feat: 域名解析新增 _resolved_ips 为解析出的所有 IP

README.md

@@ -35,7 +35,7 @@ Core functionalities:
 - [x] Surfboard (SS, VMess, Trojan, HTTP, SOCKS5, SOCKS5-TLS, WireGuard(Surfboard to Surfboard))
 - [x] Shadowrocket (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, Hysteria 2, TUIC)
 - [x] Clash.Meta (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, Hysteria 2, TUIC)
-- [x] Stash (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, TUIC)
+- [x] Stash (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, TUIC, Juicity, SSH)
 - [x] Clash (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard)
 
 ### Supported Target Platforms

backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sub-store",
-  "version": "2.14.331",
+  "version": "2.14.342",
   "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and ShadowRocket.",
   "main": "src/main.js",
   "scripts": {
@@ -25,6 +25,7 @@
     "express": "^4.17.1",
     "http-proxy-middleware": "^2.0.6",
     "js-base64": "^3.7.2",
+    "jsrsasign": "^11.1.0",
     "lodash": "^4.17.21",
     "request": "^2.88.2",
     "requests": "^0.3.0",

backend/pnpm-lock.yaml

@@ -29,6 +29,9 @@ dependencies:
   js-base64:
     specifier: ^3.7.2
     version: registry.npmmirror.com/js-base64@3.7.2
+  jsrsasign:
+    specifier: ^11.1.0
+    version: registry.npmmirror.com/jsrsasign@11.1.0
   lodash:
     specifier: ^4.17.21
     version: registry.npmmirror.com/lodash@4.17.21
@@ -6634,6 +6637,12 @@ packages:
       verror: registry.npmmirror.com/verror@1.10.0
     dev: false
 
+  registry.npmmirror.com/jsrsasign@11.1.0:
+    resolution: {integrity: sha512-Ov74K9GihaK9/9WncTe1mPmvrO7Py665TUfUKvraXBpu+xcTWitrtuOwcjf4KMU9maPaYn0OuaWy0HOzy/GBXg==, registry: http://registry.npm.taobao.org/, tarball: https://registry.npmmirror.com/jsrsasign/-/jsrsasign-11.1.0.tgz}
+    name: jsrsasign
+    version: 11.1.0
+    dev: false
+
   registry.npmmirror.com/just-debounce@1.1.0:
     resolution: {integrity: sha512-qpcRocdkUmf+UTNBYx5w6dexX5J31AKK1OmPwH630a83DdVVUIngk55RSAiIGpQyoH0dlr872VHfPjnQnK1qDQ==, registry: http://registry.npm.taobao.org/, tarball: https://registry.npmmirror.com/just-debounce/-/just-debounce-1.1.0.tgz}
     name: just-debounce

backend/src/core/proxy-utils/index.js

@@ -1,3 +1,4 @@
+import rs from '@/utils/rs';
 import YAML from '@/utils/yaml';
 import download from '@/utils/download';
 import {
@@ -83,7 +84,7 @@ async function processFn(proxies, operators = [], targetPlatform, source) {
             const { mode, content } = item.args;
             if (mode === 'link') {
                 let noCache;
-                let url = content;
+                let url = content || '';
                 if (url.endsWith('#noCache')) {
                     url = url.replace(/#noCache$/, '');
                     noCache = true;
@@ -338,7 +339,11 @@ function lastParse(proxy) {
             proxy.network = 'tcp';
         }
     }
-    if (['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(proxy.type)) {
+    if (
+        ['trojan', 'tuic', 'hysteria', 'hysteria2', 'juicity'].includes(
+            proxy.type,
+        )
+    ) {
         proxy.tls = true;
     }
     if (proxy.network) {
@@ -438,9 +443,46 @@ function lastParse(proxy) {
             }
         }
     }
+    if (['ws', 'http', 'h2'].includes(proxy.network)) {
+        if (
+            ['ws', 'h2'].includes(proxy.network) &&
+            !proxy[`${proxy.network}-opts`]?.path
+        ) {
+            proxy[`${proxy.network}-opts`] =
+                proxy[`${proxy.network}-opts`] || {};
+            proxy[`${proxy.network}-opts`].path = '/';
+        } else if (
+            proxy.network === 'http' &&
+            (!Array.isArray(proxy[`${proxy.network}-opts`]?.path) ||
+                proxy[`${proxy.network}-opts`]?.path.every((i) => !i))
+        ) {
+            proxy[`${proxy.network}-opts`] =
+                proxy[`${proxy.network}-opts`] || {};
+            proxy[`${proxy.network}-opts`].path = ['/'];
+        }
+    }
     if (['', 'off'].includes(proxy.sni)) {
         proxy['disable-sni'] = true;
     }
+    let caStr = proxy['ca_str'];
+    if (proxy['ca-str']) {
+        caStr = proxy['ca-str'];
+    } else if (caStr) {
+        delete proxy['ca_str'];
+        proxy['ca-str'] = caStr;
+    }
+    try {
+        if ($.env.isNode && !caStr && proxy['_ca']) {
+            caStr = $.node.fs.readFileSync(proxy['_ca'], {
+                encoding: 'utf8',
+            });
+        }
+    } catch (e) {
+        $.error(`Read ca file failed\nReason: ${e}`);
+    }
+    if (!proxy['tls-fingerprint'] && caStr) {
+        proxy['tls-fingerprint'] = rs.generateFingerprint(caStr);
+    }
     return proxy;
 }
 

backend/src/core/proxy-utils/parsers/index.js

@@ -305,8 +305,9 @@ function URI_VMess() {
             if (params.net === 'ws' || params.obfs === 'websocket') {
                 proxy.network = 'ws';
             } else if (
-                ['tcp', 'http'].includes(params.net) ||
-                params.obfs === 'http'
+                ['http'].includes(params.net) ||
+                ['http'].includes(params.obfs) ||
+                ['http'].includes(params.type)
             ) {
                 proxy.network = 'http';
             } else if (['grpc'].includes(params.net)) {
@@ -317,6 +318,8 @@ function URI_VMess() {
             ) {
                 proxy.network = 'ws';
                 httpupgrade = true;
+            } else if (params.net === 'h2' || proxy.network === 'h2') {
+                proxy.network = 'h2';
             }
             if (proxy.network) {
                 let transportHost = params.host ?? params.obfsParam;
@@ -332,6 +335,10 @@ function URI_VMess() {
 
                 if (proxy.network === 'http') {
                     if (transportHost) {
+                        // 1)http(tcp)->host中间逗号(,)隔开
+                        transportHost = transportHost
+                            .split(',')
+                            .map((i) => i.trim());
                         transportHost = Array.isArray(transportHost)
                             ? transportHost[0]
                             : transportHost;

backend/src/core/proxy-utils/parsers/peggy/loon.js

@@ -68,7 +68,7 @@ trojan = tag equals "trojan"i address password (transport/transport_host/transpo
     proxy.type = "trojan";
     handleTransport();
 }
-hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/udp_relay/fast_open/download_bandwidth/ecn/others)* {
+hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/udp_relay/fast_open/download_bandwidth/salamander_password/ecn/others)* {
     proxy.type = "hysteria2";
 }
 https = tag equals "https"i address (username password)? (tls_host/tls_verification/fast_open/udp_relay/others)* {
@@ -178,6 +178,7 @@ udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
 
 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
 download_bandwidth = comma "download-bandwidth" equals match:[^,]+ { proxy.down = match.join(""); }
+salamander_password = comma "salamander-password" equals match:[^,]+ { proxy['obfs-password'] = match.join(""); proxy.obfs = 'salamander'; }
 
 tag = match:[^=,]* { proxy.name = match.join("").trim(); }
 comma = _ "," _

backend/src/core/proxy-utils/parsers/peggy/loon.peg

@@ -66,7 +66,7 @@ trojan = tag equals "trojan"i address password (transport/transport_host/transpo
     proxy.type = "trojan";
     handleTransport();
 }
-hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/udp_relay/fast_open/download_bandwidth/ecn/others)* {
+hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/udp_relay/fast_open/download_bandwidth/salamander_password/ecn/others)* {
     proxy.type = "hysteria2";
 }
 https = tag equals "https"i address (username password)? (tls_host/tls_verification/fast_open/udp_relay/others)* {
@@ -176,6 +176,7 @@ udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
 
 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
 download_bandwidth = comma "download-bandwidth" equals match:[^,]+ { proxy.down = match.join(""); }
+salamander_password = comma "salamander-password" equals match:[^,]+ { proxy['obfs-password'] = match.join(""); proxy.obfs = 'salamander'; }
 
 tag = match:[^=,]* { proxy.name = match.join("").trim(); }
 comma = _ "," _

backend/src/core/proxy-utils/processors/index.js

@@ -406,10 +406,13 @@ const DOMAIN_RESOLVERS = {
             throw new Error(`Status is ${body['Status']}`);
         }
         const answers = body['Answer'];
-        if (answers.length === 0) {
+        if (!Array.isArray(answers) || answers.length === 0) {
+            throw new Error('No answers');
+        }
+        const result = answers.map((i) => i?.data).filter((i) => i);
+        if (result.length === 0) {
             throw new Error('No answers');
         }
-        const result = answers[answers.length - 1].data;
         resourceCache.set(id, result);
         return result;
     },
@@ -429,7 +432,13 @@ const DOMAIN_RESOLVERS = {
         if (body['status'] !== 'success') {
             throw new Error(`Status is ${body['status']}`);
         }
-        const result = body.query;
+        if (!body.query || body.query === 0) {
+            throw new Error('No answers');
+        }
+        const result = [body.query];
+        if (result.length === 0) {
+            throw new Error('No answers');
+        }
         resourceCache.set(id, result);
         return result;
     },
@@ -450,10 +459,13 @@ const DOMAIN_RESOLVERS = {
             throw new Error(`Status is ${body['Status']}`);
         }
         const answers = body['Answer'];
-        if (answers.length === 0) {
+        if (!Array.isArray(answers) || answers.length === 0) {
+            throw new Error('No answers');
+        }
+        const result = answers.map((i) => i?.data).filter((i) => i);
+        if (result.length === 0) {
             throw new Error('No answers');
         }
-        const result = answers[answers.length - 1].data;
         resourceCache.set(id, result);
         return result;
     },
@@ -470,15 +482,18 @@ const DOMAIN_RESOLVERS = {
             },
         });
         const answers = JSON.parse(resp.body);
-        if (answers.length === 0) {
+        if (!Array.isArray(answers) || answers.length === 0) {
+            throw new Error('No answers');
+        }
+        const result = answers;
+        if (result.length === 0) {
             throw new Error('No answers');
         }
-        const result = answers[answers.length - 1];
         resourceCache.set(id, result);
         return result;
     },
     Tencent: async function (domain, type, noCache) {
-        const id = hex_md5(`ALI:${domain}:${type}`);
+        const id = hex_md5(`TENCENT:${domain}:${type}`);
         const cached = resourceCache.get(id);
         if (!noCache && cached) return cached;
         const resp = await $.http.get({
@@ -493,7 +508,10 @@ const DOMAIN_RESOLVERS = {
         if (answers.length === 0 || String(answers) === '0') {
             throw new Error('No answers');
         }
-        const result = answers[answers.length - 1];
+        const result = answers;
+        if (result.length === 0) {
+            throw new Error('No answers');
+        }
         resourceCache.set(id, result);
         return result;
     },
@@ -550,10 +568,16 @@ function ResolveDomainOperator({ provider, type: _type, filter, cache }) {
             proxies.forEach((p) => {
                 if (!p['_no-resolve']) {
                     if (results[p.server]) {
+                        p._resolved_ips = results[p.server];
+                        const ip = Array.isArray(results[p.server])
+                            ? results[p.server][
+                                  Math.floor(
+                                      Math.random() * results[p.server].length,
+                                  )
+                              ]
+                            : results[p.server];
                         if (_type === 'IP4P') {
-                            const { server, port } = parseIP4P(
-                                results[p.server],
-                            );
+                            const { server, port } = parseIP4P(ip);
                             if (server && port) {
                                 p._domain = p.server;
                                 p.server = server;
@@ -568,7 +592,7 @@ function ResolveDomainOperator({ provider, type: _type, filter, cache }) {
                             }
                         } else {
                             p._domain = p.server;
-                            p.server = results[p.server];
+                            p.server = ip;
                             p.resolved = true;
                             p[`_${type}`] = p.server;
                             if (!isIP(p._IP)) {

backend/src/core/proxy-utils/producers/clash.js

@@ -133,9 +133,13 @@ export default function Clash_Producer() {
                     }
                 }
                 if (
-                    ['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(
-                        proxy.type,
-                    )
+                    [
+                        'trojan',
+                        'tuic',
+                        'hysteria',
+                        'hysteria2',
+                        'juicity',
+                    ].includes(proxy.type)
                 ) {
                     delete proxy.tls;
                 }

backend/src/core/proxy-utils/producers/clashmeta.js

@@ -149,9 +149,13 @@ export default function ClashMeta_Producer() {
                     }
                 }
                 if (
-                    ['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(
-                        proxy.type,
-                    )
+                    [
+                        'trojan',
+                        'tuic',
+                        'hysteria',
+                        'hysteria2',
+                        'juicity',
+                    ].includes(proxy.type)
                 ) {
                     delete proxy.tls;
                 }

backend/src/core/proxy-utils/producers/loon.js

@@ -408,8 +408,8 @@ function wireguard(proxy) {
 }
 
 function hysteria2(proxy) {
-    if (proxy.obfs || proxy['obfs-password']) {
-        throw new Error(`obfs is unsupported`);
+    if (proxy['obfs-password'] && proxy.obfs != 'salamander') {
+        throw new Error(`only salamander obfs is supported`);
     }
     const result = new Result(proxy);
     result.append(`${proxy.name}=Hysteria2,${proxy.server},${proxy.port}`);
@@ -423,6 +423,10 @@ function hysteria2(proxy) {
         'skip-cert-verify',
     );
 
+    if (proxy['obfs-password'] && proxy.obfs == 'salamander') {
+        result.append(`,salamander-password=${proxy['obfs-password']}`);
+    }
+
     // tfo
     result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');
 

backend/src/core/proxy-utils/producers/shadowrocket.js

@@ -152,9 +152,13 @@ export default function ShadowRocket_Producer() {
                     }
                 }
                 if (
-                    ['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(
-                        proxy.type,
-                    )
+                    [
+                        'trojan',
+                        'tuic',
+                        'hysteria',
+                        'hysteria2',
+                        'juicity',
+                    ].includes(proxy.type)
                 ) {
                     delete proxy.tls;
                 }

backend/src/core/proxy-utils/producers/sing-box.js

@@ -202,8 +202,8 @@ const tlsParser = (proxy, parsedProxy) => {
         parsedProxy.tls.alpn = [proxy.alpn];
     } else if (Array.isArray(proxy.alpn)) parsedProxy.tls.alpn = proxy.alpn;
     if (proxy.ca) parsedProxy.tls.certificate_path = `${proxy.ca}`;
-    if (proxy.ca_str) parsedProxy.tls.certificate = proxy.ca_sStr;
-    if (proxy['ca-str']) parsedProxy.tls.certificate = proxy['ca-str'];
+    if (proxy.ca_str) parsedProxy.tls.certificate = [proxy.ca_str];
+    if (proxy['ca-str']) parsedProxy.tls.certificate = [proxy['ca-str']];
     if (proxy['client-fingerprint'] && proxy['client-fingerprint'] !== '')
         parsedProxy.tls.utls = {
             enabled: true,

backend/src/core/proxy-utils/producers/stash.js

@@ -21,6 +21,8 @@ export default function Stash_Producer() {
                         'wireguard',
                         'hysteria',
                         'hysteria2',
+                        'ssh',
+                        'juicity',
                     ].includes(proxy.type) ||
                     (proxy.type === 'ss' &&
                         ![
@@ -232,9 +234,13 @@ export default function Stash_Producer() {
                     }
                 }
                 if (
-                    ['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(
-                        proxy.type,
-                    )
+                    [
+                        'trojan',
+                        'tuic',
+                        'hysteria',
+                        'hysteria2',
+                        'juicity',
+                    ].includes(proxy.type)
                 ) {
                     delete proxy.tls;
                 }

backend/src/core/proxy-utils/producers/uri.js

@@ -16,7 +16,11 @@ export default function URI_Producer() {
                 delete proxy[key];
             }
         }
-        if (['trojan', 'tuic', 'hysteria', 'hysteria2'].includes(proxy.type)) {
+        if (
+            ['trojan', 'tuic', 'hysteria', 'hysteria2', 'juicity'].includes(
+                proxy.type,
+            )
+        ) {
             delete proxy.tls;
         }
         if (proxy.server && isIPv6(proxy.server)) {

backend/src/restful/download.js

@@ -123,10 +123,11 @@ async function downloadSubscription(req, res) {
                 ['localFirst', 'remoteFirst'].includes(sub.mergeSources)
             ) {
                 try {
-                    url = `${url || sub.url}`
-                        .split(/[\r\n]+/)
-                        .map((i) => i.trim())
-                        .filter((i) => i.length)?.[0];
+                    url =
+                        `${url || sub.url}`
+                            .split(/[\r\n]+/)
+                            .map((i) => i.trim())
+                            .filter((i) => i.length)?.[0] || '';
 
                     let $arguments = {};
                     const rawArgs = url.split('#');
@@ -283,10 +284,11 @@ async function downloadCollection(req, res) {
                     ['localFirst', 'remoteFirst'].includes(sub.mergeSources)
                 ) {
                     try {
-                        let url = `${sub.url}`
-                            .split(/[\r\n]+/)
-                            .map((i) => i.trim())
-                            .filter((i) => i.length)?.[0];
+                        let url =
+                            `${sub.url}`
+                                .split(/[\r\n]+/)
+                                .map((i) => i.trim())
+                                .filter((i) => i.length)?.[0] || '';
 
                         let $arguments = {};
                         const rawArgs = url.split('#');

backend/src/restful/subscriptions.js

@@ -34,6 +34,11 @@ export default function register($app) {
 async function getFlowInfo(req, res) {
     let { name } = req.params;
     name = decodeURIComponent(name);
+    let { url } = req.query;
+    if (url) {
+        url = decodeURIComponent(url);
+        $.info(`指定远程订阅 URL: ${url}`);
+    }
     const allSubs = $.read(SUBS_KEY);
     const sub = findByName(allSubs, name);
     if (!sub) {
@@ -68,10 +73,11 @@ async function getFlowInfo(req, res) {
         return;
     }
     try {
-        let url = `${sub.url}`
-            .split(/[\r\n]+/)
-            .map((i) => i.trim())
-            .filter((i) => i.length)?.[0];
+        url =
+            `${url || sub.url}`
+                .split(/[\r\n]+/)
+                .map((i) => i.trim())
+                .filter((i) => i.length)?.[0] || '';
 
         let $arguments = {};
         const rawArgs = url.split('#');

backend/src/utils/download.js

@@ -15,7 +15,7 @@ import $ from '@/core/app';
 const tasks = new Map();
 
 export default async function download(
-    rawUrl,
+    rawUrl = '',
     ua,
     timeout,
     proxy,

backend/src/utils/flow.js

@@ -11,7 +11,7 @@ export function getFlowField(headers) {
     return headers[subkey];
 }
 export async function getFlowHeaders(rawUrl, ua, timeout, proxy, flowUrl) {
-    let url = flowUrl || rawUrl;
+    let url = flowUrl || rawUrl || '';
     let $arguments = {};
     const rawArgs = url.split('#');
     url = url.split('#')[0];

backend/src/utils/rs.js

@@ -0,0 +1,11 @@
+import rs from 'jsrsasign';
+
+export function generateFingerprint(caStr) {
+    const hex = rs.pemtohex(caStr);
+    const fingerPrint = rs.KJUR.crypto.Util.hashHex(hex, 'sha256');
+    return fingerPrint.match(/.{2}/g).join(':').toUpperCase();
+}
+
+export default {
+    generateFingerprint,
+};

scripts/demo.js

@@ -8,11 +8,16 @@ function operator(proxies = [], targetPlatform, context) {
   // 结构大致参考了 Clash.Meta(mihomo) 有私货
   // 可在预览界面点击节点查看 JSON 结构 或查看 `target=JSON` 的通用订阅
   // 1. `_no-resolve` 为不解析域名
-  // 2. 域名解析后 会多一个 `_resolved` 字段
-  // 3. 域名解析后会有`_IPv4`, `_IPv6`, `_IP`(若有多个步骤, 只取第一次成功的 v4 或 v6 数据), `_domain` 字段
+  // 2. 域名解析后 会多一个 `_resolved` 字段, 表示是否解析成功
+  // 3. 域名解析后会有`_IPv4`, `_IPv6`, `_IP`(若有多个步骤, 只取第一次成功的 v4 或 v6 数据), `_domain` 字段, `_resolved_ips` 为解析出的所有 IP
   // 4. 节点字段 `exec` 为 `ssr-local` 路径, 默认 `/usr/local/bin/ssr-local`; 端口从 10000 开始递增(暂不支持配置)
   // 5. `_subName` 为单条订阅名
   // 6. `_collectionName` 为组合订阅名
+  // 7. `tls-fingerprint` 为 tls 指纹
+  // 8. `underlying-proxy` 为前置代理
+  // 9. `trojan`, `tuic`, `hysteria`, `hysteria2`, `juicity` 会在解析时设置 `tls`: true (会使用 tls 类协议的通用逻辑),  输出时删除
+  // 10. `sni` 在某些协议里会自动与 `servername` 转换
+  // 11. 读取节点的 ca-str 和 _ca (后端文件路径) 字段, 自动计算 fingerprint (参考 https://t.me/zhetengsha/1512)
 
   // $arguments 为传入的脚本参数
 
@@ -103,7 +108,7 @@ function operator(proxies = [], targetPlatform, context) {
   // 4. 一个比较折腾的方案: 在脚本操作中, 把内容同步到另一个 gist
   // 见 https://t.me/zhetengsha/1428
   // 
-  // const content = ProxyUtils.produce(proxies, platform)
+  // const content = ProxyUtils.produce([...proxies], platform)
 
   // // YAML
   // ProxyUtils.yaml.load('YAML String')