定了 target 为 SurgeMac, 将使用 Mihomo External`);
+    }
+
+    if (noCache) {
+        $.info(`指定不使用缓存: ${noCache}`);
+    }
+
    const allSubs = $.read(SUBS_KEY);
    const sub = findByName(allSubs, name);
    if (sub) {
@@ -115,18 +152,23 @@ async function downloadSubscription(req, res) {
                produceType,
                produceOpts: {
                    'include-unsupported-proxy': includeUnsupportedProxy,
+                    useMihomoExternal,
                },
+                $options,
+                proxy,
+                noCache,
            });
-
+            let flowInfo;
            if (
                sub.source !== 'local' ||
                ['localFirst', 'remoteFirst'].includes(sub.mergeSources)
            ) {
                try {
-                    url = `${url || sub.url}`
-                        .split(/[\r\n]+/)
-                        .map((i) => i.trim())
-                        .filter((i) => i.length)?.[0];
+                    url =
+                        `${url || sub.url}`
+                            .split(/[\r\n]+/)
+                            .map((i) => i.trim())
+                            .filter((i) => i.length)?.[0] || '';

                    let $arguments = {};
                    const rawArgs = url.split('#');
@@ -151,11 +193,12 @@ async function downloadSubscription(req, res) {
                    }
                    if (!$arguments.noFlow) {
                        // forward flow headers
-                        const flowInfo = await getFlowHeaders(
-                            url,
+                        flowInfo = await getFlowHeaders(
+                            $arguments?.insecure ? `${url}#insecure` : url,
                            $arguments.flowUserAgent,
                            undefined,
-                            sub.proxy,
+                            proxy || sub.proxy,
+                            $arguments.flowUrl,
                        );
                        if (flowInfo) {
                            res.set('subscription-userinfo', flowInfo);
@@ -170,7 +213,30 @@ async function downloadSubscription(req, res) {
                }
            }
            if (sub.subUserinfo) {
-                res.set('subscription-userinfo', sub.subUserinfo);
+                let subUserInfo;
+                if (/^https?:\/\//.test(sub.subUserinfo)) {
+                    try {
+                        subUserInfo = await getFlowHeaders(
+                            undefined,
+                            undefined,
+                            undefined,
+                            proxy || sub.proxy,
+                            sub.subUserinfo,
+                        );
+                    } catch (e) {
+                        $.error(
+                            `订阅 ${name} 使用自定义流量链接 ${
+                                sub.subUserinfo
+                            } 获取流量信息时发生错误: ${JSON.stringify(e)}`,
+                        );
+                    }
+                } else {
+                    subUserInfo = sub.subUserinfo;
+                }
+                res.set(
+                    'subscription-userinfo',
+                    [subUserInfo, flowInfo].filter((i) => i).join('; '),
+                );
            }

            if (platform === 'JSON') {
@@ -209,7 +275,7 @@ async function downloadSubscription(req, res) {
            );
        }
    } else {
-        $.notify(`🌍 Sub-Store 下载订阅失败`, `❌ 未找到订阅：${name}！`);
+        $.error(`🌍 Sub-Store 下载订阅失败\n❌ 未找到订阅：${name}！`);
        failed(
            res,
            new ResourceNotFoundError(
@@ -226,6 +292,8 @@ async function downloadCollection(req, res) {
    name = decodeURIComponent(name);
    nezhaIndex = decodeURIComponent(nezhaIndex);

+    const useMihomoExternal = req.query.target === 'SurgeMac';
+
    const platform =
        req.query.target || getPlatformFromHeaders(req.headers) || 'JSON';

@@ -243,8 +311,34 @@ async function downloadCollection(req, res) {
        produceType,
        includeUnsupportedProxy,
        resultFormat,
+        proxy,
+        noCache,
    } = req.query;

+    let $options = {};
+    if (req.query.$options) {
+        try {
+            // 支持 `#${encodeURIComponent(JSON.stringify({arg1: "1"}))}`
+            $options = JSON.parse(decodeURIComponent(req.query.$options));
+        } catch (e) {
+            for (const pair of req.query.$options.split('&')) {
+                const key = pair.split('=')[0];
+                const value = pair.split('=')[1];
+                // 部分兼容之前的逻辑 const value = pair.split('=')[1] || true;
+                $options[key] =
+                    value == null || value === ''
+                        ? true
+                        : decodeURIComponent(value);
+            }
+        }
+        $.info(`传入 $options: ${JSON.stringify($options)}`);
+    }
+
+    if (proxy) {
+        proxy = decodeURIComponent(proxy);
+        $.info(`指定远程订阅使用代理/策略 proxy: ${proxy}`);
+    }
+
    if (ignoreFailedRemoteSub != null && ignoreFailedRemoteSub !== '') {
        ignoreFailedRemoteSub = decodeURIComponent(ignoreFailedRemoteSub);
        $.info(`指定忽略失败的远程订阅: ${ignoreFailedRemoteSub}`);
@@ -258,6 +352,12 @@ async function downloadCollection(req, res) {
        includeUnsupportedProxy = decodeURIComponent(includeUnsupportedProxy);
        $.info(`包含不支持的节点: ${includeUnsupportedProxy}`);
    }
+    if (useMihomoExternal) {
+        $.info(`手动指定了 target 为 SurgeMac, 将使用 Mihomo External`);
+    }
+    if (noCache) {
+        $.info(`指定不使用缓存: ${noCache}`);
+    }

    if (collection) {
        try {
@@ -269,9 +369,13 @@ async function downloadCollection(req, res) {
                produceType,
                produceOpts: {
                    'include-unsupported-proxy': includeUnsupportedProxy,
+                    useMihomoExternal,
                },
+                $options,
+                proxy,
+                noCache,
            });
-
+            let subUserInfoOfSub;
            // forward flow header from the first subscription in this collection
            const allSubs = $.read(SUBS_KEY);
            const subnames = collection.subscriptions;
@@ -282,10 +386,11 @@ async function downloadCollection(req, res) {
                    ['localFirst', 'remoteFirst'].includes(sub.mergeSources)
                ) {
                    try {
-                        let url = `${sub.url}`
-                            .split(/[\r\n]+/)
-                            .map((i) => i.trim())
-                            .filter((i) => i.length)?.[0];
+                        let url =
+                            `${sub.url}`
+                                .split(/[\r\n]+/)
+                                .map((i) => i.trim())
+                                .filter((i) => i.length)?.[0] || '';

                        let $arguments = {};
                        const rawArgs = url.split('#');
@@ -309,15 +414,13 @@ async function downloadCollection(req, res) {
                            }
                        }
                        if (!$arguments.noFlow) {
-                            const flowInfo = await getFlowHeaders(
-                                url,
+                            subUserInfoOfSub = await getFlowHeaders(
+                                $arguments?.insecure ? `${url}#insecure` : url,
                                $arguments.flowUserAgent,
                                undefined,
-                                sub.proxy,
+                                proxy || sub.proxy || collection.proxy,
+                                $arguments.flowUrl,
                            );
-                            if (flowInfo) {
-                                res.set('subscription-userinfo', flowInfo);
-                            }
                        }
                    } catch (err) {
                        $.error(
@@ -328,10 +431,61 @@ async function downloadCollection(req, res) {
                    }
                }
                if (sub.subUserinfo) {
-                    res.set('subscription-userinfo', sub.subUserinfo);
+                    let subUserInfo;
+                    if (/^https?:\/\//.test(sub.subUserinfo)) {
+                        try {
+                            subUserInfo = await getFlowHeaders(
+                                undefined,
+                                undefined,
+                                undefined,
+                                proxy || sub.proxy,
+                                sub.subUserinfo,
+                            );
+                        } catch (e) {
+                            $.error(
+                                `组合订阅 ${name} 使用自定义流量链接 ${
+                                    sub.subUserinfo
+                                } 获取流量信息时发生错误: ${JSON.stringify(e)}`,
+                            );
+                        }
+                    } else {
+                        subUserInfo = sub.subUserinfo;
+                    }
+                    subUserInfoOfSub = [subUserInfo, subUserInfoOfSub]
+                        .filter((i) => i)
+                        .join('; ');
                }
            }

+            $.info(`组合订阅 ${name} 透传的的流量信息: ${subUserInfoOfSub}`);
+
+            let subUserInfoOfCol;
+            if (/^https?:\/\//.test(collection.subUserinfo)) {
+                try {
+                    subUserInfoOfCol = await getFlowHeaders(
+                        undefined,
+                        undefined,
+                        undefined,
+                        proxy || collection.proxy,
+                        collection.subUserinfo,
+                    );
+                } catch (e) {
+                    $.error(
+                        `组合订阅 ${name} 使用自定义流量链接 ${
+                            collection.subUserinfo
+                        } 获取流量信息时发生错误: ${JSON.stringify(e)}`,
+                    );
+                }
+            } else {
+                subUserInfoOfCol = collection.subUserinfo;
+            }
+            res.set(
+                'subscription-userinfo',
+                [subUserInfoOfCol, subUserInfoOfSub]
+                    .filter((i) => i)
+                    .join('; '),
+            );
+
            if (platform === 'JSON') {
                if (resultFormat === 'nezha') {
                    output = nezhaTransform(output);
@@ -367,7 +521,7 @@ async function downloadCollection(req, res) {
            );
        }
    } else {
-        $.notify(
+        $.error(
            `🌍 Sub-Store 下载组合订阅失败`,
            `❌ 未找到组合订阅：${name}！`,
        );
--- a/backend/src/restful/file.js
+++ b/backend/src/restful/file.js
@@ -1,4 +1,5 @@
 import { deleteByName, findByName, updateByName } from '@/utils/database';
+import { getFlowHeaders } from '@/utils/flow';
 import { FILES_KEY } from '@/constants';
 import { failed, success } from '@/restful/response';
 import $ from '@/core/app';
@@ -12,6 +13,8 @@ import { produceArtifact } from '@/restful/sync';
 export default function register($app) {
    if (!$.read(FILES_KEY)) $.write([], FILES_KEY);

+    $app.get('/share/file/:name', getFile);
+
    $app.route('/api/file/:name')
        .get(getFile)
        .patch(updateFile)
@@ -50,15 +53,54 @@ async function getFile(req, res) {
    name = decodeURIComponent(name);

    $.info(`正在下载文件：${name}`);
-    let { url, ua, content, mergeSources, ignoreFailedRemoteFile } = req.query;
+    let {
+        url,
+        subInfoUrl,
+        subInfoUserAgent,
+        ua,
+        content,
+        mergeSources,
+        ignoreFailedRemoteFile,
+        proxy,
+    } = req.query;
+    let $options = {};
+    if (req.query.$options) {
+        try {
+            // 支持 `#${encodeURIComponent(JSON.stringify({arg1: "1"}))}`
+            $options = JSON.parse(decodeURIComponent(req.query.$options));
+        } catch (e) {
+            for (const pair of req.query.$options.split('&')) {
+                const key = pair.split('=')[0];
+                const value = pair.split('=')[1];
+                // 部分兼容之前的逻辑 const value = pair.split('=')[1] || true;
+                $options[key] =
+                    value == null || value === ''
+                        ? true
+                        : decodeURIComponent(value);
+            }
+        }
+        $.info(`传入 $options: ${JSON.stringify($options)}`);
+    }
    if (url) {
        url = decodeURIComponent(url);
        $.info(`指定远程文件 URL: ${url}`);
    }
+    if (proxy) {
+        proxy = decodeURIComponent(proxy);
+        $.info(`指定远程订阅使用代理/策略 proxy: ${proxy}`);
+    }
    if (ua) {
        ua = decodeURIComponent(ua);
        $.info(`指定远程文件 User-Agent: ${ua}`);
    }
+    if (subInfoUrl) {
+        subInfoUrl = decodeURIComponent(subInfoUrl);
+        $.info(`指定获取流量的 subInfoUrl: ${subInfoUrl}`);
+    }
+    if (subInfoUserAgent) {
+        subInfoUserAgent = decodeURIComponent(subInfoUserAgent);
+        $.info(`指定获取流量的 subInfoUserAgent: ${subInfoUserAgent}`);
+    }
    if (content) {
        content = decodeURIComponent(content);
        $.info(`指定本地文件: ${content}`);
@@ -84,8 +126,39 @@ async function getFile(req, res) {
                content,
                mergeSources,
                ignoreFailedRemoteFile,
+                $options,
+                proxy,
            });

+            try {
+                subInfoUrl = subInfoUrl || file.subInfoUrl;
+                if (subInfoUrl) {
+                    // forward flow headers
+                    const flowInfo = await getFlowHeaders(
+                        subInfoUrl,
+                        subInfoUserAgent || file.subInfoUserAgent,
+                        undefined,
+                        proxy || file.proxy,
+                    );
+                    if (flowInfo) {
+                        res.set('subscription-userinfo', flowInfo);
+                    }
+                }
+            } catch (err) {
+                $.error(
+                    `文件 ${name} 获取流量信息时发生错误: ${JSON.stringify(
+                        err,
+                    )}`,
+                );
+            }
+            if (file.download) {
+                res.set(
+                    'Content-Disposition',
+                    `attachment; filename*=UTF-8''${encodeURIComponent(
+                        file.displayName || file.name,
+                    )}`,
+                );
+            }
            res.set('Content-Type', 'text/plain; charset=utf-8').send(
                output ?? '',
            );
@@ -106,7 +179,7 @@ async function getFile(req, res) {
            );
        }
    } else {
-        $.notify(`🌍 Sub-Store 下载文件失败`, `❌ 未找到文件：${name}！`);
+        $.error(`🌍 Sub-Store 下载文件失败\n❌ 未找到文件：${name}！`);
        failed(
            res,
            new ResourceNotFoundError(
--- a/backend/src/restful/index.js
+++ b/backend/src/restful/index.js
@@ -3,11 +3,14 @@ import $ from '@/core/app';
 import migrate from '@/utils/migration';
 import download from '@/utils/download';
 import { syncArtifacts } from '@/restful/sync';
+import { gistBackupAction } from '@/restful/miscs';
+import { TOKENS_KEY } from '@/constants';

 import registerSubscriptionRoutes from './subscriptions';
 import registerCollectionRoutes from './collections';
 import registerArtifactRoutes from './artifacts';
 import registerFileRoutes from './file';
+import registerTokenRoutes from './token';
 import registerModuleRoutes from './module';
 import registerSyncRoutes from './sync';
 import registerDownloadRoutes from './download';
@@ -35,6 +38,7 @@ export default function serve() {
    registerSettingRoutes($app);
    registerArtifactRoutes($app);
    registerFileRoutes($app);
+    registerTokenRoutes($app);
    registerModuleRoutes($app);
    registerSyncRoutes($app);
    registerNodeInfoRoutes($app);
@@ -44,20 +48,81 @@ export default function serve() {
    $app.start();

    if ($.env.isNode) {
-        const backend_cron = eval('process.env.SUB_STORE_BACKEND_CRON');
-        if (backend_cron) {
-            $.info(`[CRON] ${backend_cron} enabled`);
+        // Deprecated: SUB_STORE_BACKEND_CRON
+        const backend_sync_cron =
+            eval('process.env.SUB_STORE_BACKEND_SYNC_CRON') ||
+            eval('process.env.SUB_STORE_BACKEND_CRON');
+        if (backend_sync_cron) {
+            $.info(`[SYNC CRON] ${backend_sync_cron} enabled`);
            const { CronJob } = eval(`require("cron")`);
            new CronJob(
-                backend_cron,
+                backend_sync_cron,
                async function () {
                    try {
-                        $.info(`[CRON] ${backend_cron} started`);
+                        $.info(`[SYNC CRON] ${backend_sync_cron} started`);
                        await syncArtifacts();
-                        $.info(`[CRON] ${backend_cron} finished`);
+                        $.info(`[SYNC CRON] ${backend_sync_cron} finished`);
                    } catch (e) {
                        $.error(
-                            `[CRON] ${backend_cron} error: ${e.message ?? e}`,
+                            `[SYNC CRON] ${backend_sync_cron} error: ${
+                                e.message ?? e
+                            }`,
+                        );
+                    }
+                }, // onTick
+                null, // onComplete
+                true, // start
+                // 'Asia/Shanghai' // timeZone
+            );
+        }
+        const backend_download_cron = eval(
+            'process.env.SUB_STORE_BACKEND_DOWNLOAD_CRON',
+        );
+        if (backend_download_cron) {
+            $.info(`[DOWNLOAD CRON] ${backend_download_cron} enabled`);
+            const { CronJob } = eval(`require("cron")`);
+            new CronJob(
+                backend_download_cron,
+                async function () {
+                    try {
+                        $.info(
+                            `[DOWNLOAD CRON] ${backend_download_cron} started`,
+                        );
+                        await gistBackupAction('download');
+                        $.info(
+                            `[DOWNLOAD CRON] ${backend_download_cron} finished`,
+                        );
+                    } catch (e) {
+                        $.error(
+                            `[DOWNLOAD CRON] ${backend_download_cron} error: ${
+                                e.message ?? e
+                            }`,
+                        );
+                    }
+                }, // onTick
+                null, // onComplete
+                true, // start
+                // 'Asia/Shanghai' // timeZone
+            );
+        }
+        const backend_upload_cron = eval(
+            'process.env.SUB_STORE_BACKEND_UPLOAD_CRON',
+        );
+        if (backend_upload_cron) {
+            $.info(`[UPLOAD CRON] ${backend_upload_cron} enabled`);
+            const { CronJob } = eval(`require("cron")`);
+            new CronJob(
+                backend_upload_cron,
+                async function () {
+                    try {
+                        $.info(`[UPLOAD CRON] ${backend_upload_cron} started`);
+                        await gistBackupAction('upload');
+                        $.info(`[UPLOAD CRON] ${backend_upload_cron} finished`);
+                    } catch (e) {
+                        $.error(
+                            `[UPLOAD CRON] ${backend_upload_cron} error: ${
+                                e.message ?? e
+                            }`,
                        );
                    }
                }, // onTick
@@ -81,7 +146,7 @@ export default function serve() {
            try {
                fs.accessSync(path.join(fe_abs_path, 'index.html'));
            } catch (e) {
-                throw new Error(
+                $.error(
                    `[FRONTEND] index.html file not found in ${fe_abs_path}`,
                );
            }
@@ -96,6 +161,7 @@ export default function serve() {

            const staticFileMiddleware = express_.static(fe_path);

+            let be_share_rewrite = '/share/:type/:name';
            let be_api_rewrite = '';
            let be_download_rewrite = '';
            let be_api = '/api/';
@@ -112,15 +178,39 @@ export default function serve() {
                be_download_rewrite = `${
                    fe_be_path === '/' ? '' : fe_be_path
                }${be_download}`;
+
+                app.use(
+                    be_share_rewrite,
+                    createProxyMiddleware({
+                        target: `http://127.0.0.1:${port}`,
+                        changeOrigin: true,
+                        pathRewrite: (path, req) => {
+                            if (req.method.toLowerCase() !== 'get')
+                                throw new Error('Method not allowed');
+                            const tokens = $.read(TOKENS_KEY) || [];
+                            const token = tokens.find(
+                                (t) =>
+                                    t.token === req.query.token &&
+                                    t.type === req.params.type &&
+                                    t.name === req.params.name &&
+                                    (t.exp == null || t.exp > Date.now()),
+                            );
+                            if (!token) throw new Error('Forbbiden');
+                            return path;
+                        },
+                    }),
+                );
                app.use(
                    be_api_rewrite,
                    createProxyMiddleware({
                        target: `http://127.0.0.1:${port}`,
-                        changeOrigin: true,
                        pathRewrite: (path) => {
-                            return path.startsWith(be_api_rewrite)
+                            const newPath = path.startsWith(be_api_rewrite)
                                ? path.replace(be_api_rewrite, be_api)
                                : path;
+                            return newPath.includes('?')
+                                ? `${newPath}&share=true`
+                                : `${newPath}?share=true`;
                        },
                    }),
                );
@@ -158,6 +248,9 @@ export default function serve() {
                    $.info(
                        `[FRONTEND -> BACKEND] ${fe_address}:${fe_port}${be_download_rewrite} -> http://127.0.0.1:${port}${be_download}`,
                    );
+                    $.info(
+                        `[SHARE BACKEND] ${fe_address}:${fe_port}${be_share_rewrite}`,
+                    );
                }
            });
        }
--- a/backend/src/restful/miscs.js
+++ b/backend/src/restful/miscs.js
@@ -65,6 +65,9 @@ export default function register($app) {
 }

 function getEnv(req, res) {
+    if (req.query.share) {
+        env.feature.share = true;
+    }
    success(res, env);
 }

@@ -80,10 +83,72 @@ async function refresh(_, res) {
    success(res);
 }

+async function gistBackupAction(action) {
+    // read token
+    const { gistToken, syncPlatform } = $.read(SETTINGS_KEY);
+    if (!gistToken) throw new Error('GitHub Token is required for backup!');
+
+    const gist = new Gist({
+        token: gistToken,
+        key: GIST_BACKUP_KEY,
+        syncPlatform,
+    });
+    let content;
+    const settings = $.read(SETTINGS_KEY);
+    const updated = settings.syncTime;
+    switch (action) {
+        case 'upload':
+            // update syncTime
+            settings.syncTime = new Date().getTime();
+            $.write(settings, SETTINGS_KEY);
+            content = $.read('#sub-store');
+            if ($.env.isNode) content = JSON.stringify($.cache, null, `  `);
+            $.info(`上传备份中...`);
+            try {
+                await gist.upload({
+                    [GIST_BACKUP_FILE_NAME]: { content },
+                });
+                $.info(`上传备份完成`);
+            } catch (err) {
+                // restore syncTime if upload failed
+                settings.syncTime = updated;
+                $.write(settings, SETTINGS_KEY);
+                throw err;
+            }
+            break;
+        case 'download':
+            $.info(`还原备份中...`);
+            content = await gist.download(GIST_BACKUP_FILE_NAME);
+            try {
+                if (Object.keys(JSON.parse(content).settings).length === 0) {
+                    throw new Error('备份文件应该至少包含 settings 字段');
+                }
+            } catch (err) {
+                $.error(
+                    `Gist 备份文件校验失败, 无法还原\nReason: ${
+                        err.message ?? err
+                    }`,
+                );
+                throw new Error('Gist 备份文件校验失败, 无法还原');
+            }
+            // restore settings
+            $.write(content, '#sub-store');
+            if ($.env.isNode) {
+                content = JSON.parse(content);
+                $.cache = content;
+                $.persistCache();
+            }
+            $.info(`perform migration after restoring from gist...`);
+            migrate();
+            $.info(`migration completed`);
+            $.info(`还原备份完成`);
+            break;
+    }
+}
 async function gistBackup(req, res) {
    const { action } = req.query;
    // read token
-    const { gistToken, syncPlatform } = $.read(SETTINGS_KEY);
+    const { gistToken } = $.read(SETTINGS_KEY);
    if (!gistToken) {
        failed(
            res,
@@ -93,68 +158,8 @@ async function gistBackup(req, res) {
            ),
        );
    } else {
-        const gist = new Gist({
-            token: gistToken,
-            key: GIST_BACKUP_KEY,
-            syncPlatform,
-        });
        try {
-            let content;
-            const settings = $.read(SETTINGS_KEY);
-            const updated = settings.syncTime;
-            switch (action) {
-                case 'upload':
-                    // update syncTime
-                    settings.syncTime = new Date().getTime();
-                    $.write(settings, SETTINGS_KEY);
-                    content = $.read('#sub-store');
-                    if ($.env.isNode)
-                        content = JSON.stringify($.cache, null, `  `);
-                    $.info(`上传备份中...`);
-                    try {
-                        await gist.upload({
-                            [GIST_BACKUP_FILE_NAME]: { content },
-                        });
-                    } catch (err) {
-                        // restore syncTime if upload failed
-                        settings.syncTime = updated;
-                        $.write(settings, SETTINGS_KEY);
-                        throw err;
-                    }
-                    break;
-                case 'download':
-                    $.info(`还原备份中...`);
-                    content = await gist.download(GIST_BACKUP_FILE_NAME);
-                    try {
-                        if (
-                            Object.keys(JSON.parse(content).settings).length ===
-                            0
-                        ) {
-                            throw new Error(
-                                '备份文件应该至少包含 settings 字段',
-                            );
-                        }
-                    } catch (err) {
-                        $.error(
-                            `Gist 备份文件校验失败, 无法还原\nReason: ${
-                                err.message ?? err
-                            }`,
-                        );
-                        throw new Error('Gist 备份文件校验失败, 无法还原');
-                    }
-                    // restore settings
-                    $.write(content, '#sub-store');
-                    if ($.env.isNode) {
-                        content = JSON.parse(content);
-                        $.cache = content;
-                        $.persistCache();
-                    }
-                    $.info(`perform migration after restoring from gist...`);
-                    migrate();
-                    $.info(`migration completed`);
-                    $.info(`还原备份完成`);
-                    break;
-            }
+            await gistBackupAction(action);
            success(res);
        } catch (err) {
            $.error(
@@ -171,3 +176,5 @@ async function gistBackup(req, res) {
        }
    }
 }
+
+export { gistBackupAction };
--- a/backend/src/restful/preview.js
+++ b/backend/src/restful/preview.js
@@ -146,7 +146,8 @@ async function compareSub(req, res) {
        // add id
        original.forEach((proxy, i) => {
            proxy.id = i;
-            proxy.subName = sub.name;
+            proxy._subName = sub.name;
+            proxy._subDisplayName = sub.displayName;
        });

        // apply processors
@@ -176,7 +177,20 @@ async function compareCollection(req, res) {
    try {
        const allSubs = $.read(SUBS_KEY);
        const collection = req.body;
-        const subnames = collection.subscriptions;
+        const subnames = [...collection.subscriptions];
+        let subscriptionTags = collection.subscriptionTags;
+        if (Array.isArray(subscriptionTags) && subscriptionTags.length > 0) {
+            allSubs.forEach((sub) => {
+                if (
+                    Array.isArray(sub.tag) &&
+                    sub.tag.length > 0 &&
+                    !subnames.includes(sub.name) &&
+                    sub.tag.some((tag) => subscriptionTags.includes(tag))
+                ) {
+                    subnames.push(sub.name);
+                }
+            });
+        }
        const results = {};
        const errors = {};
        await Promise.all(
@@ -237,8 +251,10 @@ async function compareCollection(req, res) {
                        .flat();

                    currentProxies.forEach((proxy) => {
-                        proxy.subName = sub.name;
-                        proxy.collectionName = collection.name;
+                        proxy._subName = sub.name;
+                        proxy._subDisplayName = sub.displayName;
+                        proxy._collectionName = collection.name;
+                        proxy._collectionDisplayName = collection.displayName;
                    });

                    // apply processors
@@ -276,7 +292,8 @@ async function compareCollection(req, res) {

        original.forEach((proxy, i) => {
            proxy.id = i;
-            proxy.collectionName = collection.name;
+            proxy._collectionName = collection.name;
+            proxy._collectionDisplayName = collection.displayName;
        });

        const processed = await ProxyUtils.process(
--- a/backend/src/restful/subscriptions.js
+++ b/backend/src/restful/subscriptions.js
@@ -34,6 +34,11 @@ export default function register($app) {
 async function getFlowInfo(req, res) {
    let { name } = req.params;
    name = decodeURIComponent(name);
+    let { url } = req.query;
+    if (url) {
+        url = decodeURIComponent(url);
+        $.info(`指定远程订阅 URL: ${url}`);
+    }
    const allSubs = $.read(SUBS_KEY);
    const sub = findByName(allSubs, name);
    if (!sub) {
@@ -52,9 +57,45 @@ async function getFlowInfo(req, res) {
        !['localFirst', 'remoteFirst'].includes(sub.mergeSources)
    ) {
        if (sub.subUserinfo) {
-            success(res, {
-                ...parseFlowHeaders(sub.subUserinfo),
-            });
+            let subUserInfo;
+            if (/^https?:\/\//.test(sub.subUserinfo)) {
+                try {
+                    subUserInfo = await getFlowHeaders(
+                        undefined,
+                        undefined,
+                        undefined,
+                        sub.proxy,
+                        sub.subUserinfo,
+                    );
+                } catch (e) {
+                    $.error(
+                        `订阅 ${name} 使用自定义流量链接 ${
+                            sub.subUserinfo
+                        } 获取流量信息时发生错误: ${JSON.stringify(e)}`,
+                    );
+                }
+            } else {
+                subUserInfo = sub.subUserinfo;
+            }
+            try {
+                success(res, {
+                    ...parseFlowHeaders(subUserInfo),
+                });
+            } catch (e) {
+                $.error(
+                    `Failed to parse flow info for local subscription ${name}: ${
+                        e.message ?? e
+                    }`,
+                );
+                failed(
+                    res,
+                    new RequestInvalidError(
+                        'NO_FLOW_INFO',
+                        'N/A',
+                        `Failed to parse flow info`,
+                    ),
+                );
+            }
        } else {
            failed(
                res,
@@ -68,10 +109,11 @@ async function getFlowInfo(req, res) {
        return;
    }
    try {
-        let url = `${sub.url}`
-            .split(/[\r\n]+/)
-            .map((i) => i.trim())
-            .filter((i) => i.length)?.[0];
+        url =
+            `${url || sub.url}`
+                .split(/[\r\n]+/)
+                .map((i) => i.trim())
+                .filter((i) => i.length)?.[0] || '';

        let $arguments = {};
        const rawArgs = url.split('#');
@@ -103,41 +145,73 @@ async function getFlowInfo(req, res) {
            );
            return;
        }
-        if (sub.subUserinfo) {
-            success(res, {
-                ...parseFlowHeaders(sub.subUserinfo),
-                remainingDays: getRmainingDays({
-                    resetDay: $arguments.resetDay,
-                    startDate: $arguments.startDate,
-                    cycleDays: $arguments.cycleDays,
-                }),
-            });
-        } else {
-            const flowHeaders = await getFlowHeaders(
-                url,
-                $arguments.flowUserAgent,
-                undefined,
-                sub.proxy,
+        const flowHeaders = await getFlowHeaders(
+            $arguments?.insecure ? `${url}#insecure` : url,
+            $arguments.flowUserAgent,
+            undefined,
+            sub.proxy,
+            $arguments.flowUrl,
+        );
+        if (!flowHeaders && !sub.subUserinfo) {
+            failed(
+                res,
+                new InternalServerError(
+                    'NO_FLOW_INFO',
+                    'No flow info',
+                    `Failed to fetch flow headers`,
+                ),
            );
-            if (!flowHeaders) {
-                failed(
-                    res,
-                    new InternalServerError(
-                        'NO_FLOW_INFO',
-                        'No flow info',
-                        `Failed to fetch flow headers`,
-                    ),
-                );
-                return;
-            }
-            success(res, {
-                ...parseFlowHeaders(flowHeaders),
-                remainingDays: getRmainingDays({
-                    resetDay: $arguments.resetDay,
-                    startDate: $arguments.startDate,
-                    cycleDays: $arguments.cycleDays,
-                }),
+            return;
+        }
+        try {
+            const remainingDays = getRmainingDays({
+                resetDay: $arguments.resetDay,
+                startDate: $arguments.startDate,
+                cycleDays: $arguments.cycleDays,
            });
+            let subUserInfo;
+            if (/^https?:\/\//.test(sub.subUserinfo)) {
+                try {
+                    subUserInfo = await getFlowHeaders(
+                        undefined,
+                        undefined,
+                        undefined,
+                        sub.proxy,
+                        sub.subUserinfo,
+                    );
+                } catch (e) {
+                    $.error(
+                        `订阅 ${name} 使用自定义流量链接 ${
+                            sub.subUserinfo
+                        } 获取流量信息时发生错误: ${JSON.stringify(e)}`,
+                    );
+                }
+            } else {
+                subUserInfo = sub.subUserinfo;
+            }
+            const result = {
+                ...parseFlowHeaders(
+                    [subUserInfo, flowHeaders].filter((i) => i).join('; '),
+                ),
+            };
+            if (remainingDays != null) {
+                result.remainingDays = remainingDays;
+            }
+            success(res, result);
+        } catch (e) {
+            $.error(
+                `Failed to parse flow info for local subscription ${name}: ${
+                    e.message ?? e
+                }`,
+            );
+            failed(
+                res,
+                new RequestInvalidError(
+                    'NO_FLOW_INFO',
+                    'N/A',
+                    `Failed to parse flow info`,
+                ),
+            );
        }
    } catch (err) {
        failed(
--- a/backend/src/restful/sync.js
+++ b/backend/src/restful/sync.js
@@ -36,6 +36,10 @@ async function produceArtifact({
    produceType,
    produceOpts = {},
    subscription,
+    awaitCustomCache,
+    $options,
+    proxy,
+    noCache,
 }) {
    platform = platform || 'JSON';

@@ -66,7 +70,10 @@ async function produceArtifact({
                                url,
                                ua || sub.ua,
                                undefined,
-                                sub.proxy,
+                                proxy || sub.proxy,
+                                undefined,
+                                awaitCustomCache,
+                                noCache,
                            );
                        } catch (err) {
                            errors[url] = err;
@@ -111,7 +118,10 @@ async function produceArtifact({
                                url,
                                ua || sub.ua,
                                undefined,
-                                sub.proxy,
+                                proxy || sub.proxy,
+                                undefined,
+                                awaitCustomCache,
+                                noCache,
                            );
                        } catch (err) {
                            errors[url] = err;
@@ -145,7 +155,8 @@ async function produceArtifact({
            .flat();

        proxies.forEach((proxy) => {
-            proxy.subName = sub.name;
+            proxy._subName = sub.name;
+            proxy._subDisplayName = sub.displayName;
        });
        // apply processors
        proxies = await ProxyUtils.process(
@@ -153,6 +164,7 @@ async function produceArtifact({
            sub.process || [],
            platform,
            { [sub.name]: sub },
+            $options,
        );
        if (proxies.length === 0) {
            throw new Error(`订阅 ${name} 中不含有效节点`);
@@ -181,7 +193,20 @@ async function produceArtifact({
        const allCols = $.read(COLLECTIONS_KEY);
        const collection = findByName(allCols, name);
        if (!collection) throw new Error(`找不到组合订阅 ${name}`);
-        const subnames = collection.subscriptions;
+        const subnames = [...collection.subscriptions];
+        let subscriptionTags = collection.subscriptionTags;
+        if (Array.isArray(subscriptionTags) && subscriptionTags.length > 0) {
+            allSubs.forEach((sub) => {
+                if (
+                    Array.isArray(sub.tag) &&
+                    sub.tag.length > 0 &&
+                    !subnames.includes(sub.name) &&
+                    sub.tag.some((tag) => subscriptionTags.includes(tag))
+                ) {
+                    subnames.push(sub.name);
+                }
+            });
+        }
        const results = {};
        const errors = {};
        let processed = 0;
@@ -212,7 +237,12 @@ async function produceArtifact({
                                            url,
                                            sub.ua,
                                            undefined,
-                                            sub.proxy,
+                                            proxy ||
+                                                sub.proxy ||
+                                                collection.proxy,
+                                            undefined,
+                                            undefined,
+                                            noCache,
                                        );
                                    } catch (err) {
                                        errors[url] = err;
@@ -245,8 +275,10 @@ async function produceArtifact({
                        .flat();

                    currentProxies.forEach((proxy) => {
-                        proxy.subName = sub.name;
-                        proxy.collectionName = collection.name;
+                        proxy._subName = sub.name;
+                        proxy._subDisplayName = sub.displayName;
+                        proxy._collectionName = collection.name;
+                        proxy._collectionDisplayName = collection.displayName;
                    });

                    // apply processors
@@ -254,7 +286,11 @@ async function produceArtifact({
                        currentProxies,
                        sub.process || [],
                        platform,
-                        { [sub.name]: sub, _collection: collection },
+                        {
+                            [sub.name]: sub,
+                            _collection: collection,
+                            $options,
+                        },
                    );
                    results[name] = currentProxies;
                    processed++;
@@ -298,7 +334,8 @@ async function produceArtifact({
        );

        proxies.forEach((proxy) => {
-            proxy.collectionName = collection.name;
+            proxy._collectionName = collection.name;
+            proxy._collectionDisplayName = collection.displayName;
        });

        // apply own processors
@@ -307,6 +344,7 @@ async function produceArtifact({
            collection.process || [],
            platform,
            { _collection: collection },
+            $options,
        );
        if (proxies.length === 0) {
            throw new Error(`组合订阅 ${name} 中不含有效节点`);
@@ -373,7 +411,15 @@ async function produceArtifact({
                    .filter((i) => i.length)
                    .map(async (url) => {
                        try {
-                            return await download(url, ua || file.ua);
+                            return await download(
+                                url,
+                                ua || file.ua,
+                                undefined,
+                                file.proxy || proxy,
+                                undefined,
+                                undefined,
+                                noCache,
+                            );
                        } catch (err) {
                            errors[url] = err;
                            $.error(
@@ -416,7 +462,15 @@ async function produceArtifact({
                    .filter((i) => i.length)
                    .map(async (url) => {
                        try {
-                            return await download(url, ua || file.ua);
+                            return await download(
+                                url,
+                                ua || file.ua,
+                                undefined,
+                                file.proxy || proxy,
+                                undefined,
+                                undefined,
+                                noCache,
+                            );
                        } catch (err) {
                            errors[url] = err;
                            $.error(
@@ -455,10 +509,10 @@ async function produceArtifact({
        const processed =
            Array.isArray(file.process) && file.process.length > 0
                ? await ProxyUtils.process(
-                      { $files: files, $content: filesContent },
+                      { $files: files, $content: filesContent, $options },
                      file.process,
                  )
-                : { $content: filesContent, $files: files };
+                : { $content: filesContent, $files: files, $options };

        return processed?.$content ?? '';
    }
@@ -503,6 +557,7 @@ async function syncArtifacts() {
                        await produceArtifact({
                            type: 'subscription',
                            name: subName,
+                            awaitCustomCache: true,
                        });
                    } catch (e) {
                        // $.error(`${e.message ?? e}`);
@@ -516,6 +571,16 @@ async function syncArtifacts() {
                try {
                    if (artifact.sync && artifact.source) {
                        $.info(`正在同步云配置：${artifact.name}...`);
+
+                        const useMihomoExternal =
+                            artifact.platform === 'SurgeMac';
+
+                        if (useMihomoExternal) {
+                            $.info(
+                                `手动指定了 target 为 SurgeMac, 将使用 Mihomo External`,
+                            );
+                        }
+
                        const output = await produceArtifact({
                            type: artifact.type,
                            name: artifact.source,
@@ -523,6 +588,7 @@ async function syncArtifacts() {
                            produceOpts: {
                                'include-unsupported-proxy':
                                    artifact.includeUnsupportedProxy,
+                                useMihomoExternal,
                            },
                        });

@@ -638,12 +704,18 @@ async function syncArtifact(req, res) {
    }

    try {
+        const useMihomoExternal = artifact.platform === 'SurgeMac';
+
+        if (useMihomoExternal) {
+            $.info(`手动指定了 target 为 SurgeMac, 将使用 Mihomo External`);
+        }
        const output = await produceArtifact({
            type: artifact.type,
            name: artifact.source,
            platform: artifact.platform,
            produceOpts: {
                'include-unsupported-proxy': artifact.includeUnsupportedProxy,
+                useMihomoExternal,
            },
        });

--- a/backend/src/restful/token.js
+++ b/backend/src/restful/token.js
@@ -0,0 +1,181 @@
+import { deleteByName } from '@/utils/database';
+import { ENV } from '@/vendor/open-api';
+import { TOKENS_KEY, SUBS_KEY, FILES_KEY, COLLECTIONS_KEY } from '@/constants';
+import { failed, success } from '@/restful/response';
+import $ from '@/core/app';
+import { RequestInvalidError, InternalServerError } from '@/restful/errors';
+
+export default function register($app) {
+    if (!$.read(TOKENS_KEY)) $.write([], TOKENS_KEY);
+
+    $app.post('/api/token', signToken);
+
+    $app.route('/api/token/:token').delete(deleteToken);
+
+    $app.route('/api/tokens').get(getAllTokens);
+}
+
+function deleteToken(req, res) {
+    let { token } = req.params;
+    token = decodeURIComponent(token);
+    $.info(`正在删除：${token}`);
+    let allTokens = $.read(TOKENS_KEY);
+    deleteByName(allTokens, token, 'token');
+    $.write(allTokens, TOKENS_KEY);
+    success(res);
+}
+
+function getAllTokens(req, res) {
+    const { type, name } = req.query;
+    const allTokens = $.read(TOKENS_KEY) || [];
+    success(
+        res,
+        type || name
+            ? allTokens.filter(
+                  (item) =>
+                      (type ? item.type === type : true) &&
+                      (name ? item.name === name : true),
+              )
+            : allTokens,
+    );
+}
+
+async function signToken(req, res) {
+    if (!ENV().isNode) {
+        return failed(
+            res,
+            new RequestInvalidError(
+                'INVALID_ENV',
+                `This endpoint is only available in Node.js environment`,
+            ),
+        );
+    }
+    try {
+        const { payload, options } = req.body;
+        const ms = eval(`require("ms")`);
+        let token = payload?.token;
+        if (token != null) {
+            if (typeof token !== 'string' || token.length < 1) {
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'INVALID_CUSTOM_TOKEN',
+                        `Invalid custom token: ${token}`,
+                    ),
+                );
+            }
+            const tokens = $.read(TOKENS_KEY) || [];
+            if (tokens.find((t) => t.token === token)) {
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'DUPLICATE_TOKEN',
+                        `Token ${token} already exists`,
+                    ),
+                );
+            }
+        }
+        const type = payload?.type;
+        const name = payload?.name;
+        if (!type || !name)
+            return failed(
+                res,
+                new RequestInvalidError(
+                    'INVALID_PAYLOAD',
+                    `payload type and name are required`,
+                ),
+            );
+        if (type === 'col') {
+            const collections = $.read(COLLECTIONS_KEY) || [];
+            const collection = collections.find((c) => c.name === name);
+            if (!collection)
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'INVALID_COLLECTION',
+                        `collection ${name} not found`,
+                    ),
+                );
+        } else if (type === 'file') {
+            const files = $.read(FILES_KEY) || [];
+            const file = files.find((f) => f.name === name);
+            if (!file)
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'INVALID_FILE',
+                        `file ${name} not found`,
+                    ),
+                );
+        } else if (type === 'sub') {
+            const subs = $.read(SUBS_KEY) || [];
+            const sub = subs.find((s) => s.name === name);
+            if (!sub)
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'INVALID_SUB',
+                        `sub ${name} not found`,
+                    ),
+                );
+        } else {
+            return failed(
+                res,
+                new RequestInvalidError(
+                    'INVALID_TYPE',
+                    `type ${name} not supported`,
+                ),
+            );
+        }
+        let expiresIn = options?.expiresIn;
+        if (options?.expiresIn != null) {
+            expiresIn = ms(options.expiresIn);
+            if (expiresIn == null || isNaN(expiresIn) || expiresIn <= 0) {
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'INVALID_EXPIRES_IN',
+                        `Invalid expiresIn option: ${options.expiresIn}`,
+                    ),
+                );
+            }
+        }
+        // const secret = eval('process.env.SUB_STORE_FRONTEND_BACKEND_PATH');
+        const nanoid = eval(`require("nanoid")`);
+        const tokens = $.read(TOKENS_KEY) || [];
+        // const now = Date.now();
+        // for (const key in tokens) {
+        //     const token = tokens[key];
+        //     if (token.exp != null || token.exp < now) {
+        //         delete tokens[key];
+        //     }
+        // }
+        if (!token) {
+            do {
+                token = nanoid.customAlphabet(nanoid.urlAlphabet)();
+            } while (tokens.find((t) => t.token === token));
+        }
+        tokens.push({
+            ...payload,
+            token,
+            createdAt: Date.now(),
+            expiresIn: expiresIn > 0 ? options?.expiresIn : undefined,
+            exp: expiresIn > 0 ? Date.now() + expiresIn : undefined,
+        });
+
+        $.write(tokens, TOKENS_KEY);
+        return success(res, {
+            token,
+            // secret,
+        });
+    } catch (e) {
+        return failed(
+            res,
+            new InternalServerError(
+                'TOKEN_SIGN_FAILED',
+                `Failed to sign token`,
+                `Reason: ${e.message ?? e}`,
+            ),
+        );
+    }
+}
--- a/backend/src/utils/database.js
+++ b/backend/src/utils/database.js
@@ -1,17 +1,17 @@
-export function findByName(list, name) {
-    return list.find((item) => item.name === name);
+export function findByName(list, name, field = 'name') {
+    return list.find((item) => item[field] === name);
 }

-export function findIndexByName(list, name) {
-    return list.findIndex((item) => item.name === name);
+export function findIndexByName(list, name, field = 'name') {
+    return list.findIndex((item) => item[field] === name);
 }

-export function deleteByName(list, name) {
-    const idx = findIndexByName(list, name);
+export function deleteByName(list, name, field = 'name') {
+    const idx = findIndexByName(list, name, field);
    list.splice(idx, 1);
 }

-export function updateByName(list, name, newItem) {
-    const idx = findIndexByName(list, name);
+export function updateByName(list, name, newItem, field = 'name') {
+    const idx = findIndexByName(list, name, field);
    list[idx] = newItem;
 }
--- a/backend/src/utils/dns.js
+++ b/backend/src/utils/dns.js
@@ -0,0 +1,50 @@
+import $ from '@/core/app';
+import dnsPacket from 'dns-packet';
+import { Buffer } from 'buffer';
+import { isIPv4 } from '@/utils';
+
+export async function doh({ url, domain, type = 'A', timeout, edns }) {
+    const buf = dnsPacket.encode({
+        type: 'query',
+        id: 0,
+        flags: dnsPacket.RECURSION_DESIRED,
+        questions: [
+            {
+                type,
+                name: domain,
+            },
+        ],
+        additionals: [
+            {
+                type: 'OPT',
+                name: '.',
+                udpPayloadSize: 4096,
+                flags: 0,
+                options: [
+                    {
+                        code: 'CLIENT_SUBNET',
+                        ip: edns,
+                        sourcePrefixLength: isIPv4(edns) ? 24 : 56,
+                        scopePrefixLength: 0,
+                    },
+                ],
+            },
+        ],
+    });
+    const res = await $.http.get({
+        url: `${url}?dns=${buf
+            .toString('base64')
+            .toString('utf-8')
+            .replace(/=/g, '')}`,
+        headers: {
+            Accept: 'application/dns-message',
+            // 'Content-Type': 'application/dns-message',
+        },
+        // body: buf,
+        'binary-mode': true,
+        encoding: null, // 使用 null 编码以确保响应是原始二进制数据
+        timeout,
+    });
+
+    return dnsPacket.decode(Buffer.from($.env.isQX ? res.bodyBytes : res.body));
+}
--- a/backend/src/utils/download.js
+++ b/backend/src/utils/download.js
@@ -15,11 +15,13 @@ import $ from '@/core/app';
 const tasks = new Map();

 export default async function download(
-    rawUrl,
+    rawUrl = '',
    ua,
    timeout,
-    proxy,
+    customProxy,
    skipCustomCache,
+    awaitCustomCache,
+    noCache,
 ) {
    let $arguments = {};
    let url = rawUrl.replace(/#noFlow$/, '');
@@ -41,25 +43,80 @@ export default async function download(
            }
        }
    }
+    const { isNode, isStash, isLoon, isShadowRocket, isQX } = ENV();
+    const {
+        defaultProxy,
+        defaultUserAgent,
+        defaultTimeout,
+        cacheThreshold: defaultCacheThreshold,
+    } = $.read(SETTINGS_KEY);
+    const cacheThreshold = defaultCacheThreshold || 1024;
+    let proxy = customProxy || defaultProxy;
+    if ($.env.isNode) {
+        proxy = proxy || eval('process.env.SUB_STORE_BACKEND_DEFAULT_PROXY');
+    }
+    const userAgent = ua || defaultUserAgent || 'clash.meta';
+    const requestTimeout = timeout || defaultTimeout || 8000;
+    const id = hex_md5(userAgent + url);
+
+    if ($arguments?.cacheKey === true) {
+        $.error(`使用自定义缓存时 cacheKey 的值不能为空`);
+        $arguments.cacheKey = undefined;
+    }
+
    const customCacheKey = $arguments?.cacheKey
        ? `#sub-store-cached-custom-${$arguments?.cacheKey}`
        : undefined;

    if (customCacheKey && !skipCustomCache) {
-        const cached = $.read(customCacheKey);
-        if (cached) {
+        const customCached = $.read(customCacheKey);
+        const cached = resourceCache.get(id);
+        if (!noCache && !$arguments?.noCache && cached) {
            $.info(
-                `乐观缓存: URL ${url}\n本次返回自定义缓存 ${$arguments?.cacheKey}\n并进行请求 尝试更新缓存`,
-            );
-            download(
-                rawUrl.replace(/(\?|&)cacheKey=.*?(&|$)/, ''),
-                ua,
-                timeout,
-                proxy,
-                true,
+                `乐观缓存: URL ${url}\n存在有效的常规缓存\n使用常规缓存以避免重复请求`,
            );
            return cached;
        }
+        if (customCached) {
+            if (awaitCustomCache) {
+                $.info(`乐观缓存: URL ${url}\n本次进行请求 尝试更新缓存`);
+                try {
+                    await download(
+                        rawUrl.replace(/(\?|&)cacheKey=.*?(&|$)/, ''),
+                        ua,
+                        timeout,
+                        proxy,
+                        true,
+                    );
+                } catch (e) {
+                    $.error(
+                        `乐观缓存: URL ${url} 更新缓存发生错误 ${
+                            e.message ?? e
+                        }`,
+                    );
+                    $.info('使用乐观缓存的数据刷新缓存, 防止后续请求');
+                    resourceCache.set(id, customCached);
+                }
+            } else {
+                $.info(
+                    `乐观缓存: URL ${url}\n本次返回自定义缓存 ${$arguments?.cacheKey}\n并进行请求 尝试异步更新缓存`,
+                );
+                download(
+                    rawUrl.replace(/(\?|&)cacheKey=.*?(&|$)/, ''),
+                    ua,
+                    timeout,
+                    proxy,
+                    true,
+                ).catch((e) => {
+                    $.error(
+                        `乐观缓存: URL ${url} 异步更新缓存发生错误 ${
+                            e.message ?? e
+                        }`,
+                    );
+                });
+            }
+            return customCached;
+        }
    }

    // const downloadUrlMatch = url.match(/^\/api\/(file|module)\/(.+)/);
@@ -79,12 +136,6 @@ export default async function download(
    //     return item.content;
    // }

-    const { isNode, isStash, isLoon, isShadowRocket, isQX } = ENV();
-    const { defaultUserAgent, defaultTimeout, cacheThreshold } =
-        $.read(SETTINGS_KEY);
-    const userAgent = ua || defaultUserAgent || 'clash.meta';
-    const requestTimeout = timeout || defaultTimeout;
-    const id = hex_md5(userAgent + url);
    if (!isNode && tasks.has(id)) {
        return tasks.get(id);
    }
@@ -104,26 +155,40 @@ export default async function download(

    // try to find in app cache
    const cached = resourceCache.get(id);
-    if (!$arguments?.noCache && cached && !skipCustomCache) {
-        $.info(`使用缓存: ${url}`);
+    if (!noCache && !$arguments?.noCache && cached) {
+        $.info(`使用缓存: ${url}, ${userAgent}`);
        result = cached;
+        if (customCacheKey) {
+            $.info(`URL ${url}\n写入自定义缓存 ${$arguments?.cacheKey}`);
+            $.write(cached, customCacheKey);
+        }
    } else {
+        const insecure = $arguments?.insecure
+            ? isNode
+                ? { strictSSL: false }
+                : { insecure: true }
+            : undefined;
        $.info(
-            `Downloading...\nUser-Agent: ${userAgent}\nTimeout: ${requestTimeout}\nProxy: ${proxy}\nURL: ${url}`,
+            `Downloading...\nUser-Agent: ${userAgent}\nTimeout: ${requestTimeout}\nProxy: ${proxy}\nInsecure: ${!!insecure}\nURL: ${url}`,
        );
        try {
-            const { body, headers } = await http.get({
+            const { body, headers, statusCode } = await http.get({
                url,
                ...(proxy ? { proxy } : {}),
                ...(isLoon && proxy ? { node: proxy } : {}),
                ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
                ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                ...(insecure ? insecure : {}),
            });
+            $.info(`statusCode: ${statusCode}`);
+            if (statusCode < 200 || statusCode >= 400) {
+                throw new Error(`statusCode: ${statusCode}`);
+            }

            if (headers) {
                const flowInfo = getFlowField(headers);
                if (flowInfo) {
-                    headersResourceCache.set(url, flowInfo);
+                    headersResourceCache.set(id, flowInfo);
                }
            }
            if (body.replace(/\s/g, '').length === 0)
@@ -177,6 +242,7 @@ export default async function download(
                    $arguments.flowUserAgent,
                    undefined,
                    proxy,
+                    $arguments.flowUrl,
                ),
            ),
        );
--- a/backend/src/utils/env.js
+++ b/backend/src/utils/env.js
@@ -24,6 +24,7 @@ if (isLanceX) backend = 'LanceX';
 if (isGUIforCores) backend = 'GUI.for.Cores';

 let meta = {};
+let feature = {};

 try {
    if (typeof $environment !== 'undefined') {
@@ -63,5 +64,6 @@ try {
 export default {
    backend,
    version: substoreVersion,
+    feature,
    meta,
 };
--- a/backend/src/utils/flow.js
+++ b/backend/src/utils/flow.js
@@ -1,17 +1,35 @@
 import { SETTINGS_KEY } from '@/constants';
 import { HTTP, ENV } from '@/vendor/open-api';
+import { hex_md5 } from '@/vendor/md5';
 import { getPolicyDescriptor } from '@/utils';
 import $ from '@/core/app';
 import headersResourceCache from '@/utils/headers-resource-cache';

 export function getFlowField(headers) {
-    const subkey = Object.keys(headers).filter((k) =>
-        /SUBSCRIPTION-USERINFO/i.test(k),
-    )[0];
-    return headers[subkey];
+    const keys = Object.keys(headers);
+    let sub = '';
+    let webPage = '';
+    for (let k of keys) {
+        const lower = k.toLowerCase();
+        if (lower === 'subscription-userinfo') {
+            sub = headers[k];
+        } else if (lower === 'profile-web-page-url') {
+            webPage = headers[k];
+        }
+    }
+
+    return `${sub || ''}${
+        webPage ? `; app_url=${encodeURIComponent(webPage)}` : ''
+    }`;
 }
-export async function getFlowHeaders(rawUrl, ua, timeout, proxy) {
-    let url = rawUrl;
+export async function getFlowHeaders(
+    rawUrl,
+    ua,
+    timeout,
+    customProxy,
+    flowUrl,
+) {
+    let url = flowUrl || rawUrl || '';
    let $arguments = {};
    const rawArgs = url.split('#');
    url = url.split('#')[0];
@@ -35,76 +53,125 @@ export async function getFlowHeaders(rawUrl, ua, timeout, proxy) {
        return;
    }
    const { isStash, isLoon, isShadowRocket, isQX } = ENV();
-    const cached = headersResourceCache.get(url);
+    const insecure = $arguments?.insecure
+        ? $.env.isNode
+            ? { strictSSL: false }
+            : { insecure: true }
+        : undefined;
+    const { defaultProxy, defaultFlowUserAgent, defaultTimeout } =
+        $.read(SETTINGS_KEY);
+    let proxy = customProxy || defaultProxy;
+    if ($.env.isNode) {
+        proxy = proxy || eval('process.env.SUB_STORE_BACKEND_DEFAULT_PROXY');
+    }
+    const userAgent = ua || defaultFlowUserAgent || 'clash';
+    const requestTimeout = timeout || defaultTimeout || 8000;
+    const id = hex_md5(userAgent + url);
+    const cached = headersResourceCache.get(id);
    let flowInfo;
    if (!$arguments?.noCache && cached) {
-        // $.info(`使用缓存的流量信息: ${url}`);
+        $.info(`使用缓存的流量信息: ${url}, ${userAgent}`);
        flowInfo = cached;
    } else {
-        const { defaultFlowUserAgent, defaultTimeout } = $.read(SETTINGS_KEY);
-        const userAgent =
-            ua ||
-            defaultFlowUserAgent ||
-            'Quantumult%20X/1.0.30 (iPhone14,2; iOS 15.6)';
-        const requestTimeout = timeout || defaultTimeout;
        const http = HTTP();
-        try {
+        if (flowUrl) {
            $.info(
-                `使用 HEAD 方法获取流量信息: ${url}, User-Agent: ${
+                `使用 GET 方法从响应体获取流量信息: ${flowUrl}, User-Agent: ${
                    userAgent || ''
-                }`,
+                }, Insecure: ${!!insecure}, Proxy: ${proxy}`,
            );
-            const { headers } = await http.head({
-                url: url
-                    .split(/[\r\n]+/)
-                    .map((i) => i.trim())
-                    .filter((i) => i.length)[0],
+            const { body } = await http.get({
+                url: flowUrl,
                headers: {
                    'User-Agent': userAgent,
-                    ...(isStash && proxy
-                        ? {
-                              'X-Stash-Selected-Proxy':
-                                  encodeURIComponent(proxy),
-                          }
-                        : {}),
-                    ...(isShadowRocket && proxy
-                        ? { 'X-Surge-Policy': proxy }
-                        : {}),
                },
                timeout: requestTimeout,
                ...(proxy ? { proxy } : {}),
                ...(isLoon && proxy ? { node: proxy } : {}),
                ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
                ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                ...(insecure ? insecure : {}),
            });
-            flowInfo = getFlowField(headers);
-        } catch (e) {
-            $.error(
-                `使用 HEAD 方法获取流量信息失败: ${url}, User-Agent: ${
-                    userAgent || ''
-                }: ${e.message ?? e}`,
-            );
-        }
-        if (!flowInfo) {
-            $.info(
-                `使用 GET 方法获取流量信息: ${url}, User-Agent: ${
-                    userAgent || ''
-                }`,
-            );
-            const { headers } = await http.get({
-                url: url
-                    .split(/[\r\n]+/)
-                    .map((i) => i.trim())
-                    .filter((i) => i.length)[0],
-                headers: {
-                    'User-Agent': userAgent,
-                },
-                timeout: requestTimeout,
-            });
-            flowInfo = getFlowField(headers);
+            flowInfo = body;
+        } else {
+            try {
+                $.info(
+                    `使用 HEAD 方法从响应头获取流量信息: ${url}, User-Agent: ${
+                        userAgent || ''
+                    }, Insecure: ${!!insecure}, Proxy: ${proxy}`,
+                );
+                const { headers } = await http.head({
+                    url: url
+                        .split(/[\r\n]+/)
+                        .map((i) => i.trim())
+                        .filter((i) => i.length)[0],
+                    headers: {
+                        'User-Agent': userAgent,
+                        ...(isStash && proxy
+                            ? {
+                                  'X-Stash-Selected-Proxy':
+                                      encodeURIComponent(proxy),
+                              }
+                            : {}),
+                        ...(isShadowRocket && proxy
+                            ? { 'X-Surge-Policy': proxy }
+                            : {}),
+                    },
+                    timeout: requestTimeout,
+                    ...(proxy ? { proxy } : {}),
+                    ...(isLoon && proxy ? { node: proxy } : {}),
+                    ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
+                    ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                    ...(insecure ? insecure : {}),
+                });
+                flowInfo = getFlowField(headers);
+            } catch (e) {
+                $.error(
+                    `使用 HEAD 方法从响应头获取流量信息失败: ${url}, User-Agent: ${
+                        userAgent || ''
+                    }, Insecure: ${!!insecure}, Proxy: ${proxy}: ${
+                        e.message ?? e
+                    }`,
+                );
+            }
+            if (!flowInfo) {
+                $.info(
+                    `使用 GET 方法获取流量信息: ${url}, User-Agent: ${
+                        userAgent || ''
+                    }, Insecure: ${!!insecure}, Proxy: ${proxy}`,
+                );
+                const { headers } = await http.get({
+                    url: url
+                        .split(/[\r\n]+/)
+                        .map((i) => i.trim())
+                        .filter((i) => i.length)[0],
+                    headers: {
+                        'User-Agent': userAgent,
+                        ...(isStash && proxy
+                            ? {
+                                  'X-Stash-Selected-Proxy':
+                                      encodeURIComponent(proxy),
+                              }
+                            : {}),
+                        ...(isShadowRocket && proxy
+                            ? { 'X-Surge-Policy': proxy }
+                            : {}),
+                    },
+                    timeout: requestTimeout,
+                    ...(proxy ? { proxy } : {}),
+                    ...(isLoon && proxy ? { node: proxy } : {}),
+                    ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
+                    ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                    ...(insecure ? insecure : {}),
+                });
+                flowInfo = getFlowField(headers);
+            }
        }
        if (flowInfo) {
-            headersResourceCache.set(url, flowInfo);
+            flowInfo = flowInfo.trim();
+        }
+        if (flowInfo) {
+            headersResourceCache.set(id, flowInfo);
        }
    }

@@ -135,8 +202,29 @@ export function parseFlowHeaders(flowHeaders) {
        ? Number(expireMatch[1] + expireMatch[2])
        : undefined;

-    return { expires, total, usage: { upload, download } };
+    const remainingDaysMatch = flowHeaders.match(/reset_day=([0-9]+)/);
+    const remainingDays = remainingDaysMatch
+        ? Number(remainingDaysMatch[1])
+        : undefined;
+
+    const appUrlMatch = flowHeaders.match(/app_url=(.*?)\s*?(;|$)/);
+    const appUrl = appUrlMatch ? decodeURIComponent(appUrlMatch[1]) : undefined;
+
+    const planNameMatch = flowHeaders.match(/plan_name=(.*?)\s*?(;|$)/);
+    const planName = planNameMatch
+        ? decodeURIComponent(planNameMatch[1])
+        : undefined;
+
+    return {
+        expires,
+        total,
+        usage: { upload, download },
+        remainingDays,
+        appUrl,
+        planName,
+    };
 }
+
 export function flowTransfer(flow, unit = 'B') {
    const unitList = ['B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
    let unitIndex = unitList.indexOf(unit);
--- a/backend/src/utils/geo.js
+++ b/backend/src/utils/geo.js
@@ -17,6 +17,7 @@ const ISOFlags = {
    '🇧🇪': ['BE', 'BEL'],
    '🇧🇬': ['BG', 'BGR'],
    '🇧🇭': ['BH', 'BHR'],
+    '🇧🇴': ['BO', 'BOL'],
    '🇧🇷': ['BR', 'BRA'],
    '🇧🇾': ['BY', 'BLR'],
    '🇨🇦': ['CA', 'CAN'],
@@ -38,6 +39,7 @@ const ISOFlags = {
    '🇬🇧': ['GB', 'GBR', 'UK'],
    '🇬🇪': ['GE', 'GEO'],
    '🇬🇷': ['GR', 'GRC'],
+    '🇬🇹': ['GT', 'GTM'],
    '🇭🇰': ['HK', 'HKG', 'HKT', 'HKBN', 'HGC', 'WTT', 'CMI'],
    '🇭🇷': ['HR', 'HRV'],
    '🇭🇺': ['HU', 'HUN'],
@@ -151,6 +153,7 @@ export function getFlag(name) {
            '滑铁卢',
            '多伦多',
            'Waterloo',
+            'Toronto',
        ],
        '🇨🇭': ['Switzerland', '瑞士', '苏黎世', 'Zurich'],
        '🇨🇱': ['Chile', '智利'],
@@ -245,7 +248,7 @@ export function getFlag(name) {
        '🇮🇪': ['Ireland', '爱尔兰', '愛爾蘭', '都柏林'],
        '🇮🇱': ['Israel', '以色列'],
        '🇮🇲': ['Isle of Man', '马恩岛', '馬恩島'],
-        '🇮🇳': ['India', '印度', '孟买', 'MFumbai'],
+        '🇮🇳': ['India', '印度', '孟买', 'MFumbai', 'Mumbai'],
        '🇮🇷': ['Iran', '伊朗'],
        '🇮🇸': ['Iceland', '冰岛', '冰島'],
        '🇮🇹': ['Italy', '意大利', '義大利', '米兰', 'Nachash'],
@@ -261,7 +264,14 @@ export function getFlag(name) {
        '🇲🇹': ['Malta', '马耳他'],
        '🇲🇽': ['Mexico', '墨西哥'],
        '🇲🇾': ['Malaysia', '马来', '馬來', '吉隆坡', '大馬'],
-        '🇳🇱': ['Netherlands', '荷兰', '荷蘭', '尼德蘭', '阿姆斯特丹'],
+        '🇳🇱': [
+            'Netherlands',
+            '荷兰',
+            '荷蘭',
+            '尼德蘭',
+            '阿姆斯特丹',
+            'Amsterdam',
+        ],
        '🇳🇴': ['Norway', '挪威'],
        '🇳🇵': ['Nepal', '尼泊尔'],
        '🇳🇿': ['New Zealand', '新西兰', '新西蘭'],
@@ -269,7 +279,7 @@ export function getFlag(name) {
        '🇵🇪': ['Peru', '秘鲁', '祕魯'],
        '🇵🇭': ['Philippines', '菲律宾', '菲律賓'],
        '🇵🇰': ['Pakistan', '巴基斯坦'],
-        '🇵🇱': ['Poland', '波兰', '波蘭'],
+        '🇵🇱': ['Poland', '波兰', '波蘭', '华沙', 'Warsaw'],
        '🇵🇷': ['Puerto Rico', '波多黎各'],
        '🇵🇹': ['Portugal', '葡萄牙'],
        '🇵🇾': ['Paraguay', '巴拉圭'],
@@ -293,8 +303,8 @@ export function getFlag(name) {
            '沪俄',
            'Moscow',
        ],
-        '🇸🇦': ['Saudi', '沙特阿拉伯', '沙特'],
-        '🇸🇪': ['Sweden', '瑞典'],
+        '🇸🇦': ['Saudi', '沙特阿拉伯', '沙特', 'Riyadh', '利雅得'],
+        '🇸🇪': ['Sweden', '瑞典', '斯德哥尔摩', 'Stockholm'],
        '🇸🇬': [
            'Singapore',
            '新加坡',
@@ -314,7 +324,7 @@ export function getFlag(name) {
        '🇸🇰': ['Slovakia', '斯洛伐克'],
        '🇹🇭': ['Thailand', '泰国', '泰國', '曼谷'],
        '🇹🇳': ['Tunisia', '突尼斯'],
-        '🇹🇷': ['Turkey', '土耳其', '伊斯坦布尔'],
+        '🇹🇷': ['Turkey', '土耳其', '伊斯坦布尔', 'Istanbul'],
        '🇹🇼': [
            'Taiwan',
            '台湾',
@@ -329,6 +339,7 @@ export function getFlag(name) {
            '台',
            '臺',
            'Taipei',
+            'Tai Wan',
        ],
        '🇺🇦': ['Ukraine', '乌克兰', '烏克蘭'],
        '🇺🇸': [
@@ -340,6 +351,7 @@ export function getFlag(name) {
            '波特兰',
            '达拉斯',
            '俄勒冈',
+            'Oregon',
            '凤凰城',
            '费利蒙',
            '硅谷',
@@ -353,10 +365,17 @@ export function getFlag(name) {
            '沪美',
            '哥伦布',
            '纽约',
+            'New York',
            'Los Angeles',
            'San Jose',
            'Sillicon Valley',
            'Michigan',
+            '俄亥俄',
+            'Ohio',
+            '马纳萨斯',
+            'Manassas',
+            '弗吉尼亚',
+            'Virginia',
        ],
        '🇺🇾': ['Uruguay', '乌拉圭'],
        '🇻🇪': ['Venezuela', '委内瑞拉'],
@@ -417,8 +436,12 @@ export function getFlag(name) {
                RegExp(`(^|[^a-zA-Z])${keyword}([^a-zA-Z]|$)`).test(name),
            )
        ) {
-            //console.log(`ISOFlag = ${flag}`)
-            return (Flag = flag);
+            const isCN2 =
+                flag == '🇨🇳' &&
+                RegExp(`(^|[^a-zA-Z])CN2([^a-zA-Z]|$)`).test(name);
+            if (!isCN2) {
+                return (Flag = flag);
+            }
        }
    }

@@ -430,6 +453,13 @@ export function getISO(name) {
    return ISOFlags[getFlag(name)]?.[0];
 }

+// remove flag
+export function removeFlag(str) {
+    return str
+        .replace(/[\uD83C][\uDDE6-\uDDFF][\uD83C][\uDDE6-\uDDFF]|🏴‍☠️|🏳️‍🌈/g, '')
+        .trim();
+}
+
 export class MMDB {
    constructor({ country, asn } = {}) {
        if ($.env.isNode) {
@@ -438,11 +468,21 @@ export class MMDB {
            const countryFile =
                country || eval('process.env.SUB_STORE_MMDB_COUNTRY_PATH');
            const asnFile = asn || eval('process.env.SUB_STORE_MMDB_ASN_PATH');
+            // $.info(
+            //     `GeoLite2 Country MMDB: ${countryFile}, exists: ${fs.existsSync(
+            //         countryFile,
+            //     )}`,
+            // );
            if (countryFile) {
                this.countryReader = Reader.openBuffer(
                    fs.readFileSync(countryFile),
                );
            }
+            // $.info(
+            //     `GeoLite2 ASN MMDB: ${asnFile}, exists: ${fs.existsSync(
+            //         asnFile,
+            //     )}`,
+            // );
            if (asnFile) {
                if (!fs.existsSync(asnFile))
                    throw new Error('GeoLite2 ASN MMDB does not exist');
@@ -456,4 +496,7 @@ export class MMDB {
    ipaso(ip) {
        return this.asnReader?.asn(ip)?.autonomousSystemOrganization;
    }
+    ipasn(ip) {
+        return this.asnReader?.asn(ip)?.autonomousSystemNumber;
+    }
 }
--- a/backend/src/utils/gist.js
+++ b/backend/src/utils/gist.js
@@ -1,10 +1,21 @@
-import { HTTP } from '@/vendor/open-api';
+import { HTTP, ENV } from '@/vendor/open-api';
+import { getPolicyDescriptor } from '@/utils';
+import $ from '@/core/app';
+import { SETTINGS_KEY } from '@/constants';

 /**
 * Gist backup
 */
 export default class Gist {
    constructor({ token, key, syncPlatform }) {
+        const { isStash, isLoon, isShadowRocket, isQX } = ENV();
+        const { defaultProxy, defaultTimeout: timeout } = $.read(SETTINGS_KEY);
+        let proxy = defaultProxy;
+        if ($.env.isNode) {
+            proxy =
+                proxy || eval('process.env.SUB_STORE_BACKEND_DEFAULT_PROXY');
+        }
+
        if (syncPlatform === 'gitlab') {
            this.headers = {
                'PRIVATE-TOKEN': `${token}`,
@@ -13,7 +24,25 @@ export default class Gist {
            };
            this.http = HTTP({
                baseURL: 'https://gitlab.com/api/v4',
-                headers: { ...this.headers },
+                headers: {
+                    ...this.headers,
+                    ...(isStash && proxy
+                        ? {
+                              'X-Stash-Selected-Proxy':
+                                  encodeURIComponent(proxy),
+                          }
+                        : {}),
+                    ...(isShadowRocket && proxy
+                        ? { 'X-Surge-Policy': proxy }
+                        : {}),
+                },
+
+                ...(proxy ? { proxy } : {}),
+                ...(isLoon && proxy ? { node: proxy } : {}),
+                ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
+                ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                timeout: timeout || 8000,
+
                events: {
                    onResponse: (resp) => {
                        if (/^[45]/.test(String(resp.statusCode))) {
@@ -35,7 +64,25 @@ export default class Gist {
            };
            this.http = HTTP({
                baseURL: 'https://api.github.com',
-                headers: { ...this.headers },
+                headers: {
+                    ...this.headers,
+                    ...(isStash && proxy
+                        ? {
+                              'X-Stash-Selected-Proxy':
+                                  encodeURIComponent(proxy),
+                          }
+                        : {}),
+                    ...(isShadowRocket && proxy
+                        ? { 'X-Surge-Policy': proxy }
+                        : {}),
+                },
+
+                ...(proxy ? { proxy } : {}),
+                ...(isLoon && proxy ? { node: proxy } : {}),
+                ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
+                ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                timeout: timeout || 8000,
+
                events: {
                    onResponse: (resp) => {
                        if (/^[45]/.test(String(resp.statusCode))) {
--- a/backend/src/utils/index.js
+++ b/backend/src/utils/index.js
@@ -1,3 +1,4 @@
+import * as ipAddress from 'ip-address';
 // source: https://stackoverflow.com/a/36760050
 const IPV4_REGEX = /^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)(\.(?!$)|$)){4}$/;

@@ -46,54 +47,78 @@ function getPolicyDescriptor(str) {
          };
 }

-const utf8ArrayToStr =
-    typeof TextDecoder !== 'undefined'
-        ? (v) => new TextDecoder().decode(new Uint8Array(v))
-        : (function () {
-              var charCache = new Array(128); // Preallocate the cache for the common single byte chars
-              var charFromCodePt = String.fromCodePoint || String.fromCharCode;
-              var result = [];
+// const utf8ArrayToStr =
+//     typeof TextDecoder !== 'undefined'
+//         ? (v) => new TextDecoder().decode(new Uint8Array(v))
+//         : (function () {
+//               var charCache = new Array(128); // Preallocate the cache for the common single byte chars
+//               var charFromCodePt = String.fromCodePoint || String.fromCharCode;
+//               var result = [];

-              return function (array) {
-                  var codePt, byte1;
-                  var buffLen = array.length;
+//               return function (array) {
+//                   var codePt, byte1;
+//                   var buffLen = array.length;

-                  result.length = 0;
+//                   result.length = 0;

-                  for (var i = 0; i < buffLen; ) {
-                      byte1 = array[i++];
+//                   for (var i = 0; i < buffLen; ) {
+//                       byte1 = array[i++];

-                      if (byte1 <= 0x7f) {
-                          codePt = byte1;
-                      } else if (byte1 <= 0xdf) {
-                          codePt = ((byte1 & 0x1f) << 6) | (array[i++] & 0x3f);
-                      } else if (byte1 <= 0xef) {
-                          codePt =
-                              ((byte1 & 0x0f) << 12) |
-                              ((array[i++] & 0x3f) << 6) |
-                              (array[i++] & 0x3f);
-                      } else if (String.fromCodePoint) {
-                          codePt =
-                              ((byte1 & 0x07) << 18) |
-                              ((array[i++] & 0x3f) << 12) |
-                              ((array[i++] & 0x3f) << 6) |
-                              (array[i++] & 0x3f);
-                      } else {
-                          codePt = 63; // Cannot convert four byte code points, so use "?" instead
-                          i += 3;
-                      }
+//                       if (byte1 <= 0x7f) {
+//                           codePt = byte1;
+//                       } else if (byte1 <= 0xdf) {
+//                           codePt = ((byte1 & 0x1f) << 6) | (array[i++] & 0x3f);
+//                       } else if (byte1 <= 0xef) {
+//                           codePt =
+//                               ((byte1 & 0x0f) << 12) |
+//                               ((array[i++] & 0x3f) << 6) |
+//                               (array[i++] & 0x3f);
+//                       } else if (String.fromCodePoint) {
+//                           codePt =
+//                               ((byte1 & 0x07) << 18) |
+//                               ((array[i++] & 0x3f) << 12) |
+//                               ((array[i++] & 0x3f) << 6) |
+//                               (array[i++] & 0x3f);
+//                       } else {
+//                           codePt = 63; // Cannot convert four byte code points, so use "?" instead
+//                           i += 3;
+//                       }

-                      result.push(
-                          charCache[codePt] ||
-                              (charCache[codePt] = charFromCodePt(codePt)),
-                      );
-                  }
+//                       result.push(
+//                           charCache[codePt] ||
+//                               (charCache[codePt] = charFromCodePt(codePt)),
+//                       );
+//                   }

-                  return result.join('');
-              };
-          })();
+//                   return result.join('');
+//               };
+//           })();
+
+function getRandomInt(min, max) {
+    min = Math.ceil(min);
+    max = Math.floor(max);
+    return Math.floor(Math.random() * (max - min + 1)) + min;
+}
+
+function getRandomPort(portString) {
+    let portParts = portString.split(/,|\//);
+    let randomPart = portParts[Math.floor(Math.random() * portParts.length)];
+    if (randomPart.includes('-')) {
+        let [min, max] = randomPart.split('-').map(Number);
+        return getRandomInt(min, max);
+    } else {
+        return Number(randomPart);
+    }
+}
+
+function numberToString(value) {
+    return Number.isSafeInteger(value)
+        ? String(value)
+        : BigInt(value).toString();
+}

 export {
+    ipAddress,
    isIPv4,
    isIPv6,
    isValidPortNumber,
@@ -101,6 +126,8 @@ export {
    getIfNotBlank,
    isPresent,
    getIfPresent,
-    utf8ArrayToStr,
+    // utf8ArrayToStr,
    getPolicyDescriptor,
+    getRandomPort,
+    numberToString,
 };
--- a/backend/src/utils/rs.js
+++ b/backend/src/utils/rs.js
@@ -0,0 +1,11 @@
+import rs from 'jsrsasign';
+
+export function generateFingerprint(caStr) {
+    const hex = rs.pemtohex(caStr);
+    const fingerPrint = rs.KJUR.crypto.Util.hashHex(hex, 'sha256');
+    return fingerPrint.match(/.{2}/g).join(':').toUpperCase();
+}
+
+export default {
+    generateFingerprint,
+};
--- a/backend/src/utils/user-agent.js
+++ b/backend/src/utils/user-agent.js
@@ -2,18 +2,24 @@ export function getUserAgentFromHeaders(headers) {
    const keys = Object.keys(headers);
    let UA = '';
    let ua = '';
+    let accept = '';
    for (let k of keys) {
-        if (/USER-AGENT/i.test(k)) {
+        const lower = k.toLowerCase();
+        if (lower === 'user-agent') {
            UA = headers[k];
            ua = UA.toLowerCase();
-            break;
+        } else if (lower === 'accept') {
+            accept = headers[k];
        }
    }
-    return { UA, ua };
+    return { UA, ua, accept };
 }
-export function getPlatformFromUserAgent({ ua, UA }) {
+
+export function getPlatformFromUserAgent({ ua, UA, accept }) {
    if (UA.indexOf('Quantumult%20X') !== -1) {
        return 'QX';
+    } else if (ua.indexOf('egern') !== -1) {
+        return 'Egern';
    } else if (UA.indexOf('Surfboard') !== -1) {
        return 'Surfboard';
    } else if (UA.indexOf('Surge Mac') !== -1) {
@@ -28,7 +34,9 @@ export function getPlatformFromUserAgent({ ua, UA }) {
        return 'Stash';
    } else if (
        ua === 'meta' ||
-        (ua.indexOf('clash') !== -1 && ua.indexOf('meta') !== -1)
+        (ua.indexOf('clash') !== -1 && ua.indexOf('meta') !== -1) ||
+        ua.indexOf('clash-verge') !== -1 ||
+        ua.indexOf('flclash') !== -1
    ) {
        return 'ClashMeta';
    } else if (ua.indexOf('clash') !== -1) {
@@ -37,11 +45,14 @@ export function getPlatformFromUserAgent({ ua, UA }) {
        return 'V2Ray';
    } else if (ua.indexOf('sing-box') !== -1) {
        return 'sing-box';
-    } else {
+    } else if (accept.indexOf('application/json') === 0) {
        return 'JSON';
+    } else {
+        return 'V2Ray';
    }
 }
+
 export function getPlatformFromHeaders(headers) {
-    const { UA, ua } = getUserAgentFromHeaders(headers);
-    return getPlatformFromUserAgent({ ua, UA });
+    const { UA, ua, accept } = getUserAgentFromHeaders(headers);
+    return getPlatformFromUserAgent({ ua, UA, accept });
 }
--- a/backend/src/utils/yaml.js
+++ b/backend/src/utils/yaml.js
@@ -17,16 +17,16 @@ function retry(fn, content, ...args) {
 }

 export function safeLoad(content, ...args) {
-    return retry(YAML.safeLoad, content, ...args);
+    return retry(YAML.safeLoad, JSON.parse(JSON.stringify(content)), ...args);
 }
 export function load(content, ...args) {
-    return retry(YAML.load, content, ...args);
+    return retry(YAML.load, JSON.parse(JSON.stringify(content)), ...args);
 }
-export function safeDump(...args) {
-    return YAML.safeDump(...args);
+export function safeDump(content, ...args) {
+    return YAML.safeDump(JSON.parse(JSON.stringify(content)), ...args);
 }
-export function dump(...args) {
-    return YAML.dump(...args);
+export function dump(content, ...args) {
+    return YAML.dump(JSON.parse(JSON.stringify(content)), ...args);
 }

 export default {
--- a/backend/src/vendor/express.js
+++ b/backend/src/vendor/express.js
@@ -9,6 +9,7 @@ export default function express({ substore: $, port, host }) {
        'Access-Control-Allow-Methods': 'POST,GET,OPTIONS,PATCH,PUT,DELETE',
        'Access-Control-Allow-Headers':
            'Origin, X-Requested-With, Content-Type, Accept',
+        'X-Powered-By': 'Sub-Store',
    };

    // node support
--- a/backend/src/vendor/open-api.js
+++ b/backend/src/vendor/open-api.js
@@ -341,7 +341,10 @@ export function HTTP(defaultOptions = { baseURL: '' }) {
                const request = isNode
                    ? eval("require('request')")
                    : $httpClient;
+                const body = options.body;
                const opts = JSON.parse(JSON.stringify(options));
+                opts.body = body;
+
                if (!isNode && opts.timeout) {
                    opts.timeout++;
                    let unit = 'ms';
@@ -382,6 +385,12 @@ export function HTTP(defaultOptions = { baseURL: '' }) {
                        url: options.url,
                        headers: options.headers,
                        body: options.body,
+                        options: {
+                            Proxy: options.proxy,
+                            Timeout: options.timeout
+                                ? options.timeout / 1000
+                                : 15,
+                        },
                    });
                    resolve({
                        statusCode: response.status,
--- a/config/Egern.yaml
+++ b/config/Egern.yaml
@@ -0,0 +1,38 @@
+name: Sub-Store
+description: '支持 Surge 正式版的参数设置功能. 测落地功能 ability: http-client-policy, 同步配置的定时 cronexp: 55 23 * * *'
+compat_arguments:
+  ability: http-client-policy
+  cronexp: 55 23 * * *
+  sync: '"Sub-Store Sync"'
+  timeout: '120'
+  engine: auto
+  produce: '"# Sub-Store Produce"'
+  produce_cronexp: 50 */6 * * *
+  produce_sub: '"sub1,sub2"'
+  produce_col: '"col1,col2"'
+compat_arguments_desc: '\n1️⃣ ability\n\n默认已开启测落地能力\n需要配合脚本操作\n如 https://raw.githubusercontent.com/Keywos/rule/main/cname.js\n填写任意其他值关闭\n\n2️⃣ cronexp\n\n同步配置定时任务\n默认为每天 23 点 55 分\n\n定时任务指定时将订阅/文件上传到私有 Gist. 在前端, 叫做 ''同步'' 或 ''同步配置''\n\n3️⃣ sync\n\n自定义定时任务名\n便于在脚本编辑器中选择\n若设为 # 可取消定时任务\n\n4️⃣ timeout\n\n脚本超时, 单位为秒\n\n5️⃣ engine\n\n默认为自动使用 webview 引擎, 可设为指定 jsc, 但 jsc 容易爆内存\n\n6️⃣ produce\n\n自定义处理订阅的定时任务名\n一般用于定时处理耗时较长的订阅, 以更新缓存\n这样 Surge 中拉取的时候就能用到缓存, 不至于总是超时\n若设为 # 可取消此定时任务\n默认不开启\n\n7️⃣ produce_cronexp\n\n配置处理订阅的定时任务\n\n默认为每 6 小时\n\n9️⃣ produce_sub\n\n自定义需定时处理的单条订阅名\n多个用 , 连接\n\n🔟 produce_col\n\n自定义需定时处理的组合订阅名\n多个用 , 连接\n\n⚠️ 注意: 是 名称(name) 不是 显示名称(displayName)\n如果名称需要编码, 请编码后再用 , 连接\n顺序: 并发执行单条订阅, 然后并发执行组合订阅'
+scriptings:
+- http_request:
+    name: Sub-Store Core
+    match: ^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info)))
+    script_url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js
+    body_required: true
+- http_request:
+    name: Sub-Store Simple
+    match: ^https?:\/\/sub\.store
+    script_url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js
+    body_required: true
+- schedule:
+    name: '{{{sync}}}'
+    cron: '{{{cronexp}}}'
+    script_url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js
+- schedule:
+    name: '{{{produce}}}'
+    cron: '{{{produce_cronexp}}}'
+    script_url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js
+    arguments:
+      _compat.$argument: '"sub={{{produce_sub}}}&col={{{produce_col}}}"'
+mitm:
+  hostnames:
+    includes:
+    - sub.store
--- a/config/Loon.plugin
+++ b/config/Loon.plugin
@@ -14,7 +14,7 @@ DOMAIN,sub-store.vercel.app,PROXY
 hostname=sub.store

 [Script]
-http-request ^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))) script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js, requires-body=true, timeout=120, tag=Sub-Store Core
-http-request ^https?:\/\/sub\.store script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js, requires-body=true, timeout=120, tag=Sub-Store Simple
+http-request ^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))) script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js, requires-body=true, timeout=120, tag=Sub-Store Core
+http-request ^https?:\/\/sub\.store script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js, requires-body=true, timeout=120, tag=Sub-Store Simple

-cron "55 23 * * *" script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js, timeout=120, tag=Sub-Store Sync
+cron "55 23 * * *" script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js, timeout=120, tag=Sub-Store Sync
--- a/config/QX-Task.json
+++ b/config/QX-Task.json
@@ -2,6 +2,6 @@
  "name": "Sub-Store",
  "description": "定时任务默认为每天 23 点 55 分. 定时任务指定时将订阅/文件上传到私有 Gist. 在前端, 叫做 '同步' 或 '同步配置'",
  "task": [
-    "55 23 * * * https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js, tag=Sub-Store Sync, img-url=https://raw.githubusercontent.com/58xinian/icon/master/Sub-Store1.png"
+    "55 23 * * * https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js, tag=Sub-Store Sync, img-url=https://raw.githubusercontent.com/58xinian/icon/master/Sub-Store1.png"
  ]
 }
--- a/config/QX.snippet
+++ b/config/QX.snippet
@@ -1,4 +1,4 @@
 hostname=sub.store

-^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))) url script-analyze-echo-response https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js
-^https?:\/\/sub\.store url script-analyze-echo-response https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js
+^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))) url script-analyze-echo-response https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js
+^https?:\/\/sub\.store url script-analyze-echo-response https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js
--- a/config/README.md
+++ b/config/README.md
@@ -6,13 +6,23 @@ Sub-Store Releases: [`https://github.com/sub-store-org/Sub-Store/releases`](http

 Telegram 频道: [`https://t.me/cool_scripts` ](https://t.me/cool_scripts)

-## 脚本配置：
+## 服务器/云平台/Docker/Android 版
+
+https://xream.notion.site/Sub-Store-abe6a96944724dc6a36833d5c9ab7c87
+
+## App 版

 ### 1. Loon
 安装使用 插件 [`https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Loon.plugin`](https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Loon.plugin) 即可。

 ### 2. Surge

+#### 关于 Surge 的格外说明
+
+Surge Mac 版如何支持 SSR, 如何去除 HTTP 传输层以支持 类似 VMess HTTP 节点等 请查看 [链接参数说明](https://github.com/sub-store-org/Sub-Store/wiki/%E9%93%BE%E6%8E%A5%E5%8F%82%E6%95%B0%E8%AF%B4%E6%98%8E)
+
+定时处理订阅 功能, 避免 App 内拉取超时, 请查看 [定时处理订阅](https://t.me/zhetengsha/1449)
+
 0. 最新 Surge iOS TestFlight 版本 可使用 Beta 版(支持最新 Surge iOS TestFlight 版本的特性): [`https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge-Beta.sgmodule`](https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge-Beta.sgmodule)

 1. 官方默认版模块(支持 App 内使用编辑参数): [`https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge.sgmodule`](https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge.sgmodule)
@@ -35,7 +45,18 @@ Telegram 频道: [`https://t.me/cool_scripts` ](https://t.me/cool_scripts)
 ### 5. Shadowrocket
 安装使用 模块 [`https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge-Noability.sgmodule`](https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge-Noability.sgmodule) 即可。

+### 6. Egern
+安装使用 模块 [`https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Egern.yaml`](https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Egern.yaml) 即可。
+
 ## 使用 Sub-Store
 1. 使用 Safari 打开这个 https://sub.store 如网页正常打开并且未弹出任何错误提示，说明 Sub-Store 已经配置成功。
 2. 可以把 Sub-Store 添加到主屏幕，即可获得类似于 APP 的使用体验。
 3. 更详细的使用指南请参考[文档](https://www.notion.so/Sub-Store-6259586994d34c11a4ced5c406264b46)。
+
+## 链接参数说明
+
+https://github.com/sub-store-org/Sub-Store/wiki/%E9%93%BE%E6%8E%A5%E5%8F%82%E6%95%B0%E8%AF%B4%E6%98%8E
+
+## 脚本使用说明
+
+https://github.com/sub-store-org/Sub-Store/wiki/%E8%84%9A%E6%9C%AC%E4%BD%BF%E7%94%A8%E8%AF%B4%E6%98%8E
--- a/config/Stash.stoverride
+++ b/config/Stash.stoverride
@@ -25,13 +25,13 @@ cron:

 script-providers:
  sub-store-0:
-    url: https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js
+    url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js
    interval: 86400

  sub-store-1:
-    url: https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js
+    url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js
    interval: 86400

  cron-sync-artifacts:
-    url: https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
+    url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js
    interval: 86400
--- a/config/Surge-Beta.sgmodule
+++ b/config/Surge-Beta.sgmodule
@@ -1,15 +1,17 @@
 #!name=Sub-Store(β)
 #!desc=支持 Surge 正式版的参数设置功能. 测落地功能 ability: http-client-policy, 同步配置的定时 cronexp: 55 23 * * *
 #!category=订阅管理
-#!arguments=ability:http-client-policy,cronexp:55 23 * * *,sync:"Sub-Store Sync",timeout:120,engine:auto
-#!arguments-desc=\n1️⃣ ability\n\n默认已开启测落地能力\n需要配合脚本操作\n如 https://raw.githubusercontent.com/Keywos/rule/main/cname.js\n填写任意其他值关闭\n\n2️⃣ cronexp\n\n同步配置定时任务\n默认为每天 23 点 55 分\n\n定时任务指定时将订阅/文件上传到私有 Gist. 在前端, 叫做 '同步' 或 '同步配置'\n\n3️⃣ sync\n\n自定义定时任务名\n便于在脚本编辑器中选择\n若设为 # 可取消定时任务\n\n4️⃣ timeout\n\n超时, 单位为秒\n\n5️⃣ engine\n\n默认为自动使用 webview 引擎, 可设为指定 jsc, 但 jsc 容易爆内存
+#!arguments=ability:http-client-policy,cronexp:55 23 * * *,sync:"Sub-Store Sync",timeout:120,engine:auto,produce:"# Sub-Store Produce",produce_cronexp:50 */6 * * *,produce_sub:"sub1,sub2",produce_col:"col1,col2"
+#!arguments-desc=\n1️⃣ ability\n\n默认已开启测落地能力\n需要配合脚本操作\n如 https://raw.githubusercontent.com/Keywos/rule/main/cname.js\n填写任意其他值关闭\n\n2️⃣ cronexp\n\n同步配置定时任务\n默认为每天 23 点 55 分\n\n定时任务指定时将订阅/文件上传到私有 Gist. 在前端, 叫做 '同步' 或 '同步配置'\n\n3️⃣ sync\n\n自定义定时任务名\n便于在脚本编辑器中选择\n若设为 # 可取消定时任务\n\n4️⃣ timeout\n\n脚本超时, 单位为秒\n\n5️⃣ engine\n\n默认为自动使用 webview 引擎, 可设为指定 jsc, 但 jsc 容易爆内存\n\n6️⃣ produce\n\n自定义处理订阅的定时任务名\n一般用于定时处理耗时较长的订阅, 以更新缓存\n这样 Surge 中拉取的时候就能用到缓存, 不至于总是超时\n若设为 # 可取消此定时任务\n默认不开启\n\n7️⃣ produce_cronexp\n\n配置处理订阅的定时任务\n\n默认为每 6 小时\n\n9️⃣ produce_sub\n\n自定义需定时处理的单条订阅名\n多个用 , 连接\n\n🔟 produce_col\n\n自定义需定时处理的组合订阅名\n多个用 , 连接\n\n⚠️ 注意: 是 名称(name) 不是 显示名称(displayName)\n如果名称需要编码, 请编码后再用 , 连接\n顺序: 并发执行单条订阅, 然后并发执行组合订阅

 [MITM]
 hostname = %APPEND% sub.store

 [Script]
-Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout={{{timeout}}},ability="{{{ability}}}",engine={{{engine}}}
+Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js,requires-body=true,timeout={{{timeout}}},ability="{{{ability}}}",engine={{{engine}}}

-Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true,timeout={{{timeout}}},engine={{{engine}}}
+Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js,requires-body=true,timeout={{{timeout}}},engine={{{engine}}}

-{{{sync}}}=type=cron,cronexp="{{{cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js,engine={{{engine}}}
+{{{sync}}}=type=cron,cronexp="{{{cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js,engine={{{engine}}}
+
+{{{produce}}}=type=cron,cronexp="{{{produce_cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js,engine={{{engine}}},argument="sub={{{produce_sub}}}&col={{{produce_col}}}"
--- a/config/Surge-Noability.sgmodule
+++ b/config/Surge-Noability.sgmodule
@@ -7,7 +7,7 @@ hostname = %APPEND% sub.store

 [Script]
 # 主程序 已经去掉 Sub-Store Core 的参数 [,ability=http-client-policy] 不会爆内存，这个参数在 Surge 非常占用内存； 如果不需要使用指定节点功能 例如[加旗帜脚本或者cname脚本] 则可以使用此脚本
-Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout=120
-Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true,timeout=120
+Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js,requires-body=true,timeout=120
+Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js,requires-body=true,timeout=120

-Sub-Store Sync=type=cron,cronexp=55 23 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
+Sub-Store Sync=type=cron,cronexp=55 23 * * *,wake-system=1,timeout=120,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js
--- a/config/Surge-ability.sgmodule
+++ b/config/Surge-ability.sgmodule
@@ -6,7 +6,7 @@
 hostname = %APPEND% sub.store

 [Script]
-Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout=120,ability=http-client-policy
-Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true,timeout=120
+Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js,requires-body=true,timeout=120,ability=http-client-policy
+Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js,requires-body=true,timeout=120

-Sub-Store Sync=type=cron,cronexp=55 23 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
+Sub-Store Sync=type=cron,cronexp=55 23 * * *,wake-system=1,timeout=120,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js
--- a/config/Surge.sgmodule
+++ b/config/Surge.sgmodule
@@ -1,15 +1,17 @@
 #!name=Sub-Store
 #!desc=支持 Surge 正式版的参数设置功能. 测落地功能 ability: http-client-policy, 同步配置的定时 cronexp: 55 23 * * *
 #!category=订阅管理
-#!arguments=ability:http-client-policy,cronexp:55 23 * * *,sync:"Sub-Store Sync",timeout:120,engine:auto
-#!arguments-desc=\n1️⃣ ability\n\n默认已开启测落地能力\n需要配合脚本操作\n如 https://raw.githubusercontent.com/Keywos/rule/main/cname.js\n填写任意其他值关闭\n\n2️⃣ cronexp\n\n同步配置定时任务\n默认为每天 23 点 55 分\n\n定时任务指定时将订阅/文件上传到私有 Gist. 在前端, 叫做 '同步' 或 '同步配置'\n\n3️⃣ sync\n\n自定义定时任务名\n便于在脚本编辑器中选择\n若设为 # 可取消定时任务\n\n4️⃣ timeout\n\n超时, 单位为秒\n\n5️⃣ engine\n\n默认为自动使用 webview 引擎, 可设为指定 jsc, 但 jsc 容易爆内存
+#!arguments=ability:http-client-policy,cronexp:55 23 * * *,sync:"Sub-Store Sync",timeout:120,engine:auto,produce:"# Sub-Store Produce",produce_cronexp:50 */6 * * *,produce_sub:"sub1,sub2",produce_col:"col1,col2"
+#!arguments-desc=\n1️⃣ ability\n\n默认已开启测落地能力\n需要配合脚本操作\n如 https://raw.githubusercontent.com/Keywos/rule/main/cname.js\n填写任意其他值关闭\n\n2️⃣ cronexp\n\n同步配置定时任务\n默认为每天 23 点 55 分\n\n定时任务指定时将订阅/文件上传到私有 Gist. 在前端, 叫做 '同步' 或 '同步配置'\n\n3️⃣ sync\n\n自定义定时任务名\n便于在脚本编辑器中选择\n若设为 # 可取消定时任务\n\n4️⃣ timeout\n\n脚本超时, 单位为秒\n\n5️⃣ engine\n\n默认为自动使用 webview 引擎, 可设为指定 jsc, 但 jsc 容易爆内存\n\n6️⃣ produce\n\n自定义处理订阅的定时任务名\n一般用于定时处理耗时较长的订阅, 以更新缓存\n这样 Surge 中拉取的时候就能用到缓存, 不至于总是超时\n若设为 # 可取消此定时任务\n默认不开启\n\n7️⃣ produce_cronexp\n\n配置处理订阅的定时任务\n\n默认为每 6 小时\n\n9️⃣ produce_sub\n\n自定义需定时处理的单条订阅名\n多个用 , 连接\n\n🔟 produce_col\n\n自定义需定时处理的组合订阅名\n多个用 , 连接\n\n⚠️ 注意: 是 名称(name) 不是 显示名称(displayName)\n如果名称需要编码, 请编码后再用 , 连接\n顺序: 并发执行单条订阅, 然后并发执行组合订阅

 [MITM]
 hostname = %APPEND% sub.store

 [Script]
-Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout={{{timeout}}},ability="{{{ability}}}",engine={{{engine}}}
+Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js,requires-body=true,timeout={{{timeout}}},ability="{{{ability}}}",engine={{{engine}}}

-Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true,timeout={{{timeout}}},engine={{{engine}}}
+Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js,requires-body=true,timeout={{{timeout}}},engine={{{engine}}}

-{{{sync}}}=type=cron,cronexp="{{{cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js,engine={{{engine}}}
+{{{sync}}}=type=cron,cronexp="{{{cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js,engine={{{engine}}}
+
+{{{produce}}}=type=cron,cronexp="{{{produce_cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js,engine={{{engine}}},argument="sub={{{produce_sub}}}&col={{{produce_col}}}"
--- a/scripts/demo.js
+++ b/scripts/demo.js
@@ -1,26 +1,49 @@
 function operator(proxies = [], targetPlatform, context) {
  // 支持快捷操作 不一定要写一个 function
  // 可参考 https://t.me/zhetengsha/970
-  // https://t.me/zhetengsha/1009 
-
+  // https://t.me/zhetengsha/1009

  // proxies 为传入的内部节点数组
-  // 结构大致参考了 Clash.Meta(mihomo) 有私货
  // 可在预览界面点击节点查看 JSON 结构 或查看 `target=JSON` 的通用订阅
-  // 1. `no-resolve` 为不解析域名
-  // 2. 域名解析后 会多一个 `resolved` 字段
-  // 3. 域名解析后会有`_IPv4`, `_IPv6`, `_IP`(若有多个步骤, 只取第一次成功的 v4 或 v6 数据), `_domain` 字段
+  // 0. 结构大致参考了 Clash.Meta(mihomo), 可参考 mihomo 的文档, 例如 `xudp`, `smux` 都可以自己设置. 但是有私货, 下面是我能想起来的一些私货
+  // 1. `_no-resolve` 为不解析域名
+  // 2. 域名解析后 会多一个 `_resolved` 字段, 表示是否解析成功
+  // 3. 域名解析后会有`_IPv4`, `_IPv6`, `_IP`(若有多个步骤, 只取第一次成功的 v4 或 v6 数据), `_IP4P`(若解析类型为 IPv6 且符合 IP4P 类型, 将自动转换), `_domain` 字段, `_resolved_ips` 为解析出的所有 IP
  // 4. 节点字段 `exec` 为 `ssr-local` 路径, 默认 `/usr/local/bin/ssr-local`; 端口从 10000 开始递增(暂不支持配置)
+  // 5. `_subName` 为单条订阅名, `_subDisplayName` 为单条订阅显示名
+  // 6. `_collectionName` 为组合订阅名, `_collectionDisplayName` 为组合订阅显示名
+  // 7. `tls-fingerprint` 为 tls 指纹
+  // 8. `underlying-proxy` 为前置代理
+  // 9. `trojan`, `tuic`, `hysteria`, `hysteria2`, `juicity` 会在解析时设置 `tls`: true (会使用 tls 类协议的通用逻辑),  输出时删除
+  // 10. `sni` 在某些协议里会自动与 `servername` 转换
+  // 11. 读取节点的 ca-str 和 _ca (后端文件路径) 字段, 自动计算 fingerprint (参考 https://t.me/zhetengsha/1512)
+  // 12. 以 Surge 为例, 最新的参数一般我都会跟进, 以 Surge 文档为例, 一些常用的: TUIC/Hysteria 2 的 `ecn`, Snell 的 `reuse` 连接复用, QUIC 策略 block-quic`, Hysteria 2 下载带宽 `down`
+  // 13. `test-url` 为测延迟链接, `test-timeout` 为测延迟超时
+  // 14. `ports` 为端口跳跃, `hop-interval` 变换端口号的时间间隔
+  // 15. `ip-version` 设置节点使用 IP 版本，可选：dual，ipv4，ipv6，ipv4-prefer，ipv6-prefer. 会进行内部转换, 若无法匹配则使用原始值
+
+  // require 为 Node.js 的 require, 在 Node.js 运行环境下 可以用来引入模块

  // $arguments 为传入的脚本参数

+  // $options 为通过链接传入的参数
+  // 例如: { arg1: 'a', arg2: 'b' }
+  // 可这样传:
+  // 先这样处理 encodeURIComponent(JSON.stringify({ arg1: 'a', arg2: 'b' }))
+  // /api/file/foo?$options=%7B%22arg1%22%3A%22a%22%2C%22arg2%22%3A%22b%22%7D
+  // 或这样传:
+  // 先这样处理 encodeURIComponent('arg1=a&arg2=b')
+  // /api/file/foo?$options=arg1%3Da%26arg2%3Db
+
+  // console.log($options)
+
  // targetPlatform 为输出的目标平台

  // lodash

  // $substore 为 OpenAPI
  // 参考 https://github.com/Peng-YM/QuanX/blob/master/Tools/OpenAPI/README.md
-  
+
  // scriptResourceCache 缓存
  // 可参考 https://t.me/zhetengsha/1003
  // const cache = scriptResourceCache
@@ -33,17 +56,26 @@ function operator(proxies = [], targetPlatform, context) {
  //     parse, // 订阅解析
  //     process, // 节点操作/文件操作
  //     produce, // 输出订阅
+  //     getRandomPort, // 获取随机端口(参考 ports 端口跳跃的格式 443,8443,5000-6000)
+  //     ipAddress, // https://github.com/beaugunderson/ip-address
  //     isIPv4,
  //     isIPv6,
  //     isIP,
  //     yaml, // yaml 解析和生成
  //     getFlag, // 获取 emoji 旗帜
+  //     removeFlag, // 移除 emoji 旗帜
  //     getISO, // 获取 ISO 3166-1 alpha-2 代码
  //     Gist, // Gist 类
+  //     download, // 内部的下载方法, 见 backend/src/utils/download.js
+  //     MMDB, // Node.js 环境 可用于模拟 Surge/Loon 的 $utils.ipasn, $utils.ipaso, $utils.geoip. 具体见 https://t.me/zhetengsha/1269
  // }

+  // 如果只是为了快速修改或者筛选 可以参考 脚本操作支持节点快捷脚本 https://t.me/zhetengsha/970 和 脚本筛选支持节点快捷脚本 https://t.me/zhetengsha/1009
+  // ⚠️ 注意: 函数式(即本文件这样的 function operator() {}) 和快捷操作(下面使用 $server) 只能二选一
  // 示例: 给节点名添加前缀
  // $server.name = `[${ProxyUtils.getISO($server.name)}] ${$server.name}`
+  // 示例: 给节点名添加旗帜
+  // $server.name = `[${ProxyUtils.getFlag($server.name).replace(/🇹🇼/g, '🇼🇸')}] ${ProxyUtils.removeFlag($server.name)}`

  // 示例: 从 sni 文件中读取内容并进行节点操作
  // const sni = await produceArtifact({
@@ -63,7 +95,7 @@ function operator(proxies = [], targetPlatform, context) {
  //   }
  // })
  // $content = proxies
-  
+
  // 2. sing-box

  // 但是一般不需要这样用, 可参考
@@ -97,8 +129,8 @@ function operator(proxies = [], targetPlatform, context) {

  // 4. 一个比较折腾的方案: 在脚本操作中, 把内容同步到另一个 gist
  // 见 https://t.me/zhetengsha/1428
-  // 
-  // const content = ProxyUtils.produce(proxies, platform)
+  //
+  // const content = ProxyUtils.produce([...proxies], platform)

  // // YAML
  // ProxyUtils.yaml.load('YAML String')
@@ -117,16 +149,15 @@ function operator(proxies = [], targetPlatform, context) {
  // yaml.proxies.unshift(...clashMetaProxies)
  // $content = ProxyUtils.yaml.dump(yaml)

-
-  // { $content, $files } will be passed to the next operator 
+  // { $content, $files, $options } will be passed to the next operator
  // $content is the final content of the file

  // flowUtils 为机场订阅流量信息处理工具
-  // 可参考: 
+  // 可参考:
  // 1. https://t.me/zhetengsha/948

  // context 为传入的上下文
-  // 有三种情况, 按需判断
+  // 其中 source 为 订阅和组合订阅的数据, 有三种情况, 按需判断 (若只需要取订阅/组合订阅名称 直接用 `_subName` `_subDisplayName` `_collectionName` `_collectionDisplayName` 即可)

  // 若存在 `source._collection` 且 `source._collection.subscriptions` 中的 key 在 `source` 上也存在, 说明输出结果为组合订阅, 但是脚本设置在单条订阅上

@@ -134,6 +165,20 @@ function operator(proxies = [], targetPlatform, context) {

  // 若不存在 `source._collection`, 说明输出结果为单条订阅, 脚本设置在此单条订阅上

+  // 这个历史遗留原因, 是有点复杂. 提供一个例子, 用来取当前脚本所在的组合订阅或单条订阅名称
+
+  // let name = ''
+  // for (const [key, value] of Object.entries(env.source)) {
+  //   if (!key.startsWith('_')) {
+  //     name = value.displayName || value.name
+  //     break
+  //   }
+  // }
+  // if (!name) {
+  //   const collection = env.source._collection
+  //   name = collection.displayName || collection.name
+  // }
+
  // 1. 输出单条订阅 sub-1 时, 该单条订阅中的脚本上下文为:
  // {
  //   "source": {
@@ -211,7 +256,7 @@ function operator(proxies = [], targetPlatform, context) {
  // 参数说明
  // 可参考 https://github.com/sub-store-org/Sub-Store/wiki/%E9%93%BE%E6%8E%A5%E5%8F%82%E6%95%B0%E8%AF%B4%E6%98%8E

-  console.log(JSON.stringify(context, null, 2))
+  console.log(JSON.stringify(context, null, 2));

-  return proxies
+  return proxies;
 }
Author	SHA1	Message	Date
xream	e843aa3702	feat: geo 更新	2024-12-26 03:40:53 +08:00
xream	66464645f2	feat: UDP 协议跳过设置 utls	2024-12-24 21:43:23 +08:00
xream	9ccd6b3816	doc: demo.js	2024-12-24 20:49:41 +08:00
xream	74be1e3d82	doc: README	2024-12-24 15:10:38 +08:00
xream	6d78eb7356	feat: Clash 系输入支持 mieru; 调整 juicity 和 mieru 相关过滤逻辑	2024-12-24 15:08:28 +08:00
xream	38eccca8b4	feat: 组合订阅支持手动设置流量信息. 支持使用链接. 此时使用响应内容	2024-12-24 01:20:38 +08:00
xream	33e5aeceb5	fix: 修复订阅不存在时不打印错误日志的问题	2024-12-23 14:14:10 +08:00
xream	837667edc9	feat: 手动设置流量信息时, 支持使用链接. 此时使用响应内容	2024-12-22 21:57:01 +08:00
xream	0069b0ce83	feat: sing-box 支持 detour 参数(之前只能用 underlying-proxy 或 dialer-proxy 来设置)	2024-12-22 20:06:00 +08:00
xream	fcc9d047ae	fix: 修复 edns sourcePrefixLength	2024-12-21 21:13:09 +08:00
xream	382d22e622	feat: 支持 `socks5`, `socks5+tls`, `http`, `https`(便于输入) 格式输入	2024-12-16 21:06:46 +08:00
xream	06f3e97af2	feat: 支持 Shadowsocks 2022 的 URI 输入/输出	2024-12-15 23:03:41 +08:00
xream	bd87e9231e	fix: 修复 Surge SOCKS5 解析	2024-12-13 02:27:03 +08:00
xream	d1d6d19542	feat: Mihomo 支持 direct	2024-12-12 18:35:55 +08:00
xream	08bf0b78bb	feat: Surge 支持 direct	2024-12-12 18:22:25 +08:00
xream	9a3cd4f57c	feat: 处理状态码	2024-12-12 15:35:19 +08:00
xream	d015c7867e	fix: 修复 SS URI 解析	2024-12-08 11:24:46 +08:00
xream	4713b63083	feat: Loon 使用 includeUnsupportedProxy 参数开启 Shadowsocks 2022	2024-12-05 23:50:51 +08:00
xream	dbf9e7c360	feat: 优化去除无效节点逻辑感谢群友 Cooip JM	2024-12-05 12:45:07 +08:00
xream	4ea84118c4	feat: gRPC 支持 authority	2024-12-05 00:52:11 +08:00
xream	dda8113a42	feat: 增加 subscription-userinfo 兼容性	2024-12-04 00:56:53 +08:00
xream	f16b2d34f1	feat: geo 更新	2024-11-30 13:58:04 +08:00
xream	5b28e1a4c9	feat: 支持禁用节点操作	2024-11-29 21:03:29 +08:00
xream	8d0a71d983	feat: VMess URI 输出支持 alterId; Trojan 支持 fp 和 alpn	2024-11-28 16:04:52 +08:00
xream	815552d470	feat: 找不到资源时不通知, 仅保留日志	2024-11-28 15:44:55 +08:00
xream	9d90369594	feat: Trojan URI 支持省略端口号	2024-11-28 13:15:22 +08:00
xream	6aece471aa	feat: Stash 使用 includeUnsupportedProxy 参数开启 Shadowsocks 2022	2024-11-27 15:20:20 +08:00
xream	99396773f6	ci: 去除 GitLab Sync	2024-11-26 15:01:04 +08:00
xream	e229408a2d	feat: 默认缓存阈值 1024KB	2024-11-24 12:31:18 +08:00
xream	514414587b	feat: 默认超时 8000ms	2024-11-24 12:13:52 +08:00
egerndaddy	d4c419745e	Update Egern.yaml	2024-11-22 23:59:59 +08:00
xream	fe3da254f4	feat: 支持 Egern 输出	2024-11-21 13:16:04 +08:00
xream	7d8132d7cd	feat: 默认输出格式改为 V2Ray; accept 为 application/json 时, 输出 JSON; 响应增加 X-Powered-By Sub-Store	2024-11-19 23:06:45 +08:00
xream	bc1247efaf	feat: 手动设置的订阅流量信息会附加到订阅自己的流量信息之前	2024-11-17 23:40:03 +08:00
xream	dea937df66	feat: 默认查询流量信息的 `User-Agent` 从 `Quantumult%20X/1.0.30 (iPhone14,2; iOS 15.6)` 改为 `clash`; 流量信息缓存逻辑调整	2024-11-17 02:10:38 +08:00
xream	cfb5a8e082	feat: 支持解析订阅中的 `profile-web-page-url` 字段	2024-11-17 01:02:28 +08:00
xream	4790bf47d1	feat: Surge 密码解析支持首尾成对的单引号双引号, 输出时增加双引号	2024-11-16 21:50:52 +08:00
xream	56fd495fb6	feat: 支持更多的 subscription-userinfo	2024-11-12 22:20:46 +08:00
xream	f4639d9a34	feat: 支持更多的 subscription-userinfo	2024-11-12 22:06:22 +08:00
xream	cc58a5541e	feat: 订阅刷新按钮逻辑调整为无缓存刷新订阅和流量	2024-11-10 01:22:48 +08:00
xream	772f431887	feat: 模块版文件中增加 token 路由	2024-11-08 18:10:39 +08:00
xream	2b60c515cd	feat: 支持管理 token	2024-11-04 13:59:57 +08:00
xream	c8c22c3901	fix: 修复 VMess URI SNI	2024-11-01 20:27:23 +08:00
xream	d8f9466b84	feat(wip): 支持自定义 share token	2024-10-31 23:33:34 +08:00
xream	d12ccad382	feat: MMDB 加入 $utils.ipasn	2024-10-31 01:39:13 +08:00
xream	b4358663cc	feat(wip): 支持 JWT	2024-10-31 00:23:45 +08:00
xream	aba6264988	feat(wip): 支持 JWT	2024-10-30 23:08:01 +08:00
xream	2320ab3838	feat(wip): 支持 JWT	2024-10-30 22:51:31 +08:00
xream	542957d34a	feat(wip): 支持 JWT	2024-10-30 22:27:39 +08:00
xream	07e50175f9	feat: cipher 应为小写	2024-10-30 16:07:27 +08:00
xream	e09d66060d	feat: 远程订阅支持 insecure 不验证服务器证书	2024-10-30 14:33:34 +08:00
xream	b048ecdfff	fix: 修复 surge mac 未开启 mihomo 时, 对于不支持的节点未报错, 导致出现 proxy 为 undefined 的问题	2024-10-29 18:31:02 +08:00
xream	aac72fb9a3	feat: Surge 支持 udp-port, 修复 udp-relay 参数解析	2024-10-27 19:00:42 +08:00
xream	baec193e5c	feat: 支持 VLESS mKcp	2024-10-23 17:38:59 +08:00
xream	8fe818f826	fix: 处理乱填的订阅流量信息解析报错	2024-10-19 19:12:25 +08:00
xream	72286984ec	fix: 修复 YAML 处理 undefined 的问题	2024-10-18 12:38:58 +08:00
xream	27e693c308	feat: ⚠️ BREAKING CHANG 仅手动指定 target 为 SurgeMac 时, 启用 mihomo 来支援 Surge 本身不支持的协议	2024-10-17 20:26:07 +08:00
xream	6cf8080cd3	fix: 修复 VMess VLESS servername	2024-10-17 14:01:44 +08:00
xream	839fcacf63	fix: 修复传输层和 SNI 的问题(有问题麻烦即时反馈谢谢)	2024-10-16 21:31:41 +08:00
xream	a2e45bcb10	commit feat: Surge 支持 Shadowsocks 2022(为了兼容必须使用 `includeUnsupportedProxy` 参数或开启 `包含官方/商店版不支持的协议` 开关)	2024-10-15 17:00:13 +08:00
xream	ea0eb91691	doc: README	2024-10-12 14:51:58 +08:00
xream	1f0ddf2d28	fix: 修复组合订阅预览	2024-10-12 10:46:39 +08:00
xream	a660c6ff90	feat: 组合订阅支持通过单条订阅的标签进行关联	2024-10-11 20:57:45 +08:00
xream	71d9adbc07	chore: bump release version	2024-10-11 20:00:09 +08:00
pillarcoin	97bec9183a	fix: clash 配置中 VLESS 节点的 short-id 值被错误解析	2024-10-11 19:10:02 +08:00
xream	ef85b6d0e9	feat: 文件支持设置代理/策略, 链接支持传入 `proxy` 参数指定代理/策略; 修复代理/策略优先级	2024-10-07 22:05:07 +08:00
xream	8ffb060cb4	feat: 组合订阅支持设置代理/策略, 链接支持传入 `proxy` 参数指定代理/策略	2024-10-07 20:56:33 +08:00
xream	6d43961e96	feat: Node.js 支持使用环境变量 `SUB_STORE_BACKEND_DEFAULT_PROXY` 设置默认代理; ProxyUtils 增加 `download` 方法	2024-10-07 18:43:29 +08:00
xream	f3200aea8c	feat: 流量和同步配置也使用默认代理/策略	2024-10-07 18:34:39 +08:00
xream	e2346d16a2	feat: 新增全局代理/策略设置, 前端 > 2.14.265	2024-10-07 18:05:06 +08:00
xream	dc320eaa6c	feat(file): 新增启用下载(文件名为显示名称), 前端 > 2.14.264	2024-10-07 17:26:15 +08:00
xream	02031019f7	doc: demo.js	2024-09-22 06:02:58 +08:00
xream	5d09fe782f	feat: 增加 _subDisplayName _collectionDisplayName	2024-09-18 19:42:53 +08:00
xream	6e425e5908	doc: demo.js	2024-09-18 19:22:12 +08:00
xream	d10c9233c0	feat: 正式弃用旧的 subName 和 collectionName	2024-09-18 19:18:50 +08:00
xream	cc556b641d	fix: 修复 password 为数字时的 bug	2024-09-16 01:43:16 +08:00
xream	de2813b035	feat: 使用自定义缓存时 `cacheKey` 的值不能为空	2024-09-13 23:42:55 +08:00
xream	c9158ceb1d	feat: 内置的 Google/Cloudflare DNS 更换为 DoH	2024-09-09 14:56:47 +08:00
xream	5cf0c98f5f	chroe: 修改脚本链接为 release 分支	2024-09-07 23:21:42 +08:00
xream	7d0414f8ca	fix: 传输层 path 应为以 / 开头的字符串	2024-09-05 17:39:42 +08:00
xream	bee1d62a1a	fix: 传输层 path 应以 / 开头	2024-09-05 17:15:30 +08:00
xream	72bc9b9456	feat: 处理非字符串的 `ports` 字段	2024-09-04 13:40:17 +08:00
xream	3b4c14e7d0	doc: README	2024-09-04 10:49:52 +08:00
xream	59d93483bb	feat: Node.js 版支持环境变量 `SUB_STORE_BACKEND_DOWNLOAD_CRON` 设置定时恢复配置, `SUB_STORE_BACKEND_UPLOAD_CRON` 设置定时备份配置, `SUB_STORE_BACKEND_SYNC_CRON` 设置定时同步订阅/文件	2024-09-04 02:20:28 +08:00
xream	75d88c02c7	feat: SurgeMac 支持使用 mihomo 来支援 Surge 本身不支持的协议; 弃用旧的 ssr-local 方案	2024-09-03 20:31:42 +08:00
xream	99d5868cff	feat: 订阅和文件的请求链接支持传入 `$options` , 可在脚本中使用	2024-09-03 13:58:10 +08:00
xream	e1489a3cf7	feat: sing-box VLESS Reality uTLS 默认启用	2024-09-02 21:20:22 +08:00
xream	59fe16a7b0	feat: Surge Hysteria2 与 TUIC 协议支持端口跳跃; Hysteria2 URI 的端口部分支持端口跳跃的「多端口地址格式」	2024-09-02 16:38:21 +08:00
xream	562d349629	feat: 脚本操作传入上下文 `require` (仅对应的环境支持)"	2024-08-31 22:39:54 +08:00
egerndaddy	9ce14351c5	doc: 添加 Egern 模块链接	2024-08-29 13:26:27 +08:00
egerndaddy	76e781c711	Create Egern.yaml	2024-08-29 13:09:59 +08:00
xream	f0acf4a2a7	fix: DoH 结果过滤	2024-08-29 12:30:49 +08:00
xream	9abeb4ce7b	fix: 修复 SurgeMac ShadowsocksR obfs-param	2024-08-28 14:51:06 +08:00
xream	153802c7c4	feat: Loon SOCKS5 UDP	2024-08-26 00:33:22 +08:00
xream	19418b631f	feat(uri): VMess URI 输入支持 allowInsecure(输出不支持, 与 2dust/v2rayN 分享链接逻辑一致)	2024-08-18 15:53:13 +08:00
xream	97caeed208	feat(geo): 增加利雅得 Riyadh	2024-08-17 14:06:28 +08:00
xream	dd8d1d85e8	feat: 支持 Loon tls-pubkey-sha256, tls-cert-sha256	2024-07-30 22:17:25 +08:00
xream	14ed56b5d5	chore: 传输层应该有配置, 暂时不考虑兼容不给配置的节点	2024-07-24 11:27:33 +08:00
xream	9785271c5b	chore: 增加部分 clash.meta(mihomo) 内核客户端的 User-Agent(clash-verge, flclash)	2024-07-20 14:48:39 +08:00
xream	05bdf95a29	feat: 处理端口跳跃(感谢亚托莉佬)	2024-07-19 15:23:44 +08:00
xream	317a804b36	fix: 修复 URI 报错	2024-07-19 14:33:34 +08:00
xream	10ec8a25a2	feat: 处理不规范的 hysteria2 节点	2024-07-19 09:45:28 +08:00
xream	aa0943a909	fix: 被识别为 IP4P 的域名解析结果均增加 _IP4P 字段; 修复报错	2024-07-18 19:48:01 +08:00
xream	a0c1bbbf70	fix: 域名解析修复; 结果增加 _IP4P 字段	2024-07-18 19:42:57 +08:00
xream	fea9de4fae	feat: IP4P 合并进 IPv6; ProxyUtils 中增加 ipAddress	2024-07-18 18:35:22 +08:00
xream	cddd1818fe	chore: bump release version	2024-07-08 02:51:21 +08:00
xream	f94830b2df	Merge pull request #339 from zhiqiang02/add-tai-wan-keyword Add 'Tai Wan' as a keyword for Taiwan flag	2024-07-08 02:50:13 +08:00
zhiqiang02	e02a26040e	Add 'Tai Wan' as a keyword for Taiwan flag 碰到了某机场奇奇怪怪的节点名	2024-07-08 02:38:50 +08:00
xream	6906efdd55	chore: bump release version	2024-07-02 21:04:14 +08:00
xream	9558b63261	Merge pull request #336 from cooip-jm/patch-1 处理grpc-opts为 {} 的情况	2024-07-02 21:03:30 +08:00
cooip-jm	4bfdef17ee	处理grpc-opts为 {} 的情况该字段仅影响sing-box内核，对mihomo无影响	2024-07-02 21:01:11 +08:00
xream	9d29fc8a09	feat: 处理 reality-opts 为 {} 的情况	2024-07-02 20:39:04 +08:00
xream	f524920c13	feat: 文件支持设置查询流量信息订阅链接. 服务器版中使用此链接可在响应中传递订阅流量信息	2024-06-28 18:34:26 +08:00
xream	bfe072cbdf	feat: 域名解析支持自定义 EDNS(需新版前端)	2024-06-22 11:45:37 +08:00
xream	32dcca4a26	feat: 域名解析支持自定义 DoH(需新版前端)	2024-06-20 21:42:15 +08:00
xream	a5d77c39c8	feat: 域名解析增加超时参数(默认使用全局超时)	2024-06-20 13:41:05 +08:00
xream	6ea1b69a62	doc: demo.js 增加更多字段的说明	2024-06-20 11:44:07 +08:00
xream	2b3b9177e5	feat: 域名解析新增 `_resolved_ips` 为解析出的所有 IP	2024-06-20 11:28:17 +08:00
xream	91aab3ca7a	fix: 修复 Tencent DNS 缓存	2024-06-20 10:59:06 +08:00
xream	c1a9fc6abc	fix: 修复 Loon Hysteria2 salamander 混淆	2024-06-17 11:08:43 +08:00
xream	11d9ce7372	feat: 支持 Loon Hysteria2 salamander 混淆	2024-06-16 21:49:13 +08:00
xream	ad3d2270ac	feat: 读取节点的 ca-str 和 _ca (后端文件路径) 字段, 自动计算 fingerprint	2024-06-13 20:44:12 +08:00
xream	3ad42f2c10	feat: Stash 支持 juicity, ssh	2024-06-12 15:16:56 +08:00
xream	ec06eb8659	fix: sing-box tls cert 应该为数组	2024-06-10 19:10:57 +08:00
xream	4a23a4d8b6	fix: tlsParser typo	2024-06-10 19:07:19 +08:00
xream	913638a233	feat: /api/sub/flow/:name 接口支持指定远程订阅 url(可携带订阅 url 支持的参数, 例如 flowUserAgent)	2024-06-10 13:24:06 +08:00
xream	bf642ce0e6	fix: 兼容空的订阅链接	2024-06-09 01:42:40 +08:00
xream	1ecac9da92	chore: demo.js	2024-06-06 21:50:13 +08:00
xream	c5a417da8f	feat: VMess URI 支持 TCP/H2 传输层	2024-06-03 21:14:07 +08:00
xream	8cd0545023	feat: ws, http, h2 传输层补全 path	2024-06-03 00:34:03 +08:00
xream	b6f848a6e6	feat: ProxyUtils.removeFlag	2024-06-02 18:30:53 +08:00
xream	99d058bcf1	feat: 支持 flowUrl	2024-06-02 16:03:01 +08:00
xream	533103e765	feat: 进一步优化乐观缓存和同步配置的逻辑	2024-06-01 20:09:57 +08:00
xream	cf82764171	feat: 进一步优化乐观缓存和同步配置的逻辑	2024-06-01 19:50:16 +08:00
xream	7b783c1fe3	fix: 简单修复乐观缓存(当异步更新乐观缓存时, 若存在常规缓存, 将使用常规缓存)	2024-05-31 20:52:01 +08:00
xream	372eff9a44	chore: 文案	2024-05-31 11:42:23 +08:00
xream	d3b5a529d7	doc: README	2024-05-30 21:32:48 +08:00
xream	8049134bb5	feat: Surge includeUnsupportedProxy 去除 HTTP 传输层(不一定能通, 由服务端配置确定)	2024-05-30 18:41:56 +08:00
xream	3f620700a4	feat: GUIforCores 请求增加参数 proxy, timeout	2024-05-30 17:19:38 +08:00
xream	9e64a68481	fix: VMess URI 输入传输层为 HTTP 时, path 默认为 /	2024-05-30 14:28:02 +08:00
xream	9ce5916414	fix: 乐观缓存未捕获错误	2024-05-30 13:10:08 +08:00
xream	047c21fe70	feat: 节点上的额外参数调整为下划线开头, 原参数目前仍保留, 若有脚本需要使用这些参数请尽快修改(_subName, _collectionName, _resolved, _no-resolve)	2024-05-30 04:48:13 +08:00
xream	47849dc6d0	feat: 节点上的额外参数调整为下划线开头, 原参数目前仍保留, 若有脚本需要使用这些参数请尽快修改(_subName, _collectionName, _resolved)	2024-05-30 04:28:54 +08:00
xream	af06086c1b	chore: 去除 Surge/Surfboard 输出节点名中的逗号和等号	2024-05-29 19:15:52 +08:00
xream	4a6a147667	feat: 新增定时处理订阅功能, 避免 App 内拉取超时	2024-05-28 12:05:35 +08:00
xream	c6540d14cd	feat: Surge Beta 模块支持定时处理订阅. 一般用于定时处理耗时较长的订阅, 以更新缓存. 这样 Surge 中拉取时就能用到缓存, 不至于总是超时	2024-05-28 02:31:25 +08:00