ci: pnpm

feat: Egern 和 Stash 可根据 User-Agent 自动包含官方/商店版/未续费订阅不支持的协议
feat: Surge 默认开启 Shadowsocks 2022
2025-08-10 00:52:40 +00:00 · 2025-01-13 14:44:34 +08:00 · 2025-01-13 14:27:08 +08:00 · 2025-01-13 14:00:38 +08:00 · 2025-01-12 06:12:14 +08:00 · 2025-01-11 23:34:00 +08:00
13 changed files with 6538 additions and 7217 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,5 +1,6 @@
 name: build
 on:
+  workflow_dispatch:
  push:
    branches:
      - master
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "sub-store",
-  "version": "2.16.5",
+  "version": "2.16.11",
  "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and ShadowRocket.",
  "main": "src/main.js",
  "scripts": {
@@ -33,6 +33,7 @@
    "ms": "^2.1.3",
    "nanoid": "^3.3.3",
    "request": "^2.88.2",
+    "semver": "^7.6.3",
    "static-js-yaml": "^1.0.0"
  },
  "devDependencies": {
--- a/backend/pnpm-lock.yaml
+++ b/backend/pnpm-lock.yaml
--- a/backend/src/core/proxy-utils/parsers/peggy/loon.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/loon.js
@@ -39,12 +39,12 @@ start = (shadowsocksr/shadowsocks/vmess/vless/trojan/https/http/socks5/hysteria2
    return proxy;
 }

-shadowsocksr = tag equals "shadowsocksr"i address method password (ssr_protocol/ssr_protocol_param/obfs_ssr/obfs_ssr_param/obfs_host/obfs_uri/fast_open/udp_relay/others)*{
+shadowsocksr = tag equals "shadowsocksr"i address method password (ssr_protocol/ssr_protocol_param/obfs_ssr/obfs_ssr_param/obfs_host/obfs_uri/fast_open/udp_relay/udp_port/shadow_tls_version/shadow_tls_sni/shadow_tls_password/others)*{
    proxy.type = "ssr";
    // handle ssr obfs
    proxy.obfs = obfs.type;
 }
-shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs_hostv)? (obfs_ss/obfs_host/obfs_uri/fast_open/udp_relay/others)* {
+shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs_hostv)? (obfs_ss/obfs_host/obfs_uri/fast_open/udp_relay/udp_port/shadow_tls_version/shadow_tls_sni/shadow_tls_password/others)* {
    proxy.type = "ss";
    // handle ss obfs
    if (obfs.type == "http" || obfs.type === "tls") {
@@ -169,6 +169,11 @@ ssr_protocol_param = comma "protocol-param" equals param:$[^=,]+ { proxy["protoc

 vmess_alterId = comma "alterId" equals alterId:$[0-9]+ { proxy.alterId = parseInt(alterId); } 

+udp_port = comma "udp-port" equals match:$[0-9]+ { proxy["udp-port"] = parseInt(match.trim()); }
+shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
+shadow_tls_sni = comma "shadow-tls-sni" equals match:[^,]+ { proxy["shadow-tls-sni"] = match.join(""); }
+shadow_tls_password = comma "shadow-tls-password" equals match:[^,]+ { proxy["shadow-tls-password"] = match.join(""); }
+
 over_tls = comma "over-tls" equals flag:bool { proxy.tls = flag; }
 tls_host = comma sni:("tls-name"/"sni") equals host:domain { proxy.sni = host; }
 tls_verification = comma "skip-cert-verify" equals flag:bool { proxy["skip-cert-verify"] = flag; }
--- a/backend/src/core/proxy-utils/parsers/peggy/loon.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/loon.peg
@@ -37,12 +37,12 @@ start = (shadowsocksr/shadowsocks/vmess/vless/trojan/https/http/socks5/hysteria2
    return proxy;
 }

-shadowsocksr = tag equals "shadowsocksr"i address method password (ssr_protocol/ssr_protocol_param/obfs_ssr/obfs_ssr_param/obfs_host/obfs_uri/fast_open/udp_relay/others)*{
+shadowsocksr = tag equals "shadowsocksr"i address method password (ssr_protocol/ssr_protocol_param/obfs_ssr/obfs_ssr_param/obfs_host/obfs_uri/fast_open/udp_relay/udp_port/shadow_tls_version/shadow_tls_sni/shadow_tls_password/others)*{
    proxy.type = "ssr";
    // handle ssr obfs
    proxy.obfs = obfs.type;
 }
-shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs_hostv)? (obfs_ss/obfs_host/obfs_uri/fast_open/udp_relay/others)* {
+shadowsocks = tag equals "shadowsocks"i address method password (obfs_typev obfs_hostv)? (obfs_ss/obfs_host/obfs_uri/fast_open/udp_relay/udp_port/shadow_tls_version/shadow_tls_sni/shadow_tls_password/others)* {
    proxy.type = "ss";
    // handle ss obfs
    if (obfs.type == "http" || obfs.type === "tls") {
@@ -167,6 +167,11 @@ ssr_protocol_param = comma "protocol-param" equals param:$[^=,]+ { proxy["protoc

 vmess_alterId = comma "alterId" equals alterId:$[0-9]+ { proxy.alterId = parseInt(alterId); } 

+udp_port = comma "udp-port" equals match:$[0-9]+ { proxy["udp-port"] = parseInt(match.trim()); }
+shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
+shadow_tls_sni = comma "shadow-tls-sni" equals match:[^,]+ { proxy["shadow-tls-sni"] = match.join(""); }
+shadow_tls_password = comma "shadow-tls-password" equals match:[^,]+ { proxy["shadow-tls-password"] = match.join(""); }
+
 over_tls = comma "over-tls" equals flag:bool { proxy.tls = flag; }
 tls_host = comma sni:("tls-name"/"sni") equals host:domain { proxy.sni = host; }
 tls_verification = comma "skip-cert-verify" equals flag:bool { proxy["skip-cert-verify"] = flag; }
--- a/backend/src/core/proxy-utils/producers/egern.js
+++ b/backend/src/core/proxy-utils/producers/egern.js
@@ -4,7 +4,7 @@ export default function Egern_Producer() {
        // https://egernapp.com/zh-CN/docs/configuration/proxies
        const list = proxies
            .filter((proxy) => {
-                if (opts['include-unsupported-proxy']) return true;
+                // if (opts['include-unsupported-proxy']) return true;
                if (
                    ![
                        'http',
@@ -47,6 +47,12 @@ export default function Egern_Producer() {
                                'salsa20',
                                'chacha20',
                                'chacha20-ietf',
+                                ...(opts['include-unsupported-proxy']
+                                    ? [
+                                          '2022-blake3-aes-128-gcm',
+                                          '2022-blake3-aes-256-gcm',
+                                      ]
+                                    : []),
                            ].includes(proxy.cipher))) ||
                    (proxy.type === 'vmess' &&
                        (![
--- a/backend/src/core/proxy-utils/producers/loon.js
+++ b/backend/src/core/proxy-utils/producers/loon.js
@@ -9,7 +9,7 @@ export default function Loon_Producer() {
            case 'ss':
                return shadowsocks(proxy, opts['include-unsupported-proxy']);
            case 'ssr':
-                return shadowsocksr(proxy);
+                return shadowsocksr(proxy, opts['include-unsupported-proxy']);
            case 'trojan':
                return trojan(proxy);
            case 'vmess':
@@ -32,7 +32,7 @@ export default function Loon_Producer() {
    return { produce };
 }

-function shadowsocks(proxy) {
+function shadowsocks(proxy, includeUnsupportedProxy) {
    const result = new Result(proxy);
    if (
        ![
@@ -66,6 +66,8 @@ function shadowsocks(proxy) {
        `${proxy.name}=shadowsocks,${proxy.server},${proxy.port},${proxy.cipher},"${proxy.password}"`,
    );

+    let isShadowTLS;
+
    // obfs
    if (isPresent(proxy, 'plugin')) {
        if (proxy.plugin === 'obfs') {
@@ -78,11 +80,52 @@ function shadowsocks(proxy) {
                `,obfs-uri=${proxy['plugin-opts'].path}`,
                'plugin-opts.path',
            );
-        } else {
+        } else if (!['shadow-tls'].includes(proxy.plugin)) {
            throw new Error(`plugin ${proxy.plugin} is not supported`);
        }
    }

+    // shadow-tls
+    if (isPresent(proxy, 'shadow-tls-password')) {
+        result.append(`,shadow-tls-password=${proxy['shadow-tls-password']}`);
+
+        result.appendIfPresent(
+            `,shadow-tls-version=${proxy['shadow-tls-version']}`,
+            'shadow-tls-version',
+        );
+        result.appendIfPresent(
+            `,shadow-tls-sni=${proxy['shadow-tls-sni']}`,
+            'shadow-tls-sni',
+        );
+        // udp-port
+        result.appendIfPresent(`,udp-port=${proxy['udp-port']}`, 'udp-port');
+        isShadowTLS = true;
+    } else if (['shadow-tls'].includes(proxy.plugin) && proxy['plugin-opts']) {
+        const password = proxy['plugin-opts'].password;
+        const host = proxy['plugin-opts'].host;
+        const version = proxy['plugin-opts'].version;
+        if (password) {
+            result.append(`,shadow-tls-password=${password}`);
+            if (host) {
+                result.append(`,shadow-tls-sni=${host}`);
+            }
+            if (version) {
+                if (version < 2) {
+                    throw new Error(
+                        `shadow-tls version ${version} is not supported`,
+                    );
+                }
+                result.append(`,shadow-tls-version=${version}`);
+            }
+            // udp-port
+            result.appendIfPresent(
+                `,udp-port=${proxy['udp-port']}`,
+                'udp-port',
+            );
+            isShadowTLS = true;
+        }
+    }
+
    // tfo
    result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');

@@ -91,10 +134,16 @@ function shadowsocks(proxy) {
        result.append(`,udp=true`);
    }

+    if (!includeUnsupportedProxy && isShadowTLS) {
+        throw new Error(
+            `shadow-tls is not supported(请使用 includeUnsupportedProxy 参数)`,
+        );
+    }
+
    return result.toString();
 }

-function shadowsocksr(proxy) {
+function shadowsocksr(proxy, includeUnsupportedProxy) {
    const result = new Result(proxy);
    result.append(
        `${proxy.name}=shadowsocksr,${proxy.server},${proxy.port},${proxy.cipher},"${proxy.password}"`,
@@ -111,6 +160,49 @@ function shadowsocksr(proxy) {
    result.appendIfPresent(`,obfs=${proxy.obfs}`, 'obfs');
    result.appendIfPresent(`,obfs-param=${proxy['obfs-param']}`, 'obfs-param');

+    let isShadowTLS;
+
+    // shadow-tls
+    if (isPresent(proxy, 'shadow-tls-password')) {
+        result.append(`,shadow-tls-password=${proxy['shadow-tls-password']}`);
+
+        result.appendIfPresent(
+            `,shadow-tls-version=${proxy['shadow-tls-version']}`,
+            'shadow-tls-version',
+        );
+        result.appendIfPresent(
+            `,shadow-tls-sni=${proxy['shadow-tls-sni']}`,
+            'shadow-tls-sni',
+        );
+        // udp-port
+        result.appendIfPresent(`,udp-port=${proxy['udp-port']}`, 'udp-port');
+        isShadowTLS = true;
+    } else if (['shadow-tls'].includes(proxy.plugin) && proxy['plugin-opts']) {
+        const password = proxy['plugin-opts'].password;
+        const host = proxy['plugin-opts'].host;
+        const version = proxy['plugin-opts'].version;
+        if (password) {
+            result.append(`,shadow-tls-password=${password}`);
+            if (host) {
+                result.append(`,shadow-tls-sni=${host}`);
+            }
+            if (version) {
+                if (version < 2) {
+                    throw new Error(
+                        `shadow-tls version ${version} is not supported`,
+                    );
+                }
+                result.append(`,shadow-tls-version=${version}`);
+            }
+            // udp-port
+            result.appendIfPresent(
+                `,udp-port=${proxy['udp-port']}`,
+                'udp-port',
+            );
+            isShadowTLS = true;
+        }
+    }
+
    // tfo
    result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');

@@ -119,6 +211,12 @@ function shadowsocksr(proxy) {
        result.append(`,udp=true`);
    }

+    if (!includeUnsupportedProxy && isShadowTLS) {
+        throw new Error(
+            `shadow-tls is not supported(请使用 includeUnsupportedProxy 参数)`,
+        );
+    }
+
    return result.toString();
 }

--- a/backend/src/core/proxy-utils/producers/surge.js
+++ b/backend/src/core/proxy-utils/producers/surge.js
@@ -53,7 +53,7 @@ export default function Surge_Producer() {
    return { produce };
 }

-function shadowsocks(proxy, includeUnsupportedProxy) {
+function shadowsocks(proxy) {
    const result = new Result(proxy);
    result.append(`${proxy.name}=${proxy.type},${proxy.server},${proxy.port}`);
    if (!proxy.cipher) {
@@ -87,9 +87,8 @@ function shadowsocks(proxy, includeUnsupportedProxy) {
            'chacha20',
            'chacha20-ietf',
            'none',
-            ...(includeUnsupportedProxy
-                ? ['2022-blake3-aes-128-gcm', '2022-blake3-aes-256-gcm']
-                : []),
+            '2022-blake3-aes-128-gcm',
+            '2022-blake3-aes-256-gcm',
        ].includes(proxy.cipher)
    ) {
        throw new Error(`cipher ${proxy.cipher} is not supported`);
@@ -127,8 +126,6 @@ function shadowsocks(proxy, includeUnsupportedProxy) {

    // udp
    result.appendIfPresent(`,udp-relay=${proxy.udp}`, 'udp');
-    // udp-port
-    result.appendIfPresent(`,udp-port=${proxy['udp-port']}`, 'udp-port');

    // test-url
    result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
@@ -160,6 +157,8 @@ function shadowsocks(proxy, includeUnsupportedProxy) {
            `,shadow-tls-sni=${proxy['shadow-tls-sni']}`,
            'shadow-tls-sni',
        );
+        // udp-port
+        result.appendIfPresent(`,udp-port=${proxy['udp-port']}`, 'udp-port');
    } else if (['shadow-tls'].includes(proxy.plugin) && proxy['plugin-opts']) {
        const password = proxy['plugin-opts'].password;
        const host = proxy['plugin-opts'].host;
@@ -177,6 +176,11 @@ function shadowsocks(proxy, includeUnsupportedProxy) {
                }
                result.append(`,shadow-tls-version=${version}`);
            }
+            // udp-port
+            result.appendIfPresent(
+                `,udp-port=${proxy['udp-port']}`,
+                'udp-port',
+            );
        }
    }

--- a/backend/src/products/cron-sync-artifacts.js
+++ b/backend/src/products/cron-sync-artifacts.js
@@ -174,6 +174,14 @@ async function doSync() {

        const resp = await syncToGist(files);
        const body = JSON.parse(resp.body);
+        delete body.history;
+        delete body.forks;
+        delete body.owner;
+        Object.values(body.files).forEach((file) => {
+            delete file.content;
+        });
+        $.info('上传配置响应:');
+        $.info(JSON.stringify(body, null, 2));

        for (const artifact of allArtifacts) {
            if (artifact.sync) {
--- a/backend/src/restful/download.js
+++ b/backend/src/restful/download.js
@@ -1,4 +1,7 @@
-import { getPlatformFromHeaders } from '@/utils/user-agent';
+import {
+    getPlatformFromHeaders,
+    shouldIncludeUnsupportedProxy,
+} from '@/utils/user-agent';
 import { ProxyUtils } from '@/core/proxy-utils';
 import { COLLECTIONS_KEY, SUBS_KEY } from '@/constants';
 import { findByName } from '@/utils/database';
@@ -161,7 +164,19 @@ async function downloadSubscription(req, res) {
    }
    if (includeUnsupportedProxy) {
        includeUnsupportedProxy = decodeURIComponent(includeUnsupportedProxy);
-        $.info(`包含不支持的节点: ${includeUnsupportedProxy}`);
+        $.info(
+            `包含官方/商店版/未续费订阅不支持的协议: ${includeUnsupportedProxy}`,
+        );
+    }
+
+    if (
+        !includeUnsupportedProxy &&
+        shouldIncludeUnsupportedProxy(platform, reqUA)
+    ) {
+        includeUnsupportedProxy = true;
+        $.info(
+            `当前客户端可包含官方/商店版/未续费订阅不支持的协议: ${includeUnsupportedProxy}`,
+        );
    }

    if (useMihomoExternal) {
@@ -342,11 +357,9 @@ async function downloadCollection(req, res) {

    const allCols = $.read(COLLECTIONS_KEY);
    const collection = findByName(allCols, name);
-
+    const reqUA = req.headers['user-agent'] || req.headers['User-Agent'];
    $.info(
-        `正在下载组合订阅：${name}\n请求 User-Agent: ${
-            req.headers['user-agent'] || req.headers['User-Agent']
-        }\n请求 target: ${req.query.target}\n实际输出: ${platform}`,
+        `正在下载组合订阅：${name}\n请求 User-Agent: ${reqUA}\n请求 target: ${req.query.target}\n实际输出: ${platform}`,
    );

    let {
@@ -393,7 +406,18 @@ async function downloadCollection(req, res) {

    if (includeUnsupportedProxy) {
        includeUnsupportedProxy = decodeURIComponent(includeUnsupportedProxy);
-        $.info(`包含不支持的节点: ${includeUnsupportedProxy}`);
+        $.info(
+            `包含官方/商店版/未续费订阅不支持的协议: ${includeUnsupportedProxy}`,
+        );
+    }
+    if (
+        !includeUnsupportedProxy &&
+        shouldIncludeUnsupportedProxy(platform, reqUA)
+    ) {
+        includeUnsupportedProxy = true;
+        $.info(
+            `当前客户端可包含官方/商店版/未续费订阅不支持的协议: ${includeUnsupportedProxy}`,
+        );
    }
    if (useMihomoExternal) {
        $.info(`手动指定了 target 为 SurgeMac, 将使用 Mihomo External`);
--- a/backend/src/restful/sync.js
+++ b/backend/src/restful/sync.js
@@ -625,6 +625,15 @@ async function syncArtifacts() {
        const resp = await syncToGist(files);
        const body = JSON.parse(resp.body);

+        delete body.history;
+        delete body.forks;
+        delete body.owner;
+        Object.values(body.files).forEach((file) => {
+            delete file.content;
+        });
+        $.info('上传配置响应:');
+        $.info(JSON.stringify(body, null, 2));
+
        for (const artifact of allArtifacts) {
            if (artifact.sync) {
                artifact.updated = new Date().getTime();
@@ -743,6 +752,16 @@ async function syncArtifact(req, res) {
        });
        artifact.updated = new Date().getTime();
        const body = JSON.parse(resp.body);
+
+        delete body.history;
+        delete body.forks;
+        delete body.owner;
+        Object.values(body.files).forEach((file) => {
+            delete file.content;
+        });
+        $.info('上传配置响应:');
+        $.info(JSON.stringify(body, null, 2));
+
        let files = body.files;
        let isGitLab;
        if (Array.isArray(files)) {
--- a/backend/src/utils/gist.js
+++ b/backend/src/utils/gist.js
@@ -114,15 +114,17 @@ export default class Gist {
                return;
            });
        } else {
-            return this.http.get('/gists').then((response) => {
-                const gists = JSON.parse(response.body);
-                for (let g of gists) {
-                    if (g.description === this.key) {
-                        return g;
+            return this.http
+                .get('/gists?per_page=100&page=1')
+                .then((response) => {
+                    const gists = JSON.parse(response.body);
+                    for (let g of gists) {
+                        if (g.description === this.key) {
+                            return g;
+                        }
                    }
-                }
-                return;
-            });
+                    return;
+                });
        }
    }

--- a/backend/src/utils/user-agent.js
+++ b/backend/src/utils/user-agent.js
@@ -1,3 +1,7 @@
+import gte from 'semver/functions/gte';
+import coerce from 'semver/functions/coerce';
+import $ from '@/core/app';
+
 export function getUserAgentFromHeaders(headers) {
    const keys = Object.keys(headers);
    let UA = '';
@@ -56,3 +60,17 @@ export function getPlatformFromHeaders(headers) {
    const { UA, ua, accept } = getUserAgentFromHeaders(headers);
    return getPlatformFromUserAgent({ ua, UA, accept });
 }
+export function shouldIncludeUnsupportedProxy(platform, ua) {
+    try {
+        const version = coerce(ua).version;
+        if (platform === 'Stash' && gte(version, '2.8.0')) {
+            return true;
+        }
+        if (platform === 'Egern' && gte(version, '1.29.0')) {
+            return true;
+        }
+    } catch (e) {
+        $.error(`获取版本号失败: ${e}`);
+    }
+    return false;
+}
Author	SHA1	Message	Date
xream	87597f6fc2	ci: pnpm Some checks are pending build / build (push) Waiting to run Details	2025-01-13 14:44:34 +08:00
xream	3462d36c35	feat: Egern 和 Stash 可根据 User-Agent 自动包含官方/商店版/未续费订阅不支持的协议	2025-01-13 14:27:08 +08:00
xream	02946ec81c	feat: Surge 默认开启 Shadowsocks 2022	2025-01-13 14:00:38 +08:00
xream	c963c872ff	feat: Egern 使用 includeUnsupportedProxy 参数开启 Shadowsocks 2022 Some checks failed build / build (push) Has been cancelled Details	2025-01-12 06:12:14 +08:00
xream	c4a1bb4ea1	feat: Loon 使用 includeUnsupportedProxy 参数开启 Shadowsocks/ShadowsocksR + Shadow TLS	2025-01-11 23:34:00 +08:00
xream	f96d9dea74	feat: 日志中增加上传配置的响应 Some checks failed build / build (push) Has been cancelled Details	2025-01-09 18:56:36 +08:00
xream	01eb69d8ae	ci: GitHub Action Some checks are pending build / build (push) Waiting to run Details	2025-01-09 09:35:07 +08:00
xream	797ba6f601	fix: 修复 Loon Shadow TLS	2025-01-09 09:30:16 +08:00
xream	128353a7f3	feat: gist 单页数量改为 100	2025-01-09 09:14:36 +08:00
xream	e6f6d51608	feat: Loon 使用 includeUnsupportedProxy 参数开启 Shadowsocks + Shadow TLS V3 Some checks are pending build / build (push) Waiting to run Details	2025-01-08 22:52:00 +08:00