feat: sub-store.json 初始化时, 支持读取 Base64 内容

feat: 手动还原支持 Base64 文本文件
feat: 处理 clash 系和 sing-box 的 Early Data
2025-08-10 00:52:40 +00:00 · 2025-07-19 13:27:25 +08:00 · 2025-07-19 12:55:32 +08:00 · 2025-07-19 06:47:24 +08:00 · 2025-07-18 17:21:11 +08:00 · 2025-07-18 17:12:51 +08:00
76 changed files with 13158 additions and 10100 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,5 +1,6 @@
 name: build
 on:
+  workflow_dispatch:
  push:
    branches:
      - master
@@ -26,18 +27,18 @@ jobs:
        run: |
          npm install -g pnpm
          cd backend && pnpm i --no-frozen-lockfile
-      - name: Test
-        run: |
-          cd backend
-          pnpm test
-      - name: Build
-        run: |
-          cd backend
-          pnpm run build
+      # - name: Test
+      #   run: |
+      #     cd backend
+      #     pnpm test
+      # - name: Build
+      #   run: |
+      #     cd backend
+      #     pnpm run build
      - name: Bundle
        run: |
          cd backend
-          pnpm run bundle
+          pnpm bundle:esbuild
      - id: tag
        name: Generate release tag
        run: |
@@ -76,8 +77,8 @@ jobs:
          git commit -m "release: ${{ steps.tag.outputs.release_tag }}"
          git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}"
          git push -f -u origin release
-      - name: Sync to GitLab
-        env:
-          GITLAB_PIPELINE_TOKEN: ${{ secrets.GITLAB_PIPELINE_TOKEN }}
-        run: |
-          curl -X POST --fail -F token=$GITLAB_PIPELINE_TOKEN -F ref=master https://gitlab.com/api/v4/projects/48891296/trigger/pipeline
+      # - name: Sync to GitLab
+      #   env:
+      #     GITLAB_PIPELINE_TOKEN: ${{ secrets.GITLAB_PIPELINE_TOKEN }}
+      #   run: |
+      #     curl -X POST --fail -F token=$GITLAB_PIPELINE_TOKEN -F ref=master https://gitlab.com/api/v4/projects/48891296/trigger/pipeline
--- a/.gitmodules
+++ b/.gitmodules
--- a/README.md
+++ b/README.md
@@ -7,13 +7,13 @@
 </div>

 <p align="center" color="#6a737d">
-Advanced Subscription Manager for QX, Loon, Surge, Stash and Shadowrocket.
+Advanced Subscription Manager for QX, Loon, Surge, Stash, Egern and Shadowrocket.
 </p>

-[![Build](https://github.com/sub-store-org/Sub-Store/actions/workflows/main.yml/badge.svg)](https://github.com/sub-store-org/Sub-Store/actions/workflows/main.yml) ![GitHub](https://img.shields.io/github/license/sub-store-org/Sub-Store) ![GitHub issues](https://img.shields.io/github/issues/sub-store-org/Sub-Store) ![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed-raw/Peng-Ym/Sub-Store) ![Lines of code](https://img.shields.io/tokei/lines/github/sub-store-org/Sub-Store) ![Size](https://img.shields.io/github/languages/code-size/sub-store-org/Sub-Store) 
+[![Build](https://github.com/sub-store-org/Sub-Store/actions/workflows/main.yml/badge.svg)](https://github.com/sub-store-org/Sub-Store/actions/workflows/main.yml) ![GitHub](https://img.shields.io/github/license/sub-store-org/Sub-Store) ![GitHub issues](https://img.shields.io/github/issues/sub-store-org/Sub-Store) ![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed-raw/Peng-Ym/Sub-Store) ![Lines of code](https://img.shields.io/tokei/lines/github/sub-store-org/Sub-Store) ![Size](https://img.shields.io/github/languages/code-size/sub-store-org/Sub-Store)
 <a href="https://trendshift.io/repositories/4572" target="_blank"><img src="https://trendshift.io/api/badge/repositories/4572" alt="sub-store-org%2FSub-Store | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>
 [!["Buy Me A Coffee"](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/PengYM)
-   
+
 Core functionalities:

 1. Conversion among various formats.
@@ -21,21 +21,30 @@ Core functionalities:
 3. Collect multiple subscriptions in one URL.

 > The following descriptions of features may not be updated in real-time. Please refer to the actual available features for accurate information.
-   
+
 ## 1. Subscription Conversion

 ### Supported Input Formats

- [x] URI(SS, SSR, VMess, VLESS, Trojan, Hysteria, Hysteria 2, TUIC v5, WireGuard)
+> ⚠️ Do not use `Shadowrocket` or `NekoBox` to export URI and then import it as input. The URIs exported in this way may not be standard URIs. However, we have already supported some very common non-standard URIs (such as VMess, VLESS).
+
+- [x] Proxy URI Scheme(`socks5`, `socks5+tls`, `http`, `https`(it's ok))
+
+  example: `socks5+tls://user:pass@ip:port#name`
+
+- [x] URI(AnyTLS, SOCKS, SS, SSR, VMess, VLESS, Trojan, Hysteria, Hysteria 2, TUIC v5, WireGuard)
+  > Please note, HTTP(s) does not have a standard URI format, so it is not supported. Please use other formats.
 - [x] Clash Proxies YAML
 - [x] Clash Proxy JSON(single line)
 - [x] QX (SS, SSR, VMess, Trojan, HTTP, SOCKS5, VLESS)
 - [x] Loon (SS, SSR, VMess, Trojan, HTTP, SOCKS5, SOCKS5-TLS, WireGuard, VLESS, Hysteria 2)
- [x] Surge (SS, VMess, Trojan, HTTP, SOCKS5, SOCKS5-TLS, TUIC, Snell, Hysteria 2, SSH(Password authentication only), SSR(external, only for macOS), External Proxy Program(only for macOS), WireGuard(Surge to Surge))
+- [x] Surge (Direct, SS, VMess, Trojan, HTTP, SOCKS5, SOCKS5-TLS, TUIC, Snell, Hysteria 2, SSH(Password authentication only), External Proxy Program(only for macOS), WireGuard(Surge to Surge))
 - [x] Surfboard (SS, VMess, Trojan, HTTP, SOCKS5, SOCKS5-TLS, WireGuard(Surfboard to Surfboard))
- [x] Shadowrocket (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, Hysteria 2, TUIC)
- [x] Clash.Meta (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, Hysteria 2, TUIC)
+- [x] Clash.Meta (Direct, SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, Hysteria 2, TUIC, SSH, mieru, AnyTLS)
 - [x] Stash (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, TUIC, Juicity, SSH)
+
+Deprecated(The frontend doesn't show it, but the backend still supports it, with the query parameter `target=Clash`):
+
 - [x] Clash (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard)

 ### Supported Target Platforms
@@ -43,16 +52,21 @@ Core functionalities:
 - [x] Plain JSON
 - [x] Stash
 - [x] Clash.Meta(mihomo)
- [x] Clash
 - [x] Surfboard
 - [x] Surge
+- [x] SurgeMac(Use mihomo to support protocols that are not supported by Surge itself)
 - [x] Loon
+- [x] Egern
 - [x] Shadowrocket
 - [x] QX
 - [x] sing-box
 - [x] V2Ray
 - [x] V2Ray URI

+Deprecated:
+
+- [x] Clash
+
 ## 2. Subscription Formatting

 ### Filtering
@@ -98,7 +112,7 @@ or
 esbuild(experimental)

 ```
-pnpm run --parallel "/^dev:.*/"
+SUB_STORE_BACKEND_API_PORT=3000 pnpm run --parallel "/^dev:.*/"
 ```

 ## LICENSE
@@ -111,8 +125,13 @@ This project is under the GPL V3 LICENSE.

 [![Star History Chart](https://api.star-history.com/svg?repos=sub-store-org/sub-store&type=Date)](https://star-history.com/#sub-store-org/sub-store&Date)

-
 ## Acknowledgements

 - Special thanks to @KOP-XIAO for his awesome resource-parser. Please give a [star](https://github.com/KOP-XIAO/QuantumultX) for his great work!
 - Special thanks to @Orz-3 and @58xinian for their awesome icons.
+
+## Sponsors
+
+[![image](./support.nodeseek.com_page_promotion_id=8.png)](https://yxvm.com)
+
+[NodeSupport](https://github.com/NodeSeekDev/NodeSupport) sponsored this project.
--- a/backend/banner
+++ b/backend/banner
@@ -5,7 +5,7 @@
 *  ╚════██║██║   ██║██╔══██╗╚════╝╚════██║   ██║   ██║   ██║██╔══██╗██╔══╝
 *  ███████║╚██████╔╝██████╔╝      ███████║   ██║   ╚██████╔╝██║  ██║███████╗
 *  ╚══════╝ ╚═════╝ ╚═════╝       ╚══════╝   ╚═╝    ╚═════╝ ╚═╝  ╚═╝╚══════╝
- * Advanced Subscription Manager for QX, Loon, Surge, Stash and ShadowRocket!
+ * Advanced Subscription Manager for QX, Loon, Surge, Stash and Shadowrocket!
 * @updated: <%= updated %>
 * @version: <%= pkg.version %>
 * @author: Peng-YM
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,7 +1,7 @@
 {
  "name": "sub-store",
-  "version": "2.14.366",
-  "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and ShadowRocket.",
+  "version": "2.19.89",
+  "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and Shadowrocket.",
  "main": "src/main.js",
  "scripts": {
    "preinstall": "npx only-allow pnpm",
@@ -12,10 +12,16 @@
    "dev:run": "nodemon -w sub-store.min.js sub-store.min.js",
    "build": "gulp",
    "bundle": "node bundle.js",
+    "bundle:esbuild": "node bundle-esbuild.js",
    "changelog": "conventional-changelog -p cli -i CHANGELOG.md -s"
  },
  "author": "Peng-YM",
  "license": "GPL-3.0",
+  "pnpm": {
+    "patchedDependencies": {
+      "http-proxy@1.18.1": "patches/http-proxy@1.18.1.patch"
+    }
+  },
  "dependencies": {
    "@maxmind/geoip2-node": "^5.0.0",
    "automerge": "1.0.1-preview.7",
@@ -24,17 +30,21 @@
    "connect-history-api-fallback": "^2.0.0",
    "cron": "^3.1.6",
    "dns-packet": "^5.6.1",
+    "dotenv": "^16.4.7",
    "express": "^4.17.1",
-    "http-proxy-middleware": "^2.0.6",
+    "fetch-socks": "^1.3.2",
+    "http-proxy-middleware": "^3.0.3",
    "ip-address": "^9.0.5",
    "js-base64": "^3.7.2",
+    "json5": "^2.2.3",
    "jsrsasign": "^11.1.0",
    "lodash": "^4.17.21",
-    "request": "^2.88.2",
-    "requests": "^0.3.0",
-    "semver": "^7.3.7",
+    "mime-types": "^2.1.35",
+    "ms": "^2.1.3",
+    "nanoid": "^3.3.3",
+    "semver": "^7.6.3",
    "static-js-yaml": "^1.0.0",
-    "uuid": "^8.3.2"
+    "undici": "^7.4.0"
  },
  "devDependencies": {
    "@babel/core": "^7.18.0",
--- a/backend/patches/http-proxy@1.18.1.patch
+++ b/backend/patches/http-proxy@1.18.1.patch
@@ -0,0 +1,46 @@
+diff --git a/lib/http-proxy/common.js b/lib/http-proxy/common.js
+index 6513e81d80d5250ea249ea833f819ece67897c7e..486d4c896d65a3bb7cf63307af68facb3ddb886b 100644
+--- a/lib/http-proxy/common.js
+++ b/lib/http-proxy/common.js
+@@ -1,6 +1,5 @@
+ var common   = exports,
+     url      = require('url'),
+-    extend   = require('util')._extend,
+     required = require('requires-port');
+ 
+ var upgradeHeader = /(^|,)\s*upgrade\s*($|,)/i,
+@@ -40,10 +39,10 @@ common.setupOutgoing = function(outgoing, options, req, forward) {
+   );
+ 
+   outgoing.method = options.method || req.method;
+-  outgoing.headers = extend({}, req.headers);
+  outgoing.headers = Object.assign({}, req.headers);
+ 
+   if (options.headers){
+-    extend(outgoing.headers, options.headers);
+    Object.assign(outgoing.headers, options.headers);
+   }
+ 
+   if (options.auth) {
+diff --git a/lib/http-proxy/index.js b/lib/http-proxy/index.js
+index 977a4b3622b9eaac27689f06347ea4c5173a96cd..88b2d0fcfa03c3aafa47c7e6d38e64412c45a7cc 100644
+--- a/lib/http-proxy/index.js
+++ b/lib/http-proxy/index.js
+@@ -1,5 +1,4 @@
+ var httpProxy = module.exports,
+-    extend    = require('util')._extend,
+     parse_url = require('url').parse,
+     EE3       = require('eventemitter3'),
+     http      = require('http'),
+@@ -47,9 +46,9 @@ function createRightProxy(type) {
+         args[cntr] !== res
+       ) {
+         //Copy global options
+-        requestOptions = extend({}, options);
+        requestOptions = Object.assign({}, options);
+         //Overwrite with request options
+-        extend(requestOptions, args[cntr]);
+        Object.assign(requestOptions, args[cntr]);
+ 
+         cntr--;
+       }
--- a/backend/pnpm-lock.yaml
+++ b/backend/pnpm-lock.yaml
--- a/backend/src/constants.js
+++ b/backend/src/constants.js
@@ -6,6 +6,7 @@ export const FILES_KEY = 'files';
 export const MODULES_KEY = 'modules';
 export const ARTIFACTS_KEY = 'artifacts';
 export const RULES_KEY = 'rules';
+export const TOKENS_KEY = 'tokens';
 export const GIST_BACKUP_KEY = 'Auto Generated Sub-Store Backup';
 export const GIST_BACKUP_FILE_NAME = 'Sub-Store';
 export const ARTIFACT_REPOSITORY_KEY = 'Sub-Store Artifacts Repository';
--- a/backend/src/core/proxy-utils/index.js
+++ b/backend/src/core/proxy-utils/index.js
@@ -1,14 +1,17 @@
+import { Base64 } from 'js-base64';
 import { Buffer } from 'buffer';
 import rs from '@/utils/rs';
 import YAML from '@/utils/yaml';
-import download from '@/utils/download';
+import download, { downloadFile } from '@/utils/download';
 import {
    isIPv4,
    isIPv6,
    isValidPortNumber,
+    isValidUUID,
    isNotBlank,
    ipAddress,
    getRandomPort,
+    numberToString,
 } from '@/utils';
 import PROXY_PROCESSORS, { ApplyProcessor } from './processors';
 import PROXY_PREPROCESSORS from './preprocessors';
@@ -20,6 +23,9 @@ import { findByName } from '@/utils/database';
 import { produceArtifact } from '@/restful/sync';
 import { getFlag, removeFlag, getISO, MMDB } from '@/utils/geo';
 import Gist from '@/utils/gist';
+import { isPresent } from './producers/utils';
+import { doh } from '@/utils/dns';
+import JSON5 from 'json5';

 function preprocess(raw) {
    for (const processor of PROXY_PREPROCESSORS) {
@@ -74,23 +80,43 @@ function parse(raw) {
            $.error(`Failed to parse line: ${line}`);
        }
    }
-    return proxies;
+    return proxies.filter((proxy) => {
+        if (['vless', 'vmess'].includes(proxy.type)) {
+            const isProxyUUIDValid = isValidUUID(proxy.uuid);
+            if (!isProxyUUIDValid) {
+                $.error(`UUID may be invalid: ${proxy.name} ${proxy.uuid}`);
+            }
+            // return isProxyUUIDValid;
+        }
+        return true;
+    });
 }

-async function processFn(proxies, operators = [], targetPlatform, source) {
+async function processFn(
+    proxies,
+    operators = [],
+    targetPlatform,
+    source,
+    $options,
+) {
    for (const item of operators) {
+        if (item.disabled) {
+            $.log(
+                `Skipping disabled operator: "${
+                    item.type
+                }" with arguments:\n >>> ${
+                    JSON.stringify(item.args, null, 2) || 'None'
+                }`,
+            );
+            continue;
+        }
        // process script
        let script;
        let $arguments = {};
        if (item.type.indexOf('Script') !== -1) {
            const { mode, content } = item.args;
            if (mode === 'link') {
-                let noCache;
                let url = content || '';
-                if (url.endsWith('#noCache')) {
-                    url = url.replace(/#noCache$/, '');
-                    noCache = true;
-                }
                // extract link arguments
                const rawArgs = url.split('#');
                if (rawArgs.length > 1) {
@@ -109,10 +135,17 @@ async function processFn(proxies, operators = [], targetPlatform, source) {
                        }
                    }
                }
-                url = `${url.split('#')[0]}${noCache ? '#noCache' : ''}`;
-                const downloadUrlMatch = url.match(
-                    /^\/api\/(file|module)\/(.+)/,
-                );
+                url = `${url.split('#')[0]}${
+                    rawArgs[2]
+                        ? `#${rawArgs[2]}`
+                        : $arguments?.noCache != null ||
+                          $arguments?.insecure != null
+                        ? `#${rawArgs[1]}`
+                        : ''
+                }`;
+                const downloadUrlMatch = url
+                    .split('#')[0]
+                    .match(/^\/api\/(file|module)\/(.+)/);
                if (downloadUrlMatch) {
                    let type = '';
                    try {
@@ -142,6 +175,17 @@ async function processFn(proxies, operators = [], targetPlatform, source) {
                        );
                        throw new Error(`无法加载 ${type}: ${url}`);
                    }
+                } else if (url?.startsWith('/')) {
+                    try {
+                        const fs = eval(`require("fs")`);
+                        script = fs.readFileSync(url.split('#')[0], 'utf8');
+                        // $.info(`Script loaded: >>>\n ${script}`);
+                    } catch (err) {
+                        $.error(
+                            `Error when reading local script: ${item.args.content}.\n Reason: ${err}`,
+                        );
+                        throw new Error(`无法从该路径读取脚本文件: ${url}`);
+                    }
                } else {
                    // if this is a remote script, download it
                    try {
@@ -156,6 +200,7 @@ async function processFn(proxies, operators = [], targetPlatform, source) {
                }
            } else {
                script = content;
+                $arguments = item.args.arguments || {};
            }
        }

@@ -176,6 +221,7 @@ async function processFn(proxies, operators = [], targetPlatform, source) {
                targetPlatform,
                $arguments,
                source,
+                $options,
            );
        } else {
            processor = PROXY_PROCESSORS[item.type](item.args || {});
@@ -196,14 +242,24 @@ function produce(proxies, targetPlatform, type, opts = {}) {
    );

    // filter unsupported proxies
-    proxies = proxies.filter(
-        (proxy) =>
-            !(proxy.supported && proxy.supported[targetPlatform] === false),
-    );
+    proxies = proxies.filter((proxy) => {
+        // 检查代理是否支持目标平台
+        if (proxy.supported && proxy.supported[targetPlatform] === false) {
+            return false;
+        }
+
+        // 对于 vless 和 vmess 代理,需要额外验证 UUID
+        if (['vless', 'vmess'].includes(proxy.type)) {
+            const isProxyUUIDValid = isValidUUID(proxy.uuid);
+            if (!isProxyUUIDValid)
+                $.error(`UUID may be invalid: ${proxy.name} ${proxy.uuid}`);
+            // return isProxyUUIDValid;
+        }
+
+        return true;
+    });

    proxies = proxies.map((proxy) => {
-        proxy._subName = proxy.subName;
-        proxy._collectionName = proxy.collectionName;
        proxy._resolved = proxy.resolved;

        if (!isNotBlank(proxy.name)) {
@@ -224,6 +280,7 @@ function produce(proxies, targetPlatform, type, opts = {}) {

        // 处理 端口跳跃
        if (proxy.ports) {
+            proxy.ports = String(proxy.ports);
            if (!['ClashMeta'].includes(targetPlatform)) {
                proxy.ports = proxy.ports.replace(/\//g, ',');
            }
@@ -237,21 +294,10 @@ function produce(proxies, targetPlatform, type, opts = {}) {

    $.log(`Producing proxies for target: ${targetPlatform}`);
    if (typeof producer.type === 'undefined' || producer.type === 'SINGLE') {
-        let localPort = 10000;
        let list = proxies
            .map((proxy) => {
                try {
-                    let line = producer.produce(proxy, type, opts);
-                    if (
-                        line.length > 0 &&
-                        line.includes('__SubStoreLocalPort__')
-                    ) {
-                        line = line.replace(
-                            /__SubStoreLocalPort__/g,
-                            localPort++,
-                        );
-                    }
-                    return line;
+                    return producer.produce(proxy, type, opts);
                } catch (err) {
                    $.error(
                        `Cannot produce proxy: ${JSON.stringify(
@@ -270,7 +316,7 @@ function produce(proxies, targetPlatform, type, opts = {}) {
            proxies.length > 0 &&
            proxies.every((p) => p.type === 'wireguard')
        ) {
-            list = `#!name=${proxies[0]?.subName}
+            list = `#!name=${proxies[0]?._subName}
 #!desc=${proxies[0]?._desc ?? ''}
 #!category=${proxies[0]?._category ?? ''}
 ${list}`;
@@ -296,6 +342,13 @@ export const ProxyUtils = {
    getISO,
    MMDB,
    Gist,
+    download,
+    downloadFile,
+    isValidUUID,
+    doh,
+    Buffer,
+    Base64,
+    JSON5,
 };

 function tryParse(parser, line) {
@@ -316,7 +369,34 @@ function safeMatch(parser, line) {
    }
 }

+function formatTransportPath(path) {
+    if (typeof path === 'string' || typeof path === 'number') {
+        path = String(path).trim();
+
+        if (path === '') {
+            return '/';
+        } else if (!path.startsWith('/')) {
+            return '/' + path;
+        }
+    }
+    return path;
+}
+
 function lastParse(proxy) {
+    if (typeof proxy.cipher === 'string') {
+        proxy.cipher = proxy.cipher.toLowerCase();
+    }
+    if (typeof proxy.password === 'number') {
+        proxy.password = numberToString(proxy.password);
+    }
+    if (
+        ['ss'].includes(proxy.type) &&
+        proxy.cipher === 'none' &&
+        !proxy.password
+    ) {
+        // https://github.com/MetaCubeX/mihomo/issues/1677
+        proxy.password = '';
+    }
    if (proxy.interface) {
        proxy['interface-name'] = proxy.interface;
        delete proxy.interface;
@@ -344,6 +424,17 @@ function lastParse(proxy) {
        delete proxy['ws-headers'];
    }

+    const transportPath = proxy[`${proxy.network}-opts`]?.path;
+
+    if (Array.isArray(transportPath)) {
+        proxy[`${proxy.network}-opts`].path = transportPath.map((item) =>
+            formatTransportPath(item),
+        );
+    } else if (transportPath != null) {
+        proxy[`${proxy.network}-opts`].path =
+            formatTransportPath(transportPath);
+    }
+
    if (proxy.type === 'trojan') {
        if (proxy.network === 'tcp') {
            delete proxy.network;
@@ -355,9 +446,14 @@ function lastParse(proxy) {
        }
    }
    if (
-        ['trojan', 'tuic', 'hysteria', 'hysteria2', 'juicity'].includes(
-            proxy.type,
-        )
+        [
+            'trojan',
+            'tuic',
+            'hysteria',
+            'hysteria2',
+            'juicity',
+            'anytls',
+        ].includes(proxy.type)
    ) {
        proxy.tls = true;
    }
@@ -384,20 +480,7 @@ function lastParse(proxy) {
            proxy['h2-opts'].path = path[0];
        }
    }
-    if (proxy.tls && !proxy.sni) {
-        if (proxy.network) {
-            let transportHost = proxy[`${proxy.network}-opts`]?.headers?.Host;
-            transportHost = Array.isArray(transportHost)
-                ? transportHost[0]
-                : transportHost;
-            if (transportHost) {
-                proxy.sni = transportHost;
-            }
-        }
-        if (!proxy.sni && !isIP(proxy.server)) {
-            proxy.sni = proxy.server;
-        }
-    }
+
    // 非 tls, 有 ws/http 传输层, 使用域名的节点, 将设置传输层 Host 防止之后域名解析后丢失域名(不覆盖现有的 Host)
    if (
        !proxy.tls &&
@@ -424,9 +507,27 @@ function lastParse(proxy) {
            proxy[`${proxy.network}-opts`].path = [transportPath];
        }
    }
-    if (['hysteria', 'hysteria2'].includes(proxy.type) && !proxy.ports) {
+    if (proxy.tls && !proxy.sni) {
+        if (!isIP(proxy.server)) {
+            proxy.sni = proxy.server;
+        }
+        if (!proxy.sni && proxy.network) {
+            let transportHost = proxy[`${proxy.network}-opts`]?.headers?.Host;
+            transportHost = Array.isArray(transportHost)
+                ? transportHost[0]
+                : transportHost;
+            if (transportHost) {
+                proxy.sni = transportHost;
+            }
+        }
+    }
+    // if (['hysteria', 'hysteria2', 'tuic'].includes(proxy.type)) {
+    if (proxy.ports) {
+        proxy.ports = String(proxy.ports).replace(/\//g, ',');
+    } else {
        delete proxy.ports;
    }
+    // }
    if (
        ['hysteria2'].includes(proxy.type) &&
        proxy.obfs &&
@@ -436,6 +537,14 @@ function lastParse(proxy) {
        proxy['obfs-password'] = proxy.obfs;
        proxy.obfs = 'salamander';
    }
+    if (
+        ['hysteria2'].includes(proxy.type) &&
+        !proxy['obfs-password'] &&
+        proxy['obfs_password']
+    ) {
+        proxy['obfs-password'] = proxy['obfs_password'];
+        delete proxy['obfs_password'];
+    }
    if (['vless'].includes(proxy.type)) {
        // 删除 reality-opts: {}
        if (
@@ -522,6 +631,20 @@ function lastParse(proxy) {
    if (!proxy['tls-fingerprint'] && caStr) {
        proxy['tls-fingerprint'] = rs.generateFingerprint(caStr);
    }
+    if (
+        ['ss'].includes(proxy.type) &&
+        isPresent(proxy, 'shadow-tls-password')
+    ) {
+        proxy.plugin = 'shadow-tls';
+        proxy['plugin-opts'] = {
+            host: proxy['shadow-tls-sni'],
+            password: proxy['shadow-tls-password'],
+            version: proxy['shadow-tls-version'],
+        };
+        delete proxy['shadow-tls-sni'];
+        delete proxy['shadow-tls-password'];
+        delete proxy['shadow-tls-version'];
+    }
    return proxy;
 }

--- a/backend/src/core/proxy-utils/parsers/index.js
+++ b/backend/src/core/proxy-utils/parsers/index.js
@@ -5,14 +5,118 @@ import {
    isPresent,
    isNotBlank,
    getIfPresent,
+    getRandomPort,
 } from '@/utils';
 import getSurgeParser from './peggy/surge';
 import getLoonParser from './peggy/loon';
 import getQXParser from './peggy/qx';
 import getTrojanURIParser from './peggy/trojan-uri';
+import $ from '@/core/app';
+import JSON5 from 'json5';

 import { Base64 } from 'js-base64';

+function surge_port_hopping(raw) {
+    const [parts, port_hopping] =
+        raw.match(
+            /,\s*?port-hopping\s*?=\s*?["']?\s*?((\d+(-\d+)?)([,;]\d+(-\d+)?)*)\s*?["']?\s*?/,
+        ) || [];
+    return {
+        port_hopping: port_hopping
+            ? port_hopping.replace(/;/g, ',')
+            : undefined,
+        line: parts ? raw.replace(parts, '') : raw,
+    };
+}
+
+function URI_PROXY() {
+    // socks5+tls
+    // socks5
+    // http, https(可以这么写)
+    const name = 'URI PROXY Parser';
+    const test = (line) => {
+        return /^(socks5\+tls|socks5|http|https):\/\//.test(line);
+    };
+    const parse = (line) => {
+        // parse url
+        // eslint-disable-next-line no-unused-vars
+        let [__, type, tls, username, password, server, port, query, name] =
+            line.match(
+                /^(socks5|http|http)(\+tls|s)?:\/\/(?:(.*?):(.*?)@)?(.*?)(?::(\d+?))?(\?.*?)?(?:#(.*?))?$/,
+            );
+        if (port) {
+            port = parseInt(port, 10);
+        } else {
+            if (tls) {
+                port = 443;
+            } else if (type === 'http') {
+                port = 80;
+            } else {
+                $.error(`port is not present in line: ${line}`);
+                throw new Error(`port is not present in line: ${line}`);
+            }
+            $.info(`port is not present in line: ${line}, set to ${port}`);
+        }
+
+        const proxy = {
+            name:
+                name != null
+                    ? decodeURIComponent(name)
+                    : `${type} ${server}:${port}`,
+            type,
+            tls: tls ? true : false,
+            server,
+            port,
+            username:
+                username != null ? decodeURIComponent(username) : undefined,
+            password:
+                password != null ? decodeURIComponent(password) : undefined,
+        };
+
+        return proxy;
+    };
+    return { name, test, parse };
+}
+function URI_SOCKS() {
+    const name = 'URI SOCKS Parser';
+    const test = (line) => {
+        return /^socks:\/\//.test(line);
+    };
+    const parse = (line) => {
+        // parse url
+        // eslint-disable-next-line no-unused-vars
+        let [__, type, auth, server, port, query, name] = line.match(
+            /^(socks)?:\/\/(?:(.*)@)?(.*?)(?::(\d+?))?(\?.*?)?(?:#(.*?))?$/,
+        );
+        if (port) {
+            port = parseInt(port, 10);
+        } else {
+            $.error(`port is not present in line: ${line}`);
+            throw new Error(`port is not present in line: ${line}`);
+        }
+        let username, password;
+        if (auth) {
+            const parsed = Base64.decode(decodeURIComponent(auth)).split(':');
+            username = parsed[0];
+            password = parsed[1];
+        }
+
+        const proxy = {
+            name:
+                name != null
+                    ? decodeURIComponent(name)
+                    : `${type} ${server}:${port}`,
+            type: 'socks5',
+            server,
+            port,
+            username,
+            password,
+        };
+
+        return proxy;
+    };
+    return { name, test, parse };
+}
 // Parse SS URI format (only supports new SIP002, legacy format is depreciated).
 // reference: https://github.com/shadowsocks/shadowsocks-org/wiki/SIP002-URI-Scheme
 function URI_SS() {
@@ -25,14 +129,22 @@ function URI_SS() {
        // parse url
        let content = line.split('ss://')[1];

+        let name = line.split('#')[1];
        const proxy = {
-            name: decodeURIComponent(line.split('#')[1]),
            type: 'ss',
        };
        content = content.split('#')[0]; // strip proxy name
        // handle IPV4 and IPV6
-        let serverAndPortArray = content.match(/@([^/]*)(\/|$)/);
-        let userInfoStr = Base64.decode(content.split('@')[0]);
+        let serverAndPortArray = content.match(/@([^/?]*)(\/|\?|$)/);
+
+        let rawUserInfoStr = decodeURIComponent(content.split('@')[0]); // 其实应该分隔之后, 用户名和密码再 decodeURIComponent. 但是问题不大
+        let userInfoStr;
+        if (rawUserInfoStr?.startsWith('2022-blake3-')) {
+            userInfoStr = rawUserInfoStr;
+        } else {
+            userInfoStr = Base64.decode(rawUserInfoStr);
+        }
+
        let query = '';
        if (!serverAndPortArray) {
            if (content.includes('?')) {
@@ -41,6 +153,7 @@ function URI_SS() {
                query = parsed[2];
            }
            content = Base64.decode(content);
+
            if (query) {
                if (/(&|\?)v2ray-plugin=/.test(query)) {
                    const parsed = query.match(/(&|\?)v2ray-plugin=(.*?)(&|$)/);
@@ -54,26 +167,35 @@ function URI_SS() {
                }
                content = `${content}${query}`;
            }
-            userInfoStr = content.split('@')[0];
-            serverAndPortArray = content.match(/@([^/]*)(\/|$)/);
+            userInfoStr = content.match(/(^.*)@/)?.[1];
+            serverAndPortArray = content.match(/@([^/@]*)(\/|$)/);
+        } else if (content.includes('?')) {
+            const parsed = content.match(/(\?.*)$/);
+            query = parsed[1];
        }
+
        const serverAndPort = serverAndPortArray[1];
        const portIdx = serverAndPort.lastIndexOf(':');
        proxy.server = serverAndPort.substring(0, portIdx);
        proxy.port = `${serverAndPort.substring(portIdx + 1)}`.match(
            /\d+/,
        )?.[0];
-
-        const userInfo = userInfoStr.match(/(^.*?):(.*$)/);
-        proxy.cipher = userInfo[1];
-        proxy.password = userInfo[2];
+        let userInfo = userInfoStr.match(/(^.*?):(.*$)/);
+        proxy.cipher = userInfo?.[1];
+        proxy.password = userInfo?.[2];
+        // if (!proxy.cipher || !proxy.password) {
+        //     userInfo = rawUserInfoStr.match(/(^.*?):(.*$)/);
+        //     proxy.cipher = userInfo?.[1];
+        //     proxy.password = userInfo?.[2];
+        // }

        // handle obfs
-        const idx = content.indexOf('?plugin=');
-        if (idx !== -1) {
+        const pluginMatch = content.match(/[?&]plugin=([^&]+)/);
+        const shadowTlsMatch = content.match(/[?&]shadow-tls=([^&]+)/);
+
+        if (pluginMatch) {
            const pluginInfo = (
-                'plugin=' +
-                decodeURIComponent(content.split('?plugin=')[1].split('&')[0])
+                'plugin=' + decodeURIComponent(pluginMatch[1])
            ).split(';');
            const params = {};
            for (const item of pluginInfo) {
@@ -98,18 +220,51 @@ function URI_SS() {
                        tls: getIfPresent(params.tls),
                    };
                    break;
+                case 'shadow-tls': {
+                    proxy.plugin = 'shadow-tls';
+                    const version = getIfNotBlank(params['version']);
+                    proxy['plugin-opts'] = {
+                        host: getIfNotBlank(params['host']),
+                        password: getIfNotBlank(params['password']),
+                        version: version ? parseInt(version, 10) : undefined,
+                    };
+                    break;
+                }
                default:
                    throw new Error(
                        `Unsupported plugin option: ${params.plugin}`,
                    );
            }
        }
+        // Shadowrocket
+        if (shadowTlsMatch) {
+            const params = JSON.parse(Base64.decode(shadowTlsMatch[1]));
+            const version = getIfNotBlank(params['version']);
+            const address = getIfNotBlank(params['address']);
+            const port = getIfNotBlank(params['port']);
+            proxy.plugin = 'shadow-tls';
+            proxy['plugin-opts'] = {
+                host: getIfNotBlank(params['host']),
+                password: getIfNotBlank(params['password']),
+                version: version ? parseInt(version, 10) : undefined,
+            };
+            if (address) {
+                proxy.server = address;
+            }
+            if (port) {
+                proxy.port = parseInt(port, 10);
+            }
+        }
        if (/(&|\?)uot=(1|true)/i.test(query)) {
            proxy['udp-over-tcp'] = true;
        }
        if (/(&|\?)tfo=(1|true)/i.test(query)) {
            proxy.tfo = true;
        }
+        if (name != null) {
+            name = decodeURIComponent(name);
+        }
+        proxy.name = name ?? `SS ${proxy.server}:${proxy.port}`;
        return proxy;
    };
    return { name, test, parse };
@@ -192,7 +347,7 @@ function URI_VMess() {
    };
    const parse = (line) => {
        line = line.split('vmess://')[1];
-        let content = Base64.decode(line);
+        let content = Base64.decode(line.replace(/\?.*?$/, ''));
        if (/=\s*vmess/.test(content)) {
            // Quantumult VMess URI format
            const partitions = content.split(',').map((p) => p.trim());
@@ -285,7 +440,16 @@ function URI_VMess() {
                type: 'vmess',
                server,
                port,
-                cipher: getIfPresent(params.scy, 'auto'),
+                // https://github.com/2dust/v2rayN/wiki/Description-of-VMess-share-link
+                // https://github.com/XTLS/Xray-core/issues/91
+                cipher: [
+                    'auto',
+                    'aes-128-gcm',
+                    'chacha20-poly1305',
+                    'none',
+                ].includes(params.scy)
+                    ? params.scy
+                    : 'auto',
                uuid: params.id,
                alterId: parseInt(
                    getIfPresent(params.aid ?? params.alterId, 0),
@@ -302,8 +466,12 @@ function URI_VMess() {
                );
            }
            // https://github.com/2dust/v2rayN/wiki/%E5%88%86%E4%BA%AB%E9%93%BE%E6%8E%A5%E6%A0%BC%E5%BC%8F%E8%AF%B4%E6%98%8E(ver-2)
-            if (proxy.tls && proxy.sni) {
-                proxy.sni = params.sni;
+            if (proxy.tls) {
+                if (params.sni && params.sni !== '') {
+                    proxy.sni = params.sni;
+                } else if (params.peer && params.peer !== '') {
+                    proxy.sni = params.peer;
+                }
            }
            let httpupgrade = false;
            // handle obfs
@@ -315,8 +483,8 @@ function URI_VMess() {
                ['http'].includes(params.type)
            ) {
                proxy.network = 'http';
-            } else if (['grpc'].includes(params.net)) {
-                proxy.network = 'grpc';
+            } else if (['grpc', 'kcp', 'quic'].includes(params.net)) {
+                proxy.network = params.net;
            } else if (
                params.net === 'httpupgrade' ||
                proxy.network === 'httpupgrade'
@@ -326,6 +494,10 @@ function URI_VMess() {
            } else if (params.net === 'h2' || proxy.network === 'h2') {
                proxy.network = 'h2';
            }
+            // 暂不支持 tcp + host + path
+            // else if (params.net === 'tcp' || proxy.network === 'tcp') {
+            //     proxy.network = 'tcp';
+            // }
            if (proxy.network) {
                let transportHost = params.host ?? params.obfsParam;
                try {
@@ -338,6 +510,11 @@ function URI_VMess() {
                } catch (e) {}
                let transportPath = params.path;

+                // 补上默认 path
+                if (['ws'].includes(proxy.network)) {
+                    transportPath = transportPath || '/';
+                }
+
                if (proxy.network === 'http') {
                    if (transportHost) {
                        // 1)http(tcp)->host中间逗号(,)隔开
@@ -357,11 +534,27 @@ function URI_VMess() {
                    }
                }
                // 传输层应该有配置, 暂时不考虑兼容不给配置的节点
-                if (transportPath || transportHost) {
+                if (
+                    transportPath ||
+                    transportHost ||
+                    ['kcp', 'quic'].includes(proxy.network)
+                ) {
                    if (['grpc'].includes(proxy.network)) {
                        proxy[`${proxy.network}-opts`] = {
                            'grpc-service-name': getIfNotBlank(transportPath),
                            '_grpc-type': getIfNotBlank(params.type),
+                            '_grpc-authority': getIfNotBlank(params.authority),
+                        };
+                    } else if (['kcp', 'quic'].includes(proxy.network)) {
+                        proxy[`${proxy.network}-opts`] = {
+                            [`_${proxy.network}-type`]: getIfNotBlank(
+                                params.type,
+                            ),
+                            [`_${proxy.network}-host`]: getIfNotBlank(
+                                getIfNotBlank(transportHost),
+                            ),
+                            [`_${proxy.network}-path`]:
+                                getIfNotBlank(transportPath),
                        };
                    } else {
                        const opts = {
@@ -377,13 +570,13 @@ function URI_VMess() {
                } else {
                    delete proxy.network;
                }
-
-                // https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/docs/config.yaml#L413
-                // sni 优先级应高于 host
-                if (proxy.tls && !proxy.sni && transportHost) {
-                    proxy.sni = transportHost;
-                }
            }
+
+            proxy['client-fingerprint'] = params.fp;
+            proxy.alpn = params.alpn ? params.alpn.split(',') : undefined;
+            // 然而 wiki 和 app 实测中都没有字段表示这个
+            // proxy['skip-cert-verify'] = /(TRUE)|1/i.test(params.allowInsecure);
+
            return proxy;
        }
    };
@@ -467,6 +660,9 @@ function URI_VLESS() {
            if (params.sid) {
                opts['short-id'] = params.sid;
            }
+            if (params.spx) {
+                opts['_spider-x'] = params.spx;
+            }
            if (Object.keys(opts).length > 0) {
                // proxy[`${params.security}-opts`] = opts;
                proxy[`${params.security}-opts`] = opts;
@@ -482,6 +678,9 @@ function URI_VLESS() {
        }
        if (!proxy.network && isShadowrocket && params.obfs) {
            proxy.network = params.obfs;
+            if (['none'].includes(proxy.network)) {
+                proxy.network = 'tcp';
+            }
        }
        if (['websocket'].includes(proxy.network)) {
            proxy.network = 'ws';
@@ -503,6 +702,9 @@ function URI_VLESS() {
            }
            if (params.serviceName) {
                opts[`${proxy.network}-service-name`] = params.serviceName;
+                if (['grpc'].includes(proxy.network) && params.authority) {
+                    opts['_grpc-authority'] = params.authority;
+                }
            } else if (isShadowrocket && params.path) {
                if (!['ws', 'http', 'h2'].includes(proxy.network)) {
                    opts[`${proxy.network}-service-name`] = params.path;
@@ -523,14 +725,68 @@ function URI_VLESS() {
            if (Object.keys(opts).length > 0) {
                proxy[`${proxy.network}-opts`] = opts;
            }
+            if (proxy.network === 'kcp') {
+                // mKCP 种子。省略时不使用种子，但不可以为空字符串。建议 mKCP 用户使用 seed。
+                if (params.seed) {
+                    proxy.seed = params.seed;
+                }
+                // mKCP 的伪装头部类型。当前可选值有 none / srtp / utp / wechat-video / dtls / wireguard。省略时默认值为 none，即不使用伪装头部，但不可以为空字符串。
+                proxy.headerType = params.headerType || 'none';
+            }
+
+            if (params.mode) {
+                proxy._mode = params.mode;
+            }
+            if (params.extra) {
+                proxy._extra = params.extra;
+            }
        }

-        if (proxy.tls && !proxy.sni) {
-            if (proxy.network === 'ws') {
-                proxy.sni = proxy['ws-opts']?.headers?.Host;
-            } else if (proxy.network === 'http') {
-                let httpHost = proxy['http-opts']?.headers?.Host;
-                proxy.sni = Array.isArray(httpHost) ? httpHost[0] : httpHost;
+        return proxy;
+    };
+    return { name, test, parse };
+}
+function URI_AnyTLS() {
+    const name = 'URI AnyTLS Parser';
+    const test = (line) => {
+        return /^anytls:\/\//.test(line);
+    };
+    const parse = (line) => {
+        line = line.split(/anytls:\/\//)[1];
+        // eslint-disable-next-line no-unused-vars
+        let [__, password, server, port, addons = '', name] =
+            /^(.*?)@(.*?)(?::(\d+))?\/?(?:\?(.*?))?(?:#(.*?))?$/.exec(line);
+        password = decodeURIComponent(password);
+        port = parseInt(`${port}`, 10);
+        if (isNaN(port)) {
+            port = 443;
+        }
+        password = decodeURIComponent(password);
+        if (name != null) {
+            name = decodeURIComponent(name);
+        }
+        name = name ?? `AnyTLS ${server}:${port}`;
+
+        const proxy = {
+            type: 'anytls',
+            name,
+            server,
+            port,
+            password,
+        };
+
+        for (const addon of addons.split('&')) {
+            let [key, value] = addon.split('=');
+            key = key.replace(/_/g, '-');
+            value = decodeURIComponent(value);
+            if (['alpn'].includes(key)) {
+                proxy[key] = value ? value.split(',') : undefined;
+            } else if (['insecure'].includes(key)) {
+                proxy['skip-cert-verify'] = /(TRUE)|1/i.test(value);
+            } else if (['udp'].includes(key)) {
+                proxy[key] = /(TRUE)|1/i.test(value);
+            } else {
+                proxy[key] = value;
            }
        }

@@ -545,13 +801,43 @@ function URI_Hysteria2() {
    };
    const parse = (line) => {
        line = line.split(/(hysteria2|hy2):\/\//)[2];
-        // eslint-disable-next-line no-unused-vars
-        let [__, password, server, ___, port, ____, addons = '', name] =
-            /^(.*?)@(.*?)(:(\d+))?\/?(\?(.*?))?(?:#(.*?))?$/.exec(line);
-        port = parseInt(`${port}`, 10);
-        if (isNaN(port)) {
+        // 端口跳跃有两种写法:
+        // 1. 服务器的地址和可选端口。如果省略端口，则默认为 443。
+        // 端口部分支持 端口跳跃 的「多端口地址格式」。
+        // https://hysteria.network/zh/docs/advanced/Port-Hopping
+        // 2. 参数 mport
+        let ports;
+        /* eslint-disable no-unused-vars */
+        let [
+            __,
+            password,
+            server,
+            ___,
+            port,
+            ____,
+            _____,
+            ______,
+            _______,
+            ________,
+            addons = '',
+            name,
+        ] = /^(.*?)@(.*?)(:((\d+(-\d+)?)([,;]\d+(-\d+)?)*))?\/?(\?(.*?))?(?:#(.*?))?$/.exec(
+            line,
+        );
+
+        /* eslint-enable no-unused-vars */
+        if (/^\d+$/.test(port)) {
+            port = parseInt(`${port}`, 10);
+            if (isNaN(port)) {
+                port = 443;
+            }
+        } else if (port) {
+            ports = port;
+            port = getRandomPort(ports);
+        } else {
            port = 443;
        }
+
        password = decodeURIComponent(password);
        if (name != null) {
            name = decodeURIComponent(name);
@@ -563,6 +849,7 @@ function URI_Hysteria2() {
            name,
            server,
            port,
+            ports,
            password,
        };

@@ -581,12 +868,23 @@ function URI_Hysteria2() {
        if (params.obfs && params.obfs !== 'none') {
            proxy.obfs = params.obfs;
        }
-
-        proxy.ports = params.mport;
+        if (params.mport) {
+            proxy.ports = params.mport;
+        }
        proxy['obfs-password'] = params['obfs-password'];
        proxy['skip-cert-verify'] = /(TRUE)|1/i.test(params.insecure);
        proxy.tfo = /(TRUE)|1/i.test(params.fastopen);
        proxy['tls-fingerprint'] = params.pinSHA256;
+        let hop_interval = params['hop-interval'] || params['hop_interval'];
+
+        if (/^\d+$/.test(hop_interval)) {
+            proxy['hop-interval'] = parseInt(`${hop_interval}`, 10);
+        }
+        let keepalive = params['keepalive'];
+
+        if (/^\d+$/.test(keepalive)) {
+            proxy['keepalive'] = parseInt(`${keepalive}`, 10);
+        }

        return proxy;
    };
@@ -669,8 +967,11 @@ function URI_TUIC() {
    const parse = (line) => {
        line = line.split(/tuic:\/\//)[1];
        // eslint-disable-next-line no-unused-vars
-        let [__, uuid, password, server, ___, port, ____, addons = '', name] =
-            /^(.*?):(.*?)@(.*?)(:(\d+))?\/?(\?(.*?))?(?:#(.*?))?$/.exec(line);
+        let [__, auth, server, port, addons = '', name] =
+            /^(.*?)@(.*?)(?::(\d+))?\/?(?:\?(.*?))?(?:#(.*?))?$/.exec(line);
+        auth = decodeURIComponent(auth);
+        let [uuid, ...passwordParts] = auth.split(':');
+        let password = passwordParts.join(':');
        port = parseInt(`${port}`, 10);
        if (isNaN(port)) {
            port = 443;
@@ -692,14 +993,19 @@ function URI_TUIC() {

        for (const addon of addons.split('&')) {
            let [key, value] = addon.split('=');
-            key = key.replace(/_/, '-');
+            key = key.replace(/_/g, '-');
            value = decodeURIComponent(value);
            if (['alpn'].includes(key)) {
                proxy[key] = value ? value.split(',') : undefined;
            } else if (['allow-insecure'].includes(key)) {
                proxy['skip-cert-verify'] = /(TRUE)|1/i.test(value);
+            } else if (['fast-open'].includes(key)) {
+                proxy.tfo = true;
            } else if (['disable-sni', 'reduce-rtt'].includes(key)) {
                proxy[key] = /(TRUE)|1/i.test(value);
+            } else if (key === 'congestion-control') {
+                proxy['congestion-controller'] = value;
+                delete proxy[key];
            } else {
                proxy[key] = value;
            }
@@ -801,6 +1107,11 @@ function URI_Trojan() {
    };

    const parse = (line) => {
+        const matched = /^(trojan:\/\/.*?@.*?)(:(\d+))?\/?(\?.*?)?$/.exec(line);
+        const port = matched?.[2];
+        if (!port) {
+            line = line.replace(matched[1], `${matched[1]}:443`);
+        }
        let [newLine, name] = line.split(/#(.+)/, 2);
        const parser = getTrojanURIParser();
        const proxy = parser.parse(newLine);
@@ -820,16 +1131,19 @@ function Clash_All() {
    const name = 'Clash Parser';
    const test = (line) => {
        try {
-            JSON.parse(line);
+            JSON5.parse(line);
        } catch (e) {
            return false;
        }
        return true;
    };
    const parse = (line) => {
-        const proxy = JSON.parse(line);
+        const proxy = JSON5.parse(line);
        if (
            ![
+                'anytls',
+                'mieru',
+                'juicity',
                'ss',
                'ssr',
                'vmess',
@@ -843,6 +1157,7 @@ function Clash_All() {
                'hysteria2',
                'wireguard',
                'ssh',
+                'direct',
            ].includes(proxy.type)
        ) {
            throw new Error(
@@ -854,18 +1169,7 @@ function Clash_All() {
        if (['vmess', 'vless'].includes(proxy.type)) {
            proxy.sni = proxy.servername;
            delete proxy.servername;
-            if (proxy.tls && !proxy.sni) {
-                if (proxy.network === 'ws') {
-                    proxy.sni = proxy['ws-opts']?.headers?.Host;
-                } else if (proxy.network === 'http') {
-                    let httpHost = proxy['http-opts']?.headers?.Host;
-                    proxy.sni = Array.isArray(httpHost)
-                        ? httpHost[0]
-                        : httpHost;
-                }
-            }
        }
-
        if (proxy['server-cert-fingerprint']) {
            proxy['tls-fingerprint'] = proxy['server-cert-fingerprint'];
        }
@@ -1152,6 +1456,14 @@ function Loon_WireGuard() {
    return { name, test, parse };
 }

+function Surge_Direct() {
+    const name = 'Surge Direct Parser';
+    const test = (line) => {
+        return /^.*=\s*direct/.test(line.split(',')[0]);
+    };
+    const parse = (line) => getSurgeParser().parse(line);
+    return { name, test, parse };
+}
 function Surge_SSH() {
    const name = 'Surge SSH Parser';
    const test = (line) => {
@@ -1295,7 +1607,12 @@ function Surge_Tuic() {
    const test = (line) => {
        return /^.*=\s*tuic(-v5)?/.test(line.split(',')[0]);
    };
-    const parse = (line) => getSurgeParser().parse(line);
+    const parse = (raw) => {
+        const { port_hopping, line } = surge_port_hopping(raw);
+        const proxy = getSurgeParser().parse(line);
+        proxy['ports'] = port_hopping;
+        return proxy;
+    };
    return { name, test, parse };
 }
 function Surge_WireGuard() {
@@ -1312,7 +1629,12 @@ function Surge_Hysteria2() {
    const test = (line) => {
        return /^.*=\s*hysteria2/.test(line.split(',')[0]);
    };
-    const parse = (line) => getSurgeParser().parse(line);
+    const parse = (raw) => {
+        const { port_hopping, line } = surge_port_hopping(raw);
+        const proxy = getSurgeParser().parse(line);
+        proxy['ports'] = port_hopping;
+        return proxy;
+    };
    return { name, test, parse };
 }

@@ -1321,6 +1643,8 @@ function isIP(ip) {
 }

 export default [
+    URI_PROXY(),
+    URI_SOCKS(),
    URI_SS(),
    URI_SSR(),
    URI_VMess(),
@@ -1330,7 +1654,9 @@ export default [
    URI_Hysteria(),
    URI_Hysteria2(),
    URI_Trojan(),
+    URI_AnyTLS(),
    Clash_All(),
+    Surge_Direct(),
    Surge_SSH(),
    Surge_SS(),
    Surge_VMess(),
--- a/backend/src/core/proxy-utils/parsers/peggy/loon.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/loon.js
@@ -39,12 +39,12 @@ start = (shadowsocksr/shadowsocks/vmess/vless/trojan/https/http/socks5/hysteria2
    return proxy;
 }

-shadowsocksr = tag equals "shadowsocksr"i address method password (ssr_protocol/ssr_protocol_param/obfs_ssr/obfs_ssr_param/obfs_host/obfs_uri/fast_open/udp_relay/others)*{
+shadowsocksr = tag equals "shadowsocksr"i address method password (ssr_protocol/ssr_protocol_param/obfs_ssr/obfs_ssr_param/obfs_host/obfs_uri/fast_open/udp_relay/udp_port/shadow_tls_version/shadow_tls_sni/shadow_tls_password/ip_mode/block_quic/others)*{
    proxy.type = "ssr";
    // handle ssr obfs
    proxy.obfs = obfs.type;
 }
-shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs_hostv)? (obfs_ss/obfs_host/obfs_uri/fast_open/udp_relay/others)* {
+shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs_hostv)? (obfs_ss/obfs_host/obfs_uri/fast_open/udp_relay/udp_port/shadow_tls_version/shadow_tls_sni/shadow_tls_password/ip_mode/block_quic/others)* {
    proxy.type = "ss";
    // handle ss obfs
    if (obfs.type == "http" || obfs.type === "tls") {
@@ -54,31 +54,31 @@ shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs
        $set(proxy, "plugin-opts.path", obfs.path);
    }
 }
-vmess = tag equals "vmess"i address method uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/vmess_alterId/fast_open/udp_relay/others)* {
+vmess = tag equals "vmess"i address method uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/vmess_alterId/fast_open/udp_relay/ip_mode/public_key/short_id/block_quic/others)* {
    proxy.type = "vmess";
    proxy.cipher = proxy.cipher || "none";
    proxy.alterId = proxy.alterId || 0;
    handleTransport();
 }
-vless = tag equals "vless"i address uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
+vless = tag equals "vless"i address uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/ip_mode/flow/public_key/short_id/block_quic/others)* {
    proxy.type = "vless";
    handleTransport();
 }
-trojan = tag equals "trojan"i address password (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
+trojan = tag equals "trojan"i address password (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/ip_mode/block_quic/others)* {
    proxy.type = "trojan";
    handleTransport();
 }
-hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/udp_relay/fast_open/download_bandwidth/salamander_password/ecn/others)* {
+hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/udp_relay/fast_open/download_bandwidth/salamander_password/ecn/ip_mode/block_quic/others)* {
    proxy.type = "hysteria2";
 }
-https = tag equals "https"i address (username password)? (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
+https = tag equals "https"i address (username password)? (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/ip_mode/block_quic/others)* {
    proxy.type = "http";
    proxy.tls = true;
 }
-http = tag equals "http"i address (username password)? (fast_open/udp_relay/others)* {
+http = tag equals "http"i address (username password)? (fast_open/udp_relay/ip_mode/block_quic/others)* {
    proxy.type = "http";
 }
-socks5 = tag equals "socks5"i address (username password)? (over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
+socks5 = tag equals "socks5"i address (username password)? (over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/ip_mode/block_quic/others)* {
    proxy.type = "socks5";
 }

@@ -120,7 +120,7 @@ port = digits:[0-9]+ {
 method = comma cipher:cipher { 
    proxy.cipher = cipher;
 }
-cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"auto"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"none"/"rc4-md5"/"rc4"/"salsa20"/"xchacha20-ietf-poly1305");
+cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"auto"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"none"/"rc4-md5"/"rc4"/"salsa20"/"xchacha20-ietf-poly1305"/"2022-blake3-aes-128-gcm"/"2022-blake3-aes-256-gcm");

 username = & {
    let j = peg$currPos; 
@@ -169,19 +169,30 @@ ssr_protocol_param = comma "protocol-param" equals param:$[^=,]+ { proxy["protoc

 vmess_alterId = comma "alterId" equals alterId:$[0-9]+ { proxy.alterId = parseInt(alterId); } 

+udp_port = comma "udp-port" equals match:$[0-9]+ { proxy["udp-port"] = parseInt(match.trim()); }
+shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
+shadow_tls_sni = comma "shadow-tls-sni" equals match:[^,]+ { proxy["shadow-tls-sni"] = match.join(""); }
+shadow_tls_password = comma "shadow-tls-password" equals match:[^,]+ { proxy["shadow-tls-password"] = match.join(""); }
+
 over_tls = comma "over-tls" equals flag:bool { proxy.tls = flag; }
 tls_host = comma sni:("tls-name"/"sni") equals host:domain { proxy.sni = host; }
 tls_verification = comma "skip-cert-verify" equals flag:bool { proxy["skip-cert-verify"] = flag; }
 tls_cert_sha256 = comma "tls-cert-sha256" equals match:[^,]+ { proxy["tls-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 tls_pubkey_sha256 = comma "tls-pubkey-sha256" equals match:[^,]+ { proxy["tls-pubkey-sha256"] = match.join("").replace(/^"(.*)"$/, '$1'); }

+flow = comma "flow" equals match:[^,]+ { proxy["flow"] = match.join("").replace(/^"(.*)"$/, '$1'); }
+public_key = comma "public-key" equals match:[^,]+ { proxy["reality-opts"] = proxy["reality-opts"] || {}; proxy["reality-opts"]["public-key"] = match.join("").replace(/^"(.*)"$/, '$1'); }
+short_id = comma "short-id" equals match:[^,]+ { proxy["reality-opts"] = proxy["reality-opts"] || {}; proxy["reality-opts"]["short-id"] = match.join("").replace(/^"(.*)"$/, '$1'); }
+
 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }
 udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
+ip_mode = comma "ip-mode" equals match:[^,]+ { proxy["ip-version"] = match.join(""); }

 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
 download_bandwidth = comma "download-bandwidth" equals match:[^,]+ { proxy.down = match.join(""); }
 salamander_password = comma "salamander-password" equals match:[^,]+ { proxy['obfs-password'] = match.join(""); proxy.obfs = 'salamander'; }

+block_quic = comma "block-quic" equals flag:bool { if(flag) proxy["block-quic"] = "on"; else proxy["block-quic"] = "off"; }

 tag = match:[^=,]* { proxy.name = match.join("").trim(); }
 comma = _ "," _
--- a/backend/src/core/proxy-utils/parsers/peggy/loon.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/loon.peg
@@ -37,12 +37,12 @@ start = (shadowsocksr/shadowsocks/vmess/vless/trojan/https/http/socks5/hysteria2
    return proxy;
 }

-shadowsocksr = tag equals "shadowsocksr"i address method password (ssr_protocol/ssr_protocol_param/obfs_ssr/obfs_ssr_param/obfs_host/obfs_uri/fast_open/udp_relay/others)*{
+shadowsocksr = tag equals "shadowsocksr"i address method password (ssr_protocol/ssr_protocol_param/obfs_ssr/obfs_ssr_param/obfs_host/obfs_uri/fast_open/udp_relay/udp_port/shadow_tls_version/shadow_tls_sni/shadow_tls_password/ip_mode/block_quic/others)*{
    proxy.type = "ssr";
    // handle ssr obfs
    proxy.obfs = obfs.type;
 }
-shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs_hostv)? (obfs_ss/obfs_host/obfs_uri/fast_open/udp_relay/others)* {
+shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs_hostv)? (obfs_ss/obfs_host/obfs_uri/fast_open/udp_relay/udp_port/shadow_tls_version/shadow_tls_sni/shadow_tls_password/ip_mode/block_quic/others)* {
    proxy.type = "ss";
    // handle ss obfs
    if (obfs.type == "http" || obfs.type === "tls") {
@@ -52,31 +52,31 @@ shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs
        $set(proxy, "plugin-opts.path", obfs.path);
    }
 }
-vmess = tag equals "vmess"i address method uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/vmess_alterId/fast_open/udp_relay/others)* {
+vmess = tag equals "vmess"i address method uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/vmess_alterId/fast_open/udp_relay/ip_mode/public_key/short_id/block_quic/others)* {
    proxy.type = "vmess";
    proxy.cipher = proxy.cipher || "none";
    proxy.alterId = proxy.alterId || 0;
    handleTransport();
 }
-vless = tag equals "vless"i address uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
+vless = tag equals "vless"i address uuid (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/ip_mode/flow/public_key/short_id/block_quic/others)* {
    proxy.type = "vless";
    handleTransport();
 }
-trojan = tag equals "trojan"i address password (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
+trojan = tag equals "trojan"i address password (transport/transport_host/transport_path/over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/ip_mode/block_quic/others)* {
    proxy.type = "trojan";
    handleTransport();
 }
-hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/udp_relay/fast_open/download_bandwidth/salamander_password/ecn/others)* {
+hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/udp_relay/fast_open/download_bandwidth/salamander_password/ecn/ip_mode/block_quic/others)* {
    proxy.type = "hysteria2";
 }
-https = tag equals "https"i address (username password)? (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
+https = tag equals "https"i address (username password)? (tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/ip_mode/block_quic/others)* {
    proxy.type = "http";
    proxy.tls = true;
 }
-http = tag equals "http"i address (username password)? (fast_open/udp_relay/others)* {
+http = tag equals "http"i address (username password)? (fast_open/udp_relay/ip_mode/block_quic/others)* {
    proxy.type = "http";
 }
-socks5 = tag equals "socks5"i address (username password)? (over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/others)* {
+socks5 = tag equals "socks5"i address (username password)? (over_tls/tls_host/tls_verification/tls_cert_sha256/tls_pubkey_sha256/fast_open/udp_relay/ip_mode/block_quic/others)* {
    proxy.type = "socks5";
 }

@@ -118,7 +118,7 @@ port = digits:[0-9]+ {
 method = comma cipher:cipher { 
    proxy.cipher = cipher;
 }
-cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"auto"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"none"/"rc4-md5"/"rc4"/"salsa20"/"xchacha20-ietf-poly1305");
+cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"auto"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"none"/"rc4-md5"/"rc4"/"salsa20"/"xchacha20-ietf-poly1305"/"2022-blake3-aes-128-gcm"/"2022-blake3-aes-256-gcm");

 username = & {
    let j = peg$currPos; 
@@ -167,19 +167,31 @@ ssr_protocol_param = comma "protocol-param" equals param:$[^=,]+ { proxy["protoc

 vmess_alterId = comma "alterId" equals alterId:$[0-9]+ { proxy.alterId = parseInt(alterId); } 

+udp_port = comma "udp-port" equals match:$[0-9]+ { proxy["udp-port"] = parseInt(match.trim()); }
+shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
+shadow_tls_sni = comma "shadow-tls-sni" equals match:[^,]+ { proxy["shadow-tls-sni"] = match.join(""); }
+shadow_tls_password = comma "shadow-tls-password" equals match:[^,]+ { proxy["shadow-tls-password"] = match.join(""); }
+
 over_tls = comma "over-tls" equals flag:bool { proxy.tls = flag; }
 tls_host = comma sni:("tls-name"/"sni") equals host:domain { proxy.sni = host; }
 tls_verification = comma "skip-cert-verify" equals flag:bool { proxy["skip-cert-verify"] = flag; }
 tls_cert_sha256 = comma "tls-cert-sha256" equals match:[^,]+ { proxy["tls-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 tls_pubkey_sha256 = comma "tls-pubkey-sha256" equals match:[^,]+ { proxy["tls-pubkey-sha256"] = match.join("").replace(/^"(.*)"$/, '$1'); }

+flow = comma "flow" equals match:[^,]+ { proxy["flow"] = match.join("").replace(/^"(.*)"$/, '$1'); }
+public_key = comma "public-key" equals match:[^,]+ { proxy["reality-opts"] = proxy["reality-opts"] || {}; proxy["reality-opts"]["public-key"] = match.join("").replace(/^"(.*)"$/, '$1'); }
+short_id = comma "short-id" equals match:[^,]+ { proxy["reality-opts"] = proxy["reality-opts"] || {}; proxy["reality-opts"]["short-id"] = match.join("").replace(/^"(.*)"$/, '$1'); }
+
 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }
 udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
+ip_mode = comma "ip-mode" equals match:[^,]+ { proxy["ip-version"] = match.join(""); }

 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
 download_bandwidth = comma "download-bandwidth" equals match:[^,]+ { proxy.down = match.join(""); }
 salamander_password = comma "salamander-password" equals match:[^,]+ { proxy['obfs-password'] = match.join(""); proxy.obfs = 'salamander'; }

+block_quic = comma "block-quic" equals flag:bool { if(flag) proxy["block-quic"] = "on"; else proxy["block-quic"] = "off"; }
+
 tag = match:[^=,]* { proxy.name = match.join("").trim(); }
 comma = _ "," _
 equals = _ "=" _
--- a/backend/src/core/proxy-utils/parsers/peggy/qx.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/qx.js
@@ -49,7 +49,7 @@ trojan = "trojan" equals address
 }

 shadowsocks = "shadowsocks" equals address
-    (password/method/obfs_ssr/obfs_ss/obfs_host/obfs_uri/ssr_protocol/ssr_protocol_param/tls_pubkey_sha256/tls_alpn/tls_no_session_ticket/tls_no_session_reuse/tls_fingerprint/tls_verification/udp_relay/udp_over_tcp/fast_open/tag/server_check_url/others)* {
+    (password/method/obfs_ssr/obfs_ss/obfs_host/obfs_uri/ssr_protocol/ssr_protocol_param/tls_pubkey_sha256/tls_alpn/tls_no_session_ticket/tls_no_session_reuse/tls_fingerprint/tls_verification/udp_relay/udp_over_tcp_new/fast_open/tag/server_check_url/others)* {
    if (proxy.protocol || proxy.type === "ssr") {
        proxy.type = "ssr";
        if (!proxy.protocol) {
@@ -86,10 +86,10 @@ vmess = "vmess" equals address
    (uuid/method/over_tls/tls_host/tls_pubkey_sha256/tls_alpn/tls_no_session_ticket/tls_no_session_reuse/tls_fingerprint/tls_verification/tag/obfs/obfs_host/obfs_uri/udp_relay/udp_over_tcp/fast_open/aead/server_check_url/others)* {
    proxy.type = "vmess";
    proxy.cipher = proxy.cipher || "none";
-    if (proxy.aead) {
-        proxy.alterId = 0;
+    if (proxy.aead === false) {
+        proxy.alterId = 1;
    } else {
-        proxy.alterId = proxy.alterId || 0;
+        proxy.alterId = 0;
    }
    handleObfs();
 }
@@ -145,18 +145,20 @@ port = digits:[0-9]+ {
    }
 }

-username = comma "username" equals username:[^=,]+ { proxy.username = username.join("").trim(); }
-password = comma "password" equals password:[^=,]+ { proxy.password = password.join("").trim(); }
-uuid = comma "password" equals uuid:[^=,]+ { proxy.uuid = uuid.join("").trim(); }
+username = comma "username" equals username:[^,]+ { proxy.username = username.join("").trim(); }
+password = comma "password" equals password:[^,]+ { proxy.password = password.join("").trim(); }
+uuid = comma "password" equals uuid:[^,]+ { proxy.uuid = uuid.join("").trim(); }

 method = comma "method" equals cipher:cipher { 
    proxy.cipher = cipher;
 };
-cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"none"/"rc2-cfb"/"rc4-md5-6"/"rc4-md5"/"salsa20"/"xchacha20-ietf-poly1305");
+cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"none"/"rc2-cfb"/"rc4-md5-6"/"rc4-md5"/"salsa20"/"xchacha20-ietf-poly1305"/"2022-blake3-aes-128-gcm"/"2022-blake3-aes-256-gcm");
 aead = comma "aead" equals flag:bool { proxy.aead = flag; }

 udp_relay = comma "udp-relay" equals flag:bool { proxy.udp = flag; }
 udp_over_tcp = comma "udp-over-tcp" equals flag:bool { throw new Error("UDP over TCP is not supported"); }
+udp_over_tcp_new = comma "udp-over-tcp" equals param:$[^=,]+ { if (param === "sp.v1") { proxy["udp-over-tcp"] = true; proxy["udp-over-tcp-version"] = 1; } else if (param === "sp.v2") { proxy["udp-over-tcp"] = true; proxy["udp-over-tcp-version"] = 2; } else if (param === "true") { proxy["_ssr_python_uot"] = true; } else { throw new Error("Invalid value for udp-over-tcp"); } }
+
 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }

 over_tls = comma "over-tls" equals flag:bool { proxy.tls = flag; }
--- a/backend/src/core/proxy-utils/parsers/peggy/qx.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/qx.peg
@@ -47,7 +47,7 @@ trojan = "trojan" equals address
 }

 shadowsocks = "shadowsocks" equals address
-    (password/method/obfs_ssr/obfs_ss/obfs_host/obfs_uri/ssr_protocol/ssr_protocol_param/tls_pubkey_sha256/tls_alpn/tls_no_session_ticket/tls_no_session_reuse/tls_fingerprint/tls_verification/udp_relay/udp_over_tcp/fast_open/tag/server_check_url/others)* {
+    (password/method/obfs_ssr/obfs_ss/obfs_host/obfs_uri/ssr_protocol/ssr_protocol_param/tls_pubkey_sha256/tls_alpn/tls_no_session_ticket/tls_no_session_reuse/tls_fingerprint/tls_verification/udp_relay/udp_over_tcp_new/fast_open/tag/server_check_url/others)* {
    if (proxy.protocol || proxy.type === "ssr") {
        proxy.type = "ssr";
        if (!proxy.protocol) {
@@ -84,10 +84,10 @@ vmess = "vmess" equals address
    (uuid/method/over_tls/tls_host/tls_pubkey_sha256/tls_alpn/tls_no_session_ticket/tls_no_session_reuse/tls_fingerprint/tls_verification/tag/obfs/obfs_host/obfs_uri/udp_relay/udp_over_tcp/fast_open/aead/server_check_url/others)* {
    proxy.type = "vmess";
    proxy.cipher = proxy.cipher || "none";
-    if (proxy.aead) {
-        proxy.alterId = 0;
+    if (proxy.aead === false) {
+        proxy.alterId = 1;
    } else {
-        proxy.alterId = proxy.alterId || 0;
+        proxy.alterId = 0;
    }
    handleObfs();
 }
@@ -143,18 +143,20 @@ port = digits:[0-9]+ {
    }
 }

-username = comma "username" equals username:[^=,]+ { proxy.username = username.join("").trim(); }
-password = comma "password" equals password:[^=,]+ { proxy.password = password.join("").trim(); }
-uuid = comma "password" equals uuid:[^=,]+ { proxy.uuid = uuid.join("").trim(); }
+username = comma "username" equals username:[^,]+ { proxy.username = username.join("").trim(); }
+password = comma "password" equals password:[^,]+ { proxy.password = password.join("").trim(); }
+uuid = comma "password" equals uuid:[^,]+ { proxy.uuid = uuid.join("").trim(); }

 method = comma "method" equals cipher:cipher { 
    proxy.cipher = cipher;
 };
-cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"none"/"rc2-cfb"/"rc4-md5-6"/"rc4-md5"/"salsa20"/"xchacha20-ietf-poly1305");
+cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"none"/"rc2-cfb"/"rc4-md5-6"/"rc4-md5"/"salsa20"/"xchacha20-ietf-poly1305"/"2022-blake3-aes-128-gcm"/"2022-blake3-aes-256-gcm");
 aead = comma "aead" equals flag:bool { proxy.aead = flag; }

 udp_relay = comma "udp-relay" equals flag:bool { proxy.udp = flag; }
 udp_over_tcp = comma "udp-over-tcp" equals flag:bool { throw new Error("UDP over TCP is not supported"); }
+udp_over_tcp_new = comma "udp-over-tcp" equals param:$[^=,]+ { if (param === "sp.v1") { proxy["udp-over-tcp"] = true; proxy["udp-over-tcp-version"] = 1; } else if (param === "sp.v2") { proxy["udp-over-tcp"] = true; proxy["udp-over-tcp-version"] = 2; } else if (param === "true") { proxy["_ssr_python_uot"] = true; } else { throw new Error("Invalid value for udp-over-tcp"); } }
+
 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }

 over_tls = comma "over-tls" equals flag:bool { proxy.tls = flag; }
--- a/backend/src/core/proxy-utils/parsers/peggy/surge.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/surge.js
@@ -37,11 +37,11 @@ const grammars = String.raw`
    }
 }

-start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2/ssh) {
+start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2/ssh/direct) {
    return proxy;
 }

-shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/udp_port/others)* {
    proxy.type = "ss";
    // handle obfs
    if (obfs.type == "http" || obfs.type === "tls") {
@@ -52,36 +52,37 @@ shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/
    }
    handleShadowTLS();
 }
-vmess = tag equals "vmess" address (vmess_uuid/vmess_aead/ws/ws_path/ws_headers/method/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls/sni/tls_fingerprint/tls_verification/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+vmess = tag equals "vmess" address (vmess_uuid/vmess_aead/ws/ws_path/ws_headers/method/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls/sni/tls_fingerprint/tls_verification/fast_open/tfo/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "vmess";
    proxy.cipher = proxy.cipher || "none";
+    // Surfboard 与 Surge 默认不一致, 不管 Surfboard https://getsurfboard.com/docs/profile-format/proxy/external-proxy/vmess
    if (proxy.aead) {
        proxy.alterId = 0;
    } else {
-        proxy.alterId = proxy.alterId || 0;
+        proxy.alterId = 1;
    }
    handleWebsocket();
    handleShadowTLS();
 }
-trojan = tag equals "trojan" address (passwordk/ws/ws_path/ws_headers/tls/sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+trojan = tag equals "trojan" address (passwordk/ws/ws_path/ws_headers/tls/sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "trojan";
    handleWebsocket();
    handleShadowTLS();
 }
-https = tag equals "https" address (username password)? (usernamek passwordk)? (sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+https = tag equals "https" address (username password)? (usernamek passwordk)? (sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "http";
    proxy.tls = true;
    handleShadowTLS();
 }
-http = tag equals "http" address (username password)? (usernamek passwordk)? (ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+http = tag equals "http" address (username password)? (usernamek passwordk)? (ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "http";
    handleShadowTLS();
 }
-ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/private_key/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/private_key/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "ssh";
    handleShadowTLS();
 }
-snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/reuse/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/udp_relay/reuse/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "snell";
    // handle obfs
    if (obfs.type == "http" || obfs.type === "tls") {
@@ -91,11 +92,11 @@ snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_
    }
    handleShadowTLS();
 }
-tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "tuic";
    handleShadowTLS();
 }
-tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "tuic";
    proxy.version = 5;
    handleShadowTLS();
@@ -104,20 +105,22 @@ wireguard = tag equals "wireguard" (section_name/no_error_alert/ip_version/under
    proxy.type = "wireguard-surge";
    handleShadowTLS();
 }
-hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "hysteria2";
    handleShadowTLS();
 }
-socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (udp_relay/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/fast_open/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "socks5";
    handleShadowTLS();
 }
-socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_fingerprint/tls_verification/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (udp_relay/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_fingerprint/tls_verification/fast_open/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "socks5";
    proxy.tls = true;
    handleShadowTLS();
 }
-
+direct = tag equals "direct" (udp_relay/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/block_quic/others)* {
+    proxy.type = "direct";
+}
 address = comma server:server comma port:port {
    proxy.server = server;
    proxy.port = port;
@@ -151,6 +154,8 @@ port = digits:[0-9]+ {
    }
 }

+port_hopping_interval = comma "port-hopping-interval" equals match:$[0-9]+ { proxy["hop-interval"] = parseInt(match.trim()); }
+
 username = & {
    let j = peg$currPos; 
    let start, end;
@@ -173,8 +178,8 @@ username = & {
        peg$currPos = end;
        return true;
    }
-} { proxy.username = $.username; }
-password = comma match:[^,]+ { proxy.password = match.join(""); }
+} { proxy.username = $.username.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
+password = comma match:[^,]+ { proxy.password = match.join("").replace(/^"(.*)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }

 tls = comma "tls" equals flag:bool { proxy.tls = flag; }
 sni = comma "sni" equals sni:("off"/domain) { 
@@ -190,15 +195,15 @@ tls_fingerprint = comma "server-cert-fingerprint-sha256" equals tls_fingerprint:
 snell_psk = comma "psk" equals match:[^,]+ { proxy.psk = match.join(""); }
 snell_version = comma "version" equals match:$[0-9]+ { proxy.version = parseInt(match.trim()); }

-usernamek = comma "username" equals match:[^,]+ { proxy.username = match.join(""); }
-passwordk = comma "password" equals match:[^,]+ { proxy.password = match.join(""); }
+usernamek = comma "username" equals match:[^,]+ { proxy.username = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
+passwordk = comma "password" equals match:[^,]+ { proxy.password = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
 vmess_uuid = comma "username" equals match:[^,]+ { proxy.uuid = match.join(""); }
 vmess_aead = comma "vmess-aead" equals flag:bool { proxy.aead = flag; }

 method = comma "encrypt-method" equals cipher:cipher {
    proxy.cipher = cipher;
 }
-cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"idea-cfb"/"none"/"rc2-cfb"/"rc4-md5"/"rc4"/"salsa20"/"seed-cfb"/"xchacha20-ietf-poly1305");
+cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"idea-cfb"/"none"/"rc2-cfb"/"rc4-md5"/"rc4"/"salsa20"/"seed-cfb"/"xchacha20-ietf-poly1305"/"2022-blake3-aes-128-gcm"/"2022-blake3-aes-256-gcm");

 ws = comma "ws" equals flag:bool { obfs.type = "ws"; }
 ws_headers = comma "ws-headers" equals headers:$[^,]+ {
@@ -206,18 +211,18 @@ ws_headers = comma "ws-headers" equals headers:$[^,]+ {
    const result = {};
    pairs.forEach(pair => {
        const [key, value] = pair.trim().split(":");
-        result[key.trim()] = value.trim();
+        result[key.trim()] = value.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1');
    })
    obfs["ws-headers"] = result;
 }
-ws_path = comma "ws-path" equals path:uri { obfs.path = path; }
+ws_path = comma "ws-path" equals path:uri { obfs.path = path.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }

 obfs = comma "obfs" equals type:("http"/"tls") { obfs.type = type; }
 obfs_host = comma "obfs-host" equals host:domain { obfs.host = host; };
 obfs_uri = comma "obfs-uri" equals path:uri { obfs.path = path }
 uri = $[^,]+

-udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
+udp_relay = comma "udp-relay" equals flag:bool { proxy.udp = flag; }
 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }
 reuse = comma "reuse" equals flag:bool { proxy.reuse = flag; }
 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
@@ -238,9 +243,10 @@ idle_timeout = comma "idle-timeout" equals match:$[0-9]+ { proxy["idle-timeout"]
 private_key = comma "private-key" equals match:[^,]+ { proxy["keystore-private-key"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 server_fingerprint = comma "server-fingerprint" equals match:[^,]+ { proxy["server-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 block_quic = comma "block-quic" equals match:[^,]+ { proxy["block-quic"] = match.join(""); }
+udp_port = comma "udp-port" equals match:$[0-9]+ { proxy["udp-port"] = parseInt(match.trim()); }
 shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
 shadow_tls_sni = comma "shadow-tls-sni" equals match:[^,]+ { proxy["shadow-tls-sni"] = match.join(""); }
-shadow_tls_password = comma "shadow-tls-password" equals match:[^,]+ { proxy["shadow-tls-password"] = match.join(""); }
+shadow_tls_password = comma "shadow-tls-password" equals match:[^,]+ { proxy["shadow-tls-password"] = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
 token = comma "token" equals match:[^,]+ { proxy.token = match.join(""); }
 alpn = comma "alpn" equals match:[^,]+ { proxy.alpn = match.join(""); }
 uuidk = comma "uuid" equals match:[^,]+ { proxy.uuid = match.join(""); }
--- a/backend/src/core/proxy-utils/parsers/peggy/surge.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/surge.peg
@@ -35,11 +35,11 @@
    }
 }

-start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2/ssh) {
+start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2/ssh/direct) {
    return proxy;
 }

-shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/udp_port/others)* {
    proxy.type = "ss";
    // handle obfs
    if (obfs.type == "http" || obfs.type === "tls") {
@@ -50,36 +50,37 @@ shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/
    }
    handleShadowTLS();
 }
-vmess = tag equals "vmess" address (vmess_uuid/vmess_aead/ws/ws_path/ws_headers/method/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls/sni/tls_fingerprint/tls_verification/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+vmess = tag equals "vmess" address (vmess_uuid/vmess_aead/ws/ws_path/ws_headers/method/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls/sni/tls_fingerprint/tls_verification/fast_open/tfo/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "vmess";
    proxy.cipher = proxy.cipher || "none";
+    // Surfboard 与 Surge 默认不一致, 不管 Surfboard https://getsurfboard.com/docs/profile-format/proxy/external-proxy/vmess
    if (proxy.aead) {
        proxy.alterId = 0;
    } else {
-        proxy.alterId = proxy.alterId || 0;
+        proxy.alterId = 1;
    }
    handleWebsocket();
    handleShadowTLS();
 }
-trojan = tag equals "trojan" address (passwordk/ws/ws_path/ws_headers/tls/sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+trojan = tag equals "trojan" address (passwordk/ws/ws_path/ws_headers/tls/sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "trojan";
    handleWebsocket();
    handleShadowTLS();
 }
-https = tag equals "https" address (username password)? (usernamek passwordk)? (sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+https = tag equals "https" address (username password)? (usernamek passwordk)? (sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "http";
    proxy.tls = true;
    handleShadowTLS();
 }
-http = tag equals "http" address (username password)? (usernamek passwordk)? (ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+http = tag equals "http" address (username password)? (usernamek passwordk)? (ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "http";
    handleShadowTLS();
 }
-ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/private_key/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/private_key/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "ssh";
    handleShadowTLS();
 }
-snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/reuse/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/udp_relay/reuse/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "snell";
    // handle obfs
    if (obfs.type == "http" || obfs.type === "tls") {
@@ -89,11 +90,11 @@ snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_
    }
    handleShadowTLS();
 }
-tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "tuic";
    handleShadowTLS();
 }
-tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "tuic";
    proxy.version = 5;
    handleShadowTLS();
@@ -102,20 +103,22 @@ wireguard = tag equals "wireguard" (section_name/no_error_alert/ip_version/under
    proxy.type = "wireguard-surge";
    handleShadowTLS();
 }
-hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "hysteria2";
    handleShadowTLS();
 }
-socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (udp_relay/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/fast_open/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "socks5";
    handleShadowTLS();
 }
-socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_fingerprint/tls_verification/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (udp_relay/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_fingerprint/tls_verification/fast_open/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "socks5";
    proxy.tls = true;
    handleShadowTLS();
 }
-
+direct = tag equals "direct" (udp_relay/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/block_quic/others)* {
+    proxy.type = "direct";
+}
 address = comma server:server comma port:port {
    proxy.server = server;
    proxy.port = port;
@@ -149,6 +152,8 @@ port = digits:[0-9]+ {
    }
 }

+port_hopping_interval = comma "port-hopping-interval" equals match:$[0-9]+ { proxy["hop-interval"] = parseInt(match.trim()); }
+
 username = & {
    let j = peg$currPos; 
    let start, end;
@@ -171,8 +176,8 @@ username = & {
        peg$currPos = end;
        return true;
    }
-} { proxy.username = $.username; }
-password = comma match:[^,]+ { proxy.password = match.join(""); }
+} { proxy.username = $.username.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
+password = comma match:[^,]+ { proxy.password = match.join("").replace(/^"(.*)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }

 tls = comma "tls" equals flag:bool { proxy.tls = flag; }
 sni = comma "sni" equals sni:("off"/domain) { 
@@ -188,15 +193,15 @@ tls_fingerprint = comma "server-cert-fingerprint-sha256" equals tls_fingerprint:
 snell_psk = comma "psk" equals match:[^,]+ { proxy.psk = match.join(""); }
 snell_version = comma "version" equals match:$[0-9]+ { proxy.version = parseInt(match.trim()); }

-usernamek = comma "username" equals match:[^,]+ { proxy.username = match.join(""); }
-passwordk = comma "password" equals match:[^,]+ { proxy.password = match.join(""); }
+usernamek = comma "username" equals match:[^,]+ { proxy.username = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
+passwordk = comma "password" equals match:[^,]+ { proxy.password = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
 vmess_uuid = comma "username" equals match:[^,]+ { proxy.uuid = match.join(""); }
 vmess_aead = comma "vmess-aead" equals flag:bool { proxy.aead = flag; }

 method = comma "encrypt-method" equals cipher:cipher {
    proxy.cipher = cipher;
 }
-cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"idea-cfb"/"none"/"rc2-cfb"/"rc4-md5"/"rc4"/"salsa20"/"seed-cfb"/"xchacha20-ietf-poly1305");
+cipher = ("aes-128-cfb"/"aes-128-ctr"/"aes-128-gcm"/"aes-192-cfb"/"aes-192-ctr"/"aes-192-gcm"/"aes-256-cfb"/"aes-256-ctr"/"aes-256-gcm"/"bf-cfb"/"camellia-128-cfb"/"camellia-192-cfb"/"camellia-256-cfb"/"cast5-cfb"/"chacha20-ietf-poly1305"/"chacha20-ietf"/"chacha20-poly1305"/"chacha20"/"des-cfb"/"idea-cfb"/"none"/"rc2-cfb"/"rc4-md5"/"rc4"/"salsa20"/"seed-cfb"/"xchacha20-ietf-poly1305"/"2022-blake3-aes-128-gcm"/"2022-blake3-aes-256-gcm");

 ws = comma "ws" equals flag:bool { obfs.type = "ws"; }
 ws_headers = comma "ws-headers" equals headers:$[^,]+ {
@@ -204,18 +209,18 @@ ws_headers = comma "ws-headers" equals headers:$[^,]+ {
    const result = {};
    pairs.forEach(pair => {
        const [key, value] = pair.trim().split(":");
-        result[key.trim()] = value.trim();
+        result[key.trim()] = value.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1');
    })
    obfs["ws-headers"] = result;
 }
-ws_path = comma "ws-path" equals path:uri { obfs.path = path; }
+ws_path = comma "ws-path" equals path:uri { obfs.path = path.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }

 obfs = comma "obfs" equals type:("http"/"tls") { obfs.type = type; }
 obfs_host = comma "obfs-host" equals host:domain { obfs.host = host; };
 obfs_uri = comma "obfs-uri" equals path:uri { obfs.path = path }
 uri = $[^,]+

-udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
+udp_relay = comma "udp-relay" equals flag:bool { proxy.udp = flag; }
 fast_open = comma "fast-open" equals flag:bool { proxy.tfo = flag; }
 reuse = comma "reuse" equals flag:bool { proxy.reuse = flag; }
 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
@@ -236,9 +241,10 @@ idle_timeout = comma "idle-timeout" equals match:$[0-9]+ { proxy["idle-timeout"]
 private_key = comma "private-key" equals match:[^,]+ { proxy["keystore-private-key"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 server_fingerprint = comma "server-fingerprint" equals match:[^,]+ { proxy["server-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 block_quic = comma "block-quic" equals match:[^,]+ { proxy["block-quic"] = match.join(""); }
+udp_port = comma "udp-port" equals match:$[0-9]+ { proxy["udp-port"] = parseInt(match.trim()); }
 shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
 shadow_tls_sni = comma "shadow-tls-sni" equals match:[^,]+ { proxy["shadow-tls-sni"] = match.join(""); }
-shadow_tls_password = comma "shadow-tls-password" equals match:[^,]+ { proxy["shadow-tls-password"] = match.join(""); }
+shadow_tls_password = comma "shadow-tls-password" equals match:[^,]+ { proxy["shadow-tls-password"] = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
 token = comma "token" equals match:[^,]+ { proxy.token = match.join(""); }
 alpn = comma "alpn" equals match:[^,]+ { proxy.alpn = match.join(""); }
 uuidk = comma "uuid" equals match:[^,]+ { proxy.uuid = match.join(""); }
--- a/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.js
@@ -80,8 +80,13 @@ port = digits:[0-9]+ {
 }

 params = "?" head:param tail:("&"@param)* {
+  for (const [key, value] of Object.entries(params)) {
+    params[key] = decodeURIComponent(value);
+  }
  proxy["skip-cert-verify"] = toBool(params["allowInsecure"]);
  proxy.sni = params["sni"] || params["peer"];
+  proxy['client-fingerprint'] = params.fp;
+  proxy.alpn = params.alpn ? decodeURIComponent(params.alpn).split(',') : undefined;

  if (toBool(params["ws"])) {
    proxy.network = "ws";
@@ -99,6 +104,7 @@ params = "?" head:param tail:("&"@param)* {
        proxy[proxy.network + '-opts'] = {
            'grpc-service-name': params["serviceName"],
            '_grpc-type': params["mode"],
+            '_grpc-authority': params["authority"],
        };
    } else {
      if (params["path"]) {
@@ -112,6 +118,27 @@ params = "?" head:param tail:("&"@param)* {
        $set(proxy, proxy.network+"-opts.v2ray-http-upgrade-fast-open", true); 
      }
    }
+    if (['reality'].includes(params.security)) {
+      const opts = {};
+      if (params.pbk) {
+        opts['public-key'] = params.pbk;
+      }
+      if (params.sid) {
+        opts['short-id'] = params.sid;
+      }
+      if (params.spx) {
+        opts['_spider-x'] = params.spx;
+      }
+      if (params.mode) {
+        proxy._mode = params.mode;
+      }
+      if (params.extra) {
+        proxy._extra = params.extra;
+      }
+      if (Object.keys(opts).length > 0) {
+        $set(proxy, params.security+"-opts", opts); 
+      }
+    }
  }

  proxy.udp = toBool(params["udp"]);
--- a/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/trojan-uri.peg
@@ -78,8 +78,13 @@ port = digits:[0-9]+ {
 }

 params = "?" head:param tail:("&"@param)* {
+  for (const [key, value] of Object.entries(params)) {
+    params[key] = decodeURIComponent(value);
+  }
  proxy["skip-cert-verify"] = toBool(params["allowInsecure"]);
  proxy.sni = params["sni"] || params["peer"];
+  proxy['client-fingerprint'] = params.fp;
+  proxy.alpn = params.alpn ? decodeURIComponent(params.alpn).split(',') : undefined;

  if (toBool(params["ws"])) {
    proxy.network = "ws";
@@ -97,6 +102,7 @@ params = "?" head:param tail:("&"@param)* {
        proxy[proxy.network + '-opts'] = {
            'grpc-service-name': params["serviceName"],
            '_grpc-type': params["mode"],
+            '_grpc-authority': params["authority"],
        };
    } else {
      if (params["path"]) {
@@ -110,6 +116,27 @@ params = "?" head:param tail:("&"@param)* {
        $set(proxy, proxy.network+"-opts.v2ray-http-upgrade-fast-open", true); 
      }
    }
+    if (['reality'].includes(params.security)) {
+      const opts = {};
+      if (params.pbk) {
+        opts['public-key'] = params.pbk;
+      }
+      if (params.sid) {
+        opts['short-id'] = params.sid;
+      }
+      if (params.spx) {
+        opts['_spider-x'] = params.spx;
+      }
+      if (params.mode) {
+        proxy._mode = params.mode;
+      }
+      if (params.extra) {
+        proxy._extra = params.extra;
+      }
+      if (Object.keys(opts).length > 0) {
+        $set(proxy, params.security+"-opts", opts); 
+      }
+    }
  }

  proxy.udp = toBool(params["udp"]);
--- a/backend/src/core/proxy-utils/preprocessors/index.js
+++ b/backend/src/core/proxy-utils/preprocessors/index.js
@@ -1,5 +1,6 @@
 import { safeLoad } from '@/utils/yaml';
 import { Base64 } from 'js-base64';
+import $ from '@/core/app';

 function HTML() {
    const name = 'HTML';
@@ -15,6 +16,7 @@ function Base64Encoded() {
    const keys = [
        'dm1lc3M', // vmess
        'c3NyOi8v', // ssr://
+        'c29ja3M6Ly', // socks://
        'dHJvamFu', // trojan
        'c3M6Ly', // ss:/
        'c3NkOi8v', // ssd://
@@ -35,8 +37,35 @@ function Base64Encoded() {
        );
    };
    const parse = function (raw) {
-        raw = Base64.decode(raw);
-        return raw;
+        const decoded = Base64.decode(raw);
+        if (!/^\w+(:\/\/|\s*?=\s*?)\w+/m.test(decoded)) {
+            $.error(
+                `Base64 Pre-processor error: decoded line does not start with protocol`,
+            );
+            return raw;
+        }
+
+        return decoded;
+    };
+    return { name, test, parse };
+}
+
+function fallbackBase64Encoded() {
+    const name = 'Fallback Base64 Pre-processor';
+
+    const test = function (raw) {
+        return true;
+    };
+    const parse = function (raw) {
+        const decoded = Base64.decode(raw);
+        if (!/^\w+(:\/\/|\s*?=\s*?)\w+/m.test(decoded)) {
+            $.error(
+                `Fallback Base64 Pre-processor error: decoded line does not start with protocol`,
+            );
+            return raw;
+        }
+
+        return decoded;
    };
    return { name, test, parse };
 }
@@ -48,21 +77,50 @@ function Clash() {
        const content = safeLoad(raw);
        return content.proxies && Array.isArray(content.proxies);
    };
-    const parse = function (raw) {
+    const parse = function (raw, includeProxies) {
        // Clash YAML format
+
+        // 防止 VLESS节点 reality-opts 选项中的 short-id 被解析成 Infinity
+        // 匹配 short-id 冒号后面的值(包含空格和引号)
+        const afterReplace = raw.replace(
+            /short-id:([ \t]*[^#\n,}]*)/g,
+            (matched, value) => {
+                const afterTrim = value.trim();
+
+                // 为空
+                if (!afterTrim || afterTrim === '') {
+                    return 'short-id: ""';
+                }
+
+                // 是否被引号包裹
+                if (/^(['"]).*\1$/.test(afterTrim)) {
+                    return `short-id: ${afterTrim}`;
+                } else if (['null'].includes(afterTrim)) {
+                    return `short-id: ${afterTrim}`;
+                } else {
+                    return `short-id: "${afterTrim}"`;
+                }
+            },
+        );
+
        const {
            proxies,
            'global-client-fingerprint': globalClientFingerprint,
-        } = safeLoad(raw);
-        return proxies
-            .map((p) => {
-                // https://github.com/MetaCubeX/mihomo/blob/Alpha/docs/config.yaml#L73C1-L73C26
-                if (globalClientFingerprint && !p['client-fingerprint']) {
-                    p['client-fingerprint'] = globalClientFingerprint;
-                }
-                return JSON.stringify(p);
-            })
-            .join('\n');
+        } = safeLoad(afterReplace);
+        return (
+            (includeProxies ? 'proxies:\n' : '') +
+            proxies
+                .map((p) => {
+                    // https://github.com/MetaCubeX/mihomo/blob/Alpha/docs/config.yaml#L73C1-L73C26
+                    if (globalClientFingerprint && !p['client-fingerprint']) {
+                        p['client-fingerprint'] = globalClientFingerprint;
+                    }
+                    return `${includeProxies ? '  - ' : ''}${JSON.stringify(
+                        p,
+                    )}\n`;
+                })
+                .join('')
+        );
    };
    return { name, test, parse };
 }
@@ -125,4 +183,11 @@ function FullConfig() {
    return { name, test, parse };
 }

-export default [HTML(), Clash(), Base64Encoded(), SSD(), FullConfig()];
+export default [
+    HTML(),
+    Clash(),
+    Base64Encoded(),
+    SSD(),
+    FullConfig(),
+    fallbackBase64Encoded(),
+];
--- a/backend/src/core/proxy-utils/processors/index.js
+++ b/backend/src/core/proxy-utils/processors/index.js
@@ -10,6 +10,7 @@ import { hex_md5 } from '@/vendor/md5';
 import { ProxyUtils } from '@/core/proxy-utils';
 import { produceArtifact } from '@/restful/sync';
 import { SETTINGS_KEY } from '@/constants';
+import YAML from '@/utils/yaml';

 import env from '@/utils/env';
 import {
@@ -19,8 +20,49 @@ import {
    validCheck,
    flowTransfer,
    getRmainingDays,
+    normalizeFlowHeader,
 } from '@/utils/flow';

+function isObject(item) {
+    return item && typeof item === 'object' && !Array.isArray(item);
+}
+function trimWrap(str) {
+    if (str.startsWith('<') && str.endsWith('>')) {
+        return str.slice(1, -1);
+    }
+    return str;
+}
+function deepMerge(target, _other) {
+    const other = typeof _other === 'string' ? JSON.parse(_other) : _other;
+    for (const key in other) {
+        if (isObject(other[key])) {
+            if (key.endsWith('!')) {
+                const k = trimWrap(key.slice(0, -1));
+                target[k] = other[key];
+            } else {
+                const k = trimWrap(key);
+                if (!target[k]) Object.assign(target, { [k]: {} });
+                deepMerge(target[k], other[k]);
+            }
+        } else if (Array.isArray(other[key])) {
+            if (key.startsWith('+')) {
+                const k = trimWrap(key.slice(1));
+                if (!target[k]) Object.assign(target, { [k]: [] });
+                target[k] = [...other[key], ...target[k]];
+            } else if (key.endsWith('+')) {
+                const k = trimWrap(key.slice(0, -1));
+                if (!target[k]) Object.assign(target, { [k]: [] });
+                target[k] = [...target[k], ...other[key]];
+            } else {
+                const k = trimWrap(key);
+                Object.assign(target, { [k]: other[key] });
+            }
+        } else {
+            Object.assign(target, { [key]: other[key] });
+        }
+    }
+    return target;
+}
 /**
 The rule "(name CONTAINS "🇨🇳") AND (port IN [80, 443])" can be expressed as follows:
 {
@@ -242,7 +284,15 @@ function SortOperator(order = 'asc') {
 }

 // sort by regex
-function RegexSortOperator(expressions) {
+function RegexSortOperator(input) {
+    const order = input.order || 'asc';
+    let expressions = input.expressions;
+    if (Array.isArray(input)) {
+        expressions = input;
+    }
+    if (!Array.isArray(expressions)) {
+        expressions = [];
+    }
    return {
        name: 'Regex Sort Operator',
        func: (proxies) => {
@@ -253,8 +303,13 @@ function RegexSortOperator(expressions) {
                if (oA && !oB) return -1;
                if (oB && !oA) return 1;
                if (oA && oB) return oA < oB ? -1 : 1;
-                if ((!oA && !oB) || (oA && oB && oA === oB))
-                    return a.name < b.name ? -1 : 1; // fallback to normal sort
+                if (order === 'original') {
+                    return 0;
+                } else if (order === 'desc') {
+                    return a.name < b.name ? 1 : -1;
+                } else {
+                    return a.name < b.name ? -1 : 1;
+                }
            });
        },
    };
@@ -316,16 +371,57 @@ function RegexDeleteOperator(regex) {
 1. This function name should be `operator`!
 2. Always declare variables before using them!
 */
-function ScriptOperator(script, targetPlatform, $arguments, source) {
+function ScriptOperator(script, targetPlatform, $arguments, source, $options) {
    return {
        name: 'Script Operator',
        func: async (proxies) => {
            let output = proxies;
+            if (output?.$file?.type === 'mihomoProfile') {
+                try {
+                    let patch = YAML.safeLoad(script);
+                    let config;
+                    if (output?.$content) {
+                        try {
+                            config = YAML.safeLoad(output?.$content);
+                        } catch (e) {
+                            $.error(e.message ?? e);
+                        }
+                    }
+                    // if (typeof patch !== 'object') patch = {};
+                    if (typeof patch !== 'object')
+                        throw new Error('patch is not an object');
+                    output.$content = ProxyUtils.yaml.safeDump(
+                        deepMerge(
+                            config ||
+                                (output?.$file?.sourceType === 'none'
+                                    ? {}
+                                    : {
+                                          proxies: await produceArtifact({
+                                              type:
+                                                  output?.$file?.sourceType ||
+                                                  'collection',
+                                              name: output?.$file?.sourceName,
+                                              platform: 'mihomo',
+                                              produceType: 'internal',
+                                              produceOpts: {
+                                                  'delete-underscore-fields': true,
+                                              },
+                                          }),
+                                      }),
+                            patch,
+                        ),
+                    );
+                    return output;
+                } catch (e) {
+                    // console.log(e);
+                }
+            }
            await (async function () {
                const operator = createDynamicFunction(
                    'operator',
                    script,
                    $arguments,
+                    $options,
                );
                output = operator(proxies, targetPlatform, { source, ...env });
            })();
@@ -338,9 +434,34 @@ function ScriptOperator(script, targetPlatform, $arguments, source) {
                    'operator',
                    `async function operator(input = []) {
                        if (input && (input.$files || input.$content)) {
-                            let { $content, $files } = input
-                            ${script}
-                            return { $content, $files }
+                            let { $content, $files, $options, $file } = input
+                            if($file.type === 'mihomoProfile') {
+                                ${script}
+                                if(typeof main === 'function') {
+                                    let config;
+                                    if ($content) {
+                                        try {
+                                            config = ProxyUtils.yaml.safeLoad($content);
+                                        } catch (e) {
+                                            console.log(e.message ?? e);
+                                        }
+                                    }
+                                    $content = ProxyUtils.yaml.safeDump(await main(config || ($file.sourceType === 'none' ? {} : {
+                                        proxies: await produceArtifact({
+                                            type: $file.sourceType || 'collection',
+                                            name: $file.sourceName,
+                                            platform: 'mihomo',
+                                            produceType: 'internal',
+                                            produceOpts: {
+                                                'delete-underscore-fields': true
+                                            }
+                                        }),
+                                    })))
+                                }
+                            } else {
+                                ${script}
+                            }
+                            return { $content, $files, $options, $file }
                        } else {
                            let proxies = input
                            let list = []
@@ -352,6 +473,7 @@ function ScriptOperator(script, targetPlatform, $arguments, source) {
                        }
                      }`,
                    $arguments,
+                    $options,
                );
                output = operator(proxies, targetPlatform, { source, ...env });
            })();
@@ -419,26 +541,23 @@ const DOMAIN_RESOLVERS = {
        const id = hex_md5(`GOOGLE:${domain}:${type}`);
        const cached = resourceCache.get(id);
        if (!noCache && cached) return cached;
-        const resp = await $.http.get({
-            url: `https://8.8.4.4/resolve?name=${encodeURIComponent(
-                domain,
-            )}&type=${
-                type === 'IPv6' ? 'AAAA' : 'A'
-            }&edns_client_subnet=${edns}`,
-            headers: {
-                accept: 'application/dns-json',
-            },
+        const answerType = type === 'IPv6' ? 'AAAA' : 'A';
+        const res = await doh({
+            url: 'https://8.8.4.4/dns-query',
+            domain,
+            type: answerType,
            timeout,
+            edns,
        });
-        const body = JSON.parse(resp.body);
-        if (body['Status'] !== 0) {
-            throw new Error(`Status is ${body['Status']}`);
-        }
-        const answers = body['Answer'];
+
+        const { answers } = res;
        if (!Array.isArray(answers) || answers.length === 0) {
            throw new Error('No answers');
        }
-        const result = answers.map((i) => i?.data).filter((i) => i);
+        const result = answers
+            .filter((i) => i?.type === answerType)
+            .map((i) => i?.data)
+            .filter((i) => i);
        if (result.length === 0) {
            throw new Error('No answers');
        }
@@ -472,28 +591,27 @@ const DOMAIN_RESOLVERS = {
        resourceCache.set(id, result);
        return result;
    },
-    Cloudflare: async function (domain, type, noCache, timeout) {
+    Cloudflare: async function (domain, type, noCache, timeout, edns) {
        const id = hex_md5(`CLOUDFLARE:${domain}:${type}`);
        const cached = resourceCache.get(id);
        if (!noCache && cached) return cached;
-        const resp = await $.http.get({
-            url: `https://1.0.0.1/dns-query?name=${encodeURIComponent(
-                domain,
-            )}&type=${type === 'IPv6' ? 'AAAA' : 'A'}`,
-            headers: {
-                accept: 'application/dns-json',
-            },
+        const answerType = type === 'IPv6' ? 'AAAA' : 'A';
+        const res = await doh({
+            url: 'https://1.0.0.1/dns-query',
+            domain,
+            type: answerType,
            timeout,
+            edns,
        });
-        const body = JSON.parse(resp.body);
-        if (body['Status'] !== 0) {
-            throw new Error(`Status is ${body['Status']}`);
-        }
-        const answers = body['Answer'];
+
+        const { answers } = res;
        if (!Array.isArray(answers) || answers.length === 0) {
            throw new Error('No answers');
        }
-        const result = answers.map((i) => i?.data).filter((i) => i);
+        const result = answers
+            .filter((i) => i?.type === answerType)
+            .map((i) => i?.data)
+            .filter((i) => i);
        if (result.length === 0) {
            throw new Error('No answers');
        }
@@ -505,9 +623,11 @@ const DOMAIN_RESOLVERS = {
        const cached = resourceCache.get(id);
        if (!noCache && cached) return cached;
        const resp = await $.http.get({
-            url: `http://223.6.6.6/resolve?edns_client_subnet=${edns}/24&name=${encodeURIComponent(
-                domain,
-            )}&type=${type === 'IPv6' ? 'AAAA' : 'A'}&short=1`,
+            url: `http://223.6.6.6/resolve?edns_client_subnet=${edns}/${
+                isIPv4(edns) ? 24 : 56
+            }&name=${encodeURIComponent(domain)}&type=${
+                type === 'IPv6' ? 'AAAA' : 'A'
+            }&short=1`,
            headers: {
                accept: 'application/dns-json',
            },
@@ -563,7 +683,7 @@ function ResolveDomainOperator({
        throw new Error(`域名解析服务提供方 ${provider} 不支持 ${_type}`);
    }
    const { defaultTimeout } = $.read(SETTINGS_KEY);
-    const requestTimeout = timeout || defaultTimeout;
+    const requestTimeout = timeout || defaultTimeout || 8000;
    let type = ['IPv6', 'IP4P'].includes(_type) ? 'IPv6' : 'IPv4';

    const resolver = DOMAIN_RESOLVERS[provider];
@@ -701,29 +821,55 @@ function isIP(ip) {

 ResolveDomainOperator.resolver = DOMAIN_RESOLVERS;

+function isAscii(str) {
+    // eslint-disable-next-line no-control-regex
+    var pattern = /^[\x00-\x7F]+$/; // ASCII 范围的 Unicode 编码
+    return pattern.test(str);
+}
+
 /**************************** Filters ***************************************/
 // filter useless proxies
 function UselessFilter() {
-    const KEYWORDS = [
-        '网址',
-        '流量',
-        '时间',
-        '应急',
-        '过期',
-        'Bandwidth',
-        'expire',
-    ];
    return {
        name: 'Useless Filter',
-        func: RegexFilter({
-            regex: KEYWORDS,
-            keep: false,
-        }).func,
+        func: (proxies) => {
+            return proxies.map((proxy) => {
+                if (proxy.cipher && !isAscii(proxy.cipher)) {
+                    return false;
+                } else if (proxy.password && !isAscii(proxy.password)) {
+                    return false;
+                } else {
+                    if (proxy.network) {
+                        let transportHosts =
+                            proxy[`${proxy.network}-opts`]?.headers?.Host ||
+                            proxy[`${proxy.network}-opts`]?.headers?.host;
+                        transportHosts = Array.isArray(transportHosts)
+                            ? transportHosts
+                            : [transportHosts];
+                        if (
+                            transportHosts.some(
+                                (host) => host && !isAscii(host),
+                            )
+                        ) {
+                            return false;
+                        }
+                    }
+                    return !/网址|流量|时间|应急|过期|Bandwidth|expire/.test(
+                        proxy.name,
+                    );
+                }
+            });
+        },
    };
 }

 // filter by regions
-function RegionFilter(regions) {
+function RegionFilter(input) {
+    let regions = input?.value || input;
+    if (!Array.isArray(regions)) {
+        regions = [];
+    }
+    const keep = input?.keep ?? true;
    const REGION_MAP = {
        HK: '🇭🇰',
        TW: '🇹🇼',
@@ -740,7 +886,8 @@ function RegionFilter(regions) {
            // this would be high memory usage
            return proxies.map((proxy) => {
                const flag = getFlag(proxy.name);
-                return regions.some((r) => REGION_MAP[r] === flag);
+                const selected = regions.some((r) => REGION_MAP[r] === flag);
+                return keep ? selected : !selected;
            });
        },
    };
@@ -772,11 +919,19 @@ function buildRegex(str, ...options) {
 }

 // filter by proxy types
-function TypeFilter(types) {
+function TypeFilter(input) {
+    let types = input?.value || input;
+    if (!Array.isArray(types)) {
+        types = [];
+    }
+    const keep = input?.keep ?? true;
    return {
        name: 'Type Filter',
        func: (proxies) => {
-            return proxies.map((proxy) => types.some((t) => proxy.type === t));
+            return proxies.map((proxy) => {
+                const selected = types.some((t) => proxy.type === t);
+                return keep ? selected : !selected;
+            });
        },
    };
 }
@@ -794,7 +949,7 @@ function TypeFilter(types) {
 1. This function name should be `filter`!
 2. Always declare variables before using them!
 */
-function ScriptFilter(script, targetPlatform, $arguments, source) {
+function ScriptFilter(script, targetPlatform, $arguments, source, $options) {
    return {
        name: 'Script Filter',
        func: async (proxies) => {
@@ -804,6 +959,7 @@ function ScriptFilter(script, targetPlatform, $arguments, source) {
                    'filter',
                    script,
                    $arguments,
+                    $options,
                );
                output = filter(proxies, targetPlatform, { source, ...env });
            })();
@@ -826,6 +982,7 @@ function ScriptFilter(script, targetPlatform, $arguments, source) {
                        return list
                      }`,
                    $arguments,
+                    $options,
                );
                output = filter(proxies, targetPlatform, { source, ...env });
            })();
@@ -966,7 +1123,7 @@ function clone(object) {
    return JSON.parse(JSON.stringify(object));
 }

-function createDynamicFunction(name, script, $arguments) {
+function createDynamicFunction(name, script, $arguments, $options) {
    const flowUtils = {
        getFlowField,
        getFlowHeaders,
@@ -974,16 +1131,22 @@ function createDynamicFunction(name, script, $arguments) {
        flowTransfer,
        validCheck,
        getRmainingDays,
+        normalizeFlowHeader,
    };
    if ($.env.isLoon) {
        return new Function(
            '$arguments',
+            '$options',
            '$substore',
            'lodash',
            '$persistentStore',
            '$httpClient',
            '$notification',
            'ProxyUtils',
+            'yaml',
+            'Buffer',
+            'b64d',
+            'b64e',
            'scriptResourceCache',
            'flowUtils',
            'produceArtifact',
@@ -991,6 +1154,7 @@ function createDynamicFunction(name, script, $arguments) {
            `${script}\n return ${name}`,
        )(
            $arguments,
+            $options,
            $,
            lodash,
            // eslint-disable-next-line no-undef
@@ -1000,32 +1164,45 @@ function createDynamicFunction(name, script, $arguments) {
            // eslint-disable-next-line no-undef
            $notification,
            ProxyUtils,
+            ProxyUtils.yaml,
+            ProxyUtils.Buffer,
+            ProxyUtils.Base64.decode,
+            ProxyUtils.Base64.encode,
            scriptResourceCache,
            flowUtils,
            produceArtifact,
-            require,
+            eval(`typeof require !== "undefined"`) ? require : undefined,
        );
    } else {
        return new Function(
            '$arguments',
+            '$options',
            '$substore',
            'lodash',
            'ProxyUtils',
+            'yaml',
+            'Buffer',
+            'b64d',
+            'b64e',
            'scriptResourceCache',
            'flowUtils',
            'produceArtifact',
            'require',
-
            `${script}\n return ${name}`,
        )(
            $arguments,
+            $options,
            $,
            lodash,
            ProxyUtils,
+            ProxyUtils.yaml,
+            ProxyUtils.Buffer,
+            ProxyUtils.Base64.decode,
+            ProxyUtils.Base64.encode,
            scriptResourceCache,
            flowUtils,
            produceArtifact,
-            require,
+            eval(`typeof require !== "undefined"`) ? require : undefined,
        );
    }
 }
--- a/backend/src/core/proxy-utils/producers/clash.js
+++ b/backend/src/core/proxy-utils/producers/clash.js
@@ -1,4 +1,5 @@
 import { isPresent } from '@/core/proxy-utils/producers/utils';
+import $ from '@/core/app';

 export default function Clash_Producer() {
    const type = 'ALL';
@@ -40,12 +41,17 @@ export default function Clash_Producer() {
                            'chacha20-ietf-poly1305',
                            'xchacha20-ietf-poly1305',
                        ].includes(proxy.cipher)) ||
-                    (proxy.type === 'snell' && String(proxy.version) === '4') ||
+                    (proxy.type === 'snell' && proxy.version >= 4) ||
                    (proxy.type === 'vless' &&
                        (typeof proxy.flow !== 'undefined' ||
                            proxy['reality-opts']))
                ) {
                    return false;
+                } else if (proxy['underlying-proxy'] || proxy['dialer-proxy']) {
+                    $.error(
+                        `Clash 不支持前置代理字段. 已过滤节点 ${proxy.name}`,
+                    );
+                    return false;
                }
                return true;
            })
@@ -81,6 +87,8 @@ export default function Clash_Producer() {
                    proxy['preshared-key'] =
                        proxy['preshared-key'] ?? proxy['pre-shared-key'];
                    proxy['pre-shared-key'] = proxy['preshared-key'];
+                } else if (proxy.type === 'snell' && proxy.version < 3) {
+                    delete proxy.udp;
                } else if (proxy.type === 'vless') {
                    if (isPresent(proxy, 'sni')) {
                        proxy.servername = proxy.sni;
@@ -126,6 +134,18 @@ export default function Clash_Producer() {
                        proxy['h2-opts'].headers.host = [host];
                    }
                }
+                if (proxy.network === 'ws') {
+                    const wsPath = proxy['ws-opts']?.path;
+                    const reg = /^(.*?)(?:\?ed=(\d+))?$/;
+                    // eslint-disable-next-line no-unused-vars
+                    const [_, path = '', ed = ''] = reg.exec(wsPath);
+                    proxy['ws-opts'].path = path;
+                    if (ed !== '') {
+                        proxy['ws-opts']['early-data-header-name'] =
+                            'Sec-WebSocket-Protocol';
+                        proxy['ws-opts']['max-early-data'] = parseInt(ed, 10);
+                    }
+                }
                if (proxy['plugin-opts']?.tls) {
                    if (isPresent(proxy, 'skip-cert-verify')) {
                        proxy['plugin-opts']['skip-cert-verify'] =
@@ -139,6 +159,7 @@ export default function Clash_Producer() {
                        'hysteria',
                        'hysteria2',
                        'juicity',
+                        'anytls',
                    ].includes(proxy.type)
                ) {
                    delete proxy.tls;
@@ -149,11 +170,6 @@ export default function Clash_Producer() {
                }
                delete proxy['tls-fingerprint'];

-                if (proxy['underlying-proxy']) {
-                    proxy['dialer-proxy'] = proxy['underlying-proxy'];
-                }
-                delete proxy['underlying-proxy'];
-
                if (isPresent(proxy, 'tls') && typeof proxy.tls !== 'boolean') {
                    delete proxy.tls;
                }
@@ -163,9 +179,11 @@ export default function Clash_Producer() {
                delete proxy.id;
                delete proxy.resolved;
                delete proxy['no-resolve'];
-                for (const key in proxy) {
-                    if (proxy[key] == null || /^_/i.test(key)) {
-                        delete proxy[key];
+                if (type !== 'internal') {
+                    for (const key in proxy) {
+                        if (proxy[key] == null || /^_/i.test(key)) {
+                            delete proxy[key];
+                        }
                    }
                }
                if (
@@ -173,6 +191,7 @@ export default function Clash_Producer() {
                    proxy[`${proxy.network}-opts`]
                ) {
                    delete proxy[`${proxy.network}-opts`]['_grpc-type'];
+                    delete proxy[`${proxy.network}-opts`]['_grpc-authority'];
                }
                return proxy;
            });
--- a/backend/src/core/proxy-utils/producers/clashmeta.js
+++ b/backend/src/core/proxy-utils/producers/clashmeta.js
@@ -1,12 +1,63 @@
 import { isPresent } from '@/core/proxy-utils/producers/utils';

+const ipVersions = {
+    dual: 'dual',
+    'v4-only': 'ipv4',
+    'v6-only': 'ipv6',
+    'prefer-v4': 'ipv4-prefer',
+    'prefer-v6': 'ipv6-prefer',
+};
+
 export default function ClashMeta_Producer() {
    const type = 'ALL';
    const produce = (proxies, type, opts = {}) => {
        const list = proxies
            .filter((proxy) => {
                if (opts['include-unsupported-proxy']) return true;
-                if (proxy.type === 'snell' && String(proxy.version) === '4') {
+                if (proxy.type === 'snell' && proxy.version >= 4) {
+                    return false;
+                } else if (['juicity'].includes(proxy.type)) {
+                    return false;
+                } else if (
+                    ['ss'].includes(proxy.type) &&
+                    ![
+                        'aes-128-ctr',
+                        'aes-192-ctr',
+                        'aes-256-ctr',
+                        'aes-128-cfb',
+                        'aes-192-cfb',
+                        'aes-256-cfb',
+                        'aes-128-gcm',
+                        'aes-192-gcm',
+                        'aes-256-gcm',
+                        'aes-128-ccm',
+                        'aes-192-ccm',
+                        'aes-256-ccm',
+                        'aes-128-gcm-siv',
+                        'aes-256-gcm-siv',
+                        'chacha20-ietf',
+                        'chacha20',
+                        'xchacha20',
+                        'chacha20-ietf-poly1305',
+                        'xchacha20-ietf-poly1305',
+                        'chacha8-ietf-poly1305',
+                        'xchacha8-ietf-poly1305',
+                        '2022-blake3-aes-128-gcm',
+                        '2022-blake3-aes-256-gcm',
+                        '2022-blake3-chacha20-poly1305',
+                        'lea-128-gcm',
+                        'lea-192-gcm',
+                        'lea-256-gcm',
+                        'rabbit128-poly1305',
+                        'aegis-128l',
+                        'aegis-256',
+                        'aez-384',
+                        'deoxys-ii-256-128',
+                        'rc4-md5',
+                        'none',
+                    ].includes(proxy.cipher)
+                ) {
+                    // https://wiki.metacubex.one/config/proxies/ss/#cipher
                    return false;
                }
                return true;
@@ -30,9 +81,10 @@ export default function ClashMeta_Producer() {
                        isPresent(proxy, 'cipher') &&
                        ![
                            'auto',
+                            'none',
+                            'zero',
                            'aes-128-gcm',
                            'chacha20-poly1305',
-                            'none',
                        ].includes(proxy.cipher)
                    ) {
                        proxy.cipher = 'auto';
@@ -84,6 +136,8 @@ export default function ClashMeta_Producer() {
                    proxy['preshared-key'] =
                        proxy['preshared-key'] ?? proxy['pre-shared-key'];
                    proxy['pre-shared-key'] = proxy['preshared-key'];
+                } else if (proxy.type === 'snell' && proxy.version < 3) {
+                    delete proxy.udp;
                } else if (proxy.type === 'vless') {
                    if (isPresent(proxy, 'sni')) {
                        proxy.servername = proxy.sni;
@@ -100,6 +154,9 @@ export default function ClashMeta_Producer() {
                            password: proxy['shadow-tls-password'],
                            version: proxy['shadow-tls-version'],
                        };
+                        delete proxy['shadow-tls-password'];
+                        delete proxy['shadow-tls-sni'];
+                        delete proxy['shadow-tls-version'];
                    }
                }

@@ -141,6 +198,18 @@ export default function ClashMeta_Producer() {
                        proxy['h2-opts'].headers.host = [host];
                    }
                }
+                if (proxy.network === 'ws') {
+                    const wsPath = proxy['ws-opts']?.path;
+                    const reg = /^(.*?)(?:\?ed=(\d+))?$/;
+                    // eslint-disable-next-line no-unused-vars
+                    const [_, path = '', ed = ''] = reg.exec(wsPath);
+                    proxy['ws-opts'].path = path;
+                    if (ed !== '') {
+                        proxy['ws-opts']['early-data-header-name'] =
+                            'Sec-WebSocket-Protocol';
+                        proxy['ws-opts']['max-early-data'] = parseInt(ed, 10);
+                    }
+                }

                if (proxy['plugin-opts']?.tls) {
                    if (isPresent(proxy, 'skip-cert-verify')) {
@@ -155,6 +224,7 @@ export default function ClashMeta_Producer() {
                        'hysteria',
                        'hysteria2',
                        'juicity',
+                        'anytls',
                    ].includes(proxy.type)
                ) {
                    delete proxy.tls;
@@ -178,9 +248,11 @@ export default function ClashMeta_Producer() {
                delete proxy.id;
                delete proxy.resolved;
                delete proxy['no-resolve'];
-                for (const key in proxy) {
-                    if (proxy[key] == null || /^_/i.test(key)) {
-                        delete proxy[key];
+                if (type !== 'internal' || opts['delete-underscore-fields']) {
+                    for (const key in proxy) {
+                        if (proxy[key] == null || /^_/i.test(key)) {
+                            delete proxy[key];
+                        }
                    }
                }
                if (
@@ -188,6 +260,12 @@ export default function ClashMeta_Producer() {
                    proxy[`${proxy.network}-opts`]
                ) {
                    delete proxy[`${proxy.network}-opts`]['_grpc-type'];
+                    delete proxy[`${proxy.network}-opts`]['_grpc-authority'];
+                }
+
+                if (proxy['ip-version']) {
+                    proxy['ip-version'] =
+                        ipVersions[proxy['ip-version']] || proxy['ip-version'];
                }
                return proxy;
            });
--- a/backend/src/core/proxy-utils/producers/egern.js
+++ b/backend/src/core/proxy-utils/producers/egern.js
@@ -0,0 +1,420 @@
+import { isPresent } from './utils';
+
+export default function Egern_Producer() {
+    const type = 'ALL';
+    const produce = (proxies, type) => {
+        // https://egernapp.com/zh-CN/docs/configuration/proxies
+        const list = proxies
+            .filter((proxy) => {
+                // if (opts['include-unsupported-proxy']) return true;
+                if (
+                    ![
+                        'http',
+                        'socks5',
+                        'ss',
+                        'trojan',
+                        'hysteria2',
+                        'vless',
+                        'vmess',
+                        'tuic',
+                    ].includes(proxy.type) ||
+                    (proxy.type === 'ss' &&
+                        ((proxy.plugin === 'obfs' &&
+                            !['http', 'tls'].includes(
+                                proxy['plugin-opts']?.mode,
+                            )) ||
+                            ![
+                                'chacha20-ietf-poly1305',
+                                'chacha20-poly1305',
+                                'aes-256-gcm',
+                                'aes-128-gcm',
+                                'none',
+                                'tbale',
+                                'rc4',
+                                'rc4-md5',
+                                'aes-128-cfb',
+                                'aes-192-cfb',
+                                'aes-256-cfb',
+                                'aes-128-ctr',
+                                'aes-192-ctr',
+                                'aes-256-ctr',
+                                'bf-cfb',
+                                'camellia-128-cfb',
+                                'camellia-192-cfb',
+                                'camellia-256-cfb',
+                                'cast5-cfb',
+                                'des-cfb',
+                                'idea-cfb',
+                                'rc2-cfb',
+                                'seed-cfb',
+                                'salsa20',
+                                'chacha20',
+                                'chacha20-ietf',
+                                '2022-blake3-aes-128-gcm',
+                                '2022-blake3-aes-256-gcm',
+                            ].includes(proxy.cipher))) ||
+                    (proxy.type === 'vmess' &&
+                        !['http', 'ws', 'tcp'].includes(proxy.network) &&
+                        proxy.network) ||
+                    (proxy.type === 'trojan' &&
+                        !['http', 'ws', 'tcp'].includes(proxy.network) &&
+                        proxy.network) ||
+                    (proxy.type === 'vless' &&
+                        (typeof proxy.flow !== 'undefined' ||
+                            proxy['reality-opts'] ||
+                            (!['http', 'ws', 'tcp'].includes(proxy.network) &&
+                                proxy.network))) ||
+                    (proxy.type === 'tuic' &&
+                        proxy.token &&
+                        proxy.token.length !== 0)
+                ) {
+                    return false;
+                }
+                return true;
+            })
+            .map((proxy) => {
+                const original = { ...proxy };
+                if (proxy.tls && !proxy.sni) {
+                    proxy.sni = proxy.server;
+                }
+                const prev_hop =
+                    proxy.prev_hop ||
+                    proxy['underlying-proxy'] ||
+                    proxy['dialer-proxy'] ||
+                    proxy.detour;
+
+                if (proxy.type === 'http') {
+                    proxy = {
+                        type: 'http',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        username: proxy.username,
+                        password: proxy.password,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        next_hop: proxy.next_hop,
+                    };
+                } else if (proxy.type === 'socks5') {
+                    proxy = {
+                        type: 'socks5',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        username: proxy.username,
+                        password: proxy.password,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                    };
+                } else if (proxy.type === 'ss') {
+                    proxy = {
+                        type: 'shadowsocks',
+                        name: proxy.name,
+                        method:
+                            proxy.cipher === 'chacha20-ietf-poly1305'
+                                ? 'chacha20-poly1305'
+                                : proxy.cipher,
+                        server: proxy.server,
+                        port: proxy.port,
+                        password: proxy.password,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                    };
+                    if (original.plugin === 'obfs') {
+                        proxy.obfs = original['plugin-opts'].mode;
+                        proxy.obfs_host = original['plugin-opts'].host;
+                        proxy.obfs_uri = original['plugin-opts'].path;
+                    }
+                } else if (proxy.type === 'hysteria2') {
+                    proxy = {
+                        type: 'hysteria2',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        auth: proxy.password,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                        sni: proxy.sni,
+                        skip_tls_verify: proxy['skip-cert-verify'],
+                        port_hopping: proxy.ports,
+                        port_hopping_interval: proxy['hop-interval'],
+                    };
+                    if (
+                        original['obfs-password'] &&
+                        original.obfs == 'salamander'
+                    ) {
+                        proxy.obfs = 'salamander';
+                        proxy.obfs_password = original['obfs-password'];
+                    }
+                } else if (proxy.type === 'tuic') {
+                    proxy = {
+                        type: 'tuic',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        uuid: proxy.uuid,
+                        password: proxy.password,
+                        next_hop: proxy.next_hop,
+                        sni: proxy.sni,
+                        alpn: Array.isArray(proxy.alpn)
+                            ? proxy.alpn
+                            : [proxy.alpn || 'h3'],
+                        skip_tls_verify: proxy['skip-cert-verify'],
+                        port_hopping: proxy.ports,
+                        port_hopping_interval: proxy['hop-interval'],
+                    };
+                } else if (proxy.type === 'trojan') {
+                    if (proxy.network === 'ws') {
+                        proxy.websocket = {
+                            path: proxy['ws-opts']?.path,
+                            host: proxy['ws-opts']?.headers?.Host,
+                        };
+                    }
+                    proxy = {
+                        type: 'trojan',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        password: proxy.password,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                        sni: proxy.sni,
+                        skip_tls_verify: proxy['skip-cert-verify'],
+                        websocket: proxy.websocket,
+                    };
+                } else if (proxy.type === 'vmess') {
+                    // Egern：传输层，支持 ws/wss/http1/http2/tls，不配置则为 tcp
+                    let security = proxy.cipher;
+                    if (
+                        security &&
+                        ![
+                            'auto',
+                            'none',
+                            'zero',
+                            'aes-128-gcm',
+                            'chacha20-poly1305',
+                        ].includes(security)
+                    ) {
+                        security = 'auto';
+                    }
+                    if (proxy.network === 'ws') {
+                        proxy.transport = {
+                            [proxy.tls ? 'wss' : 'ws']: {
+                                path: proxy['ws-opts']?.path,
+                                headers: {
+                                    Host: proxy['ws-opts']?.headers?.Host,
+                                },
+                                sni: proxy.tls ? proxy.sni : undefined,
+                                skip_tls_verify: proxy.tls
+                                    ? proxy['skip-cert-verify']
+                                    : undefined,
+                            },
+                        };
+                    } else if (proxy.network === 'http') {
+                        proxy.transport = {
+                            http1: {
+                                method: proxy['http-opts']?.method,
+                                path: Array.isArray(proxy['http-opts']?.path)
+                                    ? proxy['http-opts']?.path[0]
+                                    : proxy['http-opts']?.path,
+                                headers: {
+                                    Host: Array.isArray(
+                                        proxy['http-opts']?.headers?.Host,
+                                    )
+                                        ? proxy['http-opts']?.headers?.Host[0]
+                                        : proxy['http-opts']?.headers?.Host,
+                                },
+                                skip_tls_verify: proxy['skip-cert-verify'],
+                            },
+                        };
+                    } else if (proxy.network === 'h2') {
+                        proxy.transport = {
+                            http2: {
+                                method: proxy['h2-opts']?.method,
+                                path: Array.isArray(proxy['h2-opts']?.path)
+                                    ? proxy['h2-opts']?.path[0]
+                                    : proxy['h2-opts']?.path,
+                                headers: {
+                                    Host: Array.isArray(
+                                        proxy['h2-opts']?.headers?.Host,
+                                    )
+                                        ? proxy['h2-opts']?.headers?.Host[0]
+                                        : proxy['h2-opts']?.headers?.Host,
+                                },
+                                skip_tls_verify: proxy['skip-cert-verify'],
+                            },
+                        };
+                    } else if (
+                        (proxy.network === 'tcp' || !proxy.network) &&
+                        proxy.tls
+                    ) {
+                        proxy.transport = {
+                            tls: {
+                                sni: proxy.tls ? proxy.sni : undefined,
+                                skip_tls_verify: proxy.tls
+                                    ? proxy['skip-cert-verify']
+                                    : undefined,
+                            },
+                        };
+                    }
+                    proxy = {
+                        type: 'vmess',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        user_id: proxy.uuid,
+                        security,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        legacy: proxy.legacy,
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                        transport: proxy.transport,
+                        // sni: proxy.sni,
+                        // skip_tls_verify: proxy['skip-cert-verify'],
+                    };
+                } else if (proxy.type === 'vless') {
+                    if (proxy.network === 'ws') {
+                        proxy.transport = {
+                            [proxy.tls ? 'wss' : 'ws']: {
+                                path: proxy['ws-opts']?.path,
+                                headers: {
+                                    Host: proxy['ws-opts']?.headers?.Host,
+                                },
+                                sni: proxy.tls ? proxy.sni : undefined,
+                                skip_tls_verify: proxy.tls
+                                    ? proxy['skip-cert-verify']
+                                    : undefined,
+                            },
+                        };
+                    } else if (proxy.network === 'http') {
+                        proxy.transport = {
+                            http: {
+                                method: proxy['http-opts']?.method,
+                                path: Array.isArray(proxy['http-opts']?.path)
+                                    ? proxy['http-opts']?.path[0]
+                                    : proxy['http-opts']?.path,
+                                headers: {
+                                    Host: Array.isArray(
+                                        proxy['http-opts']?.headers?.Host,
+                                    )
+                                        ? proxy['http-opts']?.headers?.Host[0]
+                                        : proxy['http-opts']?.headers?.Host,
+                                },
+                                skip_tls_verify: proxy['skip-cert-verify'],
+                            },
+                        };
+                    } else if (proxy.network === 'tcp' || !proxy.network) {
+                        proxy.transport = {
+                            [proxy.tls ? 'tls' : 'tcp']: {
+                                sni: proxy.tls ? proxy.sni : undefined,
+                                skip_tls_verify: proxy.tls
+                                    ? proxy['skip-cert-verify']
+                                    : undefined,
+                            },
+                        };
+                    }
+                    proxy = {
+                        type: 'vless',
+                        name: proxy.name,
+                        server: proxy.server,
+                        port: proxy.port,
+                        user_id: proxy.uuid,
+                        security: proxy.cipher,
+                        tfo: proxy.tfo || proxy['fast-open'],
+                        legacy: proxy.legacy,
+                        udp_relay:
+                            proxy.udp || proxy.udp_relay || proxy.udp_relay,
+                        next_hop: proxy.next_hop,
+                        transport: proxy.transport,
+                        // sni: proxy.sni,
+                        // skip_tls_verify: proxy['skip-cert-verify'],
+                    };
+                }
+                if (
+                    [
+                        'http',
+                        'socks5',
+                        'ss',
+                        'trojan',
+                        'vless',
+                        'vmess',
+                    ].includes(original.type)
+                ) {
+                    if (isPresent(original, 'shadow-tls-password')) {
+                        if (original['shadow-tls-version'] != 3)
+                            throw new Error(
+                                `shadow-tls version ${original['shadow-tls-version']} is not supported`,
+                            );
+                        proxy.shadow_tls = {
+                            password: original['shadow-tls-password'],
+                            sni: original['shadow-tls-sni'],
+                        };
+                    } else if (
+                        ['shadow-tls'].includes(original.plugin) &&
+                        original['plugin-opts']
+                    ) {
+                        if (original['plugin-opts'].version != 3)
+                            throw new Error(
+                                `shadow-tls version ${original['plugin-opts'].version} is not supported`,
+                            );
+                        proxy.shadow_tls = {
+                            password: original['plugin-opts'].password,
+                            sni: original['plugin-opts'].host,
+                        };
+                    }
+                }
+
+                delete proxy.subName;
+                delete proxy.collectionName;
+                delete proxy.id;
+                delete proxy.resolved;
+                delete proxy['no-resolve'];
+
+                if (proxy.transport) {
+                    for (const key in proxy.transport) {
+                        if (
+                            Object.keys(proxy.transport[key]).length === 0 ||
+                            Object.values(proxy.transport[key]).every(
+                                (v) => v == null,
+                            )
+                        ) {
+                            delete proxy.transport[key];
+                        }
+                    }
+                    if (Object.keys(proxy.transport).length === 0) {
+                        delete proxy.transport;
+                    }
+                }
+
+                if (type !== 'internal') {
+                    for (const key in proxy) {
+                        if (proxy[key] == null || /^_/i.test(key)) {
+                            delete proxy[key];
+                        }
+                    }
+                }
+                return {
+                    [proxy.type]: {
+                        ...proxy,
+                        type: undefined,
+                        prev_hop,
+                    },
+                };
+            });
+        return type === 'internal'
+            ? list
+            : 'proxies:\n' +
+                  list
+                      .map((proxy) => '  - ' + JSON.stringify(proxy) + '\n')
+                      .join('');
+    };
+    return { type, produce };
+}
--- a/backend/src/core/proxy-utils/producers/index.js
+++ b/backend/src/core/proxy-utils/producers/index.js
@@ -10,6 +10,7 @@ import QX_Producer from './qx';
 import Shadowrocket_Producer from './shadowrocket';
 import Surfboard_Producer from './surfboard';
 import singbox_Producer from './sing-box';
+import Egern_Producer from './egern';

 function JSON_Producer() {
    const type = 'ALL';
@@ -19,19 +20,37 @@ function JSON_Producer() {
 }

 export default {
+    qx: QX_Producer(),
    QX: QX_Producer(),
    QuantumultX: QX_Producer(),
+    surge: Surge_Producer(),
    Surge: Surge_Producer(),
    SurgeMac: SurgeMac_Producer(),
    Loon: Loon_Producer(),
    Clash: Clash_Producer(),
+    meta: ClashMeta_Producer(),
+    clashmeta: ClashMeta_Producer(),
+    'clash.meta': ClashMeta_Producer(),
+    'Clash.Meta': ClashMeta_Producer(),
    ClashMeta: ClashMeta_Producer(),
+    mihomo: ClashMeta_Producer(),
+    Mihomo: ClashMeta_Producer(),
+    uri: URI_Producer(),
    URI: URI_Producer(),
+    v2: V2Ray_Producer(),
+    v2ray: V2Ray_Producer(),
    V2Ray: V2Ray_Producer(),
+    json: JSON_Producer(),
    JSON: JSON_Producer(),
+    stash: Stash_Producer(),
    Stash: Stash_Producer(),
+    shadowrocket: Shadowrocket_Producer(),
    Shadowrocket: Shadowrocket_Producer(),
    ShadowRocket: Shadowrocket_Producer(),
+    surfboard: Surfboard_Producer(),
    Surfboard: Surfboard_Producer(),
+    singbox: singbox_Producer(),
    'sing-box': singbox_Producer(),
+    egern: Egern_Producer(),
+    Egern: Egern_Producer(),
 };
--- a/backend/src/core/proxy-utils/producers/loon.js
+++ b/backend/src/core/proxy-utils/producers/loon.js
@@ -3,8 +3,16 @@ const targetPlatform = 'Loon';
 import { isPresent, Result } from './utils';
 import { isIPv4, isIPv6 } from '@/utils';

+const ipVersions = {
+    dual: 'dual',
+    ipv4: 'v4-only',
+    ipv6: 'v6-only',
+    'ipv4-prefer': 'prefer-v4',
+    'ipv6-prefer': 'prefer-v6',
+};
+
 export default function Loon_Producer() {
-    const produce = (proxy) => {
+    const produce = (proxy, type, opts = {}) => {
        switch (proxy.type) {
            case 'ss':
                return shadowsocks(proxy);
@@ -13,9 +21,9 @@ export default function Loon_Producer() {
            case 'trojan':
                return trojan(proxy);
            case 'vmess':
-                return vmess(proxy);
+                return vmess(proxy, opts['include-unsupported-proxy']);
            case 'vless':
-                return vless(proxy);
+                return vless(proxy, opts['include-unsupported-proxy']);
            case 'http':
                return http(proxy);
            case 'socks5':
@@ -56,6 +64,8 @@ function shadowsocks(proxy) {
            'aes-256-gcm',
            'chacha20-ietf-poly1305',
            'xchacha20-ietf-poly1305',
+            '2022-blake3-aes-128-gcm',
+            '2022-blake3-aes-256-gcm',
        ].includes(proxy.cipher)
    ) {
        throw new Error(`cipher ${proxy.cipher} is not supported`);
@@ -76,19 +86,68 @@ function shadowsocks(proxy) {
                `,obfs-uri=${proxy['plugin-opts'].path}`,
                'plugin-opts.path',
            );
-        } else {
+        } else if (!['shadow-tls'].includes(proxy.plugin)) {
            throw new Error(`plugin ${proxy.plugin} is not supported`);
        }
    }

+    // shadow-tls
+    if (isPresent(proxy, 'shadow-tls-password')) {
+        result.append(`,shadow-tls-password=${proxy['shadow-tls-password']}`);
+
+        result.appendIfPresent(
+            `,shadow-tls-version=${proxy['shadow-tls-version']}`,
+            'shadow-tls-version',
+        );
+        result.appendIfPresent(
+            `,shadow-tls-sni=${proxy['shadow-tls-sni']}`,
+            'shadow-tls-sni',
+        );
+        // udp-port
+        result.appendIfPresent(`,udp-port=${proxy['udp-port']}`, 'udp-port');
+    } else if (['shadow-tls'].includes(proxy.plugin) && proxy['plugin-opts']) {
+        const password = proxy['plugin-opts'].password;
+        const host = proxy['plugin-opts'].host;
+        const version = proxy['plugin-opts'].version;
+        if (password) {
+            result.append(`,shadow-tls-password=${password}`);
+            if (host) {
+                result.append(`,shadow-tls-sni=${host}`);
+            }
+            if (version) {
+                if (version < 2) {
+                    throw new Error(
+                        `shadow-tls version ${version} is not supported`,
+                    );
+                }
+                result.append(`,shadow-tls-version=${version}`);
+            }
+            // udp-port
+            result.appendIfPresent(
+                `,udp-port=${proxy['udp-port']}`,
+                'udp-port',
+            );
+        }
+    }
+
    // tfo
    result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');

+    // block-quic
+    if (proxy['block-quic'] === 'on') {
+        result.append(',block-quic=true');
+    } else if (proxy['block-quic'] === 'off') {
+        result.append(',block-quic=false');
+    }
+
    // udp
    if (proxy.udp) {
        result.append(`,udp=true`);
    }

+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-mode=${ip_version}`, 'ip-version');
+
    return result.toString();
 }

@@ -109,14 +168,63 @@ function shadowsocksr(proxy) {
    result.appendIfPresent(`,obfs=${proxy.obfs}`, 'obfs');
    result.appendIfPresent(`,obfs-param=${proxy['obfs-param']}`, 'obfs-param');

+    // shadow-tls
+    if (isPresent(proxy, 'shadow-tls-password')) {
+        result.append(`,shadow-tls-password=${proxy['shadow-tls-password']}`);
+
+        result.appendIfPresent(
+            `,shadow-tls-version=${proxy['shadow-tls-version']}`,
+            'shadow-tls-version',
+        );
+        result.appendIfPresent(
+            `,shadow-tls-sni=${proxy['shadow-tls-sni']}`,
+            'shadow-tls-sni',
+        );
+        // udp-port
+        result.appendIfPresent(`,udp-port=${proxy['udp-port']}`, 'udp-port');
+    } else if (['shadow-tls'].includes(proxy.plugin) && proxy['plugin-opts']) {
+        const password = proxy['plugin-opts'].password;
+        const host = proxy['plugin-opts'].host;
+        const version = proxy['plugin-opts'].version;
+        if (password) {
+            result.append(`,shadow-tls-password=${password}`);
+            if (host) {
+                result.append(`,shadow-tls-sni=${host}`);
+            }
+            if (version) {
+                if (version < 2) {
+                    throw new Error(
+                        `shadow-tls version ${version} is not supported`,
+                    );
+                }
+                result.append(`,shadow-tls-version=${version}`);
+            }
+            // udp-port
+            result.appendIfPresent(
+                `,udp-port=${proxy['udp-port']}`,
+                'udp-port',
+            );
+        }
+    }
+
    // tfo
    result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');

+    // block-quic
+    if (proxy['block-quic'] === 'on') {
+        result.append(',block-quic=true');
+    } else if (proxy['block-quic'] === 'off') {
+        result.append(',block-quic=false');
+    }
+
    // udp
    if (proxy.udp) {
        result.append(`,udp=true`);
    }

+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-mode=${ip_version}`, 'ip-version');
+
    return result.toString();
 }

@@ -165,15 +273,26 @@ function trojan(proxy) {
    // tfo
    result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');

+    // block-quic
+    if (proxy['block-quic'] === 'on') {
+        result.append(',block-quic=true');
+    } else if (proxy['block-quic'] === 'off') {
+        result.append(',block-quic=false');
+    }
+
    // udp
    if (proxy.udp) {
        result.append(`,udp=true`);
    }
+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-mode=${ip_version}`, 'ip-version');

    return result.toString();
 }

 function vmess(proxy) {
+    const isReality = !!proxy['reality-opts'];
+
    const result = new Result(proxy);
    result.append(
        `${proxy.name}=vmess,${proxy.server},${proxy.port},${proxy.cipher},"${proxy.uuid}"`,
@@ -221,20 +340,32 @@ function vmess(proxy) {
        'skip-cert-verify',
    );

-    // sni
-    result.appendIfPresent(`,tls-name=${proxy.sni}`, 'sni');
-    result.appendIfPresent(
-        `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
-        'tls-fingerprint',
-    );
-    result.appendIfPresent(
-        `,tls-pubkey-sha256=${proxy['tls-pubkey-sha256']}`,
-        'tls-pubkey-sha256',
-    );
+    if (isReality) {
+        result.appendIfPresent(`,sni=${proxy.sni}`, 'sni');
+        result.appendIfPresent(
+            `,public-key="${proxy['reality-opts']['public-key']}"`,
+            'reality-opts.public-key',
+        );
+        result.appendIfPresent(
+            `,short-id=${proxy['reality-opts']['short-id']}`,
+            'reality-opts.short-id',
+        );
+    } else {
+        // sni
+        result.appendIfPresent(`,tls-name=${proxy.sni}`, 'sni');
+        result.appendIfPresent(
+            `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
+            'tls-fingerprint',
+        );
+        result.appendIfPresent(
+            `,tls-pubkey-sha256=${proxy['tls-pubkey-sha256']}`,
+            'tls-pubkey-sha256',
+        );
+    }

    // AEAD
    if (isPresent(proxy, 'aead')) {
-        result.append(`,alterId=0`);
+        result.append(`,alterId=${proxy.aead ? 0 : 1}`);
    } else {
        result.append(`,alterId=${proxy.alterId}`);
    }
@@ -242,17 +373,34 @@ function vmess(proxy) {
    // tfo
    result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');

+    // block-quic
+    if (proxy['block-quic'] === 'on') {
+        result.append(',block-quic=true');
+    } else if (proxy['block-quic'] === 'off') {
+        result.append(',block-quic=false');
+    }
+
    // udp
    if (proxy.udp) {
        result.append(`,udp=true`);
    }
+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-mode=${ip_version}`, 'ip-version');
    return result.toString();
 }

 function vless(proxy) {
-    if (proxy['reality-opts']) {
-        throw new Error(`VLESS REALITY is unsupported`);
+    let isXtls = false;
+    const isReality = !!proxy['reality-opts'];
+
+    if (typeof proxy.flow !== 'undefined') {
+        if (['xtls-rprx-vision'].includes(proxy.flow)) {
+            isXtls = true;
+        } else {
+            throw new Error(`VLESS flow(${proxy.flow}) is not supported`);
+        }
    }
+
    const result = new Result(proxy);
    result.append(
        `${proxy.name}=vless,${proxy.server},${proxy.port},"${proxy.uuid}"`,
@@ -300,24 +448,48 @@ function vless(proxy) {
        'skip-cert-verify',
    );

-    // sni
-    result.appendIfPresent(`,tls-name=${proxy.sni}`, 'sni');
-    result.appendIfPresent(
-        `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
-        'tls-fingerprint',
-    );
-    result.appendIfPresent(
-        `,tls-pubkey-sha256=${proxy['tls-pubkey-sha256']}`,
-        'tls-pubkey-sha256',
-    );
+    if (isXtls) {
+        result.appendIfPresent(`,flow=${proxy.flow}`, 'flow');
+    }
+    if (isReality) {
+        result.appendIfPresent(`,sni=${proxy.sni}`, 'sni');
+        result.appendIfPresent(
+            `,public-key="${proxy['reality-opts']['public-key']}"`,
+            'reality-opts.public-key',
+        );
+        result.appendIfPresent(
+            `,short-id=${proxy['reality-opts']['short-id']}`,
+            'reality-opts.short-id',
+        );
+    } else {
+        // sni
+        result.appendIfPresent(`,tls-name=${proxy.sni}`, 'sni');
+        result.appendIfPresent(
+            `,tls-cert-sha256=${proxy['tls-fingerprint']}`,
+            'tls-fingerprint',
+        );
+        result.appendIfPresent(
+            `,tls-pubkey-sha256=${proxy['tls-pubkey-sha256']}`,
+            'tls-pubkey-sha256',
+        );
+    }

    // tfo
    result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');

+    // block-quic
+    if (proxy['block-quic'] === 'on') {
+        result.append(',block-quic=true');
+    } else if (proxy['block-quic'] === 'off') {
+        result.append(',block-quic=false');
+    }
+
    // udp
    if (proxy.udp) {
        result.append(`,udp=true`);
    }
+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-mode=${ip_version}`, 'ip-version');
    return result.toString();
 }

@@ -340,6 +512,16 @@ function http(proxy) {
    // tfo
    result.appendIfPresent(`,tfo=${proxy.tfo}`, 'tfo');

+    // block-quic
+    if (proxy['block-quic'] === 'on') {
+        result.append(',block-quic=true');
+    } else if (proxy['block-quic'] === 'off') {
+        result.append(',block-quic=false');
+    }
+
+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-mode=${ip_version}`, 'ip-version');
+
    return result.toString();
 }
 function socks5(proxy) {
@@ -363,10 +545,19 @@ function socks5(proxy) {
    // tfo
    result.appendIfPresent(`,tfo=${proxy.tfo}`, 'tfo');

+    // block-quic
+    if (proxy['block-quic'] === 'on') {
+        result.append(',block-quic=true');
+    } else if (proxy['block-quic'] === 'off') {
+        result.append(',block-quic=false');
+    }
+
    // udp
    if (proxy.udp) {
        result.append(`,udp=true`);
    }
+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-mode=${ip_version}`, 'ip-version');

    return result.toString();
 }
@@ -432,6 +623,15 @@ function wireguard(proxy) {
            presharedKey ?? ''
        }}]`,
    );
+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-mode=${ip_version}`, 'ip-version');
+
+    // block-quic
+    if (proxy['block-quic'] === 'on') {
+        result.append(',block-quic=true');
+    } else if (proxy['block-quic'] === 'off') {
+        result.append(',block-quic=false');
+    }

    return result.toString();
 }
@@ -467,6 +667,13 @@ function hysteria2(proxy) {
    // tfo
    result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');

+    // block-quic
+    if (proxy['block-quic'] === 'on') {
+        result.append(',block-quic=true');
+    } else if (proxy['block-quic'] === 'off') {
+        result.append(',block-quic=false');
+    }
+
    // udp
    if (proxy.udp) {
        result.append(`,udp=true`);
@@ -479,6 +686,8 @@ function hysteria2(proxy) {
    );

    result.appendIfPresent(`,ecn=${proxy.ecn}`, 'ecn');
+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-mode=${ip_version}`, 'ip-version');

    return result.toString();
 }
--- a/backend/src/core/proxy-utils/producers/qx.js
+++ b/backend/src/core/proxy-utils/producers/qx.js
@@ -58,6 +58,8 @@ function shadowsocks(proxy) {
            'aes-256-gcm',
            'chacha20-ietf-poly1305',
            'xchacha20-ietf-poly1305',
+            '2022-blake3-aes-128-gcm',
+            '2022-blake3-aes-256-gcm',
        ].includes(proxy.cipher)
    ) {
        throw new Error(`cipher ${proxy.cipher} is not supported`);
@@ -128,6 +130,20 @@ function shadowsocks(proxy) {
    // udp
    appendIfPresent(`,udp-relay=${proxy.udp}`, 'udp');

+    // udp over tcp
+    if (proxy['_ssr_python_uot']) {
+        append(`,udp-over-tcp=true`);
+    } else if (proxy['udp-over-tcp']) {
+        if (
+            !proxy['udp-over-tcp-version'] ||
+            proxy['udp-over-tcp-version'] === 1
+        ) {
+            append(`,udp-over-tcp=sp.v1`);
+        } else if (proxy['udp-over-tcp-version'] === 2) {
+            append(`,udp-over-tcp=sp.v2`);
+        }
+    }
+
    // server_check_url
    result.appendIfPresent(
        `,server_check_url=${proxy['test-url']}`,
@@ -389,6 +405,8 @@ function vless(proxy) {
            else append(`,obfs=ws`);
        } else if (proxy.network === 'http') {
            append(`,obfs=http`);
+        } else if (['tcp'].includes(proxy.network)) {
+            if (proxy.tls) append(`,obfs=over-tls`);
        } else if (!['tcp'].includes(proxy.network)) {
            throw new Error(`network ${proxy.network} is unsupported`);
        }
--- a/backend/src/core/proxy-utils/producers/shadowrocket.js
+++ b/backend/src/core/proxy-utils/producers/shadowrocket.js
@@ -1,12 +1,15 @@
 import { isPresent } from '@/core/proxy-utils/producers/utils';
+import $ from '@/core/app';

-export default function ShadowRocket_Producer() {
+export default function Shadowrocket_Producer() {
    const type = 'ALL';
    const produce = (proxies, type, opts = {}) => {
        const list = proxies
            .filter((proxy) => {
                if (opts['include-unsupported-proxy']) return true;
-                if (proxy.type === 'snell' && String(proxy.version) === '4') {
+                if (proxy.type === 'snell' && proxy.version >= 4) {
+                    return false;
+                } else if (['mieru'].includes(proxy.type)) {
                    return false;
                }
                return true;
@@ -30,9 +33,10 @@ export default function ShadowRocket_Producer() {
                        isPresent(proxy, 'cipher') &&
                        ![
                            'auto',
+                            'none',
+                            'zero',
                            'aes-128-gcm',
                            'chacha20-poly1305',
-                            'none',
                        ].includes(proxy.cipher)
                    ) {
                        proxy.cipher = 'auto';
@@ -100,11 +104,28 @@ export default function ShadowRocket_Producer() {
                    proxy['preshared-key'] =
                        proxy['preshared-key'] ?? proxy['pre-shared-key'];
                    proxy['pre-shared-key'] = proxy['preshared-key'];
+                } else if (proxy.type === 'snell' && proxy.version < 3) {
+                    delete proxy.udp;
                } else if (proxy.type === 'vless') {
                    if (isPresent(proxy, 'sni')) {
                        proxy.servername = proxy.sni;
                        delete proxy.sni;
                    }
+                } else if (proxy.type === 'ss') {
+                    if (
+                        isPresent(proxy, 'shadow-tls-password') &&
+                        !isPresent(proxy, 'plugin')
+                    ) {
+                        proxy.plugin = 'shadow-tls';
+                        proxy['plugin-opts'] = {
+                            host: proxy['shadow-tls-sni'],
+                            password: proxy['shadow-tls-password'],
+                            version: proxy['shadow-tls-version'],
+                        };
+                        delete proxy['shadow-tls-password'];
+                        delete proxy['shadow-tls-sni'];
+                        delete proxy['shadow-tls-version'];
+                    }
                }

                if (
@@ -145,6 +166,18 @@ export default function ShadowRocket_Producer() {
                        proxy['h2-opts'].headers.host = [host];
                    }
                }
+                if (proxy.network === 'ws') {
+                    const wsPath = proxy['ws-opts']?.path;
+                    const reg = /^(.*?)(?:\?ed=(\d+))?$/;
+                    // eslint-disable-next-line no-unused-vars
+                    const [_, path = '', ed = ''] = reg.exec(wsPath);
+                    proxy['ws-opts'].path = path;
+                    if (ed !== '') {
+                        proxy['ws-opts']['early-data-header-name'] =
+                            'Sec-WebSocket-Protocol';
+                        proxy['ws-opts']['max-early-data'] = parseInt(ed, 10);
+                    }
+                }
                if (proxy['plugin-opts']?.tls) {
                    if (isPresent(proxy, 'skip-cert-verify')) {
                        proxy['plugin-opts']['skip-cert-verify'] =
@@ -158,6 +191,7 @@ export default function ShadowRocket_Producer() {
                        'hysteria',
                        'hysteria2',
                        'juicity',
+                        'anytls',
                    ].includes(proxy.type)
                ) {
                    delete proxy.tls;
@@ -181,9 +215,11 @@ export default function ShadowRocket_Producer() {
                delete proxy.id;
                delete proxy.resolved;
                delete proxy['no-resolve'];
-                for (const key in proxy) {
-                    if (proxy[key] == null || /^_/i.test(key)) {
-                        delete proxy[key];
+                if (type !== 'internal') {
+                    for (const key in proxy) {
+                        if (proxy[key] == null || /^_/i.test(key)) {
+                            delete proxy[key];
+                        }
                    }
                }
                if (
@@ -191,6 +227,7 @@ export default function ShadowRocket_Producer() {
                    proxy[`${proxy.network}-opts`]
                ) {
                    delete proxy[`${proxy.network}-opts`]['_grpc-type'];
+                    delete proxy[`${proxy.network}-opts`]['_grpc-authority'];
                }
                return proxy;
            });
--- a/backend/src/core/proxy-utils/producers/sing-box.js
+++ b/backend/src/core/proxy-utils/producers/sing-box.js
@@ -2,8 +2,32 @@ import ClashMeta_Producer from './clashmeta';
 import $ from '@/core/app';
 import { isIPv4, isIPv6 } from '@/utils';

+const ipVersions = {
+    ipv4: 'ipv4_only',
+    ipv6: 'ipv6_only',
+    'v4-only': 'ipv4_only',
+    'v6-only': 'ipv6_only',
+    'ipv4-prefer': 'prefer_ipv4',
+    'ipv6-prefer': 'prefer_ipv6',
+    'prefer-v4': 'prefer_ipv4',
+    'prefer-v6': 'prefer_ipv6',
+};
+
+const ipVersionParser = (proxy, parsedProxy) => {
+    const strategy = ipVersions[proxy['ip-version']];
+    if (proxy._dns_server && strategy) {
+        parsedProxy.domain_resolver = {
+            server: proxy._dns_server,
+            strategy,
+        };
+    }
+};
 const detourParser = (proxy, parsedProxy) => {
-    if (proxy['dialer-proxy']) parsedProxy.detour = proxy['dialer-proxy'];
+    parsedProxy.detour = proxy['dialer-proxy'] || proxy.detour;
+};
+const networkParser = (proxy, parsedProxy) => {
+    if (['tcp', 'udp'].includes(proxy._network))
+        parsedProxy.network = proxy._network;
 };
 const tfoParser = (proxy, parsedProxy) => {
    parsedProxy.tcp_fast_open = false;
@@ -27,12 +51,34 @@ const smuxParser = (smux, proxy) => {
    if (smux['min-streams'])
        proxy.multiplex.min_streams = parseInt(`${smux['min-streams']}`, 10);
    if (smux.padding) proxy.multiplex.padding = true;
+    if (smux['brutal-opts']?.up || smux['brutal-opts']?.down) {
+        proxy.multiplex.brutal = {
+            enabled: true,
+        };
+        if (smux['brutal-opts']?.up)
+            proxy.multiplex.brutal.up_mbps = parseInt(
+                `${smux['brutal-opts']?.up}`,
+                10,
+            );
+        if (smux['brutal-opts']?.down)
+            proxy.multiplex.brutal.down_mbps = parseInt(
+                `${smux['brutal-opts']?.down}`,
+                10,
+            );
+    }
 };

 const wsParser = (proxy, parsedProxy) => {
    const transport = { type: 'ws', headers: {} };
    if (proxy['ws-opts']) {
-        const { path: wsPath = '', headers: wsHeaders = {} } = proxy['ws-opts'];
+        const {
+            path: wsPath = '',
+            headers: wsHeaders = {},
+            'max-early-data': max_early_data,
+            'early-data-header-name': early_data_header_name,
+        } = proxy['ws-opts'];
+        transport.early_data_header_name = early_data_header_name;
+        transport.max_early_data = parseInt(max_early_data, 10);
        if (wsPath !== '') transport.path = `${wsPath}`;
        if (Object.keys(wsHeaders).length > 0) {
            const headers = {};
@@ -204,11 +250,6 @@ const tlsParser = (proxy, parsedProxy) => {
    if (proxy.ca) parsedProxy.tls.certificate_path = `${proxy.ca}`;
    if (proxy.ca_str) parsedProxy.tls.certificate = [proxy.ca_str];
    if (proxy['ca-str']) parsedProxy.tls.certificate = [proxy['ca-str']];
-    if (proxy['client-fingerprint'] && proxy['client-fingerprint'] !== '')
-        parsedProxy.tls.utls = {
-            enabled: true,
-            fingerprint: proxy['client-fingerprint'],
-        };
    if (proxy['reality-opts']) {
        parsedProxy.tls.reality = { enabled: true };
        if (proxy['reality-opts']['public-key'])
@@ -217,7 +258,17 @@ const tlsParser = (proxy, parsedProxy) => {
        if (proxy['reality-opts']['short-id'])
            parsedProxy.tls.reality.short_id =
                proxy['reality-opts']['short-id'];
+        parsedProxy.tls.utls = { enabled: true };
    }
+    if (
+        !['hysteria', 'hysteria2', 'tuic'].includes(proxy.type) &&
+        proxy['client-fingerprint'] &&
+        proxy['client-fingerprint'] !== ''
+    )
+        parsedProxy.tls.utls = {
+            enabled: true,
+            fingerprint: proxy['client-fingerprint'],
+        };
    if (!parsedProxy.tls.enabled) delete parsedProxy.tls;
 };

@@ -254,6 +305,7 @@ const sshParser = (proxy = {}) => {
    if (proxy['fast-open']) parsedProxy.udp_fragment = true;
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -281,6 +333,7 @@ const httpParser = (proxy = {}) => {
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    tlsParser(proxy, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -300,8 +353,10 @@ const socks5Parser = (proxy = {}) => {
    if (proxy.uot) parsedProxy.udp_over_tcp = true;
    if (proxy['udp-over-tcp']) parsedProxy.udp_over_tcp = true;
    if (proxy['fast-open']) parsedProxy.udp_fragment = true;
+    networkParser(proxy, parsedProxy);
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -313,6 +368,17 @@ const shadowTLSParser = (proxy = {}) => {
        password: proxy.password,
        detour: `${proxy.name}_shadowtls`,
    };
+    if (proxy.uot) ssPart.udp_over_tcp = true;
+    if (proxy['udp-over-tcp']) {
+        ssPart.udp_over_tcp = {
+            enabled: true,
+            version:
+                !proxy['udp-over-tcp-version'] ||
+                proxy['udp-over-tcp-version'] === 1
+                    ? 1
+                    : 2,
+        };
+    }
    const stPart = {
        tag: `${proxy.name}_shadowtls`,
        type: 'shadowtls',
@@ -335,6 +401,7 @@ const shadowTLSParser = (proxy = {}) => {
    tfoParser(proxy, stPart);
    detourParser(proxy, stPart);
    smuxParser(proxy.smux, ssPart);
+    ipVersionParser(proxy, stPart);
    return { type: 'ss-with-st', ssPart, stPart };
 };
 const ssParser = (proxy = {}) => {
@@ -349,11 +416,22 @@ const ssParser = (proxy = {}) => {
    if (parsedProxy.server_port < 0 || parsedProxy.server_port > 65535)
        throw 'invalid port';
    if (proxy.uot) parsedProxy.udp_over_tcp = true;
-    if (proxy['udp-over-tcp']) parsedProxy.udp_over_tcp = true;
+    if (proxy['udp-over-tcp']) {
+        parsedProxy.udp_over_tcp = {
+            enabled: true,
+            version:
+                !proxy['udp-over-tcp-version'] ||
+                proxy['udp-over-tcp-version'] === 1
+                    ? 1
+                    : 2,
+        };
+    }
    if (proxy['fast-open']) parsedProxy.udp_fragment = true;
+    networkParser(proxy, parsedProxy);
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    if (proxy.plugin) {
        const optArr = [];
        if (proxy.plugin === 'obfs') {
@@ -432,6 +510,7 @@ const ssrParser = (proxy = {}) => {
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -465,11 +544,12 @@ const vmessParser = (proxy = {}) => {
    if (proxy.network === 'h2') h2Parser(proxy, parsedProxy);
    if (proxy.network === 'http') h1Parser(proxy, parsedProxy);
    if (proxy.network === 'grpc') grpcParser(proxy, parsedProxy);
-
+    networkParser(proxy, parsedProxy);
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    tlsParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -484,15 +564,18 @@ const vlessParser = (proxy = {}) => {
    };
    if (parsedProxy.server_port < 0 || parsedProxy.server_port > 65535)
        throw 'invalid port';
+    if (proxy.xudp) parsedProxy.packet_encoding = 'xudp';
    if (proxy['fast-open']) parsedProxy.udp_fragment = true;
-    if (proxy.flow === 'xtls-rprx-vision') parsedProxy.flow = proxy.flow;
+    // if (['xtls-rprx-vision', ''].includes(proxy.flow)) parsedProxy.flow = proxy.flow;
+    if (proxy.flow != null) parsedProxy.flow = proxy.flow;
    if (proxy.network === 'ws') wsParser(proxy, parsedProxy);
    if (proxy.network === 'grpc') grpcParser(proxy, parsedProxy);
-
+    networkParser(proxy, parsedProxy);
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
    tlsParser(proxy, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };
 const trojanParser = (proxy = {}) => {
@@ -509,11 +592,12 @@ const trojanParser = (proxy = {}) => {
    if (proxy['fast-open']) parsedProxy.udp_fragment = true;
    if (proxy.network === 'grpc') grpcParser(proxy, parsedProxy);
    if (proxy.network === 'ws') wsParser(proxy, parsedProxy);
-
+    networkParser(proxy, parsedProxy);
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    tlsParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };
 const hysteriaParser = (proxy = {}) => {
@@ -532,12 +616,13 @@ const hysteriaParser = (proxy = {}) => {
    if (proxy['fast-open']) parsedProxy.udp_fragment = true;
    // eslint-disable-next-line no-control-regex
    const reg = new RegExp('^[0-9]+[ \t]*[KMGT]*[Bb]ps$');
-    if (reg.test(`${proxy.up}`)) {
+    // sing-box 跟文档不一致, 但是懒得全转, 只处理最常见的 Mbps
+    if (reg.test(`${proxy.up}`) && !`${proxy.up}`.endsWith('Mbps')) {
        parsedProxy.up = `${proxy.up}`;
    } else {
        parsedProxy.up_mbps = parseInt(`${proxy.up}`, 10);
    }
-    if (reg.test(`${proxy.down}`)) {
+    if (reg.test(`${proxy.down}`) && !`${proxy.down}`.endsWith('Mbps')) {
        parsedProxy.down = `${proxy.down}`;
    } else {
        parsedProxy.down_mbps = parseInt(`${proxy.down}`, 10);
@@ -557,10 +642,12 @@ const hysteriaParser = (proxy = {}) => {
                parsedProxy.disable_mtu_discovery = true;
        }
    }
+    networkParser(proxy, parsedProxy);
    tlsParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    tfoParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };
 const hysteria2Parser = (proxy = {}) => {
@@ -575,16 +662,26 @@ const hysteria2Parser = (proxy = {}) => {
    };
    if (parsedProxy.server_port < 0 || parsedProxy.server_port > 65535)
        throw 'invalid port';
+    if (proxy['hop-interval'])
+        parsedProxy.hop_interval = /^\d+$/.test(proxy['hop-interval'])
+            ? `${proxy['hop-interval']}s`
+            : proxy['hop-interval'];
+    if (proxy['ports'])
+        parsedProxy.server_ports = proxy['ports']
+            .split(/\s*,\s*/)
+            .map((p) => p.replace(/\s*-\s*/g, ':'));
    if (proxy.up) parsedProxy.up_mbps = parseInt(`${proxy.up}`, 10);
    if (proxy.down) parsedProxy.down_mbps = parseInt(`${proxy.down}`, 10);
    if (proxy.obfs === 'salamander') parsedProxy.obfs.type = 'salamander';
    if (proxy['obfs-password'])
        parsedProxy.obfs.password = proxy['obfs-password'];
    if (!parsedProxy.obfs.type) delete parsedProxy.obfs;
+    networkParser(proxy, parsedProxy);
    tlsParser(proxy, parsedProxy);
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };
 const tuic5Parser = (proxy = {}) => {
@@ -611,10 +708,35 @@ const tuic5Parser = (proxy = {}) => {
    if (proxy['udp-over-stream']) parsedProxy.udp_over_stream = true;
    if (proxy['heartbeat-interval'])
        parsedProxy.heartbeat = `${proxy['heartbeat-interval']}ms`;
+    networkParser(proxy, parsedProxy);
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    tlsParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
+    return parsedProxy;
+};
+const anytlsParser = (proxy = {}) => {
+    const parsedProxy = {
+        tag: proxy.name,
+        type: 'anytls',
+        server: proxy.server,
+        server_port: parseInt(`${proxy.port}`, 10),
+        password: proxy.password,
+        tls: { enabled: true, server_name: proxy.server, insecure: false },
+    };
+    if (/^\d+$/.test(proxy['idle-session-check-interval']))
+        parsedProxy.idle_session_check_interval = `${proxy['idle-session-check-interval']}s`;
+    if (/^\d+$/.test(proxy['idle-session-timeout']))
+        parsedProxy.idle_session_timeout = `${proxy['idle-session-timeout']}s`;
+    if (/^\d+$/.test(proxy['min-idle-session']))
+        parsedProxy.min_idle_session = parseInt(
+            `${proxy['min-idle-session']}`,
+            10,
+        );
+    detourParser(proxy, parsedProxy);
+    tlsParser(proxy, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -668,9 +790,11 @@ const wireguardParser = (proxy = {}) => {
            parsedProxy.peers.push(peer);
        }
    }
+    networkParser(proxy, parsedProxy);
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -785,7 +909,12 @@ export default function singbox_Producer() {
                            list.push(hysteriaParser(proxy));
                            break;
                        case 'hysteria2':
-                            list.push(hysteria2Parser(proxy));
+                            list.push(
+                                hysteria2Parser(
+                                    proxy,
+                                    opts['include-unsupported-proxy'],
+                                ),
+                            );
                            break;
                        case 'tuic':
                            if (!proxy.token || proxy.token.length === 0) {
@@ -799,6 +928,9 @@ export default function singbox_Producer() {
                        case 'wireguard':
                            list.push(wireguardParser(proxy));
                            break;
+                        case 'anytls':
+                            list.push(anytlsParser(proxy));
+                            break;
                        default:
                            throw new Error(
                                `Platform sing-box does not support proxy type: ${proxy.type}`,
--- a/backend/src/core/proxy-utils/producers/stash.js
+++ b/backend/src/core/proxy-utils/producers/stash.js
@@ -1,4 +1,5 @@
 import { isPresent } from '@/core/proxy-utils/producers/utils';
+import $ from '@/core/app';

 export default function Stash_Producer() {
    const type = 'ALL';
@@ -6,7 +7,6 @@ export default function Stash_Producer() {
        // https://stash.wiki/proxy-protocols/proxy-types#shadowsocks
        const list = proxies
            .filter((proxy) => {
-                if (opts['include-unsupported-proxy']) return true;
                if (
                    ![
                        'ss',
@@ -40,11 +40,20 @@ export default function Stash_Producer() {
                            'xchacha20',
                            'chacha20-ietf-poly1305',
                            'xchacha20-ietf-poly1305',
+                            '2022-blake3-aes-128-gcm',
+                            '2022-blake3-aes-256-gcm',
                        ].includes(proxy.cipher)) ||
-                    (proxy.type === 'snell' && String(proxy.version) === '4') ||
-                    (proxy.type === 'vless' && proxy['reality-opts'])
+                    (proxy.type === 'snell' && proxy.version >= 4) ||
+                    (proxy.type === 'vless' &&
+                        proxy['reality-opts'] &&
+                        !['xtls-rprx-vision'].includes(proxy.flow))
                ) {
                    return false;
+                } else if (proxy['underlying-proxy'] || proxy['dialer-proxy']) {
+                    $.error(
+                        `Stash 暂不支持前置代理字段. 已过滤节点 ${proxy.name}. 请使用 代理的转发链 https://stash.wiki/proxy-protocols/proxy-groups#relay`,
+                    );
+                    return false;
                }
                return true;
            })
@@ -182,6 +191,8 @@ export default function Stash_Producer() {
                    proxy['preshared-key'] =
                        proxy['preshared-key'] ?? proxy['pre-shared-key'];
                    proxy['pre-shared-key'] = proxy['preshared-key'];
+                } else if (proxy.type === 'snell' && proxy.version < 3) {
+                    delete proxy.udp;
                } else if (proxy.type === 'vless') {
                    if (isPresent(proxy, 'sni')) {
                        proxy.servername = proxy.sni;
@@ -227,6 +238,18 @@ export default function Stash_Producer() {
                        proxy['h2-opts'].headers.host = [host];
                    }
                }
+                if (proxy.network === 'ws') {
+                    const wsPath = proxy['ws-opts']?.path;
+                    const reg = /^(.*?)(?:\?ed=(\d+))?$/;
+                    // eslint-disable-next-line no-unused-vars
+                    const [_, path = '', ed = ''] = reg.exec(wsPath);
+                    proxy['ws-opts'].path = path;
+                    if (ed !== '') {
+                        proxy['ws-opts']['early-data-header-name'] =
+                            'Sec-WebSocket-Protocol';
+                        proxy['ws-opts']['max-early-data'] = parseInt(ed, 10);
+                    }
+                }
                if (proxy['plugin-opts']?.tls) {
                    if (isPresent(proxy, 'skip-cert-verify')) {
                        proxy['plugin-opts']['skip-cert-verify'] =
@@ -240,6 +263,7 @@ export default function Stash_Producer() {
                        'hysteria',
                        'hysteria2',
                        'juicity',
+                        'anytls',
                    ].includes(proxy.type)
                ) {
                    delete proxy.tls;
@@ -249,11 +273,6 @@ export default function Stash_Producer() {
                }
                delete proxy['tls-fingerprint'];

-                if (proxy['underlying-proxy']) {
-                    proxy['dialer-proxy'] = proxy['underlying-proxy'];
-                }
-                delete proxy['underlying-proxy'];
-
                if (isPresent(proxy, 'tls') && typeof proxy.tls !== 'boolean') {
                    delete proxy.tls;
                }
@@ -272,9 +291,11 @@ export default function Stash_Producer() {
                delete proxy.id;
                delete proxy.resolved;
                delete proxy['no-resolve'];
-                for (const key in proxy) {
-                    if (proxy[key] == null || /^_/i.test(key)) {
-                        delete proxy[key];
+                if (type !== 'internal') {
+                    for (const key in proxy) {
+                        if (proxy[key] == null || /^_/i.test(key)) {
+                            delete proxy[key];
+                        }
                    }
                }
                if (
@@ -282,6 +303,7 @@ export default function Stash_Producer() {
                    proxy[`${proxy.network}-opts`]
                ) {
                    delete proxy[`${proxy.network}-opts`]['_grpc-type'];
+                    delete proxy[`${proxy.network}-opts`]['_grpc-authority'];
                }
                return proxy;
            });
--- a/backend/src/core/proxy-utils/producers/surge.js
+++ b/backend/src/core/proxy-utils/producers/surge.js
@@ -15,15 +15,20 @@ const ipVersions = {
 export default function Surge_Producer() {
    const produce = (proxy, type, opts = {}) => {
        proxy.name = proxy.name.replace(/=|,/g, '');
+        if (proxy.ports) {
+            proxy.ports = String(proxy.ports);
+        }
        switch (proxy.type) {
            case 'ss':
-                return shadowsocks(proxy);
+                return shadowsocks(proxy, opts['include-unsupported-proxy']);
            case 'trojan':
                return trojan(proxy);
            case 'vmess':
                return vmess(proxy, opts['include-unsupported-proxy']);
            case 'http':
                return http(proxy);
+            case 'direct':
+                return direct(proxy);
            case 'socks5':
                return socks5(proxy);
            case 'snell':
@@ -82,12 +87,14 @@ function shadowsocks(proxy) {
            'chacha20',
            'chacha20-ietf',
            'none',
+            '2022-blake3-aes-128-gcm',
+            '2022-blake3-aes-256-gcm',
        ].includes(proxy.cipher)
    ) {
        throw new Error(`cipher ${proxy.cipher} is not supported`);
    }
    result.append(`,encrypt-method=${proxy.cipher}`);
-    result.appendIfPresent(`,password=${proxy.password}`, 'password');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
@@ -150,6 +157,8 @@ function shadowsocks(proxy) {
            `,shadow-tls-sni=${proxy['shadow-tls-sni']}`,
            'shadow-tls-sni',
        );
+        // udp-port
+        result.appendIfPresent(`,udp-port=${proxy['udp-port']}`, 'udp-port');
    } else if (['shadow-tls'].includes(proxy.plugin) && proxy['plugin-opts']) {
        const password = proxy['plugin-opts'].password;
        const host = proxy['plugin-opts'].host;
@@ -167,6 +176,11 @@ function shadowsocks(proxy) {
                }
                result.append(`,shadow-tls-version=${version}`);
            }
+            // udp-port
+            result.appendIfPresent(
+                `,udp-port=${proxy['udp-port']}`,
+                'udp-port',
+            );
        }
    }

@@ -185,7 +199,7 @@ function shadowsocks(proxy) {
 function trojan(proxy) {
    const result = new Result(proxy);
    result.append(`${proxy.name}=${proxy.type},${proxy.server},${proxy.port}`);
-    result.appendIfPresent(`,password=${proxy.password}`, 'password');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
@@ -356,9 +370,9 @@ function vmess(proxy, includeUnsupportedProxy) {
 function ssh(proxy) {
    const result = new Result(proxy);
    result.append(`${proxy.name}=ssh,${proxy.server},${proxy.port}`);
-    result.appendIfPresent(`,${proxy.username}`, 'username');
+    result.appendIfPresent(`,username="${proxy.username}"`, 'username');
    // 所有的类似的字段都有双引号的问题 暂不处理
-    result.appendIfPresent(`,${proxy.password}`, 'password');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');

    // https://manual.nssurge.com/policy/ssh.html
    // 需配合 Keystore
@@ -419,11 +433,14 @@ function ssh(proxy) {
    return result.toString();
 }
 function http(proxy) {
+    if (proxy.headers && Object.keys(proxy.headers).length > 0) {
+        throw new Error(`headers is unsupported`);
+    }
    const result = new Result(proxy);
    const type = proxy.tls ? 'https' : 'http';
    result.append(`${proxy.name}=${type},${proxy.server},${proxy.port}`);
-    result.appendIfPresent(`,${proxy.username}`, 'username');
-    result.appendIfPresent(`,${proxy.password}`, 'password');
+    result.appendIfPresent(`,username="${proxy.username}"`, 'username');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
@@ -495,13 +512,61 @@ function http(proxy) {

    return result.toString();
 }
+function direct(proxy) {
+    const result = new Result(proxy);
+    const type = 'direct';
+    result.append(`${proxy.name}=${type}`);
+
+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
+
+    result.appendIfPresent(
+        `,no-error-alert=${proxy['no-error-alert']}`,
+        'no-error-alert',
+    );
+
+    // tfo
+    result.appendIfPresent(`,tfo=${proxy.tfo}`, 'tfo');
+
+    // udp
+    result.appendIfPresent(`,udp-relay=${proxy.udp}`, 'udp');
+
+    // test-url
+    result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(
+        `,interface=${proxy['interface-name']}`,
+        'interface-name',
+    );
+
+    // block-quic
+    result.appendIfPresent(`,block-quic=${proxy['block-quic']}`, 'block-quic');
+
+    // underlying-proxy
+    result.appendIfPresent(
+        `,underlying-proxy=${proxy['underlying-proxy']}`,
+        'underlying-proxy',
+    );
+
+    return result.toString();
+}

 function socks5(proxy) {
    const result = new Result(proxy);
    const type = proxy.tls ? 'socks5-tls' : 'socks5';
    result.append(`${proxy.name}=${type},${proxy.server},${proxy.port}`);
-    result.appendIfPresent(`,${proxy.username}`, 'username');
-    result.appendIfPresent(`,${proxy.password}`, 'password');
+    result.appendIfPresent(`,username="${proxy.username}"`, 'username');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
@@ -667,7 +732,7 @@ function tuic(proxy) {
    result.append(`${proxy.name}=${type},${proxy.server},${proxy.port}`);

    result.appendIfPresent(`,uuid=${proxy.uuid}`, 'uuid');
-    result.appendIfPresent(`,password=${proxy.password}`, 'password');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');
    result.appendIfPresent(`,token=${proxy.token}`, 'token');

    result.appendIfPresent(
@@ -675,6 +740,15 @@ function tuic(proxy) {
        'alpn',
    );

+    if (isPresent(proxy, 'ports')) {
+        result.append(`,port-hopping="${proxy.ports.replace(/,/g, ';')}"`);
+    }
+
+    result.appendIfPresent(
+        `,port-hopping-interval=${proxy['hop-interval']}`,
+        'hop-interval',
+    );
+
    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');

@@ -933,7 +1007,16 @@ function hysteria2(proxy) {
    const result = new Result(proxy);
    result.append(`${proxy.name}=hysteria2,${proxy.server},${proxy.port}`);

-    result.appendIfPresent(`,password=${proxy.password}`, 'password');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');
+
+    if (isPresent(proxy, 'ports')) {
+        result.append(`,port-hopping="${proxy.ports.replace(/,/g, ';')}"`);
+    }
+
+    result.appendIfPresent(
+        `,port-hopping-interval=${proxy['hop-interval']}`,
+        'hop-interval',
+    );

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
--- a/backend/src/core/proxy-utils/producers/surgemac.js
+++ b/backend/src/core/proxy-utils/producers/surgemac.js
@@ -1,5 +1,7 @@
+import { Base64 } from 'js-base64';
 import { Result, isPresent } from './utils';
 import Surge_Producer from './surge';
+import ClashMeta_Producer from './clashmeta';
 import { isIPv4, isIPv6 } from '@/utils';
 import $ from '@/core/app';

@@ -8,14 +10,28 @@ const targetPlatform = 'SurgeMac';
 const surge_Producer = Surge_Producer();

 export default function SurgeMac_Producer() {
-    const produce = (proxy) => {
+    const produce = (proxy, type, opts = {}) => {
        switch (proxy.type) {
            case 'external':
                return external(proxy);
-            case 'ssr':
-                return shadowsocksr(proxy);
-            default:
-                return surge_Producer.produce(proxy);
+            // case 'ssr':
+            //     return shadowsocksr(proxy);
+            default: {
+                try {
+                    return surge_Producer.produce(proxy, type, opts);
+                } catch (e) {
+                    if (opts.useMihomoExternal) {
+                        $.log(
+                            `${proxy.name} is not supported on ${targetPlatform}, try to use Mihomo(SurgeMac - External Proxy Program) instead`,
+                        );
+                        return mihomo(proxy, type, opts);
+                    } else {
+                        throw new Error(
+                            `Surge for macOS 可手动指定链接参数 target=SurgeMac 或在 同步配置 中指定 SurgeMac 来启用 mihomo 支援 Surge 本身不支持的协议`,
+                        );
+                    }
+                }
+            }
        }
    };
    return { produce };
@@ -60,6 +76,7 @@ function external(proxy) {

    return result.toString();
 }
+// eslint-disable-next-line no-unused-vars
 function shadowsocksr(proxy) {
    const external_proxy = {
        ...proxy,
@@ -101,6 +118,74 @@ function shadowsocksr(proxy) {

    return external(external_proxy);
 }
+// eslint-disable-next-line no-unused-vars
+function mihomo(proxy, type, opts) {
+    const clashProxy = ClashMeta_Producer().produce([proxy], 'internal')?.[0];
+    if (clashProxy) {
+        const localPort = opts?.localPort || proxy._localPort || 65535;
+        const ipv6 = ['ipv4', 'v4-only'].includes(proxy['ip-version'])
+            ? false
+            : true;
+        const external_proxy = {
+            name: proxy.name,
+            type: 'external',
+            exec: proxy._exec || '/usr/local/bin/mihomo',
+            'local-port': localPort,
+            args: [
+                '-config',
+                Base64.encode(
+                    JSON.stringify({
+                        'mixed-port': localPort,
+                        ipv6,
+                        mode: 'global',
+                        dns: {
+                            enable: true,
+                            ipv6,
+                            'default-nameserver': opts?.defaultNameserver ||
+                                proxy._defaultNameserver || [
+                                    '180.76.76.76',
+                                    '52.80.52.52',
+                                    '119.28.28.28',
+                                    '223.6.6.6',
+                                ],
+                            nameserver: opts?.nameserver ||
+                                proxy._nameserver || [
+                                    'https://doh.pub/dns-query',
+                                    'https://dns.alidns.com/dns-query',
+                                    'https://doh-pure.onedns.net/dns-query',
+                                ],
+                        },
+                        proxies: [
+                            {
+                                ...clashProxy,
+                                name: 'proxy',
+                            },
+                        ],
+                        'proxy-groups': [
+                            {
+                                name: 'GLOBAL',
+                                type: 'select',
+                                proxies: ['proxy'],
+                            },
+                        ],
+                    }),
+                ),
+            ],
+            addresses: [],
+        };
+
+        // https://manual.nssurge.com/policy/external-proxy.html
+        if (isIP(proxy.server)) {
+            external_proxy.addresses.push(proxy.server);
+        } else {
+            $.log(
+                `Platform ${targetPlatform}, proxy type ${proxy.type}: addresses should be an IP address, but got ${proxy.server}`,
+            );
+        }
+        opts.localPort = localPort - 1;
+        return external(external_proxy);
+    }
+}

 function isIP(ip) {
    return isIPv4(ip) || isIPv6(ip);
--- a/backend/src/core/proxy-utils/producers/uri.js
+++ b/backend/src/core/proxy-utils/producers/uri.js
@@ -12,7 +12,7 @@ export default function URI_Producer() {
        delete proxy.resolved;
        delete proxy['no-resolve'];
        for (const key in proxy) {
-            if (proxy[key] == null || /^_/i.test(key)) {
+            if (proxy[key] == null) {
                delete proxy[key];
            }
        }
@@ -23,15 +23,30 @@ export default function URI_Producer() {
        ) {
            delete proxy.tls;
        }
-        if (proxy.server && isIPv6(proxy.server)) {
+        if (
+            !['vmess'].includes(proxy.type) &&
+            proxy.server &&
+            isIPv6(proxy.server)
+        ) {
            proxy.server = `[${proxy.server}]`;
        }
        switch (proxy.type) {
+            case 'socks5':
+                result = `socks://${encodeURIComponent(
+                    Base64.encode(
+                        `${proxy.username ?? ''}:${proxy.password ?? ''}`,
+                    ),
+                )}@${proxy.server}:${proxy.port}#${proxy.name}`;
+                break;
            case 'ss':
                const userinfo = `${proxy.cipher}:${proxy.password}`;
-                result = `ss://${Base64.encode(userinfo)}@${proxy.server}:${
-                    proxy.port
-                }${proxy.plugin ? '/' : ''}`;
+                result = `ss://${
+                    proxy.cipher?.startsWith('2022-blake3-')
+                        ? `${encodeURIComponent(
+                              proxy.cipher,
+                          )}:${encodeURIComponent(proxy.password)}`
+                        : Base64.encode(userinfo)
+                }@${proxy.server}:${proxy.port}${proxy.plugin ? '/' : ''}`;
                if (proxy.plugin) {
                    result += '?plugin=';
                    const opts = proxy['plugin-opts'];
@@ -50,6 +65,11 @@ export default function URI_Producer() {
                                }${opts.tls ? ';tls' : ''}`,
                            );
                            break;
+                        case 'shadow-tls':
+                            result += encodeURIComponent(
+                                `shadow-tls;host=${opts.host};password=${opts.password};version=${opts.version}`,
+                            );
+                            break;
                        default:
                            throw new Error(
                                `Unsupported plugin option: ${proxy.plugin}`,
@@ -99,12 +119,17 @@ export default function URI_Producer() {
                    v: '2',
                    ps: proxy.name,
                    add: proxy.server,
-                    port: proxy.port,
+                    port: `${proxy.port}`,
                    id: proxy.uuid,
-                    type,
-                    aid: 0,
+                    aid: `${proxy.alterId || 0}`,
+                    scy: proxy.cipher,
                    net,
+                    type,
                    tls: proxy.tls ? 'tls' : '',
+                    alpn: Array.isArray(proxy.alpn)
+                        ? proxy.alpn.join(',')
+                        : proxy.alpn,
+                    fp: proxy['client-fingerprint'],
                };
                if (proxy.tls && proxy.sni) {
                    result.sni = proxy.sni;
@@ -115,16 +140,7 @@ export default function URI_Producer() {
                        proxy[`${proxy.network}-opts`]?.path;
                    let vmessTransportHost =
                        proxy[`${proxy.network}-opts`]?.headers?.Host;
-                    if (vmessTransportPath) {
-                        result.path = Array.isArray(vmessTransportPath)
-                            ? vmessTransportPath[0]
-                            : vmessTransportPath;
-                    }
-                    if (vmessTransportHost) {
-                        result.host = Array.isArray(vmessTransportHost)
-                            ? vmessTransportHost[0]
-                            : vmessTransportHost;
-                    }
+
                    if (['grpc'].includes(proxy.network)) {
                        result.path =
                            proxy[`${proxy.network}-opts`]?.[
@@ -134,6 +150,33 @@ export default function URI_Producer() {
                        result.type =
                            proxy[`${proxy.network}-opts`]?.['_grpc-type'] ||
                            'gun';
+                        result.host =
+                            proxy[`${proxy.network}-opts`]?.['_grpc-authority'];
+                    } else if (['kcp', 'quic'].includes(proxy.network)) {
+                        // https://github.com/XTLS/Xray-core/issues/91
+                        result.type =
+                            proxy[`${proxy.network}-opts`]?.[
+                                `_${proxy.network}-type`
+                            ] || 'none';
+                        result.host =
+                            proxy[`${proxy.network}-opts`]?.[
+                                `_${proxy.network}-host`
+                            ];
+                        result.path =
+                            proxy[`${proxy.network}-opts`]?.[
+                                `_${proxy.network}-path`
+                            ];
+                    } else {
+                        if (vmessTransportPath) {
+                            result.path = Array.isArray(vmessTransportPath)
+                                ? vmessTransportPath[0]
+                                : vmessTransportPath;
+                        }
+                        if (vmessTransportHost) {
+                            result.host = Array.isArray(vmessTransportHost)
+                                ? vmessTransportHost[0]
+                                : vmessTransportHost;
+                        }
                    }
                }
                result = 'vmess://' + Base64.encode(JSON.stringify(result));
@@ -143,6 +186,7 @@ export default function URI_Producer() {
                const isReality = proxy['reality-opts'];
                let sid = '';
                let pbk = '';
+                let spx = '';
                if (isReality) {
                    security = 'reality';
                    const publicKey = proxy['reality-opts']?.['public-key'];
@@ -153,6 +197,10 @@ export default function URI_Producer() {
                    if (shortId) {
                        sid = `&sid=${encodeURIComponent(shortId)}`;
                    }
+                    const spiderX = proxy['reality-opts']?.['_spider-x'];
+                    if (spiderX) {
+                        spx = `&spx=${encodeURIComponent(spiderX)}`;
+                    }
                } else if (proxy.tls) {
                    security = 'tls';
                }
@@ -182,6 +230,14 @@ export default function URI_Producer() {
                if (proxy.flow) {
                    flow = `&flow=${encodeURIComponent(proxy.flow)}`;
                }
+                let extra = '';
+                if (proxy._extra) {
+                    extra = `&extra=${encodeURIComponent(proxy._extra)}`;
+                }
+                let mode = '';
+                if (proxy._mode) {
+                    mode = `&mode=${encodeURIComponent(proxy._mode)}`;
+                }
                let vlessType = proxy.network;
                if (
                    proxy.network === 'ws' &&
@@ -196,6 +252,13 @@ export default function URI_Producer() {
                    vlessTransport += `&mode=${encodeURIComponent(
                        proxy[`${proxy.network}-opts`]?.['_grpc-type'] || 'gun',
                    )}`;
+                    const authority =
+                        proxy[`${proxy.network}-opts`]?.['_grpc-authority'];
+                    if (authority) {
+                        vlessTransport += `&authority=${encodeURIComponent(
+                            authority,
+                        )}`;
+                    }
                }

                let vlessTransportServiceName =
@@ -224,12 +287,24 @@ export default function URI_Producer() {
                        vlessTransportServiceName,
                    )}`;
                }
+                if (proxy.network === 'kcp') {
+                    if (proxy.seed) {
+                        vlessTransport += `&seed=${encodeURIComponent(
+                            proxy.seed,
+                        )}`;
+                    }
+                    if (proxy.headerType) {
+                        vlessTransport += `&headerType=${encodeURIComponent(
+                            proxy.headerType,
+                        )}`;
+                    }
+                }

                result = `vless://${proxy.uuid}@${proxy.server}:${
                    proxy.port
                }?security=${encodeURIComponent(
                    security,
-                )}${vlessTransport}${alpn}${allowInsecure}${sni}${fp}${flow}${sid}${pbk}#${encodeURIComponent(
+                )}${vlessTransport}${alpn}${allowInsecure}${sni}${fp}${flow}${sid}${spx}${pbk}${mode}${extra}#${encodeURIComponent(
                    proxy.name,
                )}`;
                break;
@@ -249,11 +324,18 @@ export default function URI_Producer() {
                            proxy[`${proxy.network}-opts`]?.[
                                `${proxy.network}-service-name`
                            ];
+                        let trojanTransportAuthority =
+                            proxy[`${proxy.network}-opts`]?.['_grpc-authority'];
                        if (trojanTransportServiceName) {
                            trojanTransport += `&serviceName=${encodeURIComponent(
                                trojanTransportServiceName,
                            )}`;
                        }
+                        if (trojanTransportAuthority) {
+                            trojanTransport += `&authority=${encodeURIComponent(
+                                trojanTransportAuthority,
+                            )}`;
+                        }
                        trojanTransport += `&mode=${encodeURIComponent(
                            proxy[`${proxy.network}-opts`]?.['_grpc-type'] ||
                                'gun',
@@ -278,14 +360,68 @@ export default function URI_Producer() {
                        )}`;
                    }
                }
+                let trojanFp = '';
+                if (proxy['client-fingerprint']) {
+                    trojanFp = `&fp=${encodeURIComponent(
+                        proxy['client-fingerprint'],
+                    )}`;
+                }
+                let trojanAlpn = '';
+                if (proxy.alpn) {
+                    trojanAlpn = `&alpn=${encodeURIComponent(
+                        Array.isArray(proxy.alpn)
+                            ? proxy.alpn
+                            : proxy.alpn.join(','),
+                    )}`;
+                }
+                const trojanIsReality = proxy['reality-opts'];
+                let trojanSid = '';
+                let trojanPbk = '';
+                let trojanSpx = '';
+                let trojanSecurity = '';
+                let trojanMode = '';
+                let trojanExtra = '';
+                if (trojanIsReality) {
+                    trojanSecurity = `&security=reality`;
+                    const publicKey = proxy['reality-opts']?.['public-key'];
+                    if (publicKey) {
+                        trojanPbk = `&pbk=${encodeURIComponent(publicKey)}`;
+                    }
+                    const shortId = proxy['reality-opts']?.['short-id'];
+                    if (shortId) {
+                        trojanSid = `&sid=${encodeURIComponent(shortId)}`;
+                    }
+                    const spiderX = proxy['reality-opts']?.['_spider-x'];
+                    if (spiderX) {
+                        trojanSpx = `&spx=${encodeURIComponent(spiderX)}`;
+                    }
+                    if (proxy._extra) {
+                        trojanExtra = `&extra=${encodeURIComponent(
+                            proxy._extra,
+                        )}`;
+                    }
+                    if (proxy._mode) {
+                        trojanMode = `&mode=${encodeURIComponent(proxy._mode)}`;
+                    }
+                }
                result = `trojan://${proxy.password}@${proxy.server}:${
                    proxy.port
                }?sni=${encodeURIComponent(proxy.sni || proxy.server)}${
                    proxy['skip-cert-verify'] ? '&allowInsecure=1' : ''
-                }${trojanTransport}#${encodeURIComponent(proxy.name)}`;
+                }${trojanTransport}${trojanAlpn}${trojanFp}${trojanSecurity}${trojanSid}${trojanPbk}${trojanSpx}${trojanMode}${trojanExtra}#${encodeURIComponent(
+                    proxy.name,
+                )}`;
                break;
            case 'hysteria2':
                let hysteria2params = [];
+                if (proxy['hop-interval']) {
+                    hysteria2params.push(
+                        `hop-interval=${proxy['hop-interval']}`,
+                    );
+                }
+                if (proxy['keepalive']) {
+                    hysteria2params.push(`keepalive=${proxy['keepalive']}`);
+                }
                if (proxy['skip-cert-verify']) {
                    hysteria2params.push(`insecure=1`);
                }
@@ -365,7 +501,7 @@ export default function URI_Producer() {
                            hysteriaParams.push(`obfsParam=${proxy[key]}`);
                        } else if (['sni'].includes(key)) {
                            hysteriaParams.push(`peer=${proxy[key]}`);
-                        } else if (proxy[key]) {
+                        } else if (proxy[key] && !/^_/i.test(key)) {
                            hysteriaParams.push(
                                `${i}=${encodeURIComponent(proxy[key])}`,
                            );
@@ -392,6 +528,7 @@ export default function URI_Producer() {
                                'password',
                                'server',
                                'port',
+                                'tls',
                            ].includes(key)
                        ) {
                            const i = key.replace(/-/, '_');
@@ -420,10 +557,19 @@ export default function URI_Producer() {
                                ['disable-sni', 'reduce-rtt'].includes(key) &&
                                proxy[key]
                            ) {
-                                tuicParams.push(`${i}=1`);
-                            } else if (proxy[key]) {
+                                tuicParams.push(`${i.replace(/-/g, '_')}=1`);
+                            } else if (
+                                ['congestion-controller'].includes(key)
+                            ) {
                                tuicParams.push(
-                                    `${i}=${encodeURIComponent(proxy[key])}`,
+                                    `congestion_control=${proxy[key]}`,
+                                );
+                            } else if (proxy[key] && !/^_/i.test(key)) {
+                                tuicParams.push(
+                                    `${i.replace(
+                                        /-/g,
+                                        '_',
+                                    )}=${encodeURIComponent(proxy[key])}`,
                                );
                            }
                        }
@@ -438,6 +584,54 @@ export default function URI_Producer() {
                    )}`;
                }
                break;
+            case 'anytls':
+                let anytlsParams = [];
+                Object.keys(proxy).forEach((key) => {
+                    if (
+                        ![
+                            'name',
+                            'type',
+                            'password',
+                            'server',
+                            'port',
+                            'tls',
+                        ].includes(key)
+                    ) {
+                        const i = key.replace(/-/, '_');
+                        if (['alpn'].includes(key)) {
+                            if (proxy[key]) {
+                                anytlsParams.push(
+                                    `${i}=${encodeURIComponent(
+                                        Array.isArray(proxy[key])
+                                            ? proxy[key][0]
+                                            : proxy[key],
+                                    )}`,
+                                );
+                            }
+                        } else if (['skip-cert-verify'].includes(key)) {
+                            if (proxy[key]) {
+                                anytlsParams.push(`insecure=1`);
+                            }
+                        } else if (['udp'].includes(key)) {
+                            if (proxy[key]) {
+                                anytlsParams.push(`udp=1`);
+                            }
+                        } else if (proxy[key] && !/^_/i.test(key)) {
+                            anytlsParams.push(
+                                `${i.replace(/-/g, '_')}=${encodeURIComponent(
+                                    proxy[key],
+                                )}`,
+                            );
+                        }
+                    }
+                });
+
+                result = `anytls://${encodeURIComponent(proxy.password)}@${
+                    proxy.server
+                }:${proxy.port}/?${anytlsParams.join('&')}#${encodeURIComponent(
+                    proxy.name,
+                )}`;
+                break;
            case 'wireguard':
                let wireguardParams = [];

@@ -459,7 +653,7 @@ export default function URI_Producer() {
                            if (proxy[key]) {
                                wireguardParams.push(`${key}=1`);
                            }
-                        } else if (proxy[key]) {
+                        } else if (proxy[key] && !/^_/i.test(key)) {
                            wireguardParams.push(
                                `${key}=${encodeURIComponent(proxy[key])}`,
                            );
--- a/backend/src/main.js
+++ b/backend/src/main.js
@@ -11,6 +11,7 @@
 * @documentation: https://www.notion.so/Sub-Store-6259586994d34c11a4ced5c406264b46
 */
 import { version } from '../package.json';
+import $ from '@/core/app';
 console.log(
    `
 ┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
@@ -18,7 +19,6 @@ console.log(
 ┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
 `,
 );
-
 import migrate from '@/utils/migration';
 import serve from '@/restful';

--- a/backend/src/products/cron-sync-artifacts.js
+++ b/backend/src/products/cron-sync-artifacts.js
@@ -84,12 +84,15 @@ async function doSync() {
    const files = {};

    try {
+        const valid = [];
        const invalid = [];
        const allSubs = $.read(SUBS_KEY);
        const allCols = $.read(COLLECTIONS_KEY);
        const subNames = [];
+        let enabledCount = 0;
        allArtifacts.map((artifact) => {
            if (artifact.sync && artifact.source) {
+                enabledCount++;
                if (artifact.type === 'subscription') {
                    const subName = artifact.source;
                    const sub = findByName(allSubs, subName);
@@ -110,6 +113,13 @@ async function doSync() {
            }
        });

+        if (enabledCount === 0) {
+            $.info(
+                `需同步的配置: ${enabledCount}, 总数: ${allArtifacts.length}`,
+            );
+            return;
+        }
+
        if (subNames.length > 0) {
            await Promise.all(
                subNames.map(async (subName) => {
@@ -130,6 +140,15 @@ async function doSync() {
                try {
                    if (artifact.sync && artifact.source) {
                        $.info(`正在同步云配置：${artifact.name}...`);
+
+                        const useMihomoExternal =
+                            artifact.platform === 'SurgeMac';
+
+                        if (useMihomoExternal) {
+                            $.info(
+                                `手动指定了 target 为 SurgeMac, 将使用 Mihomo External`,
+                            );
+                        }
                        const output = await produceArtifact({
                            type: artifact.type,
                            name: artifact.source,
@@ -137,6 +156,7 @@ async function doSync() {
                            produceOpts: {
                                'include-unsupported-proxy':
                                    artifact.includeUnsupportedProxy,
+                                useMihomoExternal,
                            },
                        });

@@ -146,27 +166,46 @@ async function doSync() {
                        files[encodeURIComponent(artifact.name)] = {
                            content: output,
                        };
+
+                        valid.push(artifact.name);
                    }
                } catch (e) {
                    $.error(
-                        `同步配置 ${artifact.name} 发生错误: ${e.message ?? e}`,
+                        `生成同步配置 ${artifact.name} 发生错误: ${
+                            e.message ?? e
+                        }`,
                    );
                    invalid.push(artifact.name);
                }
            }),
        );

-        if (invalid.length > 0) {
+        $.info(`${valid.length} 个同步配置生成成功: ${valid.join(', ')}`);
+        $.info(`${invalid.length} 个同步配置生成失败: ${invalid.join(', ')}`);
+
+        if (valid.length === 0) {
            throw new Error(
-                `同步配置 ${invalid.join(', ')} 发生错误 详情请查看日志`,
+                `同步配置 ${invalid.join(', ')} 生成失败 详情请查看日志`,
            );
        }

        const resp = await syncToGist(files);
        const body = JSON.parse(resp.body);
+        delete body.history;
+        delete body.forks;
+        delete body.owner;
+        Object.values(body.files).forEach((file) => {
+            delete file.content;
+        });
+        $.info('上传配置响应:');
+        $.info(JSON.stringify(body, null, 2));

        for (const artifact of allArtifacts) {
-            if (artifact.sync) {
+            if (
+                artifact.sync &&
+                artifact.source &&
+                valid.includes(artifact.name)
+            ) {
                artifact.updated = new Date().getTime();
                // extract real url from gist
                let files = body.files;
@@ -194,9 +233,18 @@ async function doSync() {
        }

        $.write(allArtifacts, ARTIFACTS_KEY);
-        $.notify('🌍 Sub-Store', '全部订阅同步成功！');
+        $.info('上传配置成功');
+
+        if (invalid.length > 0) {
+            $.notify(
+                '🌍 Sub-Store',
+                `同步配置成功 ${valid.length} 个, 失败 ${invalid.length} 个, 详情请查看日志`,
+            );
+        } else {
+            $.notify('🌍 Sub-Store', '同步配置完成');
+        }
    } catch (e) {
-        $.notify('🌍 Sub-Store', '同步订阅失败', `原因：${e.message ?? e}`);
-        $.error(`无法同步订阅配置到 Gist，原因：${e}`);
+        $.notify('🌍 Sub-Store', '同步配置失败', `原因：${e.message ?? e}`);
+        $.error(`无法同步配置到 Gist，原因：${e}`);
    }
 }
--- a/backend/src/products/resource-parser.loon.js
+++ b/backend/src/products/resource-parser.loon.js
@@ -14,10 +14,12 @@ let resourceUrl = typeof $resourceUrl !== 'undefined' ? $resourceUrl : '';
        `
    ┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
         Sub-Store -- v${version}
+         Loon -- ${$loon}
    ┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
    `,
    );

+    const build = $loon.match(/\((\d+)\)$/)?.[1];
    let arg;
    if (typeof $argument != 'undefined') {
        arg = Object.fromEntries(
@@ -26,38 +28,59 @@ let resourceUrl = typeof $resourceUrl !== 'undefined' ? $resourceUrl : '';
    } else {
        arg = {};
    }
+    console.log(`arg: ${JSON.stringify(arg)}`);

    const RESOURCE_TYPE = {
        PROXY: 1,
        RULE: 2,
    };
-
-    result = resource;
+    if (!arg.resourceUrlOnly) {
+        result = resource;
+    }

    if (resourceType === RESOURCE_TYPE.PROXY) {
-        try {
-            let proxies = ProxyUtils.parse(resource);
-            result = ProxyUtils.produce(proxies, 'Loon');
-        } catch (e) {
-            console.log('解析器: 使用 resource 出现错误');
-            console.log(e.message ?? e);
+        if (!arg.resourceUrlOnly) {
+            try {
+                let proxies = ProxyUtils.parse(resource);
+                result = ProxyUtils.produce(proxies, 'Loon', undefined, {
+                    'include-unsupported-proxy':
+                        arg?.includeUnsupportedProxy || build >= 842,
+                });
+            } catch (e) {
+                console.log('解析器: 使用 resource 出现错误');
+                console.log(e.message ?? e);
+            }
        }
        if ((!result || /^\s*$/.test(result)) && resourceUrl) {
            console.log(`解析器: 尝试从 ${resourceUrl} 获取订阅`);
            try {
-                let raw = await download(resourceUrl, arg?.ua, arg?.timeout);
+                let raw = await download(
+                    resourceUrl,
+                    arg?.ua,
+                    arg?.timeout,
+                    undefined,
+                    undefined,
+                    undefined,
+                    undefined,
+                    true,
+                );
                let proxies = ProxyUtils.parse(raw);
-                result = ProxyUtils.produce(proxies, 'Loon');
+                result = ProxyUtils.produce(proxies, 'Loon', undefined, {
+                    'include-unsupported-proxy':
+                        arg?.includeUnsupportedProxy || build >= 842,
+                });
            } catch (e) {
                console.log(e.message ?? e);
            }
        }
    } else if (resourceType === RESOURCE_TYPE.RULE) {
-        try {
-            const rules = RuleUtils.parse(resource);
-            result = RuleUtils.produce(rules, 'Loon');
-        } catch (e) {
-            console.log(e.message ?? e);
+        if (!arg.resourceUrlOnly) {
+            try {
+                const rules = RuleUtils.parse(resource);
+                result = RuleUtils.produce(rules, 'Loon');
+            } catch (e) {
+                console.log(e.message ?? e);
+            }
        }
        if ((!result || /^\s*$/.test(result)) && resourceUrl) {
            console.log(`解析器: 尝试从 ${resourceUrl} 获取规则`);
--- a/backend/src/products/sub-store-0.js
+++ b/backend/src/products/sub-store-0.js
@@ -21,6 +21,7 @@ import registerSettingRoutes from '@/restful/settings';
 import registerMiscRoutes from '@/restful/miscs';
 import registerSortRoutes from '@/restful/sort';
 import registerFileRoutes from '@/restful/file';
+import registerTokenRoutes from '@/restful/token';
 import registerModuleRoutes from '@/restful/module';

 migrate();
@@ -32,6 +33,7 @@ function serve() {
    // register routes
    registerCollectionRoutes($app);
    registerSubscriptionRoutes($app);
+    registerTokenRoutes($app);
    registerFileRoutes($app);
    registerModuleRoutes($app);
    registerArtifactRoutes($app);
--- a/backend/src/restful/collections.js
+++ b/backend/src/restful/collections.js
@@ -1,8 +1,9 @@
 import { deleteByName, findByName, updateByName } from '@/utils/database';
-import { COLLECTIONS_KEY, ARTIFACTS_KEY } from '@/constants';
+import { COLLECTIONS_KEY, ARTIFACTS_KEY, FILES_KEY } from '@/constants';
 import { failed, success } from '@/restful/response';
 import $ from '@/core/app';
 import { RequestInvalidError, ResourceNotFoundError } from '@/restful/errors';
+import { formatDateTime } from '@/utils';

 export default function register($app) {
    if (!$.read(COLLECTIONS_KEY)) $.write({}, COLLECTIONS_KEY);
@@ -50,11 +51,25 @@ function createCollection(req, res) {

 function getCollection(req, res) {
    let { name } = req.params;
+    let { raw } = req.query;
    name = decodeURIComponent(name);
    const allCols = $.read(COLLECTIONS_KEY);
    const collection = findByName(allCols, name);
    if (collection) {
-        success(res, collection);
+        if (raw) {
+            res.set('content-type', 'application/json')
+                .set(
+                    'content-disposition',
+                    `attachment; filename="${encodeURIComponent(
+                        `sub-store_collection_${name}_${formatDateTime(
+                            new Date(),
+                        )}.json`,
+                    )}"`,
+                )
+                .send(JSON.stringify(collection));
+        } else {
+            success(res, collection);
+        }
    } else {
        failed(
            res,
@@ -91,7 +106,18 @@ function updateCollection(req, res) {
                    artifact.source = newCol.name;
                }
            }
+            // update all files referring this collection
+            const allFiles = $.read(FILES_KEY) || [];
+            for (const file of allFiles) {
+                if (
+                    file.sourceType === 'collection' &&
+                    file.sourceName === oldCol.name
+                ) {
+                    file.sourceName = newCol.name;
+                }
+            }
            $.write(allArtifacts, ARTIFACTS_KEY);
+            $.write(allFiles, FILES_KEY);
        }

        updateByName(allCols, name, newCol);
--- a/backend/src/restful/download.js
+++ b/backend/src/restful/download.js
@@ -1,8 +1,11 @@
-import { getPlatformFromHeaders } from '@/utils/user-agent';
+import {
+    getPlatformFromHeaders,
+    shouldIncludeUnsupportedProxy,
+} from '@/utils/user-agent';
 import { ProxyUtils } from '@/core/proxy-utils';
 import { COLLECTIONS_KEY, SUBS_KEY } from '@/constants';
 import { findByName } from '@/utils/database';
-import { getFlowHeaders } from '@/utils/flow';
+import { getFlowHeaders, normalizeFlowHeader } from '@/utils/flow';
 import $ from '@/core/app';
 import { failed } from '@/restful/response';
 import { InternalServerError, ResourceNotFoundError } from '@/restful/errors';
@@ -13,8 +16,44 @@ import { getISO } from '@/utils/geo';
 import env from '@/utils/env';

 export default function register($app) {
+    $app.get('/share/col/:name/:target', async (req, res) => {
+        const { target } = req.params;
+        if (target) {
+            req.query.target = target;
+            $.info(`使用路由指定目标: ${target}`);
+        }
+        await downloadCollection(req, res);
+    });
+    $app.get('/share/col/:name', downloadCollection);
+    $app.get('/share/sub/:name/:target', async (req, res) => {
+        const { target } = req.params;
+        if (target) {
+            req.query.target = target;
+            $.info(`使用路由指定目标: ${target}`);
+        }
+        await downloadSubscription(req, res);
+    });
+    $app.get('/share/sub/:name', downloadSubscription);
+
+    $app.get('/download/collection/:name/:target', async (req, res) => {
+        const { target } = req.params;
+        if (target) {
+            req.query.target = target;
+            $.info(`使用路由指定目标: ${target}`);
+        }
+        await downloadCollection(req, res);
+    });
    $app.get('/download/collection/:name', downloadCollection);
+    $app.get('/download/:name/:target', async (req, res) => {
+        const { target } = req.params;
+        if (target) {
+            req.query.target = target;
+            $.info(`使用路由指定目标: ${target}`);
+        }
+        await downloadSubscription(req, res);
+    });
    $app.get('/download/:name', downloadSubscription);
+
    $app.get(
        '/download/collection/:name/api/v1/server/details',
        async (req, res) => {
@@ -52,13 +91,13 @@ async function downloadSubscription(req, res) {
    name = decodeURIComponent(name);
    nezhaIndex = decodeURIComponent(nezhaIndex);

+    const useMihomoExternal = req.query.target === 'SurgeMac';
+
    const platform =
        req.query.target || getPlatformFromHeaders(req.headers) || 'JSON';
-
+    const reqUA = req.headers['user-agent'] || req.headers['User-Agent'];
    $.info(
-        `正在下载订阅：${name}\n请求 User-Agent: ${
-            req.headers['user-agent'] || req.headers['User-Agent']
-        }`,
+        `正在下载订阅：${name}\n请求 User-Agent: ${reqUA}\n请求 target: ${req.query.target}\n实际输出: ${platform}`,
    );
    let {
        url,
@@ -69,19 +108,58 @@ async function downloadSubscription(req, res) {
        produceType,
        includeUnsupportedProxy,
        resultFormat,
+        proxy,
+        noCache,
    } = req.query;
+    let $options = {
+        _req: {
+            method: req.method,
+            url: req.url,
+            path: req.path,
+            query: req.query,
+            params: req.params,
+            headers: req.headers,
+            body: req.body,
+        },
+    };
+    if (req.query.$options) {
+        try {
+            // 支持 `#${encodeURIComponent(JSON.stringify({arg1: "1"}))}`
+            $options = JSON.parse(decodeURIComponent(req.query.$options));
+        } catch (e) {
+            for (const pair of req.query.$options.split('&')) {
+                const key = pair.split('=')[0];
+                const value = pair.split('=')[1];
+                // 部分兼容之前的逻辑 const value = pair.split('=')[1] || true;
+                $options[key] =
+                    value == null || value === ''
+                        ? true
+                        : decodeURIComponent(value);
+            }
+        }
+        $.info(`传入 $options: ${JSON.stringify($options)}`);
+    }
    if (url) {
        url = decodeURIComponent(url);
        $.info(`指定远程订阅 URL: ${url}`);
-    }
-    if (ua) {
-        ua = decodeURIComponent(ua);
-        $.info(`指定远程订阅 User-Agent: ${ua}`);
+        if (!/^https?:\/\//.test(url)) {
+            content = url;
+            $.info(`URL 不是链接，视为本地订阅`);
+        }
    }
    if (content) {
        content = decodeURIComponent(content);
        $.info(`指定本地订阅: ${content}`);
    }
+    if (proxy) {
+        proxy = decodeURIComponent(proxy);
+        $.info(`指定远程订阅使用代理/策略 proxy: ${proxy}`);
+    }
+    if (ua) {
+        ua = decodeURIComponent(ua);
+        $.info(`指定远程订阅 User-Agent: ${ua}`);
+    }
+
    if (mergeSources) {
        mergeSources = decodeURIComponent(mergeSources);
        $.info(`指定合并来源: ${mergeSources}`);
@@ -96,13 +174,40 @@ async function downloadSubscription(req, res) {
    }
    if (includeUnsupportedProxy) {
        includeUnsupportedProxy = decodeURIComponent(includeUnsupportedProxy);
-        $.info(`包含不支持的节点: ${includeUnsupportedProxy}`);
+        $.info(
+            `包含官方/商店版/未续费订阅不支持的协议: ${includeUnsupportedProxy}`,
+        );
+    }
+
+    if (
+        !includeUnsupportedProxy &&
+        shouldIncludeUnsupportedProxy(platform, reqUA)
+    ) {
+        includeUnsupportedProxy = true;
+        $.info(
+            `当前客户端可包含官方/商店版/未续费订阅不支持的协议: ${includeUnsupportedProxy}`,
+        );
+    }
+
+    if (useMihomoExternal) {
+        $.info(`手动指定了 target 为 SurgeMac, 将使用 Mihomo External`);
+    }
+
+    if (noCache) {
+        $.info(`指定不使用缓存: ${noCache}`);
    }

    const allSubs = $.read(SUBS_KEY);
    const sub = findByName(allSubs, name);
    if (sub) {
        try {
+            const passThroughUA = sub.passThroughUA;
+            if (passThroughUA) {
+                $.info(
+                    `订阅开启了透传 User-Agent, 使用请求的 User-Agent: ${reqUA}`,
+                );
+                ua = reqUA;
+            }
            let output = await produceArtifact({
                type: 'subscription',
                name,
@@ -115,9 +220,13 @@ async function downloadSubscription(req, res) {
                produceType,
                produceOpts: {
                    'include-unsupported-proxy': includeUnsupportedProxy,
+                    useMihomoExternal,
                },
+                $options,
+                proxy,
+                noCache,
            });
-
+            let flowInfo;
            if (
                sub.source !== 'local' ||
                ['localFirst', 'remoteFirst'].includes(sub.mergeSources)
@@ -150,17 +259,20 @@ async function downloadSubscription(req, res) {
                            }
                        }
                    }
-                    if (!$arguments.noFlow) {
+                    if (!$arguments.noFlow && /^https?/.test(url)) {
                        // forward flow headers
-                        const flowInfo = await getFlowHeaders(
-                            url,
+                        flowInfo = await getFlowHeaders(
+                            $arguments?.insecure ? `${url}#insecure` : url,
                            $arguments.flowUserAgent,
                            undefined,
-                            sub.proxy,
+                            proxy || sub.proxy,
                            $arguments.flowUrl,
                        );
                        if (flowInfo) {
-                            res.set('subscription-userinfo', flowInfo);
+                            res.set(
+                                'subscription-userinfo',
+                                normalizeFlowHeader(flowInfo),
+                            );
                        }
                    }
                } catch (err) {
@@ -172,7 +284,32 @@ async function downloadSubscription(req, res) {
                }
            }
            if (sub.subUserinfo) {
-                res.set('subscription-userinfo', sub.subUserinfo);
+                let subUserInfo;
+                if (/^https?:\/\//.test(sub.subUserinfo)) {
+                    try {
+                        subUserInfo = await getFlowHeaders(
+                            undefined,
+                            undefined,
+                            undefined,
+                            proxy || sub.proxy,
+                            sub.subUserinfo,
+                        );
+                    } catch (e) {
+                        $.error(
+                            `订阅 ${name} 使用自定义流量链接 ${
+                                sub.subUserinfo
+                            } 获取流量信息时发生错误: ${JSON.stringify(e)}`,
+                        );
+                    }
+                } else {
+                    subUserInfo = sub.subUserinfo;
+                }
+                res.set(
+                    'subscription-userinfo',
+                    normalizeFlowHeader(
+                        [subUserInfo, flowInfo].filter((i) => i).join(';'),
+                    ),
+                );
            }

            if (platform === 'JSON') {
@@ -211,7 +348,7 @@ async function downloadSubscription(req, res) {
            );
        }
    } else {
-        $.notify(`🌍 Sub-Store 下载订阅失败`, `❌ 未找到订阅：${name}！`);
+        $.error(`🌍 Sub-Store 下载订阅失败\n❌ 未找到订阅：${name}！`);
        failed(
            res,
            new ResourceNotFoundError(
@@ -228,16 +365,16 @@ async function downloadCollection(req, res) {
    name = decodeURIComponent(name);
    nezhaIndex = decodeURIComponent(nezhaIndex);

+    const useMihomoExternal = req.query.target === 'SurgeMac';
+
    const platform =
        req.query.target || getPlatformFromHeaders(req.headers) || 'JSON';

    const allCols = $.read(COLLECTIONS_KEY);
    const collection = findByName(allCols, name);
-
+    const reqUA = req.headers['user-agent'] || req.headers['User-Agent'];
    $.info(
-        `正在下载组合订阅：${name}\n请求 User-Agent: ${
-            req.headers['user-agent'] || req.headers['User-Agent']
-        }`,
+        `正在下载组合订阅：${name}\n请求 User-Agent: ${reqUA}\n请求 target: ${req.query.target}\n实际输出: ${platform}`,
    );

    let {
@@ -245,8 +382,44 @@ async function downloadCollection(req, res) {
        produceType,
        includeUnsupportedProxy,
        resultFormat,
+        proxy,
+        noCache,
    } = req.query;

+    let $options = {
+        _req: {
+            method: req.method,
+            url: req.url,
+            path: req.path,
+            query: req.query,
+            params: req.params,
+            headers: req.headers,
+            body: req.body,
+        },
+    };
+    if (req.query.$options) {
+        try {
+            // 支持 `#${encodeURIComponent(JSON.stringify({arg1: "1"}))}`
+            $options = JSON.parse(decodeURIComponent(req.query.$options));
+        } catch (e) {
+            for (const pair of req.query.$options.split('&')) {
+                const key = pair.split('=')[0];
+                const value = pair.split('=')[1];
+                // 部分兼容之前的逻辑 const value = pair.split('=')[1] || true;
+                $options[key] =
+                    value == null || value === ''
+                        ? true
+                        : decodeURIComponent(value);
+            }
+        }
+        $.info(`传入 $options: ${JSON.stringify($options)}`);
+    }
+
+    if (proxy) {
+        proxy = decodeURIComponent(proxy);
+        $.info(`指定远程订阅使用代理/策略 proxy: ${proxy}`);
+    }
+
    if (ignoreFailedRemoteSub != null && ignoreFailedRemoteSub !== '') {
        ignoreFailedRemoteSub = decodeURIComponent(ignoreFailedRemoteSub);
        $.info(`指定忽略失败的远程订阅: ${ignoreFailedRemoteSub}`);
@@ -258,7 +431,24 @@ async function downloadCollection(req, res) {

    if (includeUnsupportedProxy) {
        includeUnsupportedProxy = decodeURIComponent(includeUnsupportedProxy);
-        $.info(`包含不支持的节点: ${includeUnsupportedProxy}`);
+        $.info(
+            `包含官方/商店版/未续费订阅不支持的协议: ${includeUnsupportedProxy}`,
+        );
+    }
+    if (
+        !includeUnsupportedProxy &&
+        shouldIncludeUnsupportedProxy(platform, reqUA)
+    ) {
+        includeUnsupportedProxy = true;
+        $.info(
+            `当前客户端可包含官方/商店版/未续费订阅不支持的协议: ${includeUnsupportedProxy}`,
+        );
+    }
+    if (useMihomoExternal) {
+        $.info(`手动指定了 target 为 SurgeMac, 将使用 Mihomo External`);
+    }
+    if (noCache) {
+        $.info(`指定不使用缓存: ${noCache}`);
    }

    if (collection) {
@@ -271,9 +461,14 @@ async function downloadCollection(req, res) {
                produceType,
                produceOpts: {
                    'include-unsupported-proxy': includeUnsupportedProxy,
+                    useMihomoExternal,
                },
+                $options,
+                proxy,
+                noCache,
+                ua: reqUA,
            });
-
+            let subUserInfoOfSub;
            // forward flow header from the first subscription in this collection
            const allSubs = $.read(SUBS_KEY);
            const subnames = collection.subscriptions;
@@ -311,17 +506,14 @@ async function downloadCollection(req, res) {
                                }
                            }
                        }
-                        if (!$arguments.noFlow) {
-                            const flowInfo = await getFlowHeaders(
-                                url,
+                        if (!$arguments.noFlow && /^https?:/.test(url)) {
+                            subUserInfoOfSub = await getFlowHeaders(
+                                $arguments?.insecure ? `${url}#insecure` : url,
                                $arguments.flowUserAgent,
                                undefined,
-                                sub.proxy,
+                                proxy || sub.proxy || collection.proxy,
                                $arguments.flowUrl,
                            );
-                            if (flowInfo) {
-                                res.set('subscription-userinfo', flowInfo);
-                            }
                        }
                    } catch (err) {
                        $.error(
@@ -332,10 +524,63 @@ async function downloadCollection(req, res) {
                    }
                }
                if (sub.subUserinfo) {
-                    res.set('subscription-userinfo', sub.subUserinfo);
+                    let subUserInfo;
+                    if (/^https?:\/\//.test(sub.subUserinfo)) {
+                        try {
+                            subUserInfo = await getFlowHeaders(
+                                undefined,
+                                undefined,
+                                undefined,
+                                proxy || sub.proxy,
+                                sub.subUserinfo,
+                            );
+                        } catch (e) {
+                            $.error(
+                                `组合订阅 ${name} 使用自定义流量链接 ${
+                                    sub.subUserinfo
+                                } 获取流量信息时发生错误: ${JSON.stringify(e)}`,
+                            );
+                        }
+                    } else {
+                        subUserInfo = sub.subUserinfo;
+                    }
+                    subUserInfoOfSub = [subUserInfo, subUserInfoOfSub]
+                        .filter((i) => i)
+                        .join('; ');
                }
            }

+            $.info(`组合订阅 ${name} 透传的的流量信息: ${subUserInfoOfSub}`);
+
+            let subUserInfoOfCol;
+            if (/^https?:\/\//.test(collection.subUserinfo)) {
+                try {
+                    subUserInfoOfCol = await getFlowHeaders(
+                        undefined,
+                        undefined,
+                        undefined,
+                        proxy || collection.proxy,
+                        collection.subUserinfo,
+                    );
+                } catch (e) {
+                    $.error(
+                        `组合订阅 ${name} 使用自定义流量链接 ${
+                            collection.subUserinfo
+                        } 获取流量信息时发生错误: ${JSON.stringify(e)}`,
+                    );
+                }
+            } else {
+                subUserInfoOfCol = collection.subUserinfo;
+            }
+            const subUserInfo = [subUserInfoOfCol, subUserInfoOfSub]
+                .filter((i) => i)
+                .join('; ');
+            if (subUserInfo) {
+                res.set(
+                    'subscription-userinfo',
+                    normalizeFlowHeader(subUserInfo),
+                );
+            }
            if (platform === 'JSON') {
                if (resultFormat === 'nezha') {
                    output = nezhaTransform(output);
@@ -371,7 +616,7 @@ async function downloadCollection(req, res) {
            );
        }
    } else {
-        $.notify(
+        $.error(
            `🌍 Sub-Store 下载组合订阅失败`,
            `❌ 未找到组合订阅：${name}！`,
        );
--- a/backend/src/restful/file.js
+++ b/backend/src/restful/file.js
@@ -1,6 +1,6 @@
 import { deleteByName, findByName, updateByName } from '@/utils/database';
-import { getFlowHeaders } from '@/utils/flow';
-import { FILES_KEY } from '@/constants';
+import { getFlowHeaders, normalizeFlowHeader } from '@/utils/flow';
+import { FILES_KEY, ARTIFACTS_KEY } from '@/constants';
 import { failed, success } from '@/restful/response';
 import $ from '@/core/app';
 import {
@@ -9,10 +9,13 @@ import {
    InternalServerError,
 } from '@/restful/errors';
 import { produceArtifact } from '@/restful/sync';
+import { formatDateTime } from '@/utils';

 export default function register($app) {
    if (!$.read(FILES_KEY)) $.write([], FILES_KEY);

+    $app.get('/share/file/:name', getFile);
+
    $app.route('/api/file/:name')
        .get(getFile)
        .patch(updateFile)
@@ -49,8 +52,8 @@ function createFile(req, res) {
 async function getFile(req, res) {
    let { name } = req.params;
    name = decodeURIComponent(name);
-
-    $.info(`正在下载文件：${name}`);
+    const reqUA = req.headers['user-agent'] || req.headers['User-Agent'];
+    $.info(`正在下载文件：${name}\n请求 User-Agent: ${reqUA}`);
    let {
        url,
        subInfoUrl,
@@ -59,11 +62,46 @@ async function getFile(req, res) {
        content,
        mergeSources,
        ignoreFailedRemoteFile,
+        proxy,
+        noCache,
+        produceType,
    } = req.query;
+    let $options = {
+        _req: {
+            method: req.method,
+            url: req.url,
+            path: req.path,
+            query: req.query,
+            params: req.params,
+            headers: req.headers,
+            body: req.body,
+        },
+    };
+    if (req.query.$options) {
+        try {
+            // 支持 `#${encodeURIComponent(JSON.stringify({arg1: "1"}))}`
+            $options = JSON.parse(decodeURIComponent(req.query.$options));
+        } catch (e) {
+            for (const pair of req.query.$options.split('&')) {
+                const key = pair.split('=')[0];
+                const value = pair.split('=')[1];
+                // 部分兼容之前的逻辑 const value = pair.split('=')[1] || true;
+                $options[key] =
+                    value == null || value === ''
+                        ? true
+                        : decodeURIComponent(value);
+            }
+        }
+        $.info(`传入 $options: ${JSON.stringify($options)}`);
+    }
    if (url) {
        url = decodeURIComponent(url);
        $.info(`指定远程文件 URL: ${url}`);
    }
+    if (proxy) {
+        proxy = decodeURIComponent(proxy);
+        $.info(`指定远程订阅使用代理/策略 proxy: ${proxy}`);
+    }
    if (ua) {
        ua = decodeURIComponent(ua);
        $.info(`指定远程文件 User-Agent: ${ua}`);
@@ -88,6 +126,13 @@ async function getFile(req, res) {
        ignoreFailedRemoteFile = decodeURIComponent(ignoreFailedRemoteFile);
        $.info(`指定忽略失败的远程文件: ${ignoreFailedRemoteFile}`);
    }
+    if (noCache) {
+        $.info(`指定不使用缓存: ${noCache}`);
+    }
+    if (produceType) {
+        produceType = decodeURIComponent(produceType);
+        $.info(`指定生产类型: ${produceType}`);
+    }

    const allFiles = $.read(FILES_KEY);
    const file = findByName(allFiles, name);
@@ -101,6 +146,11 @@ async function getFile(req, res) {
                content,
                mergeSources,
                ignoreFailedRemoteFile,
+                $options,
+                proxy,
+                noCache,
+                produceType,
+                all: true,
            });

            try {
@@ -110,9 +160,14 @@ async function getFile(req, res) {
                    const flowInfo = await getFlowHeaders(
                        subInfoUrl,
                        subInfoUserAgent || file.subInfoUserAgent,
+                        undefined,
+                        proxy || file.proxy,
                    );
                    if (flowInfo) {
-                        res.set('subscription-userinfo', flowInfo);
+                        res.set(
+                            'subscription-userinfo',
+                            normalizeFlowHeader(flowInfo),
+                        );
                    }
                }
            } catch (err) {
@@ -122,10 +177,23 @@ async function getFile(req, res) {
                    )}`,
                );
            }
-
-            res.set('Content-Type', 'text/plain; charset=utf-8').send(
-                output ?? '',
-            );
+            if (file.download) {
+                res.set(
+                    'Content-Disposition',
+                    `attachment; filename*=UTF-8''${encodeURIComponent(
+                        file.displayName || file.name,
+                    )}`,
+                );
+            }
+            res.set('Content-Type', 'text/plain; charset=utf-8');
+            if (output?.$options?._res?.headers) {
+                Object.entries(output.$options._res.headers).forEach(
+                    ([key, value]) => {
+                        res.set(key, value);
+                    },
+                );
+            }
+            res.send(output?.$content ?? '');
        } catch (err) {
            $.notify(
                `🌍 Sub-Store 下载文件失败`,
@@ -143,7 +211,7 @@ async function getFile(req, res) {
            );
        }
    } else {
-        $.notify(`🌍 Sub-Store 下载文件失败`, `❌ 未找到文件：${name}！`);
+        $.error(`🌍 Sub-Store 下载文件失败\n❌ 未找到文件：${name}！`);
        failed(
            res,
            new ResourceNotFoundError(
@@ -156,11 +224,25 @@ async function getFile(req, res) {
 }
 function getWholeFile(req, res) {
    let { name } = req.params;
+    let { raw } = req.query;
    name = decodeURIComponent(name);
    const allFiles = $.read(FILES_KEY);
    const file = findByName(allFiles, name);
    if (file) {
-        success(res, file);
+        if (raw) {
+            res.set('content-type', 'application/json')
+                .set(
+                    'content-disposition',
+                    `attachment; filename="${encodeURIComponent(
+                        `sub-store_file_${name}_${formatDateTime(
+                            new Date(),
+                        )}.json`,
+                    )}"`,
+                )
+                .send(JSON.stringify(file));
+        } else {
+            success(res, file);
+        }
    } else {
        failed(
            res,
@@ -186,6 +268,20 @@ function updateFile(req, res) {
        };
        $.info(`正在更新文件：${name}...`);

+        if (name !== newFile.name) {
+            // update all artifacts referring this collection
+            const allArtifacts = $.read(ARTIFACTS_KEY) || [];
+            for (const artifact of allArtifacts) {
+                if (
+                    artifact.type === 'file' &&
+                    artifact.source === oldFile.name
+                ) {
+                    artifact.source = newFile.name;
+                }
+            }
+            $.write(allArtifacts, ARTIFACTS_KEY);
+        }
+
        updateByName(allFiles, name, newFile);
        $.write(allFiles, FILES_KEY);
        success(res, newFile);
--- a/backend/src/restful/index.js
+++ b/backend/src/restful/index.js
@@ -1,13 +1,18 @@
+import { Base64 } from 'js-base64';
+import _ from 'lodash';
 import express from '@/vendor/express';
 import $ from '@/core/app';
 import migrate from '@/utils/migration';
-import download from '@/utils/download';
-import { syncArtifacts } from '@/restful/sync';
+import download, { downloadFile } from '@/utils/download';
+import { syncArtifacts, produceArtifact } from '@/restful/sync';
+import { gistBackupAction } from '@/restful/miscs';
+import { TOKENS_KEY } from '@/constants';

 import registerSubscriptionRoutes from './subscriptions';
 import registerCollectionRoutes from './collections';
 import registerArtifactRoutes from './artifacts';
 import registerFileRoutes from './file';
+import registerTokenRoutes from './token';
 import registerModuleRoutes from './module';
 import registerSyncRoutes from './sync';
 import registerDownloadRoutes from './download';
@@ -26,6 +31,77 @@ export default function serve() {
        host = eval('process.env.SUB_STORE_BACKEND_API_HOST') || '::';
    }
    const $app = express({ substore: $, port, host });
+    if ($.env.isNode) {
+        const be_merge = eval('process.env.SUB_STORE_BACKEND_MERGE');
+        const be_prefix = eval('process.env.SUB_STORE_BACKEND_PREFIX');
+        const fe_be_path = eval('process.env.SUB_STORE_FRONTEND_BACKEND_PATH');
+        const fe_path = eval('process.env.SUB_STORE_FRONTEND_PATH');
+        if (be_prefix || be_merge) {
+            if (!fe_be_path.startsWith('/')) {
+                throw new Error(
+                    'SUB_STORE_FRONTEND_BACKEND_PATH should start with /',
+                );
+            }
+            if (be_merge) {
+                $.info(`[BACKEND] MERGE mode is [ON].`);
+                $.info(`[BACKEND && FRONTEND] ${host}:${port}`);
+            }
+            $.info(`[BACKEND PREFIX] ${host}:${port}${fe_be_path}`);
+            $app.use((req, res, next) => {
+                if (req.path.startsWith(fe_be_path)) {
+                    req.url = req.url.replace(fe_be_path, '') || '/';
+                    if (be_merge && req.url.startsWith('/api/')) {
+                        req.query['share'] = 'true';
+                    }
+                    next();
+                    return;
+                }
+                const pathname =
+                    decodeURIComponent(req._parsedUrl.pathname) || '/';
+                if (
+                    be_merge &&
+                    req.path.startsWith('/share/') &&
+                    req.query.token
+                ) {
+                    if (req.method.toLowerCase() !== 'get') {
+                        res.status(405).send('Method not allowed');
+                        return;
+                    }
+                    const tokens = $.read(TOKENS_KEY) || [];
+                    const token = tokens.find(
+                        (t) =>
+                            t.token === req.query.token &&
+                            `/share/${t.type}/${t.name}` === pathname &&
+                            (t.exp == null || t.exp > Date.now()),
+                    );
+                    if (token) {
+                        next();
+                        return;
+                    }
+                }
+                if (be_merge && fe_path && req.path.indexOf('/', 1) == -1) {
+                    if (req.path.indexOf('.') == -1) {
+                        req.url = '/index.html';
+                    }
+                    const express_ = eval(`require("express")`);
+                    const mime_ = eval(`require("mime-types")`);
+                    const path_ = eval(`require("path")`);
+                    const staticFileMiddleware = express_.static(fe_path, {
+                        setHeaders: (res, path) => {
+                            const type = mime_.contentType(path_.extname(path));
+                            if (type) {
+                                res.set('Content-Type', type);
+                            }
+                        },
+                    });
+                    staticFileMiddleware(req, res, next);
+                    return;
+                }
+                res.status(403).end('Forbbiden');
+                return;
+            });
+        }
+    }
    // register routes
    registerCollectionRoutes($app);
    registerSubscriptionRoutes($app);
@@ -35,6 +111,7 @@ export default function serve() {
    registerSettingRoutes($app);
    registerArtifactRoutes($app);
    registerFileRoutes($app);
+    registerTokenRoutes($app);
    registerModuleRoutes($app);
    registerSyncRoutes($app);
    registerNodeInfoRoutes($app);
@@ -44,20 +121,180 @@ export default function serve() {
    $app.start();

    if ($.env.isNode) {
-        const backend_cron = eval('process.env.SUB_STORE_BACKEND_CRON');
-        if (backend_cron) {
-            $.info(`[CRON] ${backend_cron} enabled`);
+        // Deprecated: SUB_STORE_BACKEND_CRON, SUB_STORE_CRON
+        const backend_sync_cron = eval(
+            'process.env.SUB_STORE_BACKEND_SYNC_CRON',
+        );
+
+        if (backend_sync_cron) {
+            $.info(`[SYNC CRON] ${backend_sync_cron} enabled`);
            const { CronJob } = eval(`require("cron")`);
            new CronJob(
-                backend_cron,
+                backend_sync_cron,
                async function () {
                    try {
-                        $.info(`[CRON] ${backend_cron} started`);
+                        $.info(`[SYNC CRON] ${backend_sync_cron} started`);
                        await syncArtifacts();
-                        $.info(`[CRON] ${backend_cron} finished`);
+                        $.info(`[SYNC CRON] ${backend_sync_cron} finished`);
                    } catch (e) {
                        $.error(
-                            `[CRON] ${backend_cron} error: ${e.message ?? e}`,
+                            `[SYNC CRON] ${backend_sync_cron} error: ${
+                                e.message ?? e
+                            }`,
+                        );
+                    }
+                }, // onTick
+                null, // onComplete
+                true, // start
+                // 'Asia/Shanghai' // timeZone
+            );
+        } else {
+            if (eval('process.env.SUB_STORE_BACKEND_CRON')) {
+                $.error(
+                    `[SYNC CRON] SUB_STORE_BACKEND_CRON 已弃用, 请使用 SUB_STORE_BACKEND_SYNC_CRON`,
+                );
+            }
+            if (eval('process.env.SUB_STORE_CRON')) {
+                $.error(
+                    `[SYNC CRON] SUB_STORE_CRON 已弃用, 请使用 SUB_STORE_BACKEND_SYNC_CRON`,
+                );
+            }
+        }
+        // 格式: 0 */2 * * *,sub,a;0 */3 * * *,col,b
+        // 每 2 小时处理一次单条订阅 a, 每 3 小时处理一次组合订阅 b
+        const produce_cron = eval('process.env.SUB_STORE_PRODUCE_CRON');
+        if (produce_cron) {
+            $.info(`[PRODUCE CRON] ${produce_cron} enabled`);
+            const { CronJob } = eval(`require("cron")`);
+            produce_cron.split(/\s*;\s*/).map((item) => {
+                const [cron, type, name] = item.split(/\s*,\s*/);
+                new CronJob(
+                    cron.trim(),
+                    async function () {
+                        try {
+                            $.info(
+                                `[PRODUCE CRON] ${type} ${name} ${cron} started`,
+                            );
+                            await produceArtifact({ type, name });
+                            $.info(
+                                `[PRODUCE CRON] ${type} ${name} ${cron} finished`,
+                            );
+                        } catch (e) {
+                            $.error(
+                                `[PRODUCE CRON] ${type} ${name} ${cron} error: ${
+                                    e.message ?? e
+                                }`,
+                            );
+                        }
+                    }, // onTick
+                    null, // onComplete
+                    true, // start
+                    // 'Asia/Shanghai' // timeZone
+                );
+            });
+        }
+        const backend_download_cron = eval(
+            'process.env.SUB_STORE_BACKEND_DOWNLOAD_CRON',
+        );
+        if (backend_download_cron) {
+            $.info(`[DOWNLOAD CRON] ${backend_download_cron} enabled`);
+            const { CronJob } = eval(`require("cron")`);
+            new CronJob(
+                backend_download_cron,
+                async function () {
+                    try {
+                        $.info(
+                            `[DOWNLOAD CRON] ${backend_download_cron} started`,
+                        );
+                        await gistBackupAction('download');
+                        $.info(
+                            `[DOWNLOAD CRON] ${backend_download_cron} finished`,
+                        );
+                    } catch (e) {
+                        $.error(
+                            `[DOWNLOAD CRON] ${backend_download_cron} error: ${
+                                e.message ?? e
+                            }`,
+                        );
+                    }
+                }, // onTick
+                null, // onComplete
+                true, // start
+                // 'Asia/Shanghai' // timeZone
+            );
+        }
+        const backend_upload_cron = eval(
+            'process.env.SUB_STORE_BACKEND_UPLOAD_CRON',
+        );
+        if (backend_upload_cron) {
+            $.info(`[UPLOAD CRON] ${backend_upload_cron} enabled`);
+            const { CronJob } = eval(`require("cron")`);
+            new CronJob(
+                backend_upload_cron,
+                async function () {
+                    try {
+                        $.info(`[UPLOAD CRON] ${backend_upload_cron} started`);
+                        await gistBackupAction('upload');
+                        $.info(`[UPLOAD CRON] ${backend_upload_cron} finished`);
+                    } catch (e) {
+                        $.error(
+                            `[UPLOAD CRON] ${backend_upload_cron} error: ${
+                                e.message ?? e
+                            }`,
+                        );
+                    }
+                }, // onTick
+                null, // onComplete
+                true, // start
+                // 'Asia/Shanghai' // timeZone
+            );
+        }
+        const mmdb_cron = eval('process.env.SUB_STORE_MMDB_CRON');
+        const countryFile = eval('process.env.SUB_STORE_MMDB_COUNTRY_PATH');
+        const countryUrl = eval('process.env.SUB_STORE_MMDB_COUNTRY_URL');
+        const asnFile = eval('process.env.SUB_STORE_MMDB_ASN_PATH');
+        const asnUrl = eval('process.env.SUB_STORE_MMDB_ASN_URL');
+        if (mmdb_cron && ((countryFile && countryUrl) || (asnFile && asnUrl))) {
+            $.info(`[MMDB CRON] ${mmdb_cron} enabled`);
+            const { CronJob } = eval(`require("cron")`);
+            new CronJob(
+                mmdb_cron,
+                async function () {
+                    try {
+                        $.info(`[MMDB CRON] ${mmdb_cron} started`);
+                        if (countryFile && countryUrl) {
+                            try {
+                                $.info(
+                                    `[MMDB CRON] downloading ${countryUrl} to ${countryFile}`,
+                                );
+                                await downloadFile(countryUrl, countryFile);
+                            } catch (e) {
+                                $.error(
+                                    `[MMDB CRON] ${countryUrl} download failed: ${
+                                        e.message ?? e
+                                    }`,
+                                );
+                            }
+                        }
+                        if (asnFile && asnUrl) {
+                            try {
+                                $.info(
+                                    `[MMDB CRON] downloading ${asnUrl} to ${asnFile}`,
+                                );
+                                await downloadFile(asnUrl, asnFile);
+                            } catch (e) {
+                                $.error(
+                                    `[MMDB CRON] ${asnUrl} download failed: ${
+                                        e.message ?? e
+                                    }`,
+                                );
+                            }
+                        }
+
+                        $.info(`[MMDB CRON] ${mmdb_cron} finished`);
+                    } catch (e) {
+                        $.error(
+                            `[MMDB CRON] ${mmdb_cron} error: ${e.message ?? e}`,
                        );
                    }
                }, // onTick
@@ -69,6 +306,7 @@ export default function serve() {
        const path = eval(`require("path")`);
        const fs = eval(`require("fs")`);
        const data_url = eval('process.env.SUB_STORE_DATA_URL');
+        const data_url_post = eval('process.env.SUB_STORE_DATA_URL_POST');
        const fe_be_path = eval('process.env.SUB_STORE_FRONTEND_BACKEND_PATH');
        const fe_port = eval('process.env.SUB_STORE_FRONTEND_PORT') || 3001;
        const fe_host =
@@ -77,11 +315,12 @@ export default function serve() {
        const fe_abs_path = path.resolve(
            fe_path || path.join(__dirname, 'frontend'),
        );
-        if (fe_path) {
+        const be_merge = eval('process.env.SUB_STORE_BACKEND_MERGE');
+        if (fe_path && !be_merge) {
            try {
                fs.accessSync(path.join(fe_abs_path, 'index.html'));
            } catch (e) {
-                throw new Error(
+                $.error(
                    `[FRONTEND] index.html file not found in ${fe_abs_path}`,
                );
            }
@@ -96,10 +335,15 @@ export default function serve() {

            const staticFileMiddleware = express_.static(fe_path);

-            let be_api_rewrite = '';
-            let be_download_rewrite = '';
            let be_api = '/api/';
            let be_download = '/download/';
+            let be_share = '/share/';
+            let be_download_rewrite = '';
+            let be_api_rewrite = '';
+            let be_share_rewrite = `${be_share}:type/:name`;
+            let prefix = eval('process.env.SUB_STORE_BACKEND_PREFIX')
+                ? fe_be_path
+                : '';
            if (fe_be_path) {
                if (!fe_be_path.startsWith('/')) {
                    throw new Error(
@@ -112,28 +356,44 @@ export default function serve() {
                be_download_rewrite = `${
                    fe_be_path === '/' ? '' : fe_be_path
                }${be_download}`;
+
+                app.use(
+                    be_share_rewrite,
+                    createProxyMiddleware({
+                        target: `http://127.0.0.1:${port}${prefix}`,
+                        changeOrigin: true,
+                        pathRewrite: async (path, req) => {
+                            if (req.method.toLowerCase() !== 'get')
+                                throw new Error('Method not allowed');
+                            const tokens = $.read(TOKENS_KEY) || [];
+                            const token = tokens.find(
+                                (t) =>
+                                    t.token === req.query.token &&
+                                    t.type === req.params.type &&
+                                    t.name === req.params.name &&
+                                    (t.exp == null || t.exp > Date.now()),
+                            );
+                            if (!token) throw new Error('Forbbiden');
+                            return req.originalUrl;
+                        },
+                    }),
+                );
                app.use(
                    be_api_rewrite,
                    createProxyMiddleware({
-                        target: `http://127.0.0.1:${port}`,
-                        changeOrigin: true,
-                        pathRewrite: (path) => {
-                            return path.startsWith(be_api_rewrite)
-                                ? path.replace(be_api_rewrite, be_api)
-                                : path;
+                        target: `http://127.0.0.1:${port}${prefix}${be_api}`,
+                        pathRewrite: async (path) => {
+                            return path.includes('?')
+                                ? `${path}&share=true`
+                                : `${path}?share=true`;
                        },
                    }),
                );
                app.use(
                    be_download_rewrite,
                    createProxyMiddleware({
-                        target: `http://127.0.0.1:${port}`,
+                        target: `http://127.0.0.1:${port}${prefix}${be_download}`,
                        changeOrigin: true,
-                        pathRewrite: (path) => {
-                            return path.startsWith(be_download_rewrite)
-                                ? path.replace(be_download_rewrite, be_download)
-                                : path;
-                        },
                    }),
                );
            }
@@ -153,10 +413,13 @@ export default function serve() {
                $.info(`[FRONTEND] ${fe_address}:${fe_port}`);
                if (fe_be_path) {
                    $.info(
-                        `[FRONTEND -> BACKEND] ${fe_address}:${fe_port}${be_api_rewrite} -> http://127.0.0.1:${port}${be_api}`,
+                        `[FRONTEND -> BACKEND] ${fe_address}:${fe_port}${be_api_rewrite} -> ${host}:${port}${prefix}${be_api}`,
                    );
                    $.info(
-                        `[FRONTEND -> BACKEND] ${fe_address}:${fe_port}${be_download_rewrite} -> http://127.0.0.1:${port}${be_download}`,
+                        `[FRONTEND -> BACKEND] ${fe_address}:${fe_port}${be_download_rewrite} -> ${host}:${port}${prefix}${be_download}`,
+                    );
+                    $.info(
+                        `[SHARE BACKEND] ${fe_address}:${fe_port}${be_share_rewrite}`,
                    );
                }
            });
@@ -164,10 +427,39 @@ export default function serve() {
        if (data_url) {
            $.info(`[BACKEND] downloading data from ${data_url}`);
            download(data_url)
-                .then((content) => {
-                    $.write(content, '#sub-store');
+                .then(async (content) => {
+                    try {
+                        content = JSON.parse(Base64.decode(content));
+                        if (Object.keys(content.settings).length === 0) {
+                            throw new Error(
+                                '备份文件应该至少包含 settings 字段',
+                            );
+                        }
+                    } catch (err) {
+                        try {
+                            content = JSON.parse(content);
+                            if (Object.keys(content.settings).length === 0) {
+                                throw new Error(
+                                    '备份文件应该至少包含 settings 字段',
+                                );
+                            }
+                        } catch (err) {
+                            $.error(
+                                `Gist 备份文件校验失败, 无法还原\nReason: ${
+                                    err.message ?? err
+                                }`,
+                            );
+                            throw new Error('Gist 备份文件校验失败, 无法还原');
+                        }
+                    }
+                    if (data_url_post) {
+                        $.info('[BACKEND] executing post-processing script');
+                        eval(data_url_post);
+                    }

-                    $.cache = JSON.parse(content);
+                    $.write(JSON.stringify(content, null, `  `), '#sub-store');
+
+                    $.cache = content;
                    $.persistCache();

                    migrate();
--- a/backend/src/restful/miscs.js
+++ b/backend/src/restful/miscs.js
@@ -1,3 +1,5 @@
+import { Base64 } from 'js-base64';
+import _ from 'lodash';
 import $ from '@/core/app';
 import { ENV } from '@/vendor/open-api';
 import { failed, success } from '@/restful/response';
@@ -14,6 +16,7 @@ import { InternalServerError, RequestInvalidError } from '@/restful/errors';
 import Gist from '@/utils/gist';
 import migrate from '@/utils/migration';
 import env from '@/utils/env';
+import { formatDateTime } from '@/utils';

 export default function register($app) {
    // utils
@@ -27,7 +30,9 @@ export default function register($app) {
            res.set('content-type', 'application/json')
                .set(
                    'content-disposition',
-                    'attachment; filename="sub-store.json"',
+                    `attachment; filename="${encodeURIComponent(
+                        `sub-store_data_${formatDateTime(new Date())}.json`,
+                    )}"`,
                )
                .send(
                    $.env.isNode
@@ -36,21 +41,47 @@ export default function register($app) {
                );
        })
        .post((req, res) => {
-            const { content } = req.body;
-            $.write(content, '#sub-store');
+            let { content } = req.body;
+            try {
+                content = JSON.parse(Base64.decode(content));
+                if (Object.keys(content.settings).length === 0) {
+                    throw new Error('备份文件应该至少包含 settings 字段');
+                }
+            } catch (err) {
+                try {
+                    content = JSON.parse(content);
+                    if (Object.keys(content.settings).length === 0) {
+                        throw new Error('备份文件应该至少包含 settings 字段');
+                    }
+                } catch (err) {
+                    $.error(
+                        `备份文件校验失败, 无法还原\nReason: ${
+                            err.message ?? err
+                        }`,
+                    );
+                    throw new Error('备份文件校验失败, 无法还原');
+                }
+            }
+            $.write(JSON.stringify(content, null, `  `), '#sub-store');
            if ($.env.isNode) {
-                $.cache = JSON.parse(content);
+                $.cache = content;
                $.persistCache();
            }
            migrate();
            success(res);
        });

-    // Redirect sub.store to vercel webpage
-    $app.get('/', async (req, res) => {
-        // 302 redirect
-        res.set('location', 'https://sub-store.vercel.app/').status(302).end();
-    });
+    if (ENV().isNode) {
+        $app.get('/', getEnv);
+    } else {
+        // Redirect sub.store to vercel webpage
+        $app.get('/', async (req, res) => {
+            // 302 redirect
+            res.set('location', 'https://sub-store.vercel.app/')
+                .status(302)
+                .end();
+        });
+    }

    // handle preflight request for QX
    if (ENV().isQX) {
@@ -65,7 +96,22 @@ export default function register($app) {
 }

 function getEnv(req, res) {
-    success(res, env);
+    if (req.query.share) {
+        env.feature.share = true;
+    }
+    res.set('Content-Type', 'application/json;charset=UTF-8').send(
+        JSON.stringify(
+            {
+                status: 'success',
+                data: {
+                    guide: '⚠️⚠️⚠️ 您当前看到的是后端的响应. 若想配合前端使用, 可访问官方前端 https://sub-store.vercel.app 后自行配置后端地址, 或一键配置后端 https://sub-store.vercel.app?api=https://a.com/xxx (假设 https://a.com 是你后端的域名, /xxx 是自定义路径). 需注意 HTTPS 前端无法请求非本地的 HTTP 后端(部分浏览器上也无法访问本地 HTTP 后端). 请配置反代或在局域网自建 HTTP 前端. 如果还有问题, 可查看此排查说明: https://t.me/zhetengsha/1068',
+                    ...env,
+                },
+            },
+            null,
+            2,
+        ),
+    );
 }

 async function refresh(_, res) {
@@ -80,10 +126,121 @@ async function refresh(_, res) {
    success(res);
 }

-async function gistBackup(req, res) {
-    const { action } = req.query;
+async function gistBackupAction(action, keep, encode) {
    // read token
    const { gistToken, syncPlatform } = $.read(SETTINGS_KEY);
+    if (!gistToken) throw new Error('GitHub Token is required for backup!');
+
+    const gist = new Gist({
+        token: gistToken,
+        key: GIST_BACKUP_KEY,
+        syncPlatform,
+    });
+    let currentContent = $.read('#sub-store');
+    currentContent = currentContent ? JSON.parse(currentContent) : {};
+    if ($.env.isNode) currentContent = JSON.parse(JSON.stringify($.cache));
+    let content;
+    const settings = $.read(SETTINGS_KEY);
+    const updated = settings.syncTime;
+    switch (action) {
+        case 'upload':
+            try {
+                content = $.read('#sub-store');
+                content = content ? JSON.parse(content) : {};
+                if ($.env.isNode) content = JSON.parse(JSON.stringify($.cache));
+                if (encode === 'plaintext') {
+                    content.settings.gistToken =
+                        '恢复后请重新设置 GitHub Token';
+                    content = JSON.stringify(content, null, `  `);
+                } else {
+                    content = Base64.encode(
+                        JSON.stringify(content, null, `  `),
+                    );
+                }
+
+                $.info(`下载备份, 与本地内容对比...`);
+                const onlineContent = await gist.download(
+                    GIST_BACKUP_FILE_NAME,
+                );
+                if (onlineContent === content) {
+                    $.info(`内容一致, 无需上传备份`);
+                    return;
+                }
+            } catch (error) {
+                $.error(`${error.message ?? error}`);
+            }
+
+            // update syncTime
+            settings.syncTime = new Date().getTime();
+            $.write(settings, SETTINGS_KEY);
+            content = $.read('#sub-store');
+            content = content ? JSON.parse(content) : {};
+            if ($.env.isNode) content = JSON.parse(JSON.stringify($.cache));
+            if (encode === 'plaintext') {
+                content.settings.gistToken = '恢复后请重新设置 GitHub Token';
+                content = JSON.stringify(content, null, `  `);
+            } else {
+                content = Base64.encode(JSON.stringify(content, null, `  `));
+            }
+            $.info(`上传备份中...`);
+            try {
+                await gist.upload({
+                    [GIST_BACKUP_FILE_NAME]: { content },
+                });
+                $.info(`上传备份完成`);
+            } catch (err) {
+                // restore syncTime if upload failed
+                settings.syncTime = updated;
+                $.write(settings, SETTINGS_KEY);
+                throw err;
+            }
+            break;
+        case 'download':
+            $.info(`还原备份中...`);
+            content = await gist.download(GIST_BACKUP_FILE_NAME);
+            try {
+                content = JSON.parse(Base64.decode(content));
+                if (Object.keys(content.settings).length === 0) {
+                    throw new Error('备份文件应该至少包含 settings 字段');
+                }
+            } catch (err) {
+                try {
+                    content = JSON.parse(content);
+                    if (Object.keys(content.settings).length === 0) {
+                        throw new Error('备份文件应该至少包含 settings 字段');
+                    }
+                } catch (err) {
+                    $.error(
+                        `Gist 备份文件校验失败, 无法还原\nReason: ${
+                            err.message ?? err
+                        }`,
+                    );
+                    throw new Error('Gist 备份文件校验失败, 无法还原');
+                }
+            }
+            if (keep) {
+                $.info(`保留原有设置 ${keep}`);
+                keep.split(',').forEach((path) => {
+                    _.set(content, path, _.get(currentContent, path));
+                });
+            }
+            // restore settings
+            $.write(JSON.stringify(content, null, `  `), '#sub-store');
+            if ($.env.isNode) {
+                $.cache = content;
+                $.persistCache();
+            }
+            $.info(`perform migration after restoring from gist...`);
+            migrate();
+            $.info(`migration completed`);
+            $.info(`还原备份完成`);
+            break;
+    }
+}
+async function gistBackup(req, res) {
+    const { action, keep, encode } = req.query;
+    // read token
+    const { gistToken } = $.read(SETTINGS_KEY);
    if (!gistToken) {
        failed(
            res,
@@ -93,68 +250,8 @@ async function gistBackup(req, res) {
            ),
        );
    } else {
-        const gist = new Gist({
-            token: gistToken,
-            key: GIST_BACKUP_KEY,
-            syncPlatform,
-        });
        try {
-            let content;
-            const settings = $.read(SETTINGS_KEY);
-            const updated = settings.syncTime;
-            switch (action) {
-                case 'upload':
-                    // update syncTime
-                    settings.syncTime = new Date().getTime();
-                    $.write(settings, SETTINGS_KEY);
-                    content = $.read('#sub-store');
-                    if ($.env.isNode)
-                        content = JSON.stringify($.cache, null, `  `);
-                    $.info(`上传备份中...`);
-                    try {
-                        await gist.upload({
-                            [GIST_BACKUP_FILE_NAME]: { content },
-                        });
-                    } catch (err) {
-                        // restore syncTime if upload failed
-                        settings.syncTime = updated;
-                        $.write(settings, SETTINGS_KEY);
-                        throw err;
-                    }
-                    break;
-                case 'download':
-                    $.info(`还原备份中...`);
-                    content = await gist.download(GIST_BACKUP_FILE_NAME);
-                    try {
-                        if (
-                            Object.keys(JSON.parse(content).settings).length ===
-                            0
-                        ) {
-                            throw new Error(
-                                '备份文件应该至少包含 settings 字段',
-                            );
-                        }
-                    } catch (err) {
-                        $.error(
-                            `Gist 备份文件校验失败, 无法还原\nReason: ${
-                                err.message ?? err
-                            }`,
-                        );
-                        throw new Error('Gist 备份文件校验失败, 无法还原');
-                    }
-                    // restore settings
-                    $.write(content, '#sub-store');
-                    if ($.env.isNode) {
-                        content = JSON.parse(content);
-                        $.cache = content;
-                        $.persistCache();
-                    }
-                    $.info(`perform migration after restoring from gist...`);
-                    migrate();
-                    $.info(`migration completed`);
-                    $.info(`还原备份完成`);
-                    break;
-            }
+            await gistBackupAction(action, keep, encode);
            success(res);
        } catch (err) {
            $.error(
@@ -171,3 +268,5 @@ async function gistBackup(req, res) {
        }
    }
 }
+
+export { gistBackupAction };
--- a/backend/src/restful/preview.js
+++ b/backend/src/restful/preview.js
@@ -15,46 +15,60 @@ export default function register($app) {
 async function previewFile(req, res) {
    try {
        const file = req.body;
-        let content;
-        if (
-            file.source === 'local' &&
-            !['localFirst', 'remoteFirst'].includes(file.mergeSources)
-        ) {
-            content = file.content;
-        } else {
-            const errors = {};
-            content = await Promise.all(
-                file.url
-                    .split(/[\r\n]+/)
-                    .map((i) => i.trim())
-                    .filter((i) => i.length)
-                    .map(async (url) => {
-                        try {
-                            return await download(url, file.ua);
-                        } catch (err) {
-                            errors[url] = err;
-                            $.error(
-                                `文件 ${file.name} 的远程文件 ${url} 发生错误: ${err}`,
-                            );
-                            return '';
-                        }
-                    }),
-            );
-
+        let content = '';
+        if (file.type !== 'mihomoProfile') {
            if (
-                !file.ignoreFailedRemoteFile &&
-                Object.keys(errors).length > 0
+                file.source === 'local' &&
+                !['localFirst', 'remoteFirst'].includes(file.mergeSources)
            ) {
-                throw new Error(
-                    `文件 ${file.name} 的远程文件 ${Object.keys(errors).join(
-                        ', ',
-                    )} 发生错误, 请查看日志`,
+                content = file.content;
+            } else {
+                const errors = {};
+                content = await Promise.all(
+                    file.url
+                        .split(/[\r\n]+/)
+                        .map((i) => i.trim())
+                        .filter((i) => i.length)
+                        .map(async (url) => {
+                            try {
+                                return await download(
+                                    url,
+                                    file.ua,
+                                    undefined,
+                                    file.proxy,
+                                );
+                            } catch (err) {
+                                errors[url] = err;
+                                $.error(
+                                    `文件 ${file.name} 的远程文件 ${url} 发生错误: ${err}`,
+                                );
+                                return '';
+                            }
+                        }),
                );
-            }
-            if (file.mergeSources === 'localFirst') {
-                content.unshift(file.content);
-            } else if (file.mergeSources === 'remoteFirst') {
-                content.push(file.content);
+
+                if (Object.keys(errors).length > 0) {
+                    if (!file.ignoreFailedRemoteFile) {
+                        throw new Error(
+                            `文件 ${file.name} 的远程文件 ${Object.keys(
+                                errors,
+                            ).join(', ')} 发生错误, 请查看日志`,
+                        );
+                    } else if (file.ignoreFailedRemoteFile === 'enabled') {
+                        $.notify(
+                            `🌍 Sub-Store 预览文件失败`,
+                            `❌ ${file.name}`,
+                            `远程文件 ${Object.keys(errors).join(
+                                ', ',
+                            )} 发生错误, 请查看日志`,
+                        );
+                    }
+                }
+                if (file.mergeSources === 'localFirst') {
+                    content.unshift(file.content);
+                } else if (file.mergeSources === 'remoteFirst') {
+                    content.push(file.content);
+                }
            }
        }
        // parse proxies
@@ -67,7 +81,7 @@ async function previewFile(req, res) {
        const processed =
            Array.isArray(file.process) && file.process.length > 0
                ? await ProxyUtils.process(
-                      { $files: files, $content: filesContent },
+                      { $files: files, $content: filesContent, $file: file },
                      file.process,
                  )
                : { $content: filesContent, $files: files };
@@ -114,6 +128,10 @@ async function compareSub(req, res) {
                                sub.ua,
                                undefined,
                                sub.proxy,
+                                undefined,
+                                undefined,
+                                undefined,
+                                true,
                            );
                        } catch (err) {
                            errors[url] = err;
@@ -125,12 +143,22 @@ async function compareSub(req, res) {
                    }),
            );

-            if (!sub.ignoreFailedRemoteSub && Object.keys(errors).length > 0) {
-                throw new Error(
-                    `订阅 ${sub.name} 的远程订阅 ${Object.keys(errors).join(
-                        ', ',
-                    )} 发生错误, 请查看日志`,
-                );
+            if (Object.keys(errors).length > 0) {
+                if (!sub.ignoreFailedRemoteSub) {
+                    throw new Error(
+                        `订阅 ${sub.name} 的远程订阅 ${Object.keys(errors).join(
+                            ', ',
+                        )} 发生错误, 请查看日志`,
+                    );
+                } else if (sub.ignoreFailedRemoteSub === 'enabled') {
+                    $.notify(
+                        `🌍 Sub-Store 预览订阅失败`,
+                        `❌ ${sub.name}`,
+                        `远程订阅 ${Object.keys(errors).join(
+                            ', ',
+                        )} 发生错误, 请查看日志`,
+                    );
+                }
            }
            if (sub.mergeSources === 'localFirst') {
                content.unshift(sub.content);
@@ -146,7 +174,8 @@ async function compareSub(req, res) {
        // add id
        original.forEach((proxy, i) => {
            proxy.id = i;
-            proxy.subName = sub.name;
+            proxy._subName = sub.name;
+            proxy._subDisplayName = sub.displayName;
        });

        // apply processors
@@ -176,7 +205,20 @@ async function compareCollection(req, res) {
    try {
        const allSubs = $.read(SUBS_KEY);
        const collection = req.body;
-        const subnames = collection.subscriptions;
+        const subnames = [...collection.subscriptions];
+        let subscriptionTags = collection.subscriptionTags;
+        if (Array.isArray(subscriptionTags) && subscriptionTags.length > 0) {
+            allSubs.forEach((sub) => {
+                if (
+                    Array.isArray(sub.tag) &&
+                    sub.tag.length > 0 &&
+                    !subnames.includes(sub.name) &&
+                    sub.tag.some((tag) => subscriptionTags.includes(tag))
+                ) {
+                    subnames.push(sub.name);
+                }
+            });
+        }
        const results = {};
        const errors = {};
        await Promise.all(
@@ -205,6 +247,10 @@ async function compareCollection(req, res) {
                                            sub.ua,
                                            undefined,
                                            sub.proxy,
+                                            undefined,
+                                            undefined,
+                                            undefined,
+                                            true,
                                        );
                                    } catch (err) {
                                        errors[url] = err;
@@ -215,15 +261,25 @@ async function compareCollection(req, res) {
                                    }
                                }),
                        );
-                        if (
-                            !sub.ignoreFailedRemoteSub &&
-                            Object.keys(errors).length > 0
-                        ) {
-                            throw new Error(
-                                `订阅 ${sub.name} 的远程订阅 ${Object.keys(
-                                    errors,
-                                ).join(', ')} 发生错误, 请查看日志`,
-                            );
+
+                        if (Object.keys(errors).length > 0) {
+                            if (!sub.ignoreFailedRemoteSub) {
+                                throw new Error(
+                                    `订阅 ${sub.name} 的远程订阅 ${Object.keys(
+                                        errors,
+                                    ).join(', ')} 发生错误, 请查看日志`,
+                                );
+                            } else if (
+                                sub.ignoreFailedRemoteSub === 'enabled'
+                            ) {
+                                $.notify(
+                                    `🌍 Sub-Store 预览订阅失败`,
+                                    `❌ ${sub.name}`,
+                                    `远程订阅 ${Object.keys(errors).join(
+                                        ', ',
+                                    )} 发生错误, 请查看日志`,
+                                );
+                            }
                        }
                        if (sub.mergeSources === 'localFirst') {
                            raw.unshift(sub.content);
@@ -237,8 +293,10 @@ async function compareCollection(req, res) {
                        .flat();

                    currentProxies.forEach((proxy) => {
-                        proxy.subName = sub.name;
-                        proxy.collectionName = collection.name;
+                        proxy._subName = sub.name;
+                        proxy._subDisplayName = sub.displayName;
+                        proxy._collectionName = collection.name;
+                        proxy._collectionDisplayName = collection.displayName;
                    });

                    // apply processors
@@ -253,20 +311,28 @@ async function compareCollection(req, res) {
                    errors[name] = err;

                    $.error(
-                        `❌ 处理组合订阅 ${collection.name} 中的子订阅: ${sub.name}时出现错误：${err}！`,
+                        `❌ 处理组合订阅 ${collection.name} 中的子订阅: ${sub.name} 时出现错误：${err}！`,
                    );
                }
            }),
        );
-        if (
-            !collection.ignoreFailedRemoteSub &&
-            Object.keys(errors).length > 0
-        ) {
-            throw new Error(
-                `组合订阅 ${collection.name} 中的子订阅 ${Object.keys(
-                    errors,
-                ).join(', ')} 发生错误, 请查看日志`,
-            );
+
+        if (Object.keys(errors).length > 0) {
+            if (!collection.ignoreFailedRemoteSub) {
+                throw new Error(
+                    `组合订阅 ${collection.name} 的子订阅 ${Object.keys(
+                        errors,
+                    ).join(', ')} 发生错误, 请查看日志`,
+                );
+            } else if (collection.ignoreFailedRemoteSub === 'enabled') {
+                $.notify(
+                    `🌍 Sub-Store 预览组合订阅失败`,
+                    `❌ ${collection.name}`,
+                    `子订阅 ${Object.keys(errors).join(
+                        ', ',
+                    )} 发生错误, 请查看日志`,
+                );
+            }
        }
        // merge proxies with the original order
        const original = Array.prototype.concat.apply(
@@ -276,7 +342,8 @@ async function compareCollection(req, res) {

        original.forEach((proxy, i) => {
            proxy.id = i;
-            proxy.collectionName = collection.name;
+            proxy._collectionName = collection.name;
+            proxy._collectionDisplayName = collection.displayName;
        });

        const processed = await ProxyUtils.process(
--- a/backend/src/restful/settings.js
+++ b/backend/src/restful/settings.js
@@ -134,11 +134,15 @@ export async function updateArtifactStore() {
                settings.artifactStore = url;
                settings.artifactStoreStatus = 'VALID';
            } else {
-                $.error(`找不到 Sub-Store Gist`);
+                $.error(`找不到 Sub-Store Gist (${ARTIFACT_REPOSITORY_KEY})`);
                settings.artifactStoreStatus = 'NOT FOUND';
            }
        } catch (err) {
-            $.error(`查找 Sub-Store Gist 时发生错误: ${err.message ?? err}`);
+            $.error(
+                `查找 Sub-Store Gist (${ARTIFACT_REPOSITORY_KEY}) 时发生错误: ${
+                    err.message ?? err
+                }`,
+            );
            settings.artifactStoreStatus = 'ERROR';
        }
        $.write(settings, SETTINGS_KEY);
--- a/backend/src/restful/subscriptions.js
+++ b/backend/src/restful/subscriptions.js
@@ -5,7 +5,12 @@ import {
    RequestInvalidError,
 } from './errors';
 import { deleteByName, findByName, updateByName } from '@/utils/database';
-import { SUBS_KEY, COLLECTIONS_KEY, ARTIFACTS_KEY } from '@/constants';
+import {
+    SUBS_KEY,
+    COLLECTIONS_KEY,
+    ARTIFACTS_KEY,
+    FILES_KEY,
+} from '@/constants';
 import {
    getFlowHeaders,
    parseFlowHeaders,
@@ -13,6 +18,7 @@ import {
 } from '@/utils/flow';
 import { success, failed } from './response';
 import $ from '@/core/app';
+import { formatDateTime } from '@/utils';

 if (!$.read(SUBS_KEY)) $.write({}, SUBS_KEY);

@@ -57,9 +63,45 @@ async function getFlowInfo(req, res) {
        !['localFirst', 'remoteFirst'].includes(sub.mergeSources)
    ) {
        if (sub.subUserinfo) {
-            success(res, {
-                ...parseFlowHeaders(sub.subUserinfo),
-            });
+            let subUserInfo;
+            if (/^https?:\/\//.test(sub.subUserinfo)) {
+                try {
+                    subUserInfo = await getFlowHeaders(
+                        undefined,
+                        undefined,
+                        undefined,
+                        sub.proxy,
+                        sub.subUserinfo,
+                    );
+                } catch (e) {
+                    $.error(
+                        `订阅 ${name} 使用自定义流量链接 ${
+                            sub.subUserinfo
+                        } 获取流量信息时发生错误: ${JSON.stringify(e)}`,
+                    );
+                }
+            } else {
+                subUserInfo = sub.subUserinfo;
+            }
+            try {
+                success(res, {
+                    ...parseFlowHeaders(subUserInfo),
+                });
+            } catch (e) {
+                $.error(
+                    `Failed to parse flow info for local subscription ${name}: ${
+                        e.message ?? e
+                    }`,
+                );
+                failed(
+                    res,
+                    new RequestInvalidError(
+                        'NO_FLOW_INFO',
+                        'N/A',
+                        `Failed to parse flow info`,
+                    ),
+                );
+            }
        } else {
            failed(
                res,
@@ -98,7 +140,7 @@ async function getFlowInfo(req, res) {
                }
            }
        }
-        if ($arguments.noFlow) {
+        if ($arguments.noFlow || !/^https?/.test(url)) {
            failed(
                res,
                new RequestInvalidError(
@@ -109,42 +151,73 @@ async function getFlowInfo(req, res) {
            );
            return;
        }
-        if (sub.subUserinfo) {
-            success(res, {
-                ...parseFlowHeaders(sub.subUserinfo),
-                remainingDays: getRmainingDays({
-                    resetDay: $arguments.resetDay,
-                    startDate: $arguments.startDate,
-                    cycleDays: $arguments.cycleDays,
-                }),
-            });
-        } else {
-            const flowHeaders = await getFlowHeaders(
-                url,
-                $arguments.flowUserAgent,
-                undefined,
-                sub.proxy,
-                $arguments.flowUrl,
+        const flowHeaders = await getFlowHeaders(
+            $arguments?.insecure ? `${url}#insecure` : url,
+            $arguments.flowUserAgent,
+            undefined,
+            sub.proxy,
+            $arguments.flowUrl,
+        );
+        if (!flowHeaders && !sub.subUserinfo) {
+            failed(
+                res,
+                new InternalServerError(
+                    'NO_FLOW_INFO',
+                    'No flow info',
+                    `Failed to fetch flow headers`,
+                ),
            );
-            if (!flowHeaders) {
-                failed(
-                    res,
-                    new InternalServerError(
-                        'NO_FLOW_INFO',
-                        'No flow info',
-                        `Failed to fetch flow headers`,
-                    ),
-                );
-                return;
-            }
-            success(res, {
-                ...parseFlowHeaders(flowHeaders),
-                remainingDays: getRmainingDays({
-                    resetDay: $arguments.resetDay,
-                    startDate: $arguments.startDate,
-                    cycleDays: $arguments.cycleDays,
-                }),
+            return;
+        }
+        try {
+            const remainingDays = getRmainingDays({
+                resetDay: $arguments.resetDay,
+                startDate: $arguments.startDate,
+                cycleDays: $arguments.cycleDays,
            });
+            let subUserInfo;
+            if (/^https?:\/\//.test(sub.subUserinfo)) {
+                try {
+                    subUserInfo = await getFlowHeaders(
+                        undefined,
+                        undefined,
+                        undefined,
+                        sub.proxy,
+                        sub.subUserinfo,
+                    );
+                } catch (e) {
+                    $.error(
+                        `订阅 ${name} 使用自定义流量链接 ${
+                            sub.subUserinfo
+                        } 获取流量信息时发生错误: ${JSON.stringify(e)}`,
+                    );
+                }
+            } else {
+                subUserInfo = sub.subUserinfo;
+            }
+            const result = {
+                ...parseFlowHeaders(
+                    [subUserInfo, flowHeaders].filter((i) => i).join('; '),
+                ),
+            };
+            if (remainingDays != null) {
+                result.remainingDays = remainingDays;
+            }
+            success(res, result);
+        } catch (e) {
+            $.error(
+                `Failed to parse flow info for local subscription ${name}: ${
+                    e.message ?? e
+                }`,
+            );
+            failed(
+                res,
+                new RequestInvalidError(
+                    'NO_FLOW_INFO',
+                    'N/A',
+                    `Failed to parse flow info`,
+                ),
+            );
        }
    } catch (err) {
        failed(
@@ -197,7 +270,11 @@ function getSubscription(req, res) {
            res.set('content-type', 'application/json')
                .set(
                    'content-disposition',
-                    `attachment; filename="${encodeURIComponent(name)}.json"`,
+                    `attachment; filename="${encodeURIComponent(
+                        `sub-store_subscription_${name}_${formatDateTime(
+                            new Date(),
+                        )}.json`,
+                    )}"`,
                )
                .send(JSON.stringify(sub));
        } else {
@@ -248,9 +325,20 @@ function updateSubscription(req, res) {
                    artifact.source = sub.name;
                }
            }
+            // update all files referring this subscription
+            const allFiles = $.read(FILES_KEY) || [];
+            for (const file of allFiles) {
+                if (
+                    file.sourceType === 'subscription' &&
+                    file.sourceName == name
+                ) {
+                    file.sourceName = sub.name;
+                }
+            }

            $.write(allCols, COLLECTIONS_KEY);
            $.write(allArtifacts, ARTIFACTS_KEY);
+            $.write(allFiles, FILES_KEY);
        }
        updateByName(allSubs, name, newSub);
        $.write(allSubs, SUBS_KEY);
--- a/backend/src/restful/sync.js
+++ b/backend/src/restful/sync.js
@@ -37,10 +37,14 @@ async function produceArtifact({
    produceOpts = {},
    subscription,
    awaitCustomCache,
+    $options,
+    proxy,
+    noCache,
+    all,
 }) {
    platform = platform || 'JSON';

-    if (type === 'subscription') {
+    if (['subscription', 'sub'].includes(type)) {
        let sub;
        if (name) {
            const allSubs = $.read(SUBS_KEY);
@@ -67,9 +71,11 @@ async function produceArtifact({
                                url,
                                ua || sub.ua,
                                undefined,
-                                sub.proxy,
+                                proxy || sub.proxy,
                                undefined,
                                awaitCustomCache,
+                                noCache || sub.noCache,
+                                true,
                            );
                        } catch (err) {
                            errors[url] = err;
@@ -84,12 +90,23 @@ async function produceArtifact({
            if (ignoreFailedRemoteSub != null && ignoreFailedRemoteSub !== '') {
                subIgnoreFailedRemoteSub = ignoreFailedRemoteSub;
            }
-            if (!subIgnoreFailedRemoteSub && Object.keys(errors).length > 0) {
-                throw new Error(
-                    `订阅 ${sub.name} 的远程订阅 ${Object.keys(errors).join(
-                        ', ',
-                    )} 发生错误, 请查看日志`,
-                );
+
+            if (Object.keys(errors).length > 0) {
+                if (!subIgnoreFailedRemoteSub) {
+                    throw new Error(
+                        `订阅 ${sub.name} 的远程订阅 ${Object.keys(errors).join(
+                            ', ',
+                        )} 发生错误, 请查看日志`,
+                    );
+                } else if (subIgnoreFailedRemoteSub === 'enabled') {
+                    $.notify(
+                        `🌍 Sub-Store 处理订阅失败`,
+                        `❌ ${sub.name}`,
+                        `远程订阅 ${Object.keys(errors).join(
+                            ', ',
+                        )} 发生错误, 请查看日志`,
+                    );
+                }
            }
            if (mergeSources === 'localFirst') {
                raw.unshift(content);
@@ -114,9 +131,11 @@ async function produceArtifact({
                                url,
                                ua || sub.ua,
                                undefined,
-                                sub.proxy,
+                                proxy || sub.proxy,
                                undefined,
                                awaitCustomCache,
+                                noCache || sub.noCache,
+                                true,
                            );
                        } catch (err) {
                            errors[url] = err;
@@ -131,12 +150,23 @@ async function produceArtifact({
            if (ignoreFailedRemoteSub != null && ignoreFailedRemoteSub !== '') {
                subIgnoreFailedRemoteSub = ignoreFailedRemoteSub;
            }
-            if (!subIgnoreFailedRemoteSub && Object.keys(errors).length > 0) {
-                throw new Error(
-                    `订阅 ${sub.name} 的远程订阅 ${Object.keys(errors).join(
-                        ', ',
-                    )} 发生错误, 请查看日志`,
-                );
+
+            if (Object.keys(errors).length > 0) {
+                if (!subIgnoreFailedRemoteSub) {
+                    throw new Error(
+                        `订阅 ${sub.name} 的远程订阅 ${Object.keys(errors).join(
+                            ', ',
+                        )} 发生错误, 请查看日志`,
+                    );
+                } else if (subIgnoreFailedRemoteSub === 'enabled') {
+                    $.notify(
+                        `🌍 Sub-Store 处理订阅失败`,
+                        `❌ ${sub.name}`,
+                        `远程订阅 ${Object.keys(errors).join(
+                            ', ',
+                        )} 发生错误, 请查看日志`,
+                    );
+                }
            }
            if (sub.mergeSources === 'localFirst') {
                raw.unshift(sub.content);
@@ -144,13 +174,17 @@ async function produceArtifact({
                raw.push(sub.content);
            }
        }
+        if (produceType === 'raw') {
+            return JSON.stringify((Array.isArray(raw) ? raw : [raw]).flat());
+        }
        // parse proxies
        let proxies = (Array.isArray(raw) ? raw : [raw])
            .map((i) => ProxyUtils.parse(i))
            .flat();

        proxies.forEach((proxy) => {
-            proxy.subName = sub.name;
+            proxy._subName = sub.name;
+            proxy._subDisplayName = sub.displayName;
        });
        // apply processors
        proxies = await ProxyUtils.process(
@@ -158,6 +192,7 @@ async function produceArtifact({
            sub.process || [],
            platform,
            { [sub.name]: sub },
+            $options,
        );
        if (proxies.length === 0) {
            throw new Error(`订阅 ${name} 中不含有效节点`);
@@ -181,12 +216,25 @@ async function produceArtifact({
        }
        // produce
        return ProxyUtils.produce(proxies, platform, produceType, produceOpts);
-    } else if (type === 'collection') {
+    } else if (['collection', 'col'].includes(type)) {
        const allSubs = $.read(SUBS_KEY);
        const allCols = $.read(COLLECTIONS_KEY);
        const collection = findByName(allCols, name);
        if (!collection) throw new Error(`找不到组合订阅 ${name}`);
-        const subnames = collection.subscriptions;
+        const subnames = [...collection.subscriptions];
+        let subscriptionTags = collection.subscriptionTags;
+        if (Array.isArray(subscriptionTags) && subscriptionTags.length > 0) {
+            allSubs.forEach((sub) => {
+                if (
+                    Array.isArray(sub.tag) &&
+                    sub.tag.length > 0 &&
+                    !subnames.includes(sub.name) &&
+                    sub.tag.some((tag) => subscriptionTags.includes(tag))
+                ) {
+                    subnames.push(sub.name);
+                }
+            });
+        }
        const results = {};
        const errors = {};
        let processed = 0;
@@ -194,6 +242,14 @@ async function produceArtifact({
        await Promise.all(
            subnames.map(async (name) => {
                const sub = findByName(allSubs, name);
+                const passThroughUA = sub.passThroughUA;
+                let reqUA = sub.ua;
+                if (passThroughUA) {
+                    $.info(
+                        `订阅开启了透传 User-Agent, 使用请求的 User-Agent: ${ua}`,
+                    );
+                    reqUA = ua;
+                }
                try {
                    $.info(`正在处理子订阅：${sub.name}...`);
                    let raw;
@@ -215,9 +271,15 @@ async function produceArtifact({
                                    try {
                                        return await download(
                                            url,
-                                            sub.ua,
+                                            reqUA,
                                            undefined,
-                                            sub.proxy,
+                                            proxy ||
+                                                sub.proxy ||
+                                                collection.proxy,
+                                            undefined,
+                                            undefined,
+                                            noCache || sub.noCache,
+                                            true,
                                        );
                                    } catch (err) {
                                        errors[url] = err;
@@ -228,15 +290,25 @@ async function produceArtifact({
                                    }
                                }),
                        );
-                        if (
-                            !sub.ignoreFailedRemoteSub &&
-                            Object.keys(errors).length > 0
-                        ) {
-                            throw new Error(
-                                `订阅 ${sub.name} 的远程订阅 ${Object.keys(
-                                    errors,
-                                ).join(', ')} 发生错误, 请查看日志`,
-                            );
+
+                        if (Object.keys(errors).length > 0) {
+                            if (!sub.ignoreFailedRemoteSub) {
+                                throw new Error(
+                                    `订阅 ${sub.name} 的远程订阅 ${Object.keys(
+                                        errors,
+                                    ).join(', ')} 发生错误, 请查看日志`,
+                                );
+                            } else if (
+                                sub.ignoreFailedRemoteSub === 'enabled'
+                            ) {
+                                $.notify(
+                                    `🌍 Sub-Store 处理订阅失败`,
+                                    `❌ ${sub.name}`,
+                                    `远程订阅 ${Object.keys(errors).join(
+                                        ', ',
+                                    )} 发生错误, 请查看日志`,
+                                );
+                            }
                        }
                        if (sub.mergeSources === 'localFirst') {
                            raw.unshift(sub.content);
@@ -250,8 +322,10 @@ async function produceArtifact({
                        .flat();

                    currentProxies.forEach((proxy) => {
-                        proxy.subName = sub.name;
-                        proxy.collectionName = collection.name;
+                        proxy._subName = sub.name;
+                        proxy._subDisplayName = sub.displayName;
+                        proxy._collectionName = collection.name;
+                        proxy._collectionDisplayName = collection.displayName;
                    });

                    // apply processors
@@ -259,7 +333,11 @@ async function produceArtifact({
                        currentProxies,
                        sub.process || [],
                        platform,
-                        { [sub.name]: sub, _collection: collection },
+                        {
+                            [sub.name]: sub,
+                            _collection: collection,
+                            $options,
+                        },
                    );
                    results[name] = currentProxies;
                    processed++;
@@ -285,15 +363,23 @@ async function produceArtifact({
        if (ignoreFailedRemoteSub != null && ignoreFailedRemoteSub !== '') {
            collectionIgnoreFailedRemoteSub = ignoreFailedRemoteSub;
        }
-        if (
-            !collectionIgnoreFailedRemoteSub &&
-            Object.keys(errors).length > 0
-        ) {
-            throw new Error(
-                `组合订阅 ${name} 中的子订阅 ${Object.keys(errors).join(
-                    ', ',
-                )} 发生错误, 请查看日志`,
-            );
+
+        if (Object.keys(errors).length > 0) {
+            if (!collectionIgnoreFailedRemoteSub) {
+                throw new Error(
+                    `组合订阅 ${collection.name} 的子订阅 ${Object.keys(
+                        errors,
+                    ).join(', ')} 发生错误, 请查看日志`,
+                );
+            } else if (collectionIgnoreFailedRemoteSub === 'enabled') {
+                $.notify(
+                    `🌍 Sub-Store 处理组合订阅失败`,
+                    `❌ ${collection.name}`,
+                    `子订阅 ${Object.keys(errors).join(
+                        ', ',
+                    )} 发生错误, 请查看日志`,
+                );
+            }
        }

        // merge proxies with the original order
@@ -303,7 +389,8 @@ async function produceArtifact({
        );

        proxies.forEach((proxy) => {
-            proxy.collectionName = collection.name;
+            proxy._collectionName = collection.name;
+            proxy._collectionDisplayName = collection.displayName;
        });

        // apply own processors
@@ -312,6 +399,7 @@ async function produceArtifact({
            collection.process || [],
            platform,
            { _collection: collection },
+            $options,
        );
        if (proxies.length === 0) {
            throw new Error(`组合订阅 ${name} 中不含有效节点`);
@@ -366,90 +454,128 @@ async function produceArtifact({
        const allFiles = $.read(FILES_KEY);
        const file = findByName(allFiles, name);
        if (!file) throw new Error(`找不到文件 ${name}`);
-        let raw;
-        if (content && !['localFirst', 'remoteFirst'].includes(mergeSources)) {
-            raw = content;
-        } else if (url) {
-            const errors = {};
-            raw = await Promise.all(
-                url
-                    .split(/[\r\n]+/)
-                    .map((i) => i.trim())
-                    .filter((i) => i.length)
-                    .map(async (url) => {
-                        try {
-                            return await download(url, ua || file.ua);
-                        } catch (err) {
-                            errors[url] = err;
-                            $.error(
-                                `文件 ${file.name} 的远程文件 ${url} 发生错误: ${err}`,
-                            );
-                            return '';
-                        }
-                    }),
-            );
-            let fileIgnoreFailedRemoteFile = file.ignoreFailedRemoteFile;
+        let raw = '';
+        if (file.type !== 'mihomoProfile') {
            if (
-                ignoreFailedRemoteFile != null &&
-                ignoreFailedRemoteFile !== ''
+                content &&
+                !['localFirst', 'remoteFirst'].includes(mergeSources)
            ) {
-                fileIgnoreFailedRemoteFile = ignoreFailedRemoteFile;
-            }
-            if (!fileIgnoreFailedRemoteFile && Object.keys(errors).length > 0) {
-                throw new Error(
-                    `文件 ${file.name} 的远程文件 ${Object.keys(errors).join(
-                        ', ',
-                    )} 发生错误, 请查看日志`,
+                raw = content;
+            } else if (url) {
+                const errors = {};
+                raw = await Promise.all(
+                    url
+                        .split(/[\r\n]+/)
+                        .map((i) => i.trim())
+                        .filter((i) => i.length)
+                        .map(async (url) => {
+                            try {
+                                return await download(
+                                    url,
+                                    ua || file.ua,
+                                    undefined,
+                                    file.proxy || proxy,
+                                    undefined,
+                                    undefined,
+                                    noCache,
+                                );
+                            } catch (err) {
+                                errors[url] = err;
+                                $.error(
+                                    `文件 ${file.name} 的远程文件 ${url} 发生错误: ${err}`,
+                                );
+                                return '';
+                            }
+                        }),
                );
-            }
-            if (mergeSources === 'localFirst') {
-                raw.unshift(content);
-            } else if (mergeSources === 'remoteFirst') {
-                raw.push(content);
-            }
-        } else if (
-            file.source === 'local' &&
-            !['localFirst', 'remoteFirst'].includes(file.mergeSources)
-        ) {
-            raw = file.content;
-        } else {
-            const errors = {};
-            raw = await Promise.all(
-                file.url
-                    .split(/[\r\n]+/)
-                    .map((i) => i.trim())
-                    .filter((i) => i.length)
-                    .map(async (url) => {
-                        try {
-                            return await download(url, ua || file.ua);
-                        } catch (err) {
-                            errors[url] = err;
-                            $.error(
-                                `文件 ${file.name} 的远程文件 ${url} 发生错误: ${err}`,
-                            );
-                            return '';
-                        }
-                    }),
-            );
-            let fileIgnoreFailedRemoteFile = file.ignoreFailedRemoteFile;
-            if (
-                ignoreFailedRemoteFile != null &&
-                ignoreFailedRemoteFile !== ''
+                let fileIgnoreFailedRemoteFile = file.ignoreFailedRemoteFile;
+                if (
+                    ignoreFailedRemoteFile != null &&
+                    ignoreFailedRemoteFile !== ''
+                ) {
+                    fileIgnoreFailedRemoteFile = ignoreFailedRemoteFile;
+                }
+                if (
+                    !fileIgnoreFailedRemoteFile &&
+                    Object.keys(errors).length > 0
+                ) {
+                    throw new Error(
+                        `文件 ${file.name} 的远程文件 ${Object.keys(
+                            errors,
+                        ).join(', ')} 发生错误, 请查看日志`,
+                    );
+                }
+                if (mergeSources === 'localFirst') {
+                    raw.unshift(content);
+                } else if (mergeSources === 'remoteFirst') {
+                    raw.push(content);
+                }
+            } else if (
+                file.source === 'local' &&
+                !['localFirst', 'remoteFirst'].includes(file.mergeSources)
            ) {
-                fileIgnoreFailedRemoteFile = ignoreFailedRemoteFile;
-            }
-            if (!fileIgnoreFailedRemoteFile && Object.keys(errors).length > 0) {
-                throw new Error(
-                    `文件 ${file.name} 的远程文件 ${Object.keys(errors).join(
-                        ', ',
-                    )} 发生错误, 请查看日志`,
+                raw = file.content;
+            } else {
+                const errors = {};
+                raw = await Promise.all(
+                    file.url
+                        .split(/[\r\n]+/)
+                        .map((i) => i.trim())
+                        .filter((i) => i.length)
+                        .map(async (url) => {
+                            try {
+                                return await download(
+                                    url,
+                                    ua || file.ua,
+                                    undefined,
+                                    file.proxy || proxy,
+                                    undefined,
+                                    undefined,
+                                    noCache,
+                                );
+                            } catch (err) {
+                                errors[url] = err;
+                                $.error(
+                                    `文件 ${file.name} 的远程文件 ${url} 发生错误: ${err}`,
+                                );
+                                return '';
+                            }
+                        }),
                );
+                let fileIgnoreFailedRemoteFile = file.ignoreFailedRemoteFile;
+                if (
+                    ignoreFailedRemoteFile != null &&
+                    ignoreFailedRemoteFile !== ''
+                ) {
+                    fileIgnoreFailedRemoteFile = ignoreFailedRemoteFile;
+                }
+
+                if (Object.keys(errors).length > 0) {
+                    if (!fileIgnoreFailedRemoteFile) {
+                        throw new Error(
+                            `文件 ${file.name} 的远程文件 ${Object.keys(
+                                errors,
+                            ).join(', ')} 发生错误, 请查看日志`,
+                        );
+                    } else if (fileIgnoreFailedRemoteFile === 'enabled') {
+                        $.notify(
+                            `🌍 Sub-Store 处理文件失败`,
+                            `❌ ${file.name}`,
+                            `远程文件 ${Object.keys(errors).join(
+                                ', ',
+                            )} 发生错误, 请查看日志`,
+                        );
+                    }
+                }
+                if (file.mergeSources === 'localFirst') {
+                    raw.unshift(file.content);
+                } else if (file.mergeSources === 'remoteFirst') {
+                    raw.push(file.content);
+                }
            }
-            if (file.mergeSources === 'localFirst') {
-                raw.unshift(file.content);
-            } else if (file.mergeSources === 'remoteFirst') {
-                raw.push(file.content);
-            }
+        }
+        if (produceType === 'raw') {
+            return JSON.stringify((Array.isArray(raw) ? raw : [raw]).flat());
        }
        const files = (Array.isArray(raw) ? raw : [raw]).flat();
        let filesContent = files
@@ -460,12 +586,17 @@ async function produceArtifact({
        const processed =
            Array.isArray(file.process) && file.process.length > 0
                ? await ProxyUtils.process(
-                      { $files: files, $content: filesContent },
+                      {
+                          $files: files,
+                          $content: filesContent,
+                          $options,
+                          $file: file,
+                      },
                      file.process,
                  )
-                : { $content: filesContent, $files: files };
+                : { $content: filesContent, $files: files, $options };

-        return processed?.$content ?? '';
+        return (all ? processed : processed?.$content) ?? '';
    }
 }

@@ -475,12 +606,15 @@ async function syncArtifacts() {
    const files = {};

    try {
+        const valid = [];
        const invalid = [];
        const allSubs = $.read(SUBS_KEY);
        const allCols = $.read(COLLECTIONS_KEY);
        const subNames = [];
+        let enabledCount = 0;
        allArtifacts.map((artifact) => {
            if (artifact.sync && artifact.source) {
+                enabledCount++;
                if (artifact.type === 'subscription') {
                    const subName = artifact.source;
                    const sub = findByName(allSubs, subName);
@@ -501,6 +635,13 @@ async function syncArtifacts() {
            }
        });

+        if (enabledCount === 0) {
+            $.info(
+                `需同步的配置: ${enabledCount}, 总数: ${allArtifacts.length}`,
+            );
+            return;
+        }
+
        if (subNames.length > 0) {
            await Promise.all(
                subNames.map(async (subName) => {
@@ -522,6 +663,16 @@ async function syncArtifacts() {
                try {
                    if (artifact.sync && artifact.source) {
                        $.info(`正在同步云配置：${artifact.name}...`);
+
+                        const useMihomoExternal =
+                            artifact.platform === 'SurgeMac';
+
+                        if (useMihomoExternal) {
+                            $.info(
+                                `手动指定了 target 为 SurgeMac, 将使用 Mihomo External`,
+                            );
+                        }
+
                        const output = await produceArtifact({
                            type: artifact.type,
                            name: artifact.source,
@@ -529,6 +680,7 @@ async function syncArtifacts() {
                            produceOpts: {
                                'include-unsupported-proxy':
                                    artifact.includeUnsupportedProxy,
+                                useMihomoExternal,
                            },
                        });

@@ -538,27 +690,47 @@ async function syncArtifacts() {
                        files[encodeURIComponent(artifact.name)] = {
                            content: output,
                        };
+
+                        valid.push(artifact.name);
                    }
                } catch (e) {
                    $.error(
-                        `同步配置 ${artifact.name} 发生错误: ${e.message ?? e}`,
+                        `生成同步配置 ${artifact.name} 发生错误: ${
+                            e.message ?? e
+                        }`,
                    );
                    invalid.push(artifact.name);
                }
            }),
        );

-        if (invalid.length > 0) {
+        $.info(`${valid.length} 个同步配置生成成功: ${valid.join(', ')}`);
+        $.info(`${invalid.length} 个同步配置生成失败: ${invalid.join(', ')}`);
+
+        if (valid.length === 0) {
            throw new Error(
-                `同步配置 ${invalid.join(', ')} 发生错误 详情请查看日志`,
+                `同步配置 ${invalid.join(', ')} 生成失败 详情请查看日志`,
            );
        }

        const resp = await syncToGist(files);
        const body = JSON.parse(resp.body);

+        delete body.history;
+        delete body.forks;
+        delete body.owner;
+        Object.values(body.files).forEach((file) => {
+            delete file.content;
+        });
+        $.info('上传配置响应:');
+        $.info(JSON.stringify(body, null, 2));
+
        for (const artifact of allArtifacts) {
-            if (artifact.sync) {
+            if (
+                artifact.sync &&
+                artifact.source &&
+                valid.includes(artifact.name)
+            ) {
                artifact.updated = new Date().getTime();
                // extract real url from gist
                let files = body.files;
@@ -586,9 +758,17 @@ async function syncArtifacts() {
        }

        $.write(allArtifacts, ARTIFACTS_KEY);
-        $.info('全部订阅同步成功！');
+        $.info('上传配置成功');
+
+        if (invalid.length > 0) {
+            throw new Error(
+                `同步配置成功 ${valid.length} 个, 失败 ${invalid.length} 个, 详情请查看日志`,
+            );
+        } else {
+            $.info(`同步配置成功 ${valid.length} 个`);
+        }
    } catch (e) {
-        $.error(`同步订阅失败，原因：${e.message ?? e}`);
+        $.error(`同步配置失败，原因：${e.message ?? e}`);
        throw e;
    }
 }
@@ -598,7 +778,7 @@ async function syncAllArtifacts(_, res) {
        await syncArtifacts();
        success(res);
    } catch (e) {
-        $.error(`同步订阅失败，原因：${e.message ?? e}`);
+        $.error(`同步配置失败，原因：${e.message ?? e}`);
        failed(
            res,
            new InternalServerError(
@@ -644,12 +824,18 @@ async function syncArtifact(req, res) {
    }

    try {
+        const useMihomoExternal = artifact.platform === 'SurgeMac';
+
+        if (useMihomoExternal) {
+            $.info(`手动指定了 target 为 SurgeMac, 将使用 Mihomo External`);
+        }
        const output = await produceArtifact({
            type: artifact.type,
            name: artifact.source,
            platform: artifact.platform,
            produceOpts: {
                'include-unsupported-proxy': artifact.includeUnsupportedProxy,
+                useMihomoExternal,
            },
        });

@@ -669,6 +855,16 @@ async function syncArtifact(req, res) {
        });
        artifact.updated = new Date().getTime();
        const body = JSON.parse(resp.body);
+
+        delete body.history;
+        delete body.forks;
+        delete body.owner;
+        Object.values(body.files).forEach((file) => {
+            delete file.content;
+        });
+        $.info('上传配置响应:');
+        $.info(JSON.stringify(body, null, 2));
+
        let files = body.files;
        let isGitLab;
        if (Array.isArray(files)) {
--- a/backend/src/restful/token.js
+++ b/backend/src/restful/token.js
@@ -0,0 +1,192 @@
+import { deleteByName } from '@/utils/database';
+import { ENV } from '@/vendor/open-api';
+import { TOKENS_KEY, SUBS_KEY, FILES_KEY, COLLECTIONS_KEY } from '@/constants';
+import { failed, success } from '@/restful/response';
+import $ from '@/core/app';
+import { RequestInvalidError, InternalServerError } from '@/restful/errors';
+
+export default function register($app) {
+    if (!$.read(TOKENS_KEY)) $.write([], TOKENS_KEY);
+
+    $app.post('/api/token', signToken);
+
+    $app.route('/api/token/:token').delete(deleteToken);
+
+    $app.route('/api/tokens').get(getAllTokens);
+}
+
+function deleteToken(req, res) {
+    let { token } = req.params;
+    token = decodeURIComponent(token);
+    $.info(`正在删除：${token}`);
+    let allTokens = $.read(TOKENS_KEY);
+    deleteByName(allTokens, token, 'token');
+    $.write(allTokens, TOKENS_KEY);
+    success(res);
+}
+
+function getAllTokens(req, res) {
+    const { type, name } = req.query;
+    const allTokens = $.read(TOKENS_KEY) || [];
+    success(
+        res,
+        type || name
+            ? allTokens.filter(
+                  (item) =>
+                      (type ? item.type === type : true) &&
+                      (name ? item.name === name : true),
+              )
+            : allTokens,
+    );
+}
+
+async function signToken(req, res) {
+    if (!ENV().isNode) {
+        return failed(
+            res,
+            new RequestInvalidError(
+                'INVALID_ENV',
+                `This endpoint is only available in Node.js environment`,
+            ),
+        );
+    }
+    try {
+        const { payload, options } = req.body;
+        const ms = eval(`require("ms")`);
+        const type = payload?.type;
+        const name = payload?.name;
+        if (!type || !name)
+            return failed(
+                res,
+                new RequestInvalidError(
+                    'INVALID_PAYLOAD',
+                    `payload type and name are required`,
+                ),
+            );
+        let token = payload?.token;
+        if (token != null) {
+            if (typeof token !== 'string' || token.length < 1) {
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'INVALID_CUSTOM_TOKEN',
+                        `Invalid custom token: ${token}`,
+                    ),
+                );
+            }
+            const tokens = $.read(TOKENS_KEY) || [];
+            if (
+                tokens.find(
+                    (t) =>
+                        t.token === token && t.type === type && t.name === name,
+                )
+            ) {
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'DUPLICATE_TOKEN',
+                        `Token ${token} already exists`,
+                    ),
+                );
+            }
+        }
+
+        if (type === 'col') {
+            const collections = $.read(COLLECTIONS_KEY) || [];
+            const collection = collections.find((c) => c.name === name);
+            if (!collection)
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'INVALID_COLLECTION',
+                        `collection ${name} not found`,
+                    ),
+                );
+        } else if (type === 'file') {
+            const files = $.read(FILES_KEY) || [];
+            const file = files.find((f) => f.name === name);
+            if (!file)
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'INVALID_FILE',
+                        `file ${name} not found`,
+                    ),
+                );
+        } else if (type === 'sub') {
+            const subs = $.read(SUBS_KEY) || [];
+            const sub = subs.find((s) => s.name === name);
+            if (!sub)
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'INVALID_SUB',
+                        `sub ${name} not found`,
+                    ),
+                );
+        } else {
+            return failed(
+                res,
+                new RequestInvalidError(
+                    'INVALID_TYPE',
+                    `type ${name} not supported`,
+                ),
+            );
+        }
+        let expiresIn = options?.expiresIn;
+        if (options?.expiresIn != null) {
+            expiresIn = ms(options.expiresIn);
+            if (expiresIn == null || isNaN(expiresIn) || expiresIn <= 0) {
+                return failed(
+                    res,
+                    new RequestInvalidError(
+                        'INVALID_EXPIRES_IN',
+                        `Invalid expiresIn option: ${options.expiresIn}`,
+                    ),
+                );
+            }
+        }
+        // const secret = eval('process.env.SUB_STORE_FRONTEND_BACKEND_PATH');
+        const nanoid = eval(`require("nanoid")`);
+        const tokens = $.read(TOKENS_KEY) || [];
+        // const now = Date.now();
+        // for (const key in tokens) {
+        //     const token = tokens[key];
+        //     if (token.exp != null || token.exp < now) {
+        //         delete tokens[key];
+        //     }
+        // }
+        if (!token) {
+            do {
+                token = nanoid.customAlphabet(nanoid.urlAlphabet)();
+            } while (
+                tokens.find(
+                    (t) =>
+                        t.token === token && t.type === type && t.name === name,
+                )
+            );
+        }
+        tokens.push({
+            ...payload,
+            token,
+            createdAt: Date.now(),
+            expiresIn: expiresIn > 0 ? options?.expiresIn : undefined,
+            exp: expiresIn > 0 ? Date.now() + expiresIn : undefined,
+        });
+
+        $.write(tokens, TOKENS_KEY);
+        return success(res, {
+            token,
+            // secret,
+        });
+    } catch (e) {
+        return failed(
+            res,
+            new InternalServerError(
+                'TOKEN_SIGN_FAILED',
+                `Failed to sign token`,
+                `Reason: ${e.message ?? e}`,
+            ),
+        );
+    }
+}
--- a/backend/src/utils/database.js
+++ b/backend/src/utils/database.js
@@ -1,17 +1,17 @@
-export function findByName(list, name) {
-    return list.find((item) => item.name === name);
+export function findByName(list, name, field = 'name') {
+    return list.find((item) => item[field] === name);
 }

-export function findIndexByName(list, name) {
-    return list.findIndex((item) => item.name === name);
+export function findIndexByName(list, name, field = 'name') {
+    return list.findIndex((item) => item[field] === name);
 }

-export function deleteByName(list, name) {
-    const idx = findIndexByName(list, name);
+export function deleteByName(list, name, field = 'name') {
+    const idx = findIndexByName(list, name, field);
    list.splice(idx, 1);
 }

-export function updateByName(list, name, newItem) {
-    const idx = findIndexByName(list, name);
+export function updateByName(list, name, newItem, field = 'name') {
+    const idx = findIndexByName(list, name, field);
    list[idx] = newItem;
 }
--- a/backend/src/utils/dns.js
+++ b/backend/src/utils/dns.js
@@ -1,6 +1,7 @@
 import $ from '@/core/app';
 import dnsPacket from 'dns-packet';
 import { Buffer } from 'buffer';
+import { isIPv4 } from '@/utils';

 export async function doh({ url, domain, type = 'A', timeout, edns }) {
    const buf = dnsPacket.encode({
@@ -23,7 +24,7 @@ export async function doh({ url, domain, type = 'A', timeout, edns }) {
                    {
                        code: 'CLIENT_SUBNET',
                        ip: edns,
-                        sourcePrefixLength: 24,
+                        sourcePrefixLength: isIPv4(edns) ? 24 : 56,
                        scopePrefixLength: 0,
                    },
                ],
--- a/backend/src/utils/download.js
+++ b/backend/src/utils/download.js
@@ -1,4 +1,4 @@
-import { SETTINGS_KEY } from '@/constants';
+import { SETTINGS_KEY, FILES_KEY, MODULES_KEY } from '@/constants';
 import { HTTP, ENV } from '@/vendor/open-api';
 import { hex_md5 } from '@/vendor/md5';
 import { getPolicyDescriptor } from '@/utils';
@@ -11,6 +11,14 @@ import {
    validCheck,
 } from '@/utils/flow';
 import $ from '@/core/app';
+import { findByName } from '@/utils/database';
+import { produceArtifact } from '@/restful/sync';
+import PROXY_PREPROCESSORS from '@/core/proxy-utils/preprocessors';
+import { ProxyUtils } from '@/core/proxy-utils';
+
+const clashPreprocessor = PROXY_PREPROCESSORS.find(
+    (processor) => processor.name === 'Clash Pre-processor',
+);

 const tasks = new Map();

@@ -18,9 +26,11 @@ export default async function download(
    rawUrl = '',
    ua,
    timeout,
-    proxy,
+    customProxy,
    skipCustomCache,
    awaitCustomCache,
+    noCache,
+    preprocess,
 ) {
    let $arguments = {};
    let url = rawUrl.replace(/#noFlow$/, '');
@@ -43,12 +53,26 @@ export default async function download(
        }
    }
    const { isNode, isStash, isLoon, isShadowRocket, isQX } = ENV();
-    const { defaultUserAgent, defaultTimeout, cacheThreshold } =
-        $.read(SETTINGS_KEY);
+    const {
+        defaultProxy,
+        defaultUserAgent,
+        defaultTimeout,
+        cacheThreshold: defaultCacheThreshold,
+    } = $.read(SETTINGS_KEY);
+    const cacheThreshold = defaultCacheThreshold || 1024;
+    let proxy = customProxy || defaultProxy;
+    if ($.env.isNode) {
+        proxy = proxy || eval('process.env.SUB_STORE_BACKEND_DEFAULT_PROXY');
+    }
    const userAgent = ua || defaultUserAgent || 'clash.meta';
-    const requestTimeout = timeout || defaultTimeout;
+    const requestTimeout = timeout || defaultTimeout || 8000;
    const id = hex_md5(userAgent + url);

+    if ($arguments?.cacheKey === true) {
+        $.error(`使用自定义缓存时 cacheKey 的值不能为空`);
+        $arguments.cacheKey = undefined;
+    }
+
    const customCacheKey = $arguments?.cacheKey
        ? `#sub-store-cached-custom-${$arguments?.cacheKey}`
        : undefined;
@@ -56,7 +80,7 @@ export default async function download(
    if (customCacheKey && !skipCustomCache) {
        const customCached = $.read(customCacheKey);
        const cached = resourceCache.get(id);
-        if (!$arguments?.noCache && cached) {
+        if (!noCache && !$arguments?.noCache && cached) {
            $.info(
                `乐观缓存: URL ${url}\n存在有效的常规缓存\n使用常规缓存以避免重复请求`,
            );
@@ -72,6 +96,9 @@ export default async function download(
                        timeout,
                        proxy,
                        true,
+                        undefined,
+                        undefined,
+                        preprocess,
                    );
                } catch (e) {
                    $.error(
@@ -92,6 +119,9 @@ export default async function download(
                    timeout,
                    proxy,
                    true,
+                    undefined,
+                    undefined,
+                    preprocess,
                ).catch((e) => {
                    $.error(
                        `乐观缓存: URL ${url} 异步更新缓存发生错误 ${
@@ -104,22 +134,53 @@ export default async function download(
        }
    }

-    // const downloadUrlMatch = url.match(/^\/api\/(file|module)\/(.+)/);
-    // if (downloadUrlMatch) {
-    //     let type = downloadUrlMatch?.[1];
-    //     let name = downloadUrlMatch?.[2];
-    //     if (name == null) {
-    //         throw new Error(`本地 ${type} URL 无效: ${url}`);
-    //     }
-    //     name = decodeURIComponent(name);
-    //     const key = type === 'module' ? MODULES_KEY : FILES_KEY;
-    //     const item = findByName($.read(key), name);
-    //     if (!item) {
-    //         throw new Error(`找不到本地 ${type}: ${name}`);
-    //     }
+    const downloadUrlMatch = url
+        .split('#')[0]
+        .match(/^\/api\/(file|module)\/(.+)/);
+    if (downloadUrlMatch) {
+        let type = '';
+        try {
+            type = downloadUrlMatch?.[1];
+            let name = downloadUrlMatch?.[2];
+            if (name == null) {
+                throw new Error(`本地 ${type} URL 无效: ${url}`);
+            }
+            name = decodeURIComponent(name);
+            const key = type === 'module' ? MODULES_KEY : FILES_KEY;
+            const item = findByName($.read(key), name);
+            if (!item) {
+                throw new Error(`找不到 ${type}: ${name}`);
+            }

-    //     return item.content;
-    // }
+            if (type === 'module') {
+                return item.content;
+            } else {
+                return await produceArtifact({
+                    type: 'file',
+                    name,
+                });
+            }
+        } catch (err) {
+            $.error(
+                `Error when loading ${type}: ${
+                    url.split('#')[0]
+                }.\n Reason: ${err}`,
+            );
+            throw new Error(`无法加载 ${type}: ${url}`);
+        }
+    } else if (url?.startsWith('/')) {
+        try {
+            const fs = eval(`require("fs")`);
+            return fs.readFileSync(url.split('#')[0], 'utf8');
+        } catch (err) {
+            $.error(
+                `Error when reading local file: ${
+                    url.split('#')[0]
+                }.\n Reason: ${err}`,
+            );
+            throw new Error(`无法从该路径读取文本内容: ${url}`);
+        }
+    }

    if (!isNode && tasks.has(id)) {
        return tasks.get(id);
@@ -140,34 +201,53 @@ export default async function download(

    // try to find in app cache
    const cached = resourceCache.get(id);
-    if (!$arguments?.noCache && cached) {
-        $.info(`使用缓存: ${url}`);
+    if (!noCache && !$arguments?.noCache && cached) {
+        $.info(`使用缓存: ${url}, ${userAgent}`);
        result = cached;
        if (customCacheKey) {
            $.info(`URL ${url}\n写入自定义缓存 ${$arguments?.cacheKey}`);
            $.write(cached, customCacheKey);
        }
    } else {
+        const insecure = $arguments?.insecure
+            ? isNode
+                ? { strictSSL: false }
+                : { insecure: true }
+            : undefined;
        $.info(
-            `Downloading...\nUser-Agent: ${userAgent}\nTimeout: ${requestTimeout}\nProxy: ${proxy}\nURL: ${url}`,
+            `Downloading...\nUser-Agent: ${userAgent}\nTimeout: ${requestTimeout}\nProxy: ${proxy}\nInsecure: ${!!insecure}\nPreprocess: ${preprocess}\nURL: ${url}`,
        );
        try {
-            const { body, headers } = await http.get({
+            let { body, headers, statusCode } = await http.get({
                url,
                ...(proxy ? { proxy } : {}),
                ...(isLoon && proxy ? { node: proxy } : {}),
                ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
                ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                ...(insecure ? insecure : {}),
            });
+            $.info(`statusCode: ${statusCode}`);
+            if (statusCode < 200 || statusCode >= 400) {
+                throw new Error(`statusCode: ${statusCode}`);
+            }

            if (headers) {
                const flowInfo = getFlowField(headers);
                if (flowInfo) {
-                    headersResourceCache.set(url, flowInfo);
+                    headersResourceCache.set(id, flowInfo);
                }
            }
            if (body.replace(/\s/g, '').length === 0)
                throw new Error(new Error('远程资源内容为空'));
+            if (preprocess) {
+                try {
+                    if (clashPreprocessor.test(body)) {
+                        body = clashPreprocessor.parse(body, true);
+                    }
+                } catch (e) {
+                    $.error(`Clash Pre-processor error: ${e}`);
+                }
+            }
            let shouldCache = true;
            if (cacheThreshold) {
                const size = body.length / 1024;
@@ -183,10 +263,34 @@ export default async function download(
            if (shouldCache) {
                resourceCache.set(id, body);
                if (customCacheKey) {
-                    $.info(
-                        `URL ${url}\n写入自定义缓存 ${$arguments?.cacheKey}`,
-                    );
-                    $.write(body, customCacheKey);
+                    let shouldWriteCustomCacheKey = true;
+                    if (preprocess) {
+                        try {
+                            const proxies = ProxyUtils.parse(body);
+                            if (
+                                !Array.isArray(proxies) ||
+                                proxies.length === 0
+                            ) {
+                                $.error(
+                                    `URL ${url} 不包含有效节点\n不写入自定义缓存 ${$arguments?.cacheKey}`,
+                                );
+                                shouldWriteCustomCacheKey = false;
+                            }
+                        } catch (e) {
+                            $.error(
+                                `URL ${url} 尝试解析节点失败 ${
+                                    e.message ?? e
+                                }\n不写入自定义缓存 ${$arguments?.cacheKey}`,
+                            );
+                            shouldWriteCustomCacheKey = false;
+                        }
+                    }
+                    if (shouldWriteCustomCacheKey) {
+                        $.info(
+                            `URL ${url}\n写入自定义缓存 ${$arguments?.cacheKey}`,
+                        );
+                        $.write(body, customCacheKey);
+                    }
                }
            }

@@ -228,3 +332,25 @@ export default async function download(
    }
    return result;
 }
+
+export async function downloadFile(url, file) {
+    const undici = eval("require('undici')");
+    const fs = eval("require('fs')");
+    const { pipeline } = eval("require('stream/promises')");
+    const { Agent, interceptors, request } = undici;
+    $.info(`Downloading file...\nURL: ${url}\nFile: ${file}`);
+    const { body, statusCode } = await request(url, {
+        dispatcher: new Agent().compose(
+            interceptors.redirect({
+                maxRedirections: 3,
+                throwOnRedirect: true,
+            }),
+        ),
+    });
+    if (statusCode !== 200)
+        throw new Error(`Failed to download file from ${url}`);
+    const fileStream = fs.createWriteStream(file);
+    await pipeline(body, fileStream);
+    $.info(`File downloaded from ${url} to ${file}`);
+    return file;
+}
--- a/backend/src/utils/env.js
+++ b/backend/src/utils/env.js
@@ -24,6 +24,7 @@ if (isLanceX) backend = 'LanceX';
 if (isGUIforCores) backend = 'GUI.for.Cores';

 let meta = {};
+let feature = {};

 try {
    if (typeof $environment !== 'undefined') {
@@ -63,5 +64,6 @@ try {
 export default {
    backend,
    version: substoreVersion,
+    feature,
    meta,
 };
--- a/backend/src/utils/flow.js
+++ b/backend/src/utils/flow.js
@@ -1,16 +1,34 @@
 import { SETTINGS_KEY } from '@/constants';
 import { HTTP, ENV } from '@/vendor/open-api';
+import { hex_md5 } from '@/vendor/md5';
 import { getPolicyDescriptor } from '@/utils';
 import $ from '@/core/app';
 import headersResourceCache from '@/utils/headers-resource-cache';

 export function getFlowField(headers) {
-    const subkey = Object.keys(headers).filter((k) =>
-        /SUBSCRIPTION-USERINFO/i.test(k),
-    )[0];
-    return headers[subkey];
+    const keys = Object.keys(headers);
+    let sub = '';
+    let webPage = '';
+    for (let k of keys) {
+        const lower = k.toLowerCase();
+        if (lower === 'subscription-userinfo') {
+            sub = headers[k];
+        } else if (lower === 'profile-web-page-url') {
+            webPage = headers[k];
+        }
+    }
+
+    return `${sub || ''}${
+        webPage ? `; app_url=${encodeURIComponent(webPage)}` : ''
+    }`;
 }
-export async function getFlowHeaders(rawUrl, ua, timeout, proxy, flowUrl) {
+export async function getFlowHeaders(
+    rawUrl,
+    ua,
+    timeout,
+    customProxy,
+    flowUrl,
+) {
    let url = flowUrl || rawUrl || '';
    let $arguments = {};
    const rawArgs = url.split('#');
@@ -31,28 +49,36 @@ export async function getFlowHeaders(rawUrl, ua, timeout, proxy, flowUrl) {
            }
        }
    }
-    if ($arguments?.noFlow) {
+    if ($arguments?.noFlow || !/^https?/.test(url)) {
        return;
    }
    const { isStash, isLoon, isShadowRocket, isQX } = ENV();
-    const cached = headersResourceCache.get(url);
+    const insecure = $arguments?.insecure
+        ? $.env.isNode
+            ? { strictSSL: false }
+            : { insecure: true }
+        : undefined;
+    const { defaultProxy, defaultFlowUserAgent, defaultTimeout } =
+        $.read(SETTINGS_KEY);
+    let proxy = customProxy || defaultProxy;
+    if ($.env.isNode) {
+        proxy = proxy || eval('process.env.SUB_STORE_BACKEND_DEFAULT_PROXY');
+    }
+    const userAgent = ua || defaultFlowUserAgent || 'clash';
+    const requestTimeout = timeout || defaultTimeout || 8000;
+    const id = hex_md5(userAgent + url);
+    const cached = headersResourceCache.get(id);
    let flowInfo;
    if (!$arguments?.noCache && cached) {
-        // $.info(`使用缓存的流量信息: ${url}`);
+        $.info(`使用缓存的流量信息: ${url}, ${userAgent}`);
        flowInfo = cached;
    } else {
-        const { defaultFlowUserAgent, defaultTimeout } = $.read(SETTINGS_KEY);
-        const userAgent =
-            ua ||
-            defaultFlowUserAgent ||
-            'Quantumult%20X/1.0.30 (iPhone14,2; iOS 15.6)';
-        const requestTimeout = timeout || defaultTimeout;
        const http = HTTP();
        if (flowUrl) {
            $.info(
                `使用 GET 方法从响应体获取流量信息: ${flowUrl}, User-Agent: ${
                    userAgent || ''
-                }`,
+                }, Insecure: ${!!insecure}, Proxy: ${proxy}`,
            );
            const { body } = await http.get({
                url: flowUrl,
@@ -60,6 +86,11 @@ export async function getFlowHeaders(rawUrl, ua, timeout, proxy, flowUrl) {
                    'User-Agent': userAgent,
                },
                timeout: requestTimeout,
+                ...(proxy ? { proxy } : {}),
+                ...(isLoon && proxy ? { node: proxy } : {}),
+                ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
+                ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                ...(insecure ? insecure : {}),
            });
            flowInfo = body;
        } else {
@@ -67,7 +98,7 @@ export async function getFlowHeaders(rawUrl, ua, timeout, proxy, flowUrl) {
                $.info(
                    `使用 HEAD 方法从响应头获取流量信息: ${url}, User-Agent: ${
                        userAgent || ''
-                    }`,
+                    }, Insecure: ${!!insecure}, Proxy: ${proxy}`,
                );
                const { headers } = await http.head({
                    url: url
@@ -91,20 +122,23 @@ export async function getFlowHeaders(rawUrl, ua, timeout, proxy, flowUrl) {
                    ...(isLoon && proxy ? { node: proxy } : {}),
                    ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
                    ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                    ...(insecure ? insecure : {}),
                });
                flowInfo = getFlowField(headers);
            } catch (e) {
                $.error(
                    `使用 HEAD 方法从响应头获取流量信息失败: ${url}, User-Agent: ${
                        userAgent || ''
-                    }: ${e.message ?? e}`,
+                    }, Insecure: ${!!insecure}, Proxy: ${proxy}: ${
+                        e.message ?? e
+                    }`,
                );
            }
            if (!flowInfo) {
                $.info(
                    `使用 GET 方法获取流量信息: ${url}, User-Agent: ${
                        userAgent || ''
-                    }`,
+                    }, Insecure: ${!!insecure}, Proxy: ${proxy}`,
                );
                const { headers } = await http.get({
                    url: url
@@ -113,14 +147,31 @@ export async function getFlowHeaders(rawUrl, ua, timeout, proxy, flowUrl) {
                        .filter((i) => i.length)[0],
                    headers: {
                        'User-Agent': userAgent,
+                        ...(isStash && proxy
+                            ? {
+                                  'X-Stash-Selected-Proxy':
+                                      encodeURIComponent(proxy),
+                              }
+                            : {}),
+                        ...(isShadowRocket && proxy
+                            ? { 'X-Surge-Policy': proxy }
+                            : {}),
                    },
                    timeout: requestTimeout,
+                    ...(proxy ? { proxy } : {}),
+                    ...(isLoon && proxy ? { node: proxy } : {}),
+                    ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
+                    ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                    ...(insecure ? insecure : {}),
                });
                flowInfo = getFlowField(headers);
            }
        }
        if (flowInfo) {
-            headersResourceCache.set(url, flowInfo);
+            flowInfo = flowInfo.trim();
+        }
+        if (flowInfo) {
+            headersResourceCache.set(id, flowInfo);
        }
    }

@@ -151,8 +202,29 @@ export function parseFlowHeaders(flowHeaders) {
        ? Number(expireMatch[1] + expireMatch[2])
        : undefined;

-    return { expires, total, usage: { upload, download } };
+    const remainingDaysMatch = flowHeaders.match(/reset_day=([0-9]+)/);
+    const remainingDays = remainingDaysMatch
+        ? Number(remainingDaysMatch[1])
+        : undefined;
+
+    const appUrlMatch = flowHeaders.match(/app_url=(.*?)\s*?(;|$)/);
+    const appUrl = appUrlMatch ? decodeURIComponent(appUrlMatch[1]) : undefined;
+
+    const planNameMatch = flowHeaders.match(/plan_name=(.*?)\s*?(;|$)/);
+    const planName = planNameMatch
+        ? decodeURIComponent(planNameMatch[1])
+        : undefined;
+
+    return {
+        expires,
+        total,
+        usage: { upload, download },
+        remainingDays,
+        appUrl,
+        planName,
+    };
 }
+
 export function flowTransfer(flow, unit = 'B') {
    const unitList = ['B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
    let unitIndex = unitList.indexOf(unit);
@@ -241,3 +313,56 @@ export function getRmainingDays(opt = {}) {
        $.error(`getRmainingDays failed: ${e.message ?? e}`);
    }
 }
+
+export function normalizeFlowHeader(flowHeaders) {
+    try {
+        // 使用 Map 保持顺序并处理重复键
+        const kvMap = new Map();
+
+        flowHeaders
+            .split(';')
+            .map((p) => p.trim())
+            .filter(Boolean)
+            .forEach((pair) => {
+                const eqIndex = pair.indexOf('=');
+                if (eqIndex === -1) return;
+
+                const key = pair.slice(0, eqIndex).trim();
+                const encodedValue = pair.slice(eqIndex + 1).trim();
+
+                // 只保留第一个出现的 key
+                if (!kvMap.has(key)) {
+                    try {
+                        // 解码 URI 组件并保留原始值作为 fallback
+                        let decodedValue = decodeURIComponent(encodedValue);
+                        if (
+                            ['upload', 'download', 'total', 'expire'].includes(
+                                key,
+                            )
+                        ) {
+                            try {
+                                decodedValue = Number(decodedValue).toFixed(0);
+                            } catch (e) {
+                                $.error(
+                                    `Failed to convert value for key "${key}=${encodedValue}": ${
+                                        e.message ?? e
+                                    }`,
+                                );
+                            }
+                        }
+                        kvMap.set(key, decodedValue);
+                    } catch (e) {
+                        kvMap.set(key, encodedValue);
+                    }
+                }
+            });
+
+        // 拼接标准化字符串
+        return Array.from(kvMap.entries())
+            .map(([k, v]) => `${k}=${encodeURIComponent(v)}`) // 重新编码保持兼容性
+            .join('; ');
+    } catch (e) {
+        $.error(`normalizeFlowHeader failed: ${e.message ?? e}`);
+        return flowHeaders;
+    }
+}
--- a/backend/src/utils/geo.js
+++ b/backend/src/utils/geo.js
@@ -17,7 +17,10 @@ const ISOFlags = {
    '🇧🇪': ['BE', 'BEL'],
    '🇧🇬': ['BG', 'BGR'],
    '🇧🇭': ['BH', 'BHR'],
+    '🇧🇴': ['BO', 'BOL'],
+    '🇧🇳': ['BN', 'BRN'],
    '🇧🇷': ['BR', 'BRA'],
+    '🇧🇹': ['BT', 'BTN'],
    '🇧🇾': ['BY', 'BLR'],
    '🇨🇦': ['CA', 'CAN'],
    '🇨🇭': ['CH', 'CHE'],
@@ -38,6 +41,8 @@ const ISOFlags = {
    '🇬🇧': ['GB', 'GBR', 'UK'],
    '🇬🇪': ['GE', 'GEO'],
    '🇬🇷': ['GR', 'GRC'],
+    '🇬🇹': ['GT', 'GTM'],
+    '🇬🇺': ['GU', 'GUM'],
    '🇭🇰': ['HK', 'HKG', 'HKT', 'HKBN', 'HGC', 'WTT', 'CMI'],
    '🇭🇷': ['HR', 'HRV'],
    '🇭🇺': ['HU', 'HUN'],
@@ -57,12 +62,15 @@ const ISOFlags = {
    '🇮🇷': ['IR', 'IRN'],
    '🇮🇸': ['IS', 'ISL'],
    '🇮🇹': ['IT', 'ITA'],
+    '🇱🇦': ['LA', 'LAO'],
+    '🇱🇰': ['LK', 'LKA'],
    '🇱🇹': ['LT', 'LTU'],
    '🇱🇺': ['LU', 'LUX'],
    '🇱🇻': ['LV', 'LVA'],
    '🇲🇦': ['MA', 'MAR'],
    '🇲🇩': ['MD', 'MDA'],
    '🇳🇬': ['NG', 'NGA'],
+    '🇲🇲': ['MM', 'MMR'],
    '🇲🇰': ['MK', 'MKD'],
    '🇲🇳': ['MN', 'MNG'],
    '🇲🇴': ['MO', 'MAC', 'CTM'],
@@ -81,6 +89,7 @@ const ISOFlags = {
    '🇵🇷': ['PR', 'PRI'],
    '🇵🇹': ['PT', 'PRT'],
    '🇵🇾': ['PY', 'PRY'],
+    '🇵🇬': ['PG', 'PNG'],
    '🇷🇴': ['RO', 'ROU'],
    '🇷🇸': ['RS', 'SRB'],
    '🇷🇪': ['RE', 'REU'],
@@ -140,7 +149,10 @@ export function getFlag(name) {
        '🇧🇬': ['Bulgaria', '保加利亚', '保加利亞'],
        '🇧🇭': ['Bahrain', '巴林'],
        '🇧🇷': ['Brazil', '巴西', '圣保罗'],
+        '🇧🇳': ['Brunei', '文莱', '汶萊'],
        '🇧🇾': ['Belarus', '白俄罗斯', '白俄'],
+        '🇧🇴': ['Bolivia', '玻利维亚'],
+        '🇧🇹': ['Bhutan', '不丹', '不丹王国'],
        '🇨🇦': [
            'Canada',
            '加拿大',
@@ -151,6 +163,7 @@ export function getFlag(name) {
            '滑铁卢',
            '多伦多',
            'Waterloo',
+            'Toronto',
        ],
        '🇨🇭': ['Switzerland', '瑞士', '苏黎世', 'Zurich'],
        '🇨🇱': ['Chile', '智利'],
@@ -190,6 +203,8 @@ export function getFlag(name) {
        ],
        '🇬🇪': ['Georgia', '格鲁吉亚', '格魯吉亞'],
        '🇬🇷': ['Greece', '希腊', '希臘'],
+        '🇬🇺': ['Guam', '关岛', '關島'],
+        '🇬🇹': ['Guatemala', '危地马拉'],
        '🇭🇰': [
            'Hongkong',
            '香港',
@@ -245,15 +260,18 @@ export function getFlag(name) {
        '🇮🇪': ['Ireland', '爱尔兰', '愛爾蘭', '都柏林'],
        '🇮🇱': ['Israel', '以色列'],
        '🇮🇲': ['Isle of Man', '马恩岛', '馬恩島'],
-        '🇮🇳': ['India', '印度', '孟买', 'MFumbai'],
+        '🇮🇳': ['India', '印度', '孟买', 'MFumbai', 'Mumbai'],
        '🇮🇷': ['Iran', '伊朗'],
        '🇮🇸': ['Iceland', '冰岛', '冰島'],
        '🇮🇹': ['Italy', '意大利', '義大利', '米兰', 'Nachash'],
+        '🇱🇰': ['Sri Lanka', '斯里兰卡', '斯里蘭卡'],
+        '🇱🇦': ['Laos', '老挝', '老撾'],
        '🇱🇹': ['Lithuania', '立陶宛'],
        '🇱🇺': ['Luxembourg', '卢森堡'],
        '🇱🇻': ['Latvia', '拉脱维亚', 'Latvija'],
        '🇲🇦': ['Morocco', '摩洛哥'],
        '🇲🇩': ['Moldova', '摩尔多瓦', '摩爾多瓦'],
+        '🇲🇲': ['Myanmar', '缅甸', '緬甸'],
        '🇳🇬': ['Nigeria', '尼日利亚', '尼日利亞'],
        '🇲🇰': ['Macedonia', '马其顿', '馬其頓'],
        '🇲🇳': ['Mongolia', '蒙古'],
@@ -261,7 +279,14 @@ export function getFlag(name) {
        '🇲🇹': ['Malta', '马耳他'],
        '🇲🇽': ['Mexico', '墨西哥'],
        '🇲🇾': ['Malaysia', '马来', '馬來', '吉隆坡', '大馬'],
-        '🇳🇱': ['Netherlands', '荷兰', '荷蘭', '尼德蘭', '阿姆斯特丹'],
+        '🇳🇱': [
+            'Netherlands',
+            '荷兰',
+            '荷蘭',
+            '尼德蘭',
+            '阿姆斯特丹',
+            'Amsterdam',
+        ],
        '🇳🇴': ['Norway', '挪威'],
        '🇳🇵': ['Nepal', '尼泊尔'],
        '🇳🇿': ['New Zealand', '新西兰', '新西蘭'],
@@ -269,9 +294,10 @@ export function getFlag(name) {
        '🇵🇪': ['Peru', '秘鲁', '祕魯'],
        '🇵🇭': ['Philippines', '菲律宾', '菲律賓'],
        '🇵🇰': ['Pakistan', '巴基斯坦'],
-        '🇵🇱': ['Poland', '波兰', '波蘭'],
+        '🇵🇱': ['Poland', '波兰', '波蘭', '华沙', 'Warsaw'],
        '🇵🇷': ['Puerto Rico', '波多黎各'],
        '🇵🇹': ['Portugal', '葡萄牙'],
+        '🇵🇬': ['Papua New Guinea', '巴布亚新几内亚'],
        '🇵🇾': ['Paraguay', '巴拉圭'],
        '🇷🇴': ['Romania', '罗马尼亚'],
        '🇷🇸': ['Serbia', '塞尔维亚'],
@@ -294,7 +320,7 @@ export function getFlag(name) {
            'Moscow',
        ],
        '🇸🇦': ['Saudi', '沙特阿拉伯', '沙特', 'Riyadh', '利雅得'],
-        '🇸🇪': ['Sweden', '瑞典'],
+        '🇸🇪': ['Sweden', '瑞典', '斯德哥尔摩', 'Stockholm'],
        '🇸🇬': [
            'Singapore',
            '新加坡',
@@ -314,7 +340,7 @@ export function getFlag(name) {
        '🇸🇰': ['Slovakia', '斯洛伐克'],
        '🇹🇭': ['Thailand', '泰国', '泰國', '曼谷'],
        '🇹🇳': ['Tunisia', '突尼斯'],
-        '🇹🇷': ['Turkey', '土耳其', '伊斯坦布尔'],
+        '🇹🇷': ['Turkey', '土耳其', '伊斯坦布尔', 'Istanbul'],
        '🇹🇼': [
            'Taiwan',
            '台湾',
@@ -341,6 +367,7 @@ export function getFlag(name) {
            '波特兰',
            '达拉斯',
            '俄勒冈',
+            'Oregon',
            '凤凰城',
            '费利蒙',
            '硅谷',
@@ -354,10 +381,17 @@ export function getFlag(name) {
            '沪美',
            '哥伦布',
            '纽约',
+            'New York',
            'Los Angeles',
            'San Jose',
            'Sillicon Valley',
            'Michigan',
+            '俄亥俄',
+            'Ohio',
+            '马纳萨斯',
+            'Manassas',
+            '弗吉尼亚',
+            'Virginia',
        ],
        '🇺🇾': ['Uruguay', '乌拉圭'],
        '🇻🇪': ['Venezuela', '委内瑞拉'],
@@ -418,8 +452,12 @@ export function getFlag(name) {
                RegExp(`(^|[^a-zA-Z])${keyword}([^a-zA-Z]|$)`).test(name),
            )
        ) {
-            //console.log(`ISOFlag = ${flag}`)
-            return (Flag = flag);
+            const isCN2 =
+                flag == '🇨🇳' &&
+                RegExp(`(^|[^a-zA-Z])CN2([^a-zA-Z]|$)`).test(name);
+            if (!isCN2) {
+                return (Flag = flag);
+            }
        }
    }

@@ -474,4 +512,7 @@ export class MMDB {
    ipaso(ip) {
        return this.asnReader?.asn(ip)?.autonomousSystemOrganization;
    }
+    ipasn(ip) {
+        return this.asnReader?.asn(ip)?.autonomousSystemNumber;
+    }
 }
--- a/backend/src/utils/gist.js
+++ b/backend/src/utils/gist.js
@@ -1,10 +1,21 @@
-import { HTTP } from '@/vendor/open-api';
+import { HTTP, ENV } from '@/vendor/open-api';
+import { getPolicyDescriptor } from '@/utils';
+import $ from '@/core/app';
+import { SETTINGS_KEY } from '@/constants';

 /**
 * Gist backup
 */
 export default class Gist {
    constructor({ token, key, syncPlatform }) {
+        const { isStash, isLoon, isShadowRocket, isQX } = ENV();
+        const { defaultProxy, defaultTimeout: timeout } = $.read(SETTINGS_KEY);
+        let proxy = defaultProxy;
+        if ($.env.isNode) {
+            proxy =
+                proxy || eval('process.env.SUB_STORE_BACKEND_DEFAULT_PROXY');
+        }
+
        if (syncPlatform === 'gitlab') {
            this.headers = {
                'PRIVATE-TOKEN': `${token}`,
@@ -13,7 +24,25 @@ export default class Gist {
            };
            this.http = HTTP({
                baseURL: 'https://gitlab.com/api/v4',
-                headers: { ...this.headers },
+                headers: {
+                    ...this.headers,
+                    ...(isStash && proxy
+                        ? {
+                              'X-Stash-Selected-Proxy':
+                                  encodeURIComponent(proxy),
+                          }
+                        : {}),
+                    ...(isShadowRocket && proxy
+                        ? { 'X-Surge-Policy': proxy }
+                        : {}),
+                },
+
+                ...(proxy ? { proxy } : {}),
+                ...(isLoon && proxy ? { node: proxy } : {}),
+                ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
+                ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                timeout: timeout || 8000,
+
                events: {
                    onResponse: (resp) => {
                        if (/^[45]/.test(String(resp.statusCode))) {
@@ -35,7 +64,25 @@ export default class Gist {
            };
            this.http = HTTP({
                baseURL: 'https://api.github.com',
-                headers: { ...this.headers },
+                headers: {
+                    ...this.headers,
+                    ...(isStash && proxy
+                        ? {
+                              'X-Stash-Selected-Proxy':
+                                  encodeURIComponent(proxy),
+                          }
+                        : {}),
+                    ...(isShadowRocket && proxy
+                        ? { 'X-Surge-Policy': proxy }
+                        : {}),
+                },
+
+                ...(proxy ? { proxy } : {}),
+                ...(isLoon && proxy ? { node: proxy } : {}),
+                ...(isQX && proxy ? { opts: { policy: proxy } } : {}),
+                ...(proxy ? getPolicyDescriptor(proxy) : {}),
+                timeout: timeout || 8000,
+
                events: {
                    onResponse: (resp) => {
                        if (/^[45]/.test(String(resp.statusCode))) {
@@ -67,15 +114,18 @@ export default class Gist {
                return;
            });
        } else {
-            return this.http.get('/gists').then((response) => {
-                const gists = JSON.parse(response.body);
-                for (let g of gists) {
-                    if (g.description === this.key) {
-                        return g;
+            return this.http
+                .get('/gists?per_page=100&page=1')
+                .then((response) => {
+                    const gists = JSON.parse(response.body);
+                    $.info(`获取到当前 GitHub 用户的 gist: ${gists.length} 个`);
+                    for (let g of gists) {
+                        if (g.description === this.key) {
+                            return g;
+                        }
                    }
-                }
-                return;
-            });
+                    return;
+                });
        }
    }

@@ -230,7 +280,7 @@ export default class Gist {
                return Promise.reject(err);
            }
        } else {
-            return Promise.reject('找不到 Sub-Store Gist');
+            return Promise.reject(`找不到 Sub-Store Gist (${this.key})`);
        }
    }
 }
--- a/backend/src/utils/index.js
+++ b/backend/src/utils/index.js
@@ -111,7 +111,48 @@ function getRandomPort(portString) {
    }
 }

+function numberToString(value) {
+    return Number.isSafeInteger(value)
+        ? String(value)
+        : BigInt(value).toString();
+}
+
+function isValidUUID(uuid) {
+    return (
+        typeof uuid === 'string' &&
+        /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/.test(
+            uuid,
+        )
+    );
+}
+
+function formatDateTime(date, format = 'YYYY-MM-DD_HH-mm-ss') {
+    const d = date instanceof Date ? date : new Date(date);
+
+    if (isNaN(d.getTime())) {
+        return '';
+    }
+
+    const pad = (num) => String(num).padStart(2, '0');
+
+    const replacements = {
+        YYYY: d.getFullYear(),
+        MM: pad(d.getMonth() + 1),
+        DD: pad(d.getDate()),
+        HH: pad(d.getHours()),
+        mm: pad(d.getMinutes()),
+        ss: pad(d.getSeconds()),
+    };
+
+    return format.replace(
+        /YYYY|MM|DD|HH|mm|ss/g,
+        (match) => replacements[match],
+    );
+}
+
 export {
+    formatDateTime,
+    isValidUUID,
    ipAddress,
    isIPv4,
    isIPv6,
@@ -123,4 +164,5 @@ export {
    // utf8ArrayToStr,
    getPolicyDescriptor,
    getRandomPort,
+    numberToString,
 };
--- a/backend/src/utils/migration.js
+++ b/backend/src/utils/migration.js
@@ -4,6 +4,8 @@ import {
    SCHEMA_VERSION_KEY,
    ARTIFACTS_KEY,
    RULES_KEY,
+    FILES_KEY,
+    TOKENS_KEY,
 } from '@/constants';
 import $ from '@/core/app';

@@ -55,7 +57,17 @@ function doMigrationV2() {
    const newRules = Object.values(rules);
    $.write(newRules, RULES_KEY);

-    // 5. delete builtin rules
+    // 5. migrate files
+    const files = $.read(FILES_KEY) || {};
+    const newFiles = Object.values(files);
+    $.write(newFiles, FILES_KEY);
+
+    // 6. migrate tokens
+    const tokens = $.read(TOKENS_KEY) || {};
+    const newTokens = Object.values(tokens);
+    $.write(newTokens, TOKENS_KEY);
+
+    // 7. delete builtin rules
    delete $.cache.builtin;
    $.info('Migration complete!');

--- a/backend/src/utils/script-resource-cache.js
+++ b/backend/src/utils/script-resource-cache.js
@@ -24,7 +24,7 @@ class ResourceCache {
        this._cleanup();
    }

-    _cleanup() {
+    _cleanup(prefix, expires) {
        // clear obsolete cached resource
        let clear = false;
        Object.entries(this.resourceCache).forEach((entry) => {
@@ -35,7 +35,11 @@ class ResourceCache {
                $.delete(`#${id}`);
                clear = true;
            }
-            if (new Date().getTime() - updated.time > this.expires) {
+            if (
+                new Date().getTime() - updated.time >
+                    (expires ?? this.expires) ||
+                (prefix && id.startsWith(prefix))
+            ) {
                delete this.resourceCache[id];
                clear = true;
            }
@@ -52,10 +56,15 @@ class ResourceCache {
        $.write(JSON.stringify(this.resourceCache), SCRIPT_RESOURCE_CACHE_KEY);
    }

-    get(id) {
+    get(id, expires, remove) {
        const updated = this.resourceCache[id] && this.resourceCache[id].time;
-        if (updated && new Date().getTime() - updated <= this.expires) {
-            return this.resourceCache[id].data;
+        if (updated) {
+            if (new Date().getTime() - updated <= (expires ?? this.expires))
+                return this.resourceCache[id].data;
+            if (remove) {
+                delete this.resourceCache[id];
+                this._persist();
+            }
        }
        return null;
    }
--- a/backend/src/utils/user-agent.js
+++ b/backend/src/utils/user-agent.js
@@ -1,19 +1,29 @@
+import gte from 'semver/functions/gte';
+import coerce from 'semver/functions/coerce';
+import $ from '@/core/app';
+
 export function getUserAgentFromHeaders(headers) {
    const keys = Object.keys(headers);
    let UA = '';
    let ua = '';
+    let accept = '';
    for (let k of keys) {
-        if (/USER-AGENT/i.test(k)) {
+        const lower = k.toLowerCase();
+        if (lower === 'user-agent') {
            UA = headers[k];
            ua = UA.toLowerCase();
-            break;
+        } else if (lower === 'accept') {
+            accept = headers[k];
        }
    }
-    return { UA, ua };
+    return { UA, ua, accept };
 }
-export function getPlatformFromUserAgent({ ua, UA }) {
+
+export function getPlatformFromUserAgent({ ua, UA, accept }) {
    if (UA.indexOf('Quantumult%20X') !== -1) {
        return 'QX';
+    } else if (ua.indexOf('egern') !== -1) {
+        return 'Egern';
    } else if (UA.indexOf('Surfboard') !== -1) {
        return 'Surfboard';
    } else if (UA.indexOf('Surge Mac') !== -1) {
@@ -37,13 +47,55 @@ export function getPlatformFromUserAgent({ ua, UA }) {
        return 'Clash';
    } else if (ua.indexOf('v2ray') !== -1) {
        return 'V2Ray';
-    } else if (ua.indexOf('sing-box') !== -1) {
+    } else if (ua.indexOf('sing-box') !== -1 || ua.indexOf('singbox') !== -1) {
        return 'sing-box';
-    } else {
+    } else if (accept.indexOf('application/json') === 0) {
        return 'JSON';
+    } else {
+        return 'V2Ray';
    }
 }
+
 export function getPlatformFromHeaders(headers) {
-    const { UA, ua } = getUserAgentFromHeaders(headers);
-    return getPlatformFromUserAgent({ ua, UA });
+    const { UA, ua, accept } = getUserAgentFromHeaders(headers);
+    return getPlatformFromUserAgent({ ua, UA, accept });
+}
+export function shouldIncludeUnsupportedProxy(platform, ua) {
+    // try {
+    //     const target = getPlatformFromUserAgent({
+    //         UA: ua,
+    //         ua: ua.toLowerCase(),
+    //     });
+    //     if (!['Stash', 'Egern', 'Loon'].includes(target)) {
+    //         return false;
+    //     }
+    //     const coerceVersion = coerce(ua);
+    //     $.log(JSON.stringify(coerceVersion, null, 2));
+    //     const { version } = coerceVersion;
+    //     if (
+    //         platform === 'Stash' &&
+    //         target === 'Stash' &&
+    //         gte(version, '3.1.0')
+    //     ) {
+    //         return true;
+    //     }
+    //     if (
+    //         platform === 'Egern' &&
+    //         target === 'Egern' &&
+    //         gte(version, '1.29.0')
+    //     ) {
+    //         return true;
+    //     }
+    //     // Loon 的 UA 不规范, version 取出来是 build
+    //     if (
+    //         platform === 'Loon' &&
+    //         target === 'Loon' &&
+    //         gte(version, '842.0.0')
+    //     ) {
+    //         return true;
+    //     }
+    // } catch (e) {
+    //     $.error(`获取版本号失败: ${e}`);
+    // }
+    return false;
 }
--- a/backend/src/utils/yaml.js
+++ b/backend/src/utils/yaml.js
@@ -17,16 +17,16 @@ function retry(fn, content, ...args) {
 }

 export function safeLoad(content, ...args) {
-    return retry(YAML.safeLoad, content, ...args);
+    return retry(YAML.safeLoad, JSON.parse(JSON.stringify(content)), ...args);
 }
 export function load(content, ...args) {
-    return retry(YAML.load, content, ...args);
+    return retry(YAML.load, JSON.parse(JSON.stringify(content)), ...args);
 }
-export function safeDump(...args) {
-    return YAML.safeDump(...args);
+export function safeDump(content, ...args) {
+    return YAML.safeDump(JSON.parse(JSON.stringify(content)), ...args);
 }
-export function dump(...args) {
-    return YAML.dump(...args);
+export function dump(content, ...args) {
+    return YAML.dump(JSON.parse(JSON.stringify(content)), ...args);
 }

 export default {
@@ -34,4 +34,6 @@ export default {
    load,
    safeDump,
    dump,
+    parse: safeLoad,
+    stringify: safeDump,
 };
--- a/backend/src/vendor/express.js
+++ b/backend/src/vendor/express.js
@@ -9,6 +9,7 @@ export default function express({ substore: $, port, host }) {
        'Access-Control-Allow-Methods': 'POST,GET,OPTIONS,PATCH,PUT,DELETE',
        'Access-Control-Allow-Headers':
            'Origin, X-Requested-With, Content-Type, Accept',
+        'X-Powered-By': 'Sub-Store',
    };

    // node support
@@ -16,7 +17,14 @@ export default function express({ substore: $, port, host }) {
        const express_ = eval(`require("express")`);
        const bodyParser = eval(`require("body-parser")`);
        const app = express_();
-        app.use(bodyParser.json({ verify: rawBodySaver, limit: '1mb' }));
+        const limit = eval('process.env.SUB_STORE_BODY_JSON_LIMIT') || '1mb';
+        $.info(`[BACKEND] body JSON limit: ${limit}`);
+        app.use(
+            bodyParser.json({
+                verify: rawBodySaver,
+                limit,
+            }),
+        );
        app.use(
            bodyParser.urlencoded({ verify: rawBodySaver, extended: true }),
        );
@@ -30,7 +38,7 @@ export default function express({ substore: $, port, host }) {
        app.start = () => {
            const listener = app.listen(port, host, () => {
                const { address, port } = listener.address();
-                $.info(`[BACKEND] ${address}:${port}`);
+                $.info(`[BACKEND] listening on ${address}:${port}`);
            });
        };
        return app;
--- a/backend/src/vendor/open-api.js
+++ b/backend/src/vendor/open-api.js
@@ -9,7 +9,36 @@ const isShadowRocket = 'undefined' !== typeof $rocket;
 const isEgern = 'object' == typeof egern;
 const isLanceX = 'undefined' != typeof $native;
 const isGUIforCores = typeof $Plugins !== 'undefined';
+import { Base64 } from 'js-base64';

+function isPlainObject(obj) {
+    return (
+        obj !== null &&
+        typeof obj === 'object' &&
+        [null, Object.prototype].includes(Object.getPrototypeOf(obj))
+    );
+}
+
+function parseSocks5Uri(uri) {
+    // eslint-disable-next-line no-unused-vars
+    let [__, username, password, server, port, query, name] = uri.match(
+        /^socks5:\/\/(?:(.*?):(.*?)@)?(.*?)(?::(\d+?))?(\?.*?)?(?:#(.*?))?$/,
+    );
+    if (port) {
+        port = parseInt(port, 10);
+    } else {
+        $.error(`port is not present in line: ${uri}`);
+        throw new Error(`port is not present in line: ${uri}`);
+    }
+    return {
+        type: 5,
+        host: server,
+        port,
+
+        userId: username != null ? decodeURIComponent(username) : undefined,
+        password: password != null ? decodeURIComponent(password) : undefined,
+    };
+}
 export class OpenAPI {
    constructor(name = 'untitled', debug = false) {
        this.name = name;
@@ -18,6 +47,10 @@ export class OpenAPI {
        this.http = HTTP();
        this.env = ENV();

+        if (isNode) {
+            const dotenv = eval(`require("dotenv")`);
+            dotenv.config();
+        }
        this.node = (() => {
            if (isNode) {
                const fs = eval("require('fs')");
@@ -58,29 +91,60 @@ export class OpenAPI {
            const basePath =
                eval('process.env.SUB_STORE_DATA_BASE_PATH') || '.';
            let rootPath = `${basePath}/root.json`;
+            const backupRootPath = `${basePath}/root_${Date.now()}.json`;

            this.log(`Root path: ${rootPath}`);
-            if (!this.node.fs.existsSync(rootPath)) {
+            if (this.node.fs.existsSync(rootPath)) {
+                try {
+                    this.root = JSON.parse(
+                        this.node.fs.readFileSync(`${rootPath}`),
+                    );
+                } catch (e) {
+                    this.node.fs.copyFileSync(rootPath, backupRootPath);
+                    this.error(
+                        `Failed to parse ${rootPath}: ${e.message}. Backup created at ${backupRootPath}`,
+                    );
+                }
+            }
+            if (!isPlainObject(this.root)) {
                this.node.fs.writeFileSync(rootPath, JSON.stringify({}), {
-                    flag: 'wx',
+                    flag: 'w',
                });
                this.root = {};
-            } else {
-                this.root = JSON.parse(
-                    this.node.fs.readFileSync(`${rootPath}`),
-                );
            }

            // create a json file with the given name if not exists
            let fpath = `${basePath}/${this.name}.json`;
+            const backupPath = `${basePath}/${this.name}_${Date.now()}.json`;
+
            this.log(`Data path: ${fpath}`);
-            if (!this.node.fs.existsSync(fpath)) {
+            if (this.node.fs.existsSync(fpath)) {
+                try {
+                    this.cache = JSON.parse(
+                        this.node.fs.readFileSync(`${fpath}`, 'utf-8'),
+                    );
+                } catch (e) {
+                    try {
+                        const str = Base64.decode(
+                            this.node.fs.readFileSync(`${fpath}`, 'utf-8'),
+                        );
+                        this.cache = JSON.parse(str);
+                        this.node.fs.writeFileSync(fpath, str, {
+                            flag: 'w',
+                        });
+                    } catch (e) {
+                        this.node.fs.copyFileSync(fpath, backupPath);
+                        this.error(
+                            `Failed to parse ${fpath}: ${e.message}. Backup created at ${backupPath}`,
+                        );
+                    }
+                }
+            }
+            if (!isPlainObject(this.cache)) {
                this.node.fs.writeFileSync(fpath, JSON.stringify({}), {
-                    flag: 'wx',
+                    flag: 'w',
                });
                this.cache = {};
-            } else {
-                this.cache = JSON.parse(this.node.fs.readFileSync(`${fpath}`));
            }
        }
    }
@@ -337,45 +401,130 @@ export function HTTP(defaultOptions = { baseURL: '' }) {
                opts: options.opts,
            });
        } else if (isLoon || isSurge || isNode) {
-            worker = new Promise((resolve, reject) => {
-                const request = isNode
-                    ? eval("require('request')")
-                    : $httpClient;
+            worker = new Promise(async (resolve, reject) => {
                const body = options.body;
                const opts = JSON.parse(JSON.stringify(options));
                opts.body = body;
-
-                if (!isNode && opts.timeout) {
+                opts.timeout = opts.timeout || 8000;
+                if (opts.timeout) {
                    opts.timeout++;
-                    let unit = 'ms';
-                    // 这些客户端单位为 s
-                    if (isSurge || isStash || isShadowRocket) {
-                        opts.timeout = Math.ceil(opts.timeout / 1000);
-                        unit = 's';
+                    if (isNaN(opts.timeout)) {
+                        opts.timeout = 8000;
+                    }
+                    if (!isNode) {
+                        let unit = 'ms';
+                        // 这些客户端单位为 s
+                        if (isSurge || isStash || isShadowRocket) {
+                            opts.timeout = Math.ceil(opts.timeout / 1000);
+                            unit = 's';
+                        }
+                        // Loon 为 ms
+                        // console.log(`[httpClient timeout] ${opts.timeout}${unit}`);
                    }
-                    // Loon 为 ms
-                    // console.log(`[httpClient timeout] ${opts.timeout}${unit}`);
                }
-                request[method.toLowerCase()](opts, (err, response, body) => {
-                    // if (err) {
-                    //     console.log(err);
-                    // } else {
-                    //     console.log({
-                    //         statusCode:
-                    //             response.status || response.statusCode,
-                    //         headers: response.headers,
-                    //         body,
-                    //     });
-                    // }
-
-                    if (err) reject(err);
-                    else
-                        resolve({
-                            statusCode: response.status || response.statusCode,
-                            headers: response.headers,
-                            body,
+                if (isNode) {
+                    const undici = eval("require('undici')");
+                    const { socksDispatcher } = eval("require('fetch-socks')");
+                    const {
+                        ProxyAgent,
+                        EnvHttpProxyAgent,
+                        request,
+                        interceptors,
+                    } = undici;
+                    const agentOpts = {
+                        connect: {
+                            rejectUnauthorized:
+                                opts.strictSSL === false ||
+                                opts.insecure === true
+                                    ? false
+                                    : true,
+                        },
+                        bodyTimeout: opts.timeout,
+                        headersTimeout: opts.timeout,
+                    };
+                    try {
+                        const url = new URL(opts.url);
+                        if (url.username || url.password) {
+                            opts.headers = {
+                                ...(opts.headers || {}),
+                                Authorization: `Basic ${Buffer.from(
+                                    `${url.username || ''}:${
+                                        url.password || ''
+                                    }`,
+                                ).toString('base64')}`,
+                            };
+                        }
+                        let dispatcher;
+                        if (!opts.proxy) {
+                            const allProxy =
+                                eval('process.env.all_proxy') ||
+                                eval('process.env.ALL_PROXY');
+                            if (allProxy && /^socks5:\/\//.test(allProxy)) {
+                                opts.proxy = allProxy;
+                            }
+                        }
+                        if (opts.proxy) {
+                            if (/^socks5:\/\//.test(opts.proxy)) {
+                                dispatcher = socksDispatcher(
+                                    parseSocks5Uri(opts.proxy),
+                                    agentOpts,
+                                );
+                            } else {
+                                dispatcher = new ProxyAgent({
+                                    ...agentOpts,
+                                    uri: opts.proxy,
+                                });
+                            }
+                        } else {
+                            dispatcher = new EnvHttpProxyAgent(agentOpts);
+                        }
+                        const response = await request(opts.url, {
+                            ...opts,
+                            method: method.toUpperCase(),
+                            dispatcher: dispatcher.compose(
+                                interceptors.redirect({
+                                    maxRedirections: 3,
+                                    throwOnMaxRedirects: true,
+                                }),
+                            ),
                        });
-                });
+                        resolve({
+                            statusCode: response.statusCode,
+                            headers: response.headers,
+                            body:
+                                opts.encoding === null
+                                    ? await response.body.arrayBuffer()
+                                    : await response.body.text(),
+                        });
+                    } catch (e) {
+                        reject(e);
+                    }
+                } else {
+                    $httpClient[method.toLowerCase()](
+                        opts,
+                        (err, response, body) => {
+                            // if (err) {
+                            //     console.log(err);
+                            // } else {
+                            //     console.log({
+                            //         statusCode:
+                            //             response.status || response.statusCode,
+                            //         headers: response.headers,
+                            //         body,
+                            //     });
+                            // }
+
+                            if (err) reject(err);
+                            else
+                                resolve({
+                                    statusCode:
+                                        response.status || response.statusCode,
+                                    headers: response.headers,
+                                    body,
+                                });
+                        },
+                    );
+                }
            });
        } else if (isGUIforCores) {
            worker = new Promise(async (resolve, reject) => {
@@ -385,6 +534,7 @@ export function HTTP(defaultOptions = { baseURL: '' }) {
                        url: options.url,
                        headers: options.headers,
                        body: options.body,
+                        autoTransformBody: false,
                        options: {
                            Proxy: options.proxy,
                            Timeout: options.timeout
--- a/backend/sub-store_1752902525508.json
+++ b/backend/sub-store_1752902525508.json
--- a/backend/sub-store_1752902571053.json
+++ b/backend/sub-store_1752902571053.json
--- a/backend/sub-store_1752902602701.json
+++ b/backend/sub-store_1752902602701.json
--- a/backend/sub-store_1752902651631.json
+++ b/backend/sub-store_1752902651631.json
--- a/config/Egern.yaml
+++ b/config/Egern.yaml
@@ -15,23 +15,24 @@ scriptings:
 - http_request:
    name: Sub-Store Core
    match: ^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info)))
-    script_url: https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js
+    script_url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js
    body_required: true
 - http_request:
    name: Sub-Store Simple
    match: ^https?:\/\/sub\.store
-    script_url: https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js
+    script_url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js
    body_required: true
 - schedule:
    name: '{{{sync}}}'
    cron: '{{{cronexp}}}'
-    script_url: https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
+    script_url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js
 - schedule:
    name: '{{{produce}}}'
    cron: '{{{produce_cronexp}}}'
-    script_url: https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
+    script_url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js
    arguments:
      _compat.$argument: '"sub={{{produce_sub}}}&col={{{produce_col}}}"'
 mitm:
  hostnames:
-  - sub.store
+    includes:
+    - sub.store
--- a/config/Loon.plugin
+++ b/config/Loon.plugin
@@ -14,7 +14,7 @@ DOMAIN,sub-store.vercel.app,PROXY
 hostname=sub.store

 [Script]
-http-request ^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))) script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js, requires-body=true, timeout=120, tag=Sub-Store Core
-http-request ^https?:\/\/sub\.store script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js, requires-body=true, timeout=120, tag=Sub-Store Simple
+http-request ^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))) script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js, requires-body=true, timeout=120, tag=Sub-Store Core
+http-request ^https?:\/\/sub\.store script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js, requires-body=true, timeout=120, tag=Sub-Store Simple

-cron "55 23 * * *" script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js, timeout=120, tag=Sub-Store Sync
+cron "55 23 * * *" script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js, timeout=120, tag=Sub-Store Sync
--- a/config/QX-Task.json
+++ b/config/QX-Task.json
@@ -2,6 +2,6 @@
  "name": "Sub-Store",
  "description": "定时任务默认为每天 23 点 55 分. 定时任务指定时将订阅/文件上传到私有 Gist. 在前端, 叫做 '同步' 或 '同步配置'",
  "task": [
-    "55 23 * * * https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js, tag=Sub-Store Sync, img-url=https://raw.githubusercontent.com/58xinian/icon/master/Sub-Store1.png"
+    "55 23 * * * https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js, tag=Sub-Store Sync, img-url=https://raw.githubusercontent.com/58xinian/icon/master/Sub-Store1.png"
  ]
 }
--- a/config/QX.snippet
+++ b/config/QX.snippet
@@ -1,4 +1,4 @@
 hostname=sub.store

-^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))) url script-analyze-echo-response https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js
-^https?:\/\/sub\.store url script-analyze-echo-response https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js
+^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))) url script-analyze-echo-response https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js
+^https?:\/\/sub\.store url script-analyze-echo-response https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js
--- a/config/Stash.stoverride
+++ b/config/Stash.stoverride
@@ -25,13 +25,13 @@ cron:

 script-providers:
  sub-store-0:
-    url: https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js
+    url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js
    interval: 86400

  sub-store-1:
-    url: https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js
+    url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js
    interval: 86400

  cron-sync-artifacts:
-    url: https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
+    url: https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js
    interval: 86400
--- a/config/Surge-Beta.sgmodule
+++ b/config/Surge-Beta.sgmodule
@@ -8,10 +8,10 @@
 hostname = %APPEND% sub.store

 [Script]
-Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout={{{timeout}}},ability="{{{ability}}}",engine={{{engine}}}
+Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js,requires-body=true,timeout={{{timeout}}},ability="{{{ability}}}",engine={{{engine}}}

-Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true,timeout={{{timeout}}},engine={{{engine}}}
+Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js,requires-body=true,timeout={{{timeout}}},engine={{{engine}}}

-{{{sync}}}=type=cron,cronexp="{{{cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js,engine={{{engine}}}
+{{{sync}}}=type=cron,cronexp="{{{cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js,engine={{{engine}}}

-{{{produce}}}=type=cron,cronexp="{{{produce_cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js,engine={{{engine}}},argument="sub={{{produce_sub}}}&col={{{produce_col}}}"
+{{{produce}}}=type=cron,cronexp="{{{produce_cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js,engine={{{engine}}},argument="sub={{{produce_sub}}}&col={{{produce_col}}}"
--- a/config/Surge-Noability.sgmodule
+++ b/config/Surge-Noability.sgmodule
@@ -7,7 +7,7 @@ hostname = %APPEND% sub.store

 [Script]
 # 主程序 已经去掉 Sub-Store Core 的参数 [,ability=http-client-policy] 不会爆内存，这个参数在 Surge 非常占用内存； 如果不需要使用指定节点功能 例如[加旗帜脚本或者cname脚本] 则可以使用此脚本
-Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout=120
-Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true,timeout=120
+Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js,requires-body=true,timeout=120
+Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js,requires-body=true,timeout=120

-Sub-Store Sync=type=cron,cronexp=55 23 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
+Sub-Store Sync=type=cron,cronexp=55 23 * * *,wake-system=1,timeout=120,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js
--- a/config/Surge-ability.sgmodule
+++ b/config/Surge-ability.sgmodule
@@ -6,7 +6,7 @@
 hostname = %APPEND% sub.store

 [Script]
-Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout=120,ability=http-client-policy
-Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true,timeout=120
+Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js,requires-body=true,timeout=120,ability=http-client-policy
+Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js,requires-body=true,timeout=120

-Sub-Store Sync=type=cron,cronexp=55 23 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
+Sub-Store Sync=type=cron,cronexp=55 23 * * *,wake-system=1,timeout=120,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js
--- a/config/Surge.sgmodule
+++ b/config/Surge.sgmodule
@@ -8,10 +8,10 @@
 hostname = %APPEND% sub.store

 [Script]
-Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout={{{timeout}}},ability="{{{ability}}}",engine={{{engine}}}
+Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-1.min.js,requires-body=true,timeout={{{timeout}}},ability="{{{ability}}}",engine={{{engine}}}

-Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true,timeout={{{timeout}}},engine={{{engine}}}
+Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/sub-store-0.min.js,requires-body=true,timeout={{{timeout}}},engine={{{engine}}}

-{{{sync}}}=type=cron,cronexp="{{{cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js,engine={{{engine}}}
+{{{sync}}}=type=cron,cronexp="{{{cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js,engine={{{engine}}}

-{{{produce}}}=type=cron,cronexp="{{{produce_cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js,engine={{{engine}}},argument="sub={{{produce_sub}}}&col={{{produce_col}}}"
+{{{produce}}}=type=cron,cronexp="{{{produce_cronexp}}}",wake-system=1,timeout={{{timeout}}},script-path=https://raw.githubusercontent.com/sub-store-org/Sub-Store/release/cron-sync-artifacts.min.js,engine={{{engine}}},argument="sub={{{produce_sub}}}&col={{{produce_col}}}"
--- a/nginx/front.conf
+++ b/nginx/front.conf
@@ -1,40 +0,0 @@
-upstream api {
-  server 0.0.0.0:3000;
-}
-
-server {
-  listen 6080;  
-#   allow 127.0.0.1;
-#   allow 0.0.0.0;               
-#   deny all; 
-
-  gzip on;
-  gzip_static on;
-  gzip_types text/plain application/json application/javascript application/x-javascript text/css application/xml text/javascript;
-  gzip_proxied  any;
-  gzip_vary on;
-  gzip_comp_level 6;
-  gzip_buffers 16 8k;
-  gzip_http_version 1.0;
-
-  location / {
-    root /Sub-Store/web/dist;
-    index  index.html index.htm;
-    try_files $uri $uri/ /index.html;
-  }
- 
-  location /api {
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_pass http://api;
-  }
-
-  location /download {
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_pass http://api;
-  }
-
-}
--- a/scripts/demo.js
+++ b/scripts/demo.js
@@ -10,19 +10,64 @@ function operator(proxies = [], targetPlatform, context) {
  // 2. 域名解析后 会多一个 `_resolved` 字段, 表示是否解析成功
  // 3. 域名解析后会有`_IPv4`, `_IPv6`, `_IP`(若有多个步骤, 只取第一次成功的 v4 或 v6 数据), `_IP4P`(若解析类型为 IPv6 且符合 IP4P 类型, 将自动转换), `_domain` 字段, `_resolved_ips` 为解析出的所有 IP
  // 4. 节点字段 `exec` 为 `ssr-local` 路径, 默认 `/usr/local/bin/ssr-local`; 端口从 10000 开始递增(暂不支持配置)
-  // 5. `_subName` 为单条订阅名
-  // 6. `_collectionName` 为组合订阅名
+  // 5. `_subName` 为单条订阅名, `_subDisplayName` 为单条订阅显示名
+  // 6. `_collectionName` 为组合订阅名, `_collectionDisplayName` 为组合订阅显示名
  // 7. `tls-fingerprint` 为 tls 指纹
-  // 8. `underlying-proxy` 为前置代理
+  // 8. `underlying-proxy` 为前置代理, 不同平台会自动转换
+  //    例如 $server['underlying-proxy'] = '名称'
+  //    只给 mihomo 输出的话, `dialer-proxy` 也行
+  //    只给 sing-box 输出的话, `detour` 也行
+  //    只给 Egern 输出的话, `prev_hop` 也行
+  //    只给 Shadowrocket 输出的话, `chain` 也行
+  //    输出到 Clash/Stash 时, 会过滤掉配置了前置代理的节点, 并提示使用对应的功能.
  // 9. `trojan`, `tuic`, `hysteria`, `hysteria2`, `juicity` 会在解析时设置 `tls`: true (会使用 tls 类协议的通用逻辑),  输出时删除
  // 10. `sni` 在某些协议里会自动与 `servername` 转换
  // 11. 读取节点的 ca-str 和 _ca (后端文件路径) 字段, 自动计算 fingerprint (参考 https://t.me/zhetengsha/1512)
  // 12. 以 Surge 为例, 最新的参数一般我都会跟进, 以 Surge 文档为例, 一些常用的: TUIC/Hysteria 2 的 `ecn`, Snell 的 `reuse` 连接复用, QUIC 策略 block-quic`, Hysteria 2 下载带宽 `down`
-  //
-  // 如果只是为了快速修改或者筛选 可以参考 脚本操作支持节点快捷脚本 https://t.me/zhetengsha/970 和 脚本筛选支持节点快捷脚本 https://t.me/zhetengsha/1009
+  // 13. `test-url` 为测延迟链接, `test-timeout` 为测延迟超时
+  // 14. `ports` 为端口跳跃, `hop-interval` 变换端口号的时间间隔
+  // 15. `ip-version` 设置节点使用 IP 版本，兼容各家的值. 会进行内部转换. sing-box 以外: 若无法匹配则使用原始值. sing-box: 需有匹配且节点上设置 `_dns_server` 字段, 将自动设置 `domain_resolver.server`
+  // 16. `sing-box` 支持使用 `_network` 来设置 `network`, 例如 `tcp`, `udp`
+  // 17. `block-quic` 支持 `auto`, `on`, `off`. 不同的平台不一定都支持, 会自动转换
+
+  // require 为 Node.js 的 require, 在 Node.js 运行环境下 可以用来引入模块
+  // 例如在 Node.js 环境下, 将文件内容写入 /tmp/1.txt 文件
+  // const fs = eval(`require("fs")`)
+  // // const path = eval(`require("path")`)
+  // fs.writeFileSync('/tmp/1.txt', $content, "utf8");

  // $arguments 为传入的脚本参数

+  // $options 为通过链接传入的参数
+  // 例如: { arg1: 'a', arg2: 'b' }
+  // 可这样传:
+  // 先这样处理 encodeURIComponent(JSON.stringify({ arg1: 'a', arg2: 'b' }))
+  // /api/file/foo?$options=%7B%22arg1%22%3A%22a%22%2C%22arg2%22%3A%22b%22%7D
+  // 或这样传:
+  // 先这样处理 encodeURIComponent('arg1=a&arg2=b')
+  // /api/file/foo?$options=arg1%3Da%26arg2%3Db
+
+  // 默认会带上 _req 字段, 结构为
+  // {
+  //     method,
+  //     url,
+  //     path,
+  //     query,
+  //     params,
+  //     headers,
+  //     body,
+  // }
+  // console.log($options)
+
+  // 若设置 $options._res.headers
+  // 则会在输出文件时设置响应头, 例如:
+
+  // $options._res = {
+  //   headers: {
+  //     'X-Custom': '1'
+  //   }
+  // }
+
  // targetPlatform 为输出的目标平台

  // lodash
@@ -33,8 +78,38 @@ function operator(proxies = [], targetPlatform, context) {
  // scriptResourceCache 缓存
  // 可参考 https://t.me/zhetengsha/1003
  // const cache = scriptResourceCache
-  // cache.set(id, data)
-  // cache.get(id)
+  // 设置
+  // cache.set('a:1', 1)
+  // cache.set('a:2', 2)
+  // 获取
+  // cache.get('a:1')
+  // 支持第二个参数: 自定义过期时间
+  // 支持第三个参数: 是否删除过期项
+  // cache.get('a:2', 1000, true)
+
+  // 清理
+  // cache._cleanup()
+  // 支持第一个参数: 匹配前缀的项也一起删除
+  // 支持第二个参数: 自定义过期时间
+  // cache._cleanup('a:', 1000)
+
+  // 关于缓存时长
+
+  // 拉取 Sub-Store 订阅时, 会自动拉取远程订阅
+
+  // 远程订阅缓存是 1 小时, 缓存的唯一 key 为 url+ user agent. 可通过前端的刷新按钮刷新缓存. 或使用参数 noCache 来禁用缓存. 例: 内部配置订阅链接时使用 http://a.com#noCache, 外部使用 sub-store 链接时使用 https://sub.store/download/1?noCache=true
+
+  // 当使用相关脚本时, 若在对应的脚本中使用参数开启缓存, 可设置持久化缓存 sub-store-csr-expiration-time 的值来自定义默认缓存时长, 默认为 172800000 (48 * 3600 * 1000, 即 48 小时)
+
+  // 🎈Loon 可在插件中设置
+
+  // 其他平台同理, 持久化缓存数据在 JSON 里
+
+  // 当配合脚本使用时, 可以在脚本的前面添加一个脚本操作, 实现保留 1 小时的缓存. 这样比较灵活
+
+  // async function operator() {
+  //     scriptResourceCache._cleanup(undefined, 1 * 3600 * 1000);
+  // }

  // ProxyUtils 为节点处理工具
  // 可参考 https://t.me/zhetengsha/1066
@@ -52,8 +127,18 @@ function operator(proxies = [], targetPlatform, context) {
  //     removeFlag, // 移除 emoji 旗帜
  //     getISO, // 获取 ISO 3166-1 alpha-2 代码
  //     Gist, // Gist 类
+  //     download, // 内部的下载方法, 见 backend/src/utils/download.js
+  //     downloadFile, // 下载二进制文件, 见 backend/src/utils/download.js
+  //     MMDB, // Node.js 环境 可用于模拟 Surge/Loon 的 $utils.ipasn, $utils.ipaso, $utils.geoip. 具体见 https://t.me/zhetengsha/1269
+  //     isValidUUID, // 辅助判断是否为有效的 UUID
+  //     Buffer, // https://github.com/feross/buffer
+  //     Base64, // https://github.com/dankogai/js-base64
+  //     JSON5, // https://github.com/json5/json5
  // }
+  //  为兼容 https://github.com/xishang0128/sparkle 的 JavaScript 覆写, 也可以直接使用 `b64d`(Base64 解码), `b64e`(Base64 编码), `Buffer`, `yaml`(简单兼容了下 `yaml.parse` 和 `yaml.stringify`)

+  // 如果只是为了快速修改或者筛选 可以参考 脚本操作支持节点快捷脚本 https://t.me/zhetengsha/970 和 脚本筛选支持节点快捷脚本 https://t.me/zhetengsha/1009
+  // ⚠️ 注意: 函数式(即本文件这样的 function operator() {}) 和快捷操作(下面使用 $server) 只能二选一
  // 示例: 给节点名添加前缀
  // $server.name = `[${ProxyUtils.getISO($server.name)}] ${$server.name}`
  // 示例: 给节点名添加旗帜
@@ -66,6 +151,18 @@ function operator(proxies = [], targetPlatform, context) {
  // });
  // $server.sni = sni

+  // 示例: 从 config 文件中读取配置项并进行节点操作
+  // config 的本地内容为
+  // {
+  //   "reuse": false
+  // }
+  // 脚本操作为
+  // const config = (ProxyUtils.JSON5 || JSON).parse(await produceArtifact({
+  //     type: 'file',
+  //     name: 'config' // 文件名
+  // }))
+  // $server.reuse = config.reuse
+
  // 1. Surge 输出 WireGuard 完整配置

  // let proxies = await produceArtifact({
@@ -131,7 +228,7 @@ function operator(proxies = [], targetPlatform, context) {
  // yaml.proxies.unshift(...clashMetaProxies)
  // $content = ProxyUtils.yaml.dump(yaml)

-  // { $content, $files } will be passed to the next operator
+  // { $content, $files, $options } will be passed to the next operator
  // $content is the final content of the file

  // flowUtils 为机场订阅流量信息处理工具
@@ -139,7 +236,7 @@ function operator(proxies = [], targetPlatform, context) {
  // 1. https://t.me/zhetengsha/948

  // context 为传入的上下文
-  // 有三种情况, 按需判断
+  // 其中 source 为 订阅和组合订阅的数据, 有三种情况, 按需判断 (若只需要取订阅/组合订阅名称 直接用 `_subName` `_subDisplayName` `_collectionName` `_collectionDisplayName` 即可)

  // 若存在 `source._collection` 且 `source._collection.subscriptions` 中的 key 在 `source` 上也存在, 说明输出结果为组合订阅, 但是脚本设置在单条订阅上

@@ -147,6 +244,20 @@ function operator(proxies = [], targetPlatform, context) {

  // 若不存在 `source._collection`, 说明输出结果为单条订阅, 脚本设置在此单条订阅上

+  // 这个历史遗留原因, 是有点复杂. 提供一个例子, 用来取当前脚本所在的组合订阅或单条订阅名称
+
+  // let name = ''
+  // for (const [key, value] of Object.entries(context.source)) {
+  //   if (!key.startsWith('_')) {
+  //     name = value.displayName || value.name
+  //     break
+  //   }
+  // }
+  // if (!name) {
+  //   const collection = context.source._collection
+  //   name = collection.displayName || collection.name
+  // }
+
  // 1. 输出单条订阅 sub-1 时, 该单条订阅中的脚本上下文为:
  // {
  //   "source": {
--- a/support.nodeseek.com_page_promotion_id=8.png
+++ b/support.nodeseek.com_page_promotion_id=8.png