feat: sub-store.json 初始化时, 支持读取 Base64 内容

feat: 手动还原支持 Base64 文本文件
feat: 处理 clash 系和 sing-box 的 Early Data
2025-08-10 00:52:40 +00:00 · 2025-07-19 13:27:25 +08:00 · 2025-07-19 12:55:32 +08:00 · 2025-07-19 06:47:24 +08:00 · 2025-07-18 17:21:11 +08:00 · 2025-07-18 17:12:51 +08:00
37 changed files with 803 additions and 239 deletions
--- a/.gitmodules
+++ b/.gitmodules
--- a/README.md
+++ b/README.md
@@ -26,13 +26,14 @@ Core functionalities:

 ### Supported Input Formats

-> ⚠️ Do not use `Shadowrocket` or `NekoBox` to export URI and then import it as input. The URIs exported in this way may not be standard URIs.
+> ⚠️ Do not use `Shadowrocket` or `NekoBox` to export URI and then import it as input. The URIs exported in this way may not be standard URIs. However, we have already supported some very common non-standard URIs (such as VMess, VLESS).

 - [x] Proxy URI Scheme(`socks5`, `socks5+tls`, `http`, `https`(it's ok))

  example: `socks5+tls://user:pass@ip:port#name`

 - [x] URI(AnyTLS, SOCKS, SS, SSR, VMess, VLESS, Trojan, Hysteria, Hysteria 2, TUIC v5, WireGuard)
+  > Please note, HTTP(s) does not have a standard URI format, so it is not supported. Please use other formats.
 - [x] Clash Proxies YAML
 - [x] Clash Proxy JSON(single line)
 - [x] QX (SS, SSR, VMess, Trojan, HTTP, SOCKS5, VLESS)
@@ -42,7 +43,7 @@ Core functionalities:
 - [x] Clash.Meta (Direct, SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, Hysteria 2, TUIC, SSH, mieru, AnyTLS)
 - [x] Stash (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, TUIC, Juicity, SSH)

-Deprecated:
+Deprecated(The frontend doesn't show it, but the backend still supports it, with the query parameter `target=Clash`):

 - [x] Clash (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard)

--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "sub-store",
-  "version": "2.19.40",
+  "version": "2.19.89",
  "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and Shadowrocket.",
  "main": "src/main.js",
  "scripts": {
@@ -27,17 +27,19 @@
    "automerge": "1.0.1-preview.7",
    "body-parser": "^1.19.0",
    "buffer": "^6.0.3",
-    "dotenv": "^16.4.7",
    "connect-history-api-fallback": "^2.0.0",
    "cron": "^3.1.6",
    "dns-packet": "^5.6.1",
+    "dotenv": "^16.4.7",
    "express": "^4.17.1",
-    "mime-types": "^2.1.35",
+    "fetch-socks": "^1.3.2",
    "http-proxy-middleware": "^3.0.3",
    "ip-address": "^9.0.5",
    "js-base64": "^3.7.2",
+    "json5": "^2.2.3",
    "jsrsasign": "^11.1.0",
    "lodash": "^4.17.21",
+    "mime-types": "^2.1.35",
    "ms": "^2.1.3",
    "nanoid": "^3.3.3",
    "semver": "^7.6.3",
--- a/backend/pnpm-lock.yaml
+++ b/backend/pnpm-lock.yaml
@@ -34,9 +34,15 @@ importers:
      dns-packet:
        specifier: ^5.6.1
        version: 5.6.1
+      dotenv:
+        specifier: ^16.4.7
+        version: 16.5.0
      express:
        specifier: ^4.17.1
        version: 4.21.2
+      fetch-socks:
+        specifier: ^1.3.2
+        version: 1.3.2
      http-proxy-middleware:
        specifier: ^3.0.3
        version: 3.0.3
@@ -46,12 +52,18 @@ importers:
      js-base64:
        specifier: ^3.7.2
        version: 3.7.7
+      json5:
+        specifier: ^2.2.3
+        version: 2.2.3
      jsrsasign:
        specifier: ^11.1.0
        version: 11.1.0
      lodash:
        specifier: ^4.17.21
        version: 4.17.21
+      mime-types:
+        specifier: ^2.1.35
+        version: 2.1.35
      ms:
        specifier: ^2.1.3
        version: 2.1.3
@@ -1655,6 +1667,10 @@ packages:
    resolution: {integrity: sha512-jnjyiM6eRyZl2H+W8Q/zLMA481hzi0eszAaBUzIVnmYVDBbnLxVNnfu1HgEBvCbL+71FrxMl3E6lpKH7Ge3OXA==}
    engines: {node: '>=0.4', npm: '>=1.2'}

+  dotenv@16.5.0:
+    resolution: {integrity: sha512-m/C+AwOAr9/W1UOIZUo232ejMNnJAJtYQjUbHoNTBNTJSvqzzDh7vnrei3o3r3m9blf6ZoDkvcw0VmozNRFJxg==}
+    engines: {node: '>=12'}
+
  dunder-proto@1.0.1:
    resolution: {integrity: sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==}
    engines: {node: '>= 0.4'}
@@ -1961,6 +1977,9 @@ packages:
  fastq@1.18.0:
    resolution: {integrity: sha512-QKHXPW0hD8g4UET03SdOdunzSouc9N4AuHdsX8XNcTsuz+yYFILVNIX4l9yHABMhiEI9Db0JTTIpu0wB+Y1QQw==}

+  fetch-socks@1.3.2:
+    resolution: {integrity: sha512-vkH5+Zgj2yEbU57Cei0iyLgTZ4OkEKJj56Xu3ViB5dpsl599JgEooQ3x6NVagIFRHWnWJ+7K0MO0aIV1TMgvnw==}
+
  file-entry-cache@6.0.1:
    resolution: {integrity: sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==}
    engines: {node: ^10.12.0 || >=12.0.0}
@@ -3623,6 +3642,10 @@ packages:
    resolution: {integrity: sha512-3TYDR7xWt4dIqV2JauJr+EJeW356RXijHeUlO+8djJ+uBXPn8/2dpzBc8yQhh583sVvc9CvFAeQVgijsH+PNNg==}
    engines: {node: '>=0.10.0'}

+  smart-buffer@4.2.0:
+    resolution: {integrity: sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==}
+    engines: {node: '>= 6.0.0', npm: '>= 3.0.0'}
+
  snapdragon-node@2.1.1:
    resolution: {integrity: sha512-O27l4xaMYt/RSQ5TR3vpWCAB5Kb/czIcqUFOM/C4fYcLnbZUc1PkjTAMjof2pBWaSTwOUd6qUHcFGVGj7aIwnw==}
    engines: {node: '>=0.10.0'}
@@ -3635,6 +3658,10 @@ packages:
    resolution: {integrity: sha512-FtyOnWN/wCHTVXOMwvSv26d+ko5vWlIDD6zoUJ7LW8vh+ZBC8QdljveRP+crNrtBwioEUWy/4dMtbBjA4ioNlg==}
    engines: {node: '>=0.10.0'}

+  socks@2.8.6:
+    resolution: {integrity: sha512-pe4Y2yzru68lXCb38aAqRf5gvN8YdjP1lok5o0J7BOHljkyCGKVz7H3vpVIXKD27rj2giOJ7DwVyk/GWrPHDWA==}
+    engines: {node: '>= 10.0.0', npm: '>= 3.0.0'}
+
  source-map-generator@0.8.0:
    resolution: {integrity: sha512-psgxdGMwl5MZM9S3FWee4EgsEaIjahYV5AzGnwUvPhWeITz/j6rKpysQHlQ4USdxvINlb8lKfWGIXwfkrgtqkA==}
    engines: {node: '>= 10'}
@@ -6057,6 +6084,8 @@ snapshots:

  domain-browser@1.2.0: {}

+  dotenv@16.5.0: {}
+
  dunder-proto@1.0.1:
    dependencies:
      call-bind-apply-helpers: 1.0.1
@@ -6538,6 +6567,11 @@ snapshots:
    dependencies:
      reusify: 1.0.4

+  fetch-socks@1.3.2:
+    dependencies:
+      socks: 2.8.6
+      undici: 7.4.0
+
  file-entry-cache@6.0.1:
    dependencies:
      flat-cache: 3.2.0
@@ -8409,6 +8443,8 @@ snapshots:

  slash@1.0.0: {}

+  smart-buffer@4.2.0: {}
+
  snapdragon-node@2.1.1:
    dependencies:
      define-property: 1.0.0
@@ -8432,6 +8468,11 @@ snapshots:
    transitivePeerDependencies:
      - supports-color

+  socks@2.8.6:
+    dependencies:
+      ip-address: 9.0.5
+      smart-buffer: 4.2.0
+
  source-map-generator@0.8.0: {}

  source-map-resolve@0.5.3:
--- a/backend/src/core/proxy-utils/index.js
+++ b/backend/src/core/proxy-utils/index.js
@@ -25,6 +25,7 @@ import { getFlag, removeFlag, getISO, MMDB } from '@/utils/geo';
 import Gist from '@/utils/gist';
 import { isPresent } from './producers/utils';
 import { doh } from '@/utils/dns';
+import JSON5 from 'json5';

 function preprocess(raw) {
    for (const processor of PROXY_PREPROCESSORS) {
@@ -142,9 +143,9 @@ async function processFn(
                        ? `#${rawArgs[1]}`
                        : ''
                }`;
-                const downloadUrlMatch = url.match(
-                    /^\/api\/(file|module)\/(.+)/,
-                );
+                const downloadUrlMatch = url
+                    .split('#')[0]
+                    .match(/^\/api\/(file|module)\/(.+)/);
                if (downloadUrlMatch) {
                    let type = '';
                    try {
@@ -174,6 +175,17 @@ async function processFn(
                        );
                        throw new Error(`无法加载 ${type}: ${url}`);
                    }
+                } else if (url?.startsWith('/')) {
+                    try {
+                        const fs = eval(`require("fs")`);
+                        script = fs.readFileSync(url.split('#')[0], 'utf8');
+                        // $.info(`Script loaded: >>>\n ${script}`);
+                    } catch (err) {
+                        $.error(
+                            `Error when reading local script: ${item.args.content}.\n Reason: ${err}`,
+                        );
+                        throw new Error(`无法从该路径读取脚本文件: ${url}`);
+                    }
                } else {
                    // if this is a remote script, download it
                    try {
@@ -336,6 +348,7 @@ export const ProxyUtils = {
    doh,
    Buffer,
    Base64,
+    JSON5,
 };

 function tryParse(parser, line) {
--- a/backend/src/core/proxy-utils/parsers/index.js
+++ b/backend/src/core/proxy-utils/parsers/index.js
@@ -12,6 +12,7 @@ import getLoonParser from './peggy/loon';
 import getQXParser from './peggy/qx';
 import getTrojanURIParser from './peggy/trojan-uri';
 import $ from '@/core/app';
+import JSON5 from 'json5';

 import { Base64 } from 'js-base64';

@@ -439,7 +440,16 @@ function URI_VMess() {
                type: 'vmess',
                server,
                port,
-                cipher: getIfPresent(params.scy, 'auto'),
+                // https://github.com/2dust/v2rayN/wiki/Description-of-VMess-share-link
+                // https://github.com/XTLS/Xray-core/issues/91
+                cipher: [
+                    'auto',
+                    'aes-128-gcm',
+                    'chacha20-poly1305',
+                    'none',
+                ].includes(params.scy)
+                    ? params.scy
+                    : 'auto',
                uuid: params.id,
                alterId: parseInt(
                    getIfPresent(params.aid ?? params.alterId, 0),
@@ -473,8 +483,8 @@ function URI_VMess() {
                ['http'].includes(params.type)
            ) {
                proxy.network = 'http';
-            } else if (['grpc'].includes(params.net)) {
-                proxy.network = 'grpc';
+            } else if (['grpc', 'kcp', 'quic'].includes(params.net)) {
+                proxy.network = params.net;
            } else if (
                params.net === 'httpupgrade' ||
                proxy.network === 'httpupgrade'
@@ -524,13 +534,28 @@ function URI_VMess() {
                    }
                }
                // 传输层应该有配置, 暂时不考虑兼容不给配置的节点
-                if (transportPath || transportHost) {
+                if (
+                    transportPath ||
+                    transportHost ||
+                    ['kcp', 'quic'].includes(proxy.network)
+                ) {
                    if (['grpc'].includes(proxy.network)) {
                        proxy[`${proxy.network}-opts`] = {
                            'grpc-service-name': getIfNotBlank(transportPath),
                            '_grpc-type': getIfNotBlank(params.type),
                            '_grpc-authority': getIfNotBlank(params.authority),
                        };
+                    } else if (['kcp', 'quic'].includes(proxy.network)) {
+                        proxy[`${proxy.network}-opts`] = {
+                            [`_${proxy.network}-type`]: getIfNotBlank(
+                                params.type,
+                            ),
+                            [`_${proxy.network}-host`]: getIfNotBlank(
+                                getIfNotBlank(transportHost),
+                            ),
+                            [`_${proxy.network}-path`]:
+                                getIfNotBlank(transportPath),
+                        };
                    } else {
                        const opts = {
                            path: getIfNotBlank(transportPath),
@@ -546,6 +571,12 @@ function URI_VMess() {
                    delete proxy.network;
                }
            }
+
+            proxy['client-fingerprint'] = params.fp;
+            proxy.alpn = params.alpn ? params.alpn.split(',') : undefined;
+            // 然而 wiki 和 app 实测中都没有字段表示这个
+            // proxy['skip-cert-verify'] = /(TRUE)|1/i.test(params.allowInsecure);
+
            return proxy;
        }
    };
@@ -1100,14 +1131,14 @@ function Clash_All() {
    const name = 'Clash Parser';
    const test = (line) => {
        try {
-            JSON.parse(line);
+            JSON5.parse(line);
        } catch (e) {
            return false;
        }
        return true;
    };
    const parse = (line) => {
-        const proxy = JSON.parse(line);
+        const proxy = JSON5.parse(line);
        if (
            ![
                'anytls',
--- a/backend/src/core/proxy-utils/parsers/peggy/surge.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/surge.js
@@ -105,11 +105,11 @@ wireguard = tag equals "wireguard" (section_name/no_error_alert/ip_version/under
    proxy.type = "wireguard-surge";
    handleShadowTLS();
 }
-hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/fast_open/tfo/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
+hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/port_hopping_interval/others)* {
    proxy.type = "hysteria2";
    handleShadowTLS();
 }
-socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (udp_relay/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (udp_relay/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/fast_open/tfo/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "socks5";
    handleShadowTLS();
 }
@@ -121,7 +121,6 @@ socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek pas
 direct = tag equals "direct" (udp_relay/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/tfo/block_quic/others)* {
    proxy.type = "direct";
 }
-
 address = comma server:server comma port:port {
    proxy.server = server;
    proxy.port = port;
@@ -179,8 +178,8 @@ username = & {
        peg$currPos = end;
        return true;
    }
-} { proxy.username = $.username; }
-password = comma match:[^,]+ { proxy.password = match.join(""); }
+} { proxy.username = $.username.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
+password = comma match:[^,]+ { proxy.password = match.join("").replace(/^"(.*)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }

 tls = comma "tls" equals flag:bool { proxy.tls = flag; }
 sni = comma "sni" equals sni:("off"/domain) { 
@@ -196,7 +195,7 @@ tls_fingerprint = comma "server-cert-fingerprint-sha256" equals tls_fingerprint:
 snell_psk = comma "psk" equals match:[^,]+ { proxy.psk = match.join(""); }
 snell_version = comma "version" equals match:$[0-9]+ { proxy.version = parseInt(match.trim()); }

-usernamek = comma "username" equals match:[^,]+ { proxy.username = match.join(""); }
+usernamek = comma "username" equals match:[^,]+ { proxy.username = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
 passwordk = comma "password" equals match:[^,]+ { proxy.password = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
 vmess_uuid = comma "username" equals match:[^,]+ { proxy.uuid = match.join(""); }
 vmess_aead = comma "vmess-aead" equals flag:bool { proxy.aead = flag; }
@@ -212,11 +211,11 @@ ws_headers = comma "ws-headers" equals headers:$[^,]+ {
    const result = {};
    pairs.forEach(pair => {
        const [key, value] = pair.trim().split(":");
-        result[key.trim()] = value.trim();
+        result[key.trim()] = value.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1');
    })
    obfs["ws-headers"] = result;
 }
-ws_path = comma "ws-path" equals path:uri { obfs.path = path; }
+ws_path = comma "ws-path" equals path:uri { obfs.path = path.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }

 obfs = comma "obfs" equals type:("http"/"tls") { obfs.type = type; }
 obfs_host = comma "obfs-host" equals host:domain { obfs.host = host; };
--- a/backend/src/core/proxy-utils/parsers/peggy/surge.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/surge.peg
@@ -176,8 +176,8 @@ username = & {
        peg$currPos = end;
        return true;
    }
-} { proxy.username = $.username; }
-password = comma match:[^,]+ { proxy.password = match.join(""); }
+} { proxy.username = $.username.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
+password = comma match:[^,]+ { proxy.password = match.join("").replace(/^"(.*)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }

 tls = comma "tls" equals flag:bool { proxy.tls = flag; }
 sni = comma "sni" equals sni:("off"/domain) { 
@@ -193,7 +193,7 @@ tls_fingerprint = comma "server-cert-fingerprint-sha256" equals tls_fingerprint:
 snell_psk = comma "psk" equals match:[^,]+ { proxy.psk = match.join(""); }
 snell_version = comma "version" equals match:$[0-9]+ { proxy.version = parseInt(match.trim()); }

-usernamek = comma "username" equals match:[^,]+ { proxy.username = match.join(""); }
+usernamek = comma "username" equals match:[^,]+ { proxy.username = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
 passwordk = comma "password" equals match:[^,]+ { proxy.password = match.join("").replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }
 vmess_uuid = comma "username" equals match:[^,]+ { proxy.uuid = match.join(""); }
 vmess_aead = comma "vmess-aead" equals flag:bool { proxy.aead = flag; }
@@ -209,11 +209,11 @@ ws_headers = comma "ws-headers" equals headers:$[^,]+ {
    const result = {};
    pairs.forEach(pair => {
        const [key, value] = pair.trim().split(":");
-        result[key.trim()] = value.trim();
+        result[key.trim()] = value.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1');
    })
    obfs["ws-headers"] = result;
 }
-ws_path = comma "ws-path" equals path:uri { obfs.path = path; }
+ws_path = comma "ws-path" equals path:uri { obfs.path = path.trim().replace(/^"(.*?)"$/, '$1').replace(/^'(.*?)'$/, '$1'); }

 obfs = comma "obfs" equals type:("http"/"tls") { obfs.type = type; }
 obfs_host = comma "obfs-host" equals host:domain { obfs.host = host; };
--- a/backend/src/core/proxy-utils/preprocessors/index.js
+++ b/backend/src/core/proxy-utils/preprocessors/index.js
@@ -50,6 +50,26 @@ function Base64Encoded() {
    return { name, test, parse };
 }

+function fallbackBase64Encoded() {
+    const name = 'Fallback Base64 Pre-processor';
+
+    const test = function (raw) {
+        return true;
+    };
+    const parse = function (raw) {
+        const decoded = Base64.decode(raw);
+        if (!/^\w+(:\/\/|\s*?=\s*?)\w+/m.test(decoded)) {
+            $.error(
+                `Fallback Base64 Pre-processor error: decoded line does not start with protocol`,
+            );
+            return raw;
+        }
+
+        return decoded;
+    };
+    return { name, test, parse };
+}
+
 function Clash() {
    const name = 'Clash Pre-processor';
    const test = function (raw) {
@@ -163,4 +183,11 @@ function FullConfig() {
    return { name, test, parse };
 }

-export default [HTML(), Clash(), Base64Encoded(), SSD(), FullConfig()];
+export default [
+    HTML(),
+    Clash(),
+    Base64Encoded(),
+    SSD(),
+    FullConfig(),
+    fallbackBase64Encoded(),
+];
--- a/backend/src/core/proxy-utils/processors/index.js
+++ b/backend/src/core/proxy-utils/processors/index.js
@@ -623,9 +623,11 @@ const DOMAIN_RESOLVERS = {
        const cached = resourceCache.get(id);
        if (!noCache && cached) return cached;
        const resp = await $.http.get({
-            url: `http://223.6.6.6/resolve?edns_client_subnet=${edns}/24&name=${encodeURIComponent(
-                domain,
-            )}&type=${type === 'IPv6' ? 'AAAA' : 'A'}&short=1`,
+            url: `http://223.6.6.6/resolve?edns_client_subnet=${edns}/${
+                isIPv4(edns) ? 24 : 56
+            }&name=${encodeURIComponent(domain)}&type=${
+                type === 'IPv6' ? 'AAAA' : 'A'
+            }&short=1`,
            headers: {
                accept: 'application/dns-json',
            },
--- a/backend/src/core/proxy-utils/producers/clash.js
+++ b/backend/src/core/proxy-utils/producers/clash.js
@@ -41,7 +41,7 @@ export default function Clash_Producer() {
                            'chacha20-ietf-poly1305',
                            'xchacha20-ietf-poly1305',
                        ].includes(proxy.cipher)) ||
-                    (proxy.type === 'snell' && String(proxy.version) === '4') ||
+                    (proxy.type === 'snell' && proxy.version >= 4) ||
                    (proxy.type === 'vless' &&
                        (typeof proxy.flow !== 'undefined' ||
                            proxy['reality-opts']))
@@ -134,6 +134,18 @@ export default function Clash_Producer() {
                        proxy['h2-opts'].headers.host = [host];
                    }
                }
+                if (proxy.network === 'ws') {
+                    const wsPath = proxy['ws-opts']?.path;
+                    const reg = /^(.*?)(?:\?ed=(\d+))?$/;
+                    // eslint-disable-next-line no-unused-vars
+                    const [_, path = '', ed = ''] = reg.exec(wsPath);
+                    proxy['ws-opts'].path = path;
+                    if (ed !== '') {
+                        proxy['ws-opts']['early-data-header-name'] =
+                            'Sec-WebSocket-Protocol';
+                        proxy['ws-opts']['max-early-data'] = parseInt(ed, 10);
+                    }
+                }
                if (proxy['plugin-opts']?.tls) {
                    if (isPresent(proxy, 'skip-cert-verify')) {
                        proxy['plugin-opts']['skip-cert-verify'] =
--- a/backend/src/core/proxy-utils/producers/clashmeta.js
+++ b/backend/src/core/proxy-utils/producers/clashmeta.js
@@ -1,12 +1,20 @@
 import { isPresent } from '@/core/proxy-utils/producers/utils';

+const ipVersions = {
+    dual: 'dual',
+    'v4-only': 'ipv4',
+    'v6-only': 'ipv6',
+    'prefer-v4': 'ipv4-prefer',
+    'prefer-v6': 'ipv6-prefer',
+};
+
 export default function ClashMeta_Producer() {
    const type = 'ALL';
    const produce = (proxies, type, opts = {}) => {
        const list = proxies
            .filter((proxy) => {
                if (opts['include-unsupported-proxy']) return true;
-                if (proxy.type === 'snell' && String(proxy.version) === '4') {
+                if (proxy.type === 'snell' && proxy.version >= 4) {
                    return false;
                } else if (['juicity'].includes(proxy.type)) {
                    return false;
@@ -190,6 +198,18 @@ export default function ClashMeta_Producer() {
                        proxy['h2-opts'].headers.host = [host];
                    }
                }
+                if (proxy.network === 'ws') {
+                    const wsPath = proxy['ws-opts']?.path;
+                    const reg = /^(.*?)(?:\?ed=(\d+))?$/;
+                    // eslint-disable-next-line no-unused-vars
+                    const [_, path = '', ed = ''] = reg.exec(wsPath);
+                    proxy['ws-opts'].path = path;
+                    if (ed !== '') {
+                        proxy['ws-opts']['early-data-header-name'] =
+                            'Sec-WebSocket-Protocol';
+                        proxy['ws-opts']['max-early-data'] = parseInt(ed, 10);
+                    }
+                }

                if (proxy['plugin-opts']?.tls) {
                    if (isPresent(proxy, 'skip-cert-verify')) {
@@ -242,6 +262,11 @@ export default function ClashMeta_Producer() {
                    delete proxy[`${proxy.network}-opts`]['_grpc-type'];
                    delete proxy[`${proxy.network}-opts`]['_grpc-authority'];
                }
+
+                if (proxy['ip-version']) {
+                    proxy['ip-version'] =
+                        ipVersions[proxy['ip-version']] || proxy['ip-version'];
+                }
                return proxy;
            });

--- a/backend/src/core/proxy-utils/producers/egern.js
+++ b/backend/src/core/proxy-utils/producers/egern.js
@@ -377,6 +377,23 @@ export default function Egern_Producer() {
                delete proxy.id;
                delete proxy.resolved;
                delete proxy['no-resolve'];
+
+                if (proxy.transport) {
+                    for (const key in proxy.transport) {
+                        if (
+                            Object.keys(proxy.transport[key]).length === 0 ||
+                            Object.values(proxy.transport[key]).every(
+                                (v) => v == null,
+                            )
+                        ) {
+                            delete proxy.transport[key];
+                        }
+                    }
+                    if (Object.keys(proxy.transport).length === 0) {
+                        delete proxy.transport;
+                    }
+                }
+
                if (type !== 'internal') {
                    for (const key in proxy) {
                        if (proxy[key] == null || /^_/i.test(key)) {
--- a/backend/src/core/proxy-utils/producers/qx.js
+++ b/backend/src/core/proxy-utils/producers/qx.js
@@ -405,6 +405,8 @@ function vless(proxy) {
            else append(`,obfs=ws`);
        } else if (proxy.network === 'http') {
            append(`,obfs=http`);
+        } else if (['tcp'].includes(proxy.network)) {
+            if (proxy.tls) append(`,obfs=over-tls`);
        } else if (!['tcp'].includes(proxy.network)) {
            throw new Error(`network ${proxy.network} is unsupported`);
        }
--- a/backend/src/core/proxy-utils/producers/shadowrocket.js
+++ b/backend/src/core/proxy-utils/producers/shadowrocket.js
@@ -7,14 +7,9 @@ export default function Shadowrocket_Producer() {
        const list = proxies
            .filter((proxy) => {
                if (opts['include-unsupported-proxy']) return true;
-                if (proxy.type === 'snell' && String(proxy.version) === '4') {
+                if (proxy.type === 'snell' && proxy.version >= 4) {
                    return false;
-                } else if (['mieru', 'anytls'].includes(proxy.type)) {
-                    return false;
-                } else if (proxy['underlying-proxy'] || proxy['dialer-proxy']) {
-                    $.error(
-                        `Shadowrocket 不支持前置代理字段. 已过滤节点 ${proxy.name}. 请使用 App 内的 "代理通过" 功能`,
-                    );
+                } else if (['mieru'].includes(proxy.type)) {
                    return false;
                }
                return true;
@@ -171,6 +166,18 @@ export default function Shadowrocket_Producer() {
                        proxy['h2-opts'].headers.host = [host];
                    }
                }
+                if (proxy.network === 'ws') {
+                    const wsPath = proxy['ws-opts']?.path;
+                    const reg = /^(.*?)(?:\?ed=(\d+))?$/;
+                    // eslint-disable-next-line no-unused-vars
+                    const [_, path = '', ed = ''] = reg.exec(wsPath);
+                    proxy['ws-opts'].path = path;
+                    if (ed !== '') {
+                        proxy['ws-opts']['early-data-header-name'] =
+                            'Sec-WebSocket-Protocol';
+                        proxy['ws-opts']['max-early-data'] = parseInt(ed, 10);
+                    }
+                }
                if (proxy['plugin-opts']?.tls) {
                    if (isPresent(proxy, 'skip-cert-verify')) {
                        proxy['plugin-opts']['skip-cert-verify'] =
--- a/backend/src/core/proxy-utils/producers/sing-box.js
+++ b/backend/src/core/proxy-utils/producers/sing-box.js
@@ -2,6 +2,26 @@ import ClashMeta_Producer from './clashmeta';
 import $ from '@/core/app';
 import { isIPv4, isIPv6 } from '@/utils';

+const ipVersions = {
+    ipv4: 'ipv4_only',
+    ipv6: 'ipv6_only',
+    'v4-only': 'ipv4_only',
+    'v6-only': 'ipv6_only',
+    'ipv4-prefer': 'prefer_ipv4',
+    'ipv6-prefer': 'prefer_ipv6',
+    'prefer-v4': 'prefer_ipv4',
+    'prefer-v6': 'prefer_ipv6',
+};
+
+const ipVersionParser = (proxy, parsedProxy) => {
+    const strategy = ipVersions[proxy['ip-version']];
+    if (proxy._dns_server && strategy) {
+        parsedProxy.domain_resolver = {
+            server: proxy._dns_server,
+            strategy,
+        };
+    }
+};
 const detourParser = (proxy, parsedProxy) => {
    parsedProxy.detour = proxy['dialer-proxy'] || proxy.detour;
 };
@@ -51,7 +71,14 @@ const smuxParser = (smux, proxy) => {
 const wsParser = (proxy, parsedProxy) => {
    const transport = { type: 'ws', headers: {} };
    if (proxy['ws-opts']) {
-        const { path: wsPath = '', headers: wsHeaders = {} } = proxy['ws-opts'];
+        const {
+            path: wsPath = '',
+            headers: wsHeaders = {},
+            'max-early-data': max_early_data,
+            'early-data-header-name': early_data_header_name,
+        } = proxy['ws-opts'];
+        transport.early_data_header_name = early_data_header_name;
+        transport.max_early_data = parseInt(max_early_data, 10);
        if (wsPath !== '') transport.path = `${wsPath}`;
        if (Object.keys(wsHeaders).length > 0) {
            const headers = {};
@@ -278,6 +305,7 @@ const sshParser = (proxy = {}) => {
    if (proxy['fast-open']) parsedProxy.udp_fragment = true;
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -305,6 +333,7 @@ const httpParser = (proxy = {}) => {
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    tlsParser(proxy, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -327,6 +356,7 @@ const socks5Parser = (proxy = {}) => {
    networkParser(proxy, parsedProxy);
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -338,6 +368,17 @@ const shadowTLSParser = (proxy = {}) => {
        password: proxy.password,
        detour: `${proxy.name}_shadowtls`,
    };
+    if (proxy.uot) ssPart.udp_over_tcp = true;
+    if (proxy['udp-over-tcp']) {
+        ssPart.udp_over_tcp = {
+            enabled: true,
+            version:
+                !proxy['udp-over-tcp-version'] ||
+                proxy['udp-over-tcp-version'] === 1
+                    ? 1
+                    : 2,
+        };
+    }
    const stPart = {
        tag: `${proxy.name}_shadowtls`,
        type: 'shadowtls',
@@ -360,6 +401,7 @@ const shadowTLSParser = (proxy = {}) => {
    tfoParser(proxy, stPart);
    detourParser(proxy, stPart);
    smuxParser(proxy.smux, ssPart);
+    ipVersionParser(proxy, stPart);
    return { type: 'ss-with-st', ssPart, stPart };
 };
 const ssParser = (proxy = {}) => {
@@ -389,6 +431,7 @@ const ssParser = (proxy = {}) => {
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    if (proxy.plugin) {
        const optArr = [];
        if (proxy.plugin === 'obfs') {
@@ -467,6 +510,7 @@ const ssrParser = (proxy = {}) => {
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -505,6 +549,7 @@ const vmessParser = (proxy = {}) => {
    detourParser(proxy, parsedProxy);
    tlsParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -519,8 +564,10 @@ const vlessParser = (proxy = {}) => {
    };
    if (parsedProxy.server_port < 0 || parsedProxy.server_port > 65535)
        throw 'invalid port';
+    if (proxy.xudp) parsedProxy.packet_encoding = 'xudp';
    if (proxy['fast-open']) parsedProxy.udp_fragment = true;
-    if (proxy.flow === 'xtls-rprx-vision') parsedProxy.flow = proxy.flow;
+    // if (['xtls-rprx-vision', ''].includes(proxy.flow)) parsedProxy.flow = proxy.flow;
+    if (proxy.flow != null) parsedProxy.flow = proxy.flow;
    if (proxy.network === 'ws') wsParser(proxy, parsedProxy);
    if (proxy.network === 'grpc') grpcParser(proxy, parsedProxy);
    networkParser(proxy, parsedProxy);
@@ -528,6 +575,7 @@ const vlessParser = (proxy = {}) => {
    detourParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
    tlsParser(proxy, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };
 const trojanParser = (proxy = {}) => {
@@ -549,6 +597,7 @@ const trojanParser = (proxy = {}) => {
    detourParser(proxy, parsedProxy);
    tlsParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };
 const hysteriaParser = (proxy = {}) => {
@@ -598,6 +647,7 @@ const hysteriaParser = (proxy = {}) => {
    detourParser(proxy, parsedProxy);
    tfoParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };
 const hysteria2Parser = (proxy = {}) => {
@@ -631,6 +681,7 @@ const hysteria2Parser = (proxy = {}) => {
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };
 const tuic5Parser = (proxy = {}) => {
@@ -662,6 +713,7 @@ const tuic5Parser = (proxy = {}) => {
    detourParser(proxy, parsedProxy);
    tlsParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };
 const anytlsParser = (proxy = {}) => {
@@ -677,8 +729,14 @@ const anytlsParser = (proxy = {}) => {
        parsedProxy.idle_session_check_interval = `${proxy['idle-session-check-interval']}s`;
    if (/^\d+$/.test(proxy['idle-session-timeout']))
        parsedProxy.idle_session_timeout = `${proxy['idle-session-timeout']}s`;
+    if (/^\d+$/.test(proxy['min-idle-session']))
+        parsedProxy.min_idle_session = parseInt(
+            `${proxy['min-idle-session']}`,
+            10,
+        );
    detourParser(proxy, parsedProxy);
    tlsParser(proxy, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

@@ -736,6 +794,7 @@ const wireguardParser = (proxy = {}) => {
    tfoParser(proxy, parsedProxy);
    detourParser(proxy, parsedProxy);
    smuxParser(proxy.smux, parsedProxy);
+    ipVersionParser(proxy, parsedProxy);
    return parsedProxy;
 };

--- a/backend/src/core/proxy-utils/producers/stash.js
+++ b/backend/src/core/proxy-utils/producers/stash.js
@@ -43,12 +43,10 @@ export default function Stash_Producer() {
                            '2022-blake3-aes-128-gcm',
                            '2022-blake3-aes-256-gcm',
                        ].includes(proxy.cipher)) ||
-                    (proxy.type === 'snell' && String(proxy.version) === '4') ||
-                    (opts['include-unsupported-proxy']
-                        ? proxy.type === 'vless' &&
-                          proxy['reality-opts'] &&
-                          !['xtls-rprx-vision'].includes(proxy.flow)
-                        : proxy.type === 'vless' && proxy['reality-opts'])
+                    (proxy.type === 'snell' && proxy.version >= 4) ||
+                    (proxy.type === 'vless' &&
+                        proxy['reality-opts'] &&
+                        !['xtls-rprx-vision'].includes(proxy.flow))
                ) {
                    return false;
                } else if (proxy['underlying-proxy'] || proxy['dialer-proxy']) {
@@ -240,6 +238,18 @@ export default function Stash_Producer() {
                        proxy['h2-opts'].headers.host = [host];
                    }
                }
+                if (proxy.network === 'ws') {
+                    const wsPath = proxy['ws-opts']?.path;
+                    const reg = /^(.*?)(?:\?ed=(\d+))?$/;
+                    // eslint-disable-next-line no-unused-vars
+                    const [_, path = '', ed = ''] = reg.exec(wsPath);
+                    proxy['ws-opts'].path = path;
+                    if (ed !== '') {
+                        proxy['ws-opts']['early-data-header-name'] =
+                            'Sec-WebSocket-Protocol';
+                        proxy['ws-opts']['max-early-data'] = parseInt(ed, 10);
+                    }
+                }
                if (proxy['plugin-opts']?.tls) {
                    if (isPresent(proxy, 'skip-cert-verify')) {
                        proxy['plugin-opts']['skip-cert-verify'] =
--- a/backend/src/core/proxy-utils/producers/surge.js
+++ b/backend/src/core/proxy-utils/producers/surge.js
@@ -370,9 +370,9 @@ function vmess(proxy, includeUnsupportedProxy) {
 function ssh(proxy) {
    const result = new Result(proxy);
    result.append(`${proxy.name}=ssh,${proxy.server},${proxy.port}`);
-    result.appendIfPresent(`,${proxy.username}`, 'username');
+    result.appendIfPresent(`,username="${proxy.username}"`, 'username');
    // 所有的类似的字段都有双引号的问题 暂不处理
-    result.appendIfPresent(`,"${proxy.password}"`, 'password');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');

    // https://manual.nssurge.com/policy/ssh.html
    // 需配合 Keystore
@@ -439,8 +439,8 @@ function http(proxy) {
    const result = new Result(proxy);
    const type = proxy.tls ? 'https' : 'http';
    result.append(`${proxy.name}=${type},${proxy.server},${proxy.port}`);
-    result.appendIfPresent(`,${proxy.username}`, 'username');
-    result.appendIfPresent(`,"${proxy.password}"`, 'password');
+    result.appendIfPresent(`,username="${proxy.username}"`, 'username');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
@@ -565,8 +565,8 @@ function socks5(proxy) {
    const result = new Result(proxy);
    const type = proxy.tls ? 'socks5-tls' : 'socks5';
    result.append(`${proxy.name}=${type},${proxy.server},${proxy.port}`);
-    result.appendIfPresent(`,${proxy.username}`, 'username');
-    result.appendIfPresent(`,"${proxy.password}"`, 'password');
+    result.appendIfPresent(`,username="${proxy.username}"`, 'username');
+    result.appendIfPresent(`,password="${proxy.password}"`, 'password');

    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
--- a/backend/src/core/proxy-utils/producers/uri.js
+++ b/backend/src/core/proxy-utils/producers/uri.js
@@ -33,7 +33,9 @@ export default function URI_Producer() {
        switch (proxy.type) {
            case 'socks5':
                result = `socks://${encodeURIComponent(
-                    Base64.encode(`${proxy.username}:${proxy.password}`),
+                    Base64.encode(
+                        `${proxy.username ?? ''}:${proxy.password ?? ''}`,
+                    ),
                )}@${proxy.server}:${proxy.port}#${proxy.name}`;
                break;
            case 'ss':
@@ -117,12 +119,17 @@ export default function URI_Producer() {
                    v: '2',
                    ps: proxy.name,
                    add: proxy.server,
-                    port: proxy.port,
+                    port: `${proxy.port}`,
                    id: proxy.uuid,
-                    type,
-                    aid: proxy.alterId || 0,
+                    aid: `${proxy.alterId || 0}`,
+                    scy: proxy.cipher,
                    net,
+                    type,
                    tls: proxy.tls ? 'tls' : '',
+                    alpn: Array.isArray(proxy.alpn)
+                        ? proxy.alpn.join(',')
+                        : proxy.alpn,
+                    fp: proxy['client-fingerprint'],
                };
                if (proxy.tls && proxy.sni) {
                    result.sni = proxy.sni;
@@ -133,16 +140,7 @@ export default function URI_Producer() {
                        proxy[`${proxy.network}-opts`]?.path;
                    let vmessTransportHost =
                        proxy[`${proxy.network}-opts`]?.headers?.Host;
-                    if (vmessTransportPath) {
-                        result.path = Array.isArray(vmessTransportPath)
-                            ? vmessTransportPath[0]
-                            : vmessTransportPath;
-                    }
-                    if (vmessTransportHost) {
-                        result.host = Array.isArray(vmessTransportHost)
-                            ? vmessTransportHost[0]
-                            : vmessTransportHost;
-                    }
+
                    if (['grpc'].includes(proxy.network)) {
                        result.path =
                            proxy[`${proxy.network}-opts`]?.[
@@ -154,6 +152,31 @@ export default function URI_Producer() {
                            'gun';
                        result.host =
                            proxy[`${proxy.network}-opts`]?.['_grpc-authority'];
+                    } else if (['kcp', 'quic'].includes(proxy.network)) {
+                        // https://github.com/XTLS/Xray-core/issues/91
+                        result.type =
+                            proxy[`${proxy.network}-opts`]?.[
+                                `_${proxy.network}-type`
+                            ] || 'none';
+                        result.host =
+                            proxy[`${proxy.network}-opts`]?.[
+                                `_${proxy.network}-host`
+                            ];
+                        result.path =
+                            proxy[`${proxy.network}-opts`]?.[
+                                `_${proxy.network}-path`
+                            ];
+                    } else {
+                        if (vmessTransportPath) {
+                            result.path = Array.isArray(vmessTransportPath)
+                                ? vmessTransportPath[0]
+                                : vmessTransportPath;
+                        }
+                        if (vmessTransportHost) {
+                            result.host = Array.isArray(vmessTransportHost)
+                                ? vmessTransportHost[0]
+                                : vmessTransportHost;
+                        }
                    }
                }
                result = 'vmess://' + Base64.encode(JSON.stringify(result));
--- a/backend/src/restful/download.js
+++ b/backend/src/restful/download.js
@@ -259,7 +259,7 @@ async function downloadSubscription(req, res) {
                            }
                        }
                    }
-                    if (!$arguments.noFlow) {
+                    if (!$arguments.noFlow && /^https?/.test(url)) {
                        // forward flow headers
                        flowInfo = await getFlowHeaders(
                            $arguments?.insecure ? `${url}#insecure` : url,
@@ -506,7 +506,7 @@ async function downloadCollection(req, res) {
                                }
                            }
                        }
-                        if (!$arguments.noFlow) {
+                        if (!$arguments.noFlow && /^https?:/.test(url)) {
                            subUserInfoOfSub = await getFlowHeaders(
                                $arguments?.insecure ? `${url}#insecure` : url,
                                $arguments.flowUserAgent,
--- a/backend/src/restful/file.js
+++ b/backend/src/restful/file.js
@@ -64,6 +64,7 @@ async function getFile(req, res) {
        ignoreFailedRemoteFile,
        proxy,
        noCache,
+        produceType,
    } = req.query;
    let $options = {
        _req: {
@@ -128,6 +129,10 @@ async function getFile(req, res) {
    if (noCache) {
        $.info(`指定不使用缓存: ${noCache}`);
    }
+    if (produceType) {
+        produceType = decodeURIComponent(produceType);
+        $.info(`指定生产类型: ${produceType}`);
+    }

    const allFiles = $.read(FILES_KEY);
    const file = findByName(allFiles, name);
@@ -144,6 +149,8 @@ async function getFile(req, res) {
                $options,
                proxy,
                noCache,
+                produceType,
+                all: true,
            });

            try {
@@ -178,9 +185,15 @@ async function getFile(req, res) {
                    )}`,
                );
            }
-            res.set('Content-Type', 'text/plain; charset=utf-8').send(
-                output ?? '',
-            );
+            res.set('Content-Type', 'text/plain; charset=utf-8');
+            if (output?.$options?._res?.headers) {
+                Object.entries(output.$options._res.headers).forEach(
+                    ([key, value]) => {
+                        res.set(key, value);
+                    },
+                );
+            }
+            res.send(output?.$content ?? '');
        } catch (err) {
            $.notify(
                `🌍 Sub-Store 下载文件失败`,
--- a/backend/src/restful/index.js
+++ b/backend/src/restful/index.js
@@ -1,3 +1,5 @@
+import { Base64 } from 'js-base64';
+import _ from 'lodash';
 import express from '@/vendor/express';
 import $ from '@/core/app';
 import migrate from '@/utils/migration';
@@ -119,10 +121,11 @@ export default function serve() {
    $app.start();

    if ($.env.isNode) {
-        // Deprecated: SUB_STORE_BACKEND_CRON
-        const backend_sync_cron =
-            eval('process.env.SUB_STORE_BACKEND_SYNC_CRON') ||
-            eval('process.env.SUB_STORE_BACKEND_CRON');
+        // Deprecated: SUB_STORE_BACKEND_CRON, SUB_STORE_CRON
+        const backend_sync_cron = eval(
+            'process.env.SUB_STORE_BACKEND_SYNC_CRON',
+        );
+
        if (backend_sync_cron) {
            $.info(`[SYNC CRON] ${backend_sync_cron} enabled`);
            const { CronJob } = eval(`require("cron")`);
@@ -145,6 +148,17 @@ export default function serve() {
                true, // start
                // 'Asia/Shanghai' // timeZone
            );
+        } else {
+            if (eval('process.env.SUB_STORE_BACKEND_CRON')) {
+                $.error(
+                    `[SYNC CRON] SUB_STORE_BACKEND_CRON 已弃用, 请使用 SUB_STORE_BACKEND_SYNC_CRON`,
+                );
+            }
+            if (eval('process.env.SUB_STORE_CRON')) {
+                $.error(
+                    `[SYNC CRON] SUB_STORE_CRON 已弃用, 请使用 SUB_STORE_BACKEND_SYNC_CRON`,
+                );
+            }
        }
        // 格式: 0 */2 * * *,sub,a;0 */3 * * *,col,b
        // 每 2 小时处理一次单条订阅 a, 每 3 小时处理一次组合订阅 b
@@ -292,6 +306,7 @@ export default function serve() {
        const path = eval(`require("path")`);
        const fs = eval(`require("fs")`);
        const data_url = eval('process.env.SUB_STORE_DATA_URL');
+        const data_url_post = eval('process.env.SUB_STORE_DATA_URL_POST');
        const fe_be_path = eval('process.env.SUB_STORE_FRONTEND_BACKEND_PATH');
        const fe_port = eval('process.env.SUB_STORE_FRONTEND_PORT') || 3001;
        const fe_host =
@@ -412,10 +427,39 @@ export default function serve() {
        if (data_url) {
            $.info(`[BACKEND] downloading data from ${data_url}`);
            download(data_url)
-                .then((content) => {
-                    $.write(content, '#sub-store');
+                .then(async (content) => {
+                    try {
+                        content = JSON.parse(Base64.decode(content));
+                        if (Object.keys(content.settings).length === 0) {
+                            throw new Error(
+                                '备份文件应该至少包含 settings 字段',
+                            );
+                        }
+                    } catch (err) {
+                        try {
+                            content = JSON.parse(content);
+                            if (Object.keys(content.settings).length === 0) {
+                                throw new Error(
+                                    '备份文件应该至少包含 settings 字段',
+                                );
+                            }
+                        } catch (err) {
+                            $.error(
+                                `Gist 备份文件校验失败, 无法还原\nReason: ${
+                                    err.message ?? err
+                                }`,
+                            );
+                            throw new Error('Gist 备份文件校验失败, 无法还原');
+                        }
+                    }
+                    if (data_url_post) {
+                        $.info('[BACKEND] executing post-processing script');
+                        eval(data_url_post);
+                    }

-                    $.cache = JSON.parse(content);
+                    $.write(JSON.stringify(content, null, `  `), '#sub-store');
+
+                    $.cache = content;
                    $.persistCache();

                    migrate();
--- a/backend/src/restful/miscs.js
+++ b/backend/src/restful/miscs.js
@@ -1,3 +1,5 @@
+import { Base64 } from 'js-base64';
+import _ from 'lodash';
 import $ from '@/core/app';
 import { ENV } from '@/vendor/open-api';
 import { failed, success } from '@/restful/response';
@@ -39,21 +41,47 @@ export default function register($app) {
                );
        })
        .post((req, res) => {
-            const { content } = req.body;
-            $.write(content, '#sub-store');
+            let { content } = req.body;
+            try {
+                content = JSON.parse(Base64.decode(content));
+                if (Object.keys(content.settings).length === 0) {
+                    throw new Error('备份文件应该至少包含 settings 字段');
+                }
+            } catch (err) {
+                try {
+                    content = JSON.parse(content);
+                    if (Object.keys(content.settings).length === 0) {
+                        throw new Error('备份文件应该至少包含 settings 字段');
+                    }
+                } catch (err) {
+                    $.error(
+                        `备份文件校验失败, 无法还原\nReason: ${
+                            err.message ?? err
+                        }`,
+                    );
+                    throw new Error('备份文件校验失败, 无法还原');
+                }
+            }
+            $.write(JSON.stringify(content, null, `  `), '#sub-store');
            if ($.env.isNode) {
-                $.cache = JSON.parse(content);
+                $.cache = content;
                $.persistCache();
            }
            migrate();
            success(res);
        });

-    // Redirect sub.store to vercel webpage
-    $app.get('/', async (req, res) => {
-        // 302 redirect
-        res.set('location', 'https://sub-store.vercel.app/').status(302).end();
-    });
+    if (ENV().isNode) {
+        $app.get('/', getEnv);
+    } else {
+        // Redirect sub.store to vercel webpage
+        $app.get('/', async (req, res) => {
+            // 302 redirect
+            res.set('location', 'https://sub-store.vercel.app/')
+                .status(302)
+                .end();
+        });
+    }

    // handle preflight request for QX
    if (ENV().isQX) {
@@ -71,7 +99,19 @@ function getEnv(req, res) {
    if (req.query.share) {
        env.feature.share = true;
    }
-    success(res, env);
+    res.set('Content-Type', 'application/json;charset=UTF-8').send(
+        JSON.stringify(
+            {
+                status: 'success',
+                data: {
+                    guide: '⚠️⚠️⚠️ 您当前看到的是后端的响应. 若想配合前端使用, 可访问官方前端 https://sub-store.vercel.app 后自行配置后端地址, 或一键配置后端 https://sub-store.vercel.app?api=https://a.com/xxx (假设 https://a.com 是你后端的域名, /xxx 是自定义路径). 需注意 HTTPS 前端无法请求非本地的 HTTP 后端(部分浏览器上也无法访问本地 HTTP 后端). 请配置反代或在局域网自建 HTTP 前端. 如果还有问题, 可查看此排查说明: https://t.me/zhetengsha/1068',
+                    ...env,
+                },
+            },
+            null,
+            2,
+        ),
+    );
 }

 async function refresh(_, res) {
@@ -86,7 +126,7 @@ async function refresh(_, res) {
    success(res);
 }

-async function gistBackupAction(action) {
+async function gistBackupAction(action, keep, encode) {
    // read token
    const { gistToken, syncPlatform } = $.read(SETTINGS_KEY);
    if (!gistToken) throw new Error('GitHub Token is required for backup!');
@@ -96,6 +136,9 @@ async function gistBackupAction(action) {
        key: GIST_BACKUP_KEY,
        syncPlatform,
    });
+    let currentContent = $.read('#sub-store');
+    currentContent = currentContent ? JSON.parse(currentContent) : {};
+    if ($.env.isNode) currentContent = JSON.parse(JSON.stringify($.cache));
    let content;
    const settings = $.read(SETTINGS_KEY);
    const updated = settings.syncTime;
@@ -103,7 +146,18 @@ async function gistBackupAction(action) {
        case 'upload':
            try {
                content = $.read('#sub-store');
-                if ($.env.isNode) content = JSON.stringify($.cache, null, `  `);
+                content = content ? JSON.parse(content) : {};
+                if ($.env.isNode) content = JSON.parse(JSON.stringify($.cache));
+                if (encode === 'plaintext') {
+                    content.settings.gistToken =
+                        '恢复后请重新设置 GitHub Token';
+                    content = JSON.stringify(content, null, `  `);
+                } else {
+                    content = Base64.encode(
+                        JSON.stringify(content, null, `  `),
+                    );
+                }
+
                $.info(`下载备份, 与本地内容对比...`);
                const onlineContent = await gist.download(
                    GIST_BACKUP_FILE_NAME,
@@ -120,7 +174,14 @@ async function gistBackupAction(action) {
            settings.syncTime = new Date().getTime();
            $.write(settings, SETTINGS_KEY);
            content = $.read('#sub-store');
-            if ($.env.isNode) content = JSON.stringify($.cache, null, `  `);
+            content = content ? JSON.parse(content) : {};
+            if ($.env.isNode) content = JSON.parse(JSON.stringify($.cache));
+            if (encode === 'plaintext') {
+                content.settings.gistToken = '恢复后请重新设置 GitHub Token';
+                content = JSON.stringify(content, null, `  `);
+            } else {
+                content = Base64.encode(JSON.stringify(content, null, `  `));
+            }
            $.info(`上传备份中...`);
            try {
                await gist.upload({
@@ -138,21 +199,34 @@ async function gistBackupAction(action) {
            $.info(`还原备份中...`);
            content = await gist.download(GIST_BACKUP_FILE_NAME);
            try {
-                if (Object.keys(JSON.parse(content).settings).length === 0) {
+                content = JSON.parse(Base64.decode(content));
+                if (Object.keys(content.settings).length === 0) {
                    throw new Error('备份文件应该至少包含 settings 字段');
                }
            } catch (err) {
-                $.error(
-                    `Gist 备份文件校验失败, 无法还原\nReason: ${
-                        err.message ?? err
-                    }`,
-                );
-                throw new Error('Gist 备份文件校验失败, 无法还原');
+                try {
+                    content = JSON.parse(content);
+                    if (Object.keys(content.settings).length === 0) {
+                        throw new Error('备份文件应该至少包含 settings 字段');
+                    }
+                } catch (err) {
+                    $.error(
+                        `Gist 备份文件校验失败, 无法还原\nReason: ${
+                            err.message ?? err
+                        }`,
+                    );
+                    throw new Error('Gist 备份文件校验失败, 无法还原');
+                }
+            }
+            if (keep) {
+                $.info(`保留原有设置 ${keep}`);
+                keep.split(',').forEach((path) => {
+                    _.set(content, path, _.get(currentContent, path));
+                });
            }
            // restore settings
-            $.write(content, '#sub-store');
+            $.write(JSON.stringify(content, null, `  `), '#sub-store');
            if ($.env.isNode) {
-                content = JSON.parse(content);
                $.cache = content;
                $.persistCache();
            }
@@ -164,7 +238,7 @@ async function gistBackupAction(action) {
    }
 }
 async function gistBackup(req, res) {
-    const { action } = req.query;
+    const { action, keep, encode } = req.query;
    // read token
    const { gistToken } = $.read(SETTINGS_KEY);
    if (!gistToken) {
@@ -177,7 +251,7 @@ async function gistBackup(req, res) {
        );
    } else {
        try {
-            await gistBackupAction(action);
+            await gistBackupAction(action, keep, encode);
            success(res);
        } catch (err) {
            $.error(
--- a/backend/src/restful/subscriptions.js
+++ b/backend/src/restful/subscriptions.js
@@ -140,7 +140,7 @@ async function getFlowInfo(req, res) {
                }
            }
        }
-        if ($arguments.noFlow) {
+        if ($arguments.noFlow || !/^https?/.test(url)) {
            failed(
                res,
                new RequestInvalidError(
--- a/backend/src/restful/sync.js
+++ b/backend/src/restful/sync.js
@@ -40,6 +40,7 @@ async function produceArtifact({
    $options,
    proxy,
    noCache,
+    all,
 }) {
    platform = platform || 'JSON';

@@ -173,6 +174,9 @@ async function produceArtifact({
                raw.push(sub.content);
            }
        }
+        if (produceType === 'raw') {
+            return JSON.stringify((Array.isArray(raw) ? raw : [raw]).flat());
+        }
        // parse proxies
        let proxies = (Array.isArray(raw) ? raw : [raw])
            .map((i) => ProxyUtils.parse(i))
@@ -570,6 +574,9 @@ async function produceArtifact({
                }
            }
        }
+        if (produceType === 'raw') {
+            return JSON.stringify((Array.isArray(raw) ? raw : [raw]).flat());
+        }
        const files = (Array.isArray(raw) ? raw : [raw]).flat();
        let filesContent = files
            .filter((i) => i != null && i !== '')
@@ -589,7 +596,7 @@ async function produceArtifact({
                  )
                : { $content: filesContent, $files: files, $options };

-        return processed?.$content ?? '';
+        return (all ? processed : processed?.$content) ?? '';
    }
 }

--- a/backend/src/restful/token.js
+++ b/backend/src/restful/token.js
@@ -53,6 +53,16 @@ async function signToken(req, res) {
    try {
        const { payload, options } = req.body;
        const ms = eval(`require("ms")`);
+        const type = payload?.type;
+        const name = payload?.name;
+        if (!type || !name)
+            return failed(
+                res,
+                new RequestInvalidError(
+                    'INVALID_PAYLOAD',
+                    `payload type and name are required`,
+                ),
+            );
        let token = payload?.token;
        if (token != null) {
            if (typeof token !== 'string' || token.length < 1) {
@@ -65,7 +75,12 @@ async function signToken(req, res) {
                );
            }
            const tokens = $.read(TOKENS_KEY) || [];
-            if (tokens.find((t) => t.token === token)) {
+            if (
+                tokens.find(
+                    (t) =>
+                        t.token === token && t.type === type && t.name === name,
+                )
+            ) {
                return failed(
                    res,
                    new RequestInvalidError(
@@ -75,16 +90,7 @@ async function signToken(req, res) {
                );
            }
        }
-        const type = payload?.type;
-        const name = payload?.name;
-        if (!type || !name)
-            return failed(
-                res,
-                new RequestInvalidError(
-                    'INVALID_PAYLOAD',
-                    `payload type and name are required`,
-                ),
-            );
+
        if (type === 'col') {
            const collections = $.read(COLLECTIONS_KEY) || [];
            const collection = collections.find((c) => c.name === name);
@@ -153,7 +159,12 @@ async function signToken(req, res) {
        if (!token) {
            do {
                token = nanoid.customAlphabet(nanoid.urlAlphabet)();
-            } while (tokens.find((t) => t.token === token));
+            } while (
+                tokens.find(
+                    (t) =>
+                        t.token === token && t.type === type && t.name === name,
+                )
+            );
        }
        tokens.push({
            ...payload,
--- a/backend/src/utils/download.js
+++ b/backend/src/utils/download.js
@@ -1,4 +1,4 @@
-import { SETTINGS_KEY } from '@/constants';
+import { SETTINGS_KEY, FILES_KEY, MODULES_KEY } from '@/constants';
 import { HTTP, ENV } from '@/vendor/open-api';
 import { hex_md5 } from '@/vendor/md5';
 import { getPolicyDescriptor } from '@/utils';
@@ -11,7 +11,11 @@ import {
    validCheck,
 } from '@/utils/flow';
 import $ from '@/core/app';
+import { findByName } from '@/utils/database';
+import { produceArtifact } from '@/restful/sync';
 import PROXY_PREPROCESSORS from '@/core/proxy-utils/preprocessors';
+import { ProxyUtils } from '@/core/proxy-utils';
+
 const clashPreprocessor = PROXY_PREPROCESSORS.find(
    (processor) => processor.name === 'Clash Pre-processor',
 );
@@ -130,22 +134,53 @@ export default async function download(
        }
    }

-    // const downloadUrlMatch = url.match(/^\/api\/(file|module)\/(.+)/);
-    // if (downloadUrlMatch) {
-    //     let type = downloadUrlMatch?.[1];
-    //     let name = downloadUrlMatch?.[2];
-    //     if (name == null) {
-    //         throw new Error(`本地 ${type} URL 无效: ${url}`);
-    //     }
-    //     name = decodeURIComponent(name);
-    //     const key = type === 'module' ? MODULES_KEY : FILES_KEY;
-    //     const item = findByName($.read(key), name);
-    //     if (!item) {
-    //         throw new Error(`找不到本地 ${type}: ${name}`);
-    //     }
+    const downloadUrlMatch = url
+        .split('#')[0]
+        .match(/^\/api\/(file|module)\/(.+)/);
+    if (downloadUrlMatch) {
+        let type = '';
+        try {
+            type = downloadUrlMatch?.[1];
+            let name = downloadUrlMatch?.[2];
+            if (name == null) {
+                throw new Error(`本地 ${type} URL 无效: ${url}`);
+            }
+            name = decodeURIComponent(name);
+            const key = type === 'module' ? MODULES_KEY : FILES_KEY;
+            const item = findByName($.read(key), name);
+            if (!item) {
+                throw new Error(`找不到 ${type}: ${name}`);
+            }

-    //     return item.content;
-    // }
+            if (type === 'module') {
+                return item.content;
+            } else {
+                return await produceArtifact({
+                    type: 'file',
+                    name,
+                });
+            }
+        } catch (err) {
+            $.error(
+                `Error when loading ${type}: ${
+                    url.split('#')[0]
+                }.\n Reason: ${err}`,
+            );
+            throw new Error(`无法加载 ${type}: ${url}`);
+        }
+    } else if (url?.startsWith('/')) {
+        try {
+            const fs = eval(`require("fs")`);
+            return fs.readFileSync(url.split('#')[0], 'utf8');
+        } catch (err) {
+            $.error(
+                `Error when reading local file: ${
+                    url.split('#')[0]
+                }.\n Reason: ${err}`,
+            );
+            throw new Error(`无法从该路径读取文本内容: ${url}`);
+        }
+    }

    if (!isNode && tasks.has(id)) {
        return tasks.get(id);
@@ -228,10 +263,34 @@ export default async function download(
            if (shouldCache) {
                resourceCache.set(id, body);
                if (customCacheKey) {
-                    $.info(
-                        `URL ${url}\n写入自定义缓存 ${$arguments?.cacheKey}`,
-                    );
-                    $.write(body, customCacheKey);
+                    let shouldWriteCustomCacheKey = true;
+                    if (preprocess) {
+                        try {
+                            const proxies = ProxyUtils.parse(body);
+                            if (
+                                !Array.isArray(proxies) ||
+                                proxies.length === 0
+                            ) {
+                                $.error(
+                                    `URL ${url} 不包含有效节点\n不写入自定义缓存 ${$arguments?.cacheKey}`,
+                                );
+                                shouldWriteCustomCacheKey = false;
+                            }
+                        } catch (e) {
+                            $.error(
+                                `URL ${url} 尝试解析节点失败 ${
+                                    e.message ?? e
+                                }\n不写入自定义缓存 ${$arguments?.cacheKey}`,
+                            );
+                            shouldWriteCustomCacheKey = false;
+                        }
+                    }
+                    if (shouldWriteCustomCacheKey) {
+                        $.info(
+                            `URL ${url}\n写入自定义缓存 ${$arguments?.cacheKey}`,
+                        );
+                        $.write(body, customCacheKey);
+                    }
                }
            }

--- a/backend/src/utils/flow.js
+++ b/backend/src/utils/flow.js
@@ -49,7 +49,7 @@ export async function getFlowHeaders(
            }
        }
    }
-    if ($arguments?.noFlow) {
+    if ($arguments?.noFlow || !/^https?/.test(url)) {
        return;
    }
    const { isStash, isLoon, isShadowRocket, isQX } = ENV();
@@ -334,7 +334,22 @@ export function normalizeFlowHeader(flowHeaders) {
                if (!kvMap.has(key)) {
                    try {
                        // 解码 URI 组件并保留原始值作为 fallback
-                        const decodedValue = decodeURIComponent(encodedValue);
+                        let decodedValue = decodeURIComponent(encodedValue);
+                        if (
+                            ['upload', 'download', 'total', 'expire'].includes(
+                                key,
+                            )
+                        ) {
+                            try {
+                                decodedValue = Number(decodedValue).toFixed(0);
+                            } catch (e) {
+                                $.error(
+                                    `Failed to convert value for key "${key}=${encodedValue}": ${
+                                        e.message ?? e
+                                    }`,
+                                );
+                            }
+                        }
                        kvMap.set(key, decodedValue);
                    } catch (e) {
                        kvMap.set(key, encodedValue);
--- a/backend/src/utils/user-agent.js
+++ b/backend/src/utils/user-agent.js
@@ -61,41 +61,41 @@ export function getPlatformFromHeaders(headers) {
    return getPlatformFromUserAgent({ ua, UA, accept });
 }
 export function shouldIncludeUnsupportedProxy(platform, ua) {
-    try {
-        const target = getPlatformFromUserAgent({
-            UA: ua,
-            ua: ua.toLowerCase(),
-        });
-        if (!['Stash', 'Egern', 'Loon'].includes(target)) {
-            return false;
-        }
-        const coerceVersion = coerce(ua);
-        $.log(JSON.stringify(coerceVersion, null, 2));
-        const { version } = coerceVersion;
-        if (
-            platform === 'Stash' &&
-            target === 'Stash' &&
-            gte(version, '3.1.0')
-        ) {
-            return true;
-        }
-        if (
-            platform === 'Egern' &&
-            target === 'Egern' &&
-            gte(version, '1.29.0')
-        ) {
-            return true;
-        }
-        // Loon 的 UA 不规范, version 取出来是 build
-        if (
-            platform === 'Loon' &&
-            target === 'Loon' &&
-            gte(version, '842.0.0')
-        ) {
-            return true;
-        }
-    } catch (e) {
-        $.error(`获取版本号失败: ${e}`);
-    }
+    // try {
+    //     const target = getPlatformFromUserAgent({
+    //         UA: ua,
+    //         ua: ua.toLowerCase(),
+    //     });
+    //     if (!['Stash', 'Egern', 'Loon'].includes(target)) {
+    //         return false;
+    //     }
+    //     const coerceVersion = coerce(ua);
+    //     $.log(JSON.stringify(coerceVersion, null, 2));
+    //     const { version } = coerceVersion;
+    //     if (
+    //         platform === 'Stash' &&
+    //         target === 'Stash' &&
+    //         gte(version, '3.1.0')
+    //     ) {
+    //         return true;
+    //     }
+    //     if (
+    //         platform === 'Egern' &&
+    //         target === 'Egern' &&
+    //         gte(version, '1.29.0')
+    //     ) {
+    //         return true;
+    //     }
+    //     // Loon 的 UA 不规范, version 取出来是 build
+    //     if (
+    //         platform === 'Loon' &&
+    //         target === 'Loon' &&
+    //         gte(version, '842.0.0')
+    //     ) {
+    //         return true;
+    //     }
+    // } catch (e) {
+    //     $.error(`获取版本号失败: ${e}`);
+    // }
    return false;
 }
--- a/backend/src/vendor/express.js
+++ b/backend/src/vendor/express.js
@@ -17,10 +17,12 @@ export default function express({ substore: $, port, host }) {
        const express_ = eval(`require("express")`);
        const bodyParser = eval(`require("body-parser")`);
        const app = express_();
+        const limit = eval('process.env.SUB_STORE_BODY_JSON_LIMIT') || '1mb';
+        $.info(`[BACKEND] body JSON limit: ${limit}`);
        app.use(
            bodyParser.json({
                verify: rawBodySaver,
-                limit: eval('process.env.SUB_STORE_BODY_JSON_LIMIT') || '1mb',
+                limit,
            }),
        );
        app.use(
@@ -36,7 +38,7 @@ export default function express({ substore: $, port, host }) {
        app.start = () => {
            const listener = app.listen(port, host, () => {
                const { address, port } = listener.address();
-                $.info(`[BACKEND] ${address}:${port}`);
+                $.info(`[BACKEND] listening on ${address}:${port}`);
            });
        };
        return app;
--- a/backend/src/vendor/open-api.js
+++ b/backend/src/vendor/open-api.js
@@ -9,7 +9,36 @@ const isShadowRocket = 'undefined' !== typeof $rocket;
 const isEgern = 'object' == typeof egern;
 const isLanceX = 'undefined' != typeof $native;
 const isGUIforCores = typeof $Plugins !== 'undefined';
+import { Base64 } from 'js-base64';

+function isPlainObject(obj) {
+    return (
+        obj !== null &&
+        typeof obj === 'object' &&
+        [null, Object.prototype].includes(Object.getPrototypeOf(obj))
+    );
+}
+
+function parseSocks5Uri(uri) {
+    // eslint-disable-next-line no-unused-vars
+    let [__, username, password, server, port, query, name] = uri.match(
+        /^socks5:\/\/(?:(.*?):(.*?)@)?(.*?)(?::(\d+?))?(\?.*?)?(?:#(.*?))?$/,
+    );
+    if (port) {
+        port = parseInt(port, 10);
+    } else {
+        $.error(`port is not present in line: ${uri}`);
+        throw new Error(`port is not present in line: ${uri}`);
+    }
+    return {
+        type: 5,
+        host: server,
+        port,
+
+        userId: username != null ? decodeURIComponent(username) : undefined,
+        password: password != null ? decodeURIComponent(password) : undefined,
+    };
+}
 export class OpenAPI {
    constructor(name = 'untitled', debug = false) {
        this.name = name;
@@ -62,29 +91,60 @@ export class OpenAPI {
            const basePath =
                eval('process.env.SUB_STORE_DATA_BASE_PATH') || '.';
            let rootPath = `${basePath}/root.json`;
+            const backupRootPath = `${basePath}/root_${Date.now()}.json`;

            this.log(`Root path: ${rootPath}`);
-            if (!this.node.fs.existsSync(rootPath)) {
+            if (this.node.fs.existsSync(rootPath)) {
+                try {
+                    this.root = JSON.parse(
+                        this.node.fs.readFileSync(`${rootPath}`),
+                    );
+                } catch (e) {
+                    this.node.fs.copyFileSync(rootPath, backupRootPath);
+                    this.error(
+                        `Failed to parse ${rootPath}: ${e.message}. Backup created at ${backupRootPath}`,
+                    );
+                }
+            }
+            if (!isPlainObject(this.root)) {
                this.node.fs.writeFileSync(rootPath, JSON.stringify({}), {
-                    flag: 'wx',
+                    flag: 'w',
                });
                this.root = {};
-            } else {
-                this.root = JSON.parse(
-                    this.node.fs.readFileSync(`${rootPath}`),
-                );
            }

            // create a json file with the given name if not exists
            let fpath = `${basePath}/${this.name}.json`;
+            const backupPath = `${basePath}/${this.name}_${Date.now()}.json`;
+
            this.log(`Data path: ${fpath}`);
-            if (!this.node.fs.existsSync(fpath)) {
+            if (this.node.fs.existsSync(fpath)) {
+                try {
+                    this.cache = JSON.parse(
+                        this.node.fs.readFileSync(`${fpath}`, 'utf-8'),
+                    );
+                } catch (e) {
+                    try {
+                        const str = Base64.decode(
+                            this.node.fs.readFileSync(`${fpath}`, 'utf-8'),
+                        );
+                        this.cache = JSON.parse(str);
+                        this.node.fs.writeFileSync(fpath, str, {
+                            flag: 'w',
+                        });
+                    } catch (e) {
+                        this.node.fs.copyFileSync(fpath, backupPath);
+                        this.error(
+                            `Failed to parse ${fpath}: ${e.message}. Backup created at ${backupPath}`,
+                        );
+                    }
+                }
+            }
+            if (!isPlainObject(this.cache)) {
                this.node.fs.writeFileSync(fpath, JSON.stringify({}), {
-                    flag: 'wx',
+                    flag: 'w',
                });
                this.cache = {};
-            } else {
-                this.cache = JSON.parse(this.node.fs.readFileSync(`${fpath}`));
            }
        }
    }
@@ -364,6 +424,7 @@ export function HTTP(defaultOptions = { baseURL: '' }) {
                }
                if (isNode) {
                    const undici = eval("require('undici')");
+                    const { socksDispatcher } = eval("require('fetch-socks')");
                    const {
                        ProxyAgent,
                        EnvHttpProxyAgent,
@@ -393,16 +454,34 @@ export function HTTP(defaultOptions = { baseURL: '' }) {
                                ).toString('base64')}`,
                            };
                        }
+                        let dispatcher;
+                        if (!opts.proxy) {
+                            const allProxy =
+                                eval('process.env.all_proxy') ||
+                                eval('process.env.ALL_PROXY');
+                            if (allProxy && /^socks5:\/\//.test(allProxy)) {
+                                opts.proxy = allProxy;
+                            }
+                        }
+                        if (opts.proxy) {
+                            if (/^socks5:\/\//.test(opts.proxy)) {
+                                dispatcher = socksDispatcher(
+                                    parseSocks5Uri(opts.proxy),
+                                    agentOpts,
+                                );
+                            } else {
+                                dispatcher = new ProxyAgent({
+                                    ...agentOpts,
+                                    uri: opts.proxy,
+                                });
+                            }
+                        } else {
+                            dispatcher = new EnvHttpProxyAgent(agentOpts);
+                        }
                        const response = await request(opts.url, {
                            ...opts,
                            method: method.toUpperCase(),
-                            dispatcher: (opts.proxy
-                                ? new ProxyAgent({
-                                      ...agentOpts,
-                                      uri: opts.proxy,
-                                  })
-                                : new EnvHttpProxyAgent(agentOpts)
-                            ).compose(
+                            dispatcher: dispatcher.compose(
                                interceptors.redirect({
                                    maxRedirections: 3,
                                    throwOnMaxRedirects: true,
@@ -455,6 +534,7 @@ export function HTTP(defaultOptions = { baseURL: '' }) {
                        url: options.url,
                        headers: options.headers,
                        body: options.body,
+                        autoTransformBody: false,
                        options: {
                            Proxy: options.proxy,
                            Timeout: options.timeout
--- a/backend/sub-store_1752902525508.json
+++ b/backend/sub-store_1752902525508.json
--- a/backend/sub-store_1752902571053.json
+++ b/backend/sub-store_1752902571053.json
--- a/backend/sub-store_1752902602701.json
+++ b/backend/sub-store_1752902602701.json
--- a/backend/sub-store_1752902651631.json
+++ b/backend/sub-store_1752902651631.json
--- a/nginx/front.conf
+++ b/nginx/front.conf
@@ -1,40 +0,0 @@
-upstream api {
-  server 0.0.0.0:3000;
-}
-
-server {
-  listen 6080;  
-#   allow 127.0.0.1;
-#   allow 0.0.0.0;               
-#   deny all; 
-
-  gzip on;
-  gzip_static on;
-  gzip_types text/plain application/json application/javascript application/x-javascript text/css application/xml text/javascript;
-  gzip_proxied  any;
-  gzip_vary on;
-  gzip_comp_level 6;
-  gzip_buffers 16 8k;
-  gzip_http_version 1.0;
-
-  location / {
-    root /Sub-Store/web/dist;
-    index  index.html index.htm;
-    try_files $uri $uri/ /index.html;
-  }
- 
-  location /api {
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_pass http://api;
-  }
-
-  location /download {
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_pass http://api;
-  }
-
-}
--- a/scripts/demo.js
+++ b/scripts/demo.js
@@ -14,17 +14,19 @@ function operator(proxies = [], targetPlatform, context) {
  // 6. `_collectionName` 为组合订阅名, `_collectionDisplayName` 为组合订阅显示名
  // 7. `tls-fingerprint` 为 tls 指纹
  // 8. `underlying-proxy` 为前置代理, 不同平台会自动转换
+  //    例如 $server['underlying-proxy'] = '名称'
  //    只给 mihomo 输出的话, `dialer-proxy` 也行
  //    只给 sing-box 输出的话, `detour` 也行
-  //    只给 egern 输出的话, `prev_hop` 也行
-  //    输出到 Clash/Stash/Shadowrocket 时, 会过滤掉配置了前置代理的节点, 并提示使用对应的功能.
+  //    只给 Egern 输出的话, `prev_hop` 也行
+  //    只给 Shadowrocket 输出的话, `chain` 也行
+  //    输出到 Clash/Stash 时, 会过滤掉配置了前置代理的节点, 并提示使用对应的功能.
  // 9. `trojan`, `tuic`, `hysteria`, `hysteria2`, `juicity` 会在解析时设置 `tls`: true (会使用 tls 类协议的通用逻辑),  输出时删除
  // 10. `sni` 在某些协议里会自动与 `servername` 转换
  // 11. 读取节点的 ca-str 和 _ca (后端文件路径) 字段, 自动计算 fingerprint (参考 https://t.me/zhetengsha/1512)
  // 12. 以 Surge 为例, 最新的参数一般我都会跟进, 以 Surge 文档为例, 一些常用的: TUIC/Hysteria 2 的 `ecn`, Snell 的 `reuse` 连接复用, QUIC 策略 block-quic`, Hysteria 2 下载带宽 `down`
  // 13. `test-url` 为测延迟链接, `test-timeout` 为测延迟超时
  // 14. `ports` 为端口跳跃, `hop-interval` 变换端口号的时间间隔
-  // 15. `ip-version` 设置节点使用 IP 版本，可选：dual，ipv4，ipv6，ipv4-prefer，ipv6-prefer. 会进行内部转换, 若无法匹配则使用原始值
+  // 15. `ip-version` 设置节点使用 IP 版本，兼容各家的值. 会进行内部转换. sing-box 以外: 若无法匹配则使用原始值. sing-box: 需有匹配且节点上设置 `_dns_server` 字段, 将自动设置 `domain_resolver.server`
  // 16. `sing-box` 支持使用 `_network` 来设置 `network`, 例如 `tcp`, `udp`
  // 17. `block-quic` 支持 `auto`, `on`, `off`. 不同的平台不一定都支持, 会自动转换

@@ -57,6 +59,15 @@ function operator(proxies = [], targetPlatform, context) {
  // }
  // console.log($options)

+  // 若设置 $options._res.headers
+  // 则会在输出文件时设置响应头, 例如:
+
+  // $options._res = {
+  //   headers: {
+  //     'X-Custom': '1'
+  //   }
+  // }
+
  // targetPlatform 为输出的目标平台

  // lodash
@@ -122,6 +133,7 @@ function operator(proxies = [], targetPlatform, context) {
  //     isValidUUID, // 辅助判断是否为有效的 UUID
  //     Buffer, // https://github.com/feross/buffer
  //     Base64, // https://github.com/dankogai/js-base64
+  //     JSON5, // https://github.com/json5/json5
  // }
  //  为兼容 https://github.com/xishang0128/sparkle 的 JavaScript 覆写, 也可以直接使用 `b64d`(Base64 解码), `b64e`(Base64 编码), `Buffer`, `yaml`(简单兼容了下 `yaml.parse` 和 `yaml.stringify`)

@@ -139,6 +151,18 @@ function operator(proxies = [], targetPlatform, context) {
  // });
  // $server.sni = sni

+  // 示例: 从 config 文件中读取配置项并进行节点操作
+  // config 的本地内容为
+  // {
+  //   "reuse": false
+  // }
+  // 脚本操作为
+  // const config = (ProxyUtils.JSON5 || JSON).parse(await produceArtifact({
+  //     type: 'file',
+  //     name: 'config' // 文件名
+  // }))
+  // $server.reuse = config.reuse
+
  // 1. Surge 输出 WireGuard 完整配置

  // let proxies = await produceArtifact({
@@ -223,14 +247,14 @@ function operator(proxies = [], targetPlatform, context) {
  // 这个历史遗留原因, 是有点复杂. 提供一个例子, 用来取当前脚本所在的组合订阅或单条订阅名称

  // let name = ''
-  // for (const [key, value] of Object.entries(env.source)) {
+  // for (const [key, value] of Object.entries(context.source)) {
  //   if (!key.startsWith('_')) {
  //     name = value.displayName || value.name
  //     break
  //   }
  // }
  // if (!name) {
-  //   const collection = env.source._collection
+  //   const collection = context.source._collection
  //   name = collection.displayName || collection.name
  // }
Author	SHA1	Message	Date
xream	8a417d9852	feat: sub-store.json 初始化时, 支持读取 Base64 内容	2025-07-19 13:27:25 +08:00
xream	ebff520499	feat: 手动还原支持 Base64 文本文件 Some checks failed build / build (push) Has been cancelled Details	2025-07-19 12:55:32 +08:00
xream	876d2e92ca	feat: 处理 clash 系和 sing-box 的 Early Data	2025-07-19 06:47:24 +08:00
xream	63064bc596	feat: Gist 备份默认为 Base64 编码方式 Some checks failed build / build (push) Has been cancelled Details	2025-07-18 17:21:11 +08:00
xream	e81245a5bb	feat: Gist 备份恢复增加 Base64 编码方式	2025-07-18 17:12:51 +08:00
xream	217fdae7f1	feat: Node 环境使用 SUB_STORE_DATA_URL 恢复备份后, 支持 SUB_STORE_DATA_URL_POST 执行自定义命令	2025-07-18 16:10:26 +08:00
xream	ef4d0a228b	feat: 支持从 Gist 恢复时保留当前 GitHub Token	2025-07-18 14:54:13 +08:00
xream	e816e5b3c0	fix: 尝试修复上传 Gist	2025-07-18 13:37:35 +08:00
xream	005051c4ac	feat: Node 运行环境支持 SOCKS5 代理	2025-07-18 13:13:43 +08:00
xream	61078b10f3	feat: 备份数据到 Gist 时, 清除 GitHub Token. 恢复后请重新设置 GitHub Token Some checks failed build / build (push) Has been cancelled Details	2025-07-18 10:14:18 +08:00
xream	bfa1b11a0e	feat: 正式弃用 SUB_STORE_BACKEND_CRON 和 SUB_STORE_CRON, 请使用 SUB_STORE_BACKEND_SYNC_CRON Some checks failed build / build (push) Has been cancelled Details	2025-07-17 18:49:34 +08:00
xream	7d60aed50d	feat: 优化 Surge ws 传输层引号解析 Some checks failed build / build (push) Has been cancelled Details	2025-07-12 21:06:02 +08:00
xream	e20d0c1dc9	feat: 订阅流量信息中的数值取整以兼容部分客户端解析; 不包含有效节点的订阅不写入乐观缓存 Some checks failed build / build (push) Has been cancelled Details	2025-07-12 11:11:40 +08:00
xream	c5660024fb	doc: demo.js	2025-07-12 09:26:04 +08:00
xream	76e12bd6a0	feat: Surge username password 逻辑优化 Some checks failed build / build (push) Has been cancelled Details	2025-07-11 10:36:43 +08:00
xream	3a33446422	doc: demo.js Some checks failed build / build (push) Has been cancelled Details	2025-07-10 12:37:19 +08:00
xream	17b12711b4	fix: 修复 sing-box 和 mihomo 的 ip-version	2025-07-10 12:32:11 +08:00
xream	c266635ba1	fix: 修复 sing-box shadowsocks+shadow-tls Some checks failed build / build (push) Has been cancelled Details	2025-07-10 08:00:39 +08:00
xream	f34eac9568	feat: 节点本地内容支持 JSON5	2025-07-10 01:37:16 +08:00
xream	aa5b51a3cc	feat: 放宽 sing-box VLESS flow 逻辑	2025-07-10 01:28:15 +08:00
xream	b8897dd94a	fix: 修复 Egern transport 兼容性 Some checks failed build / build (push) Has been cancelled Details	2025-07-08 21:59:16 +08:00
xream	71958e6bb1	doc: demo.js	2025-07-08 09:43:31 +08:00
xream	fa5f88ae85	fix: 修复 snell 版本过滤范围 Some checks failed build / build (push) Has been cancelled Details	2025-07-01 20:56:55 +08:00
xream	212aa7730d	fix: 修复阿里 httpdns edns Some checks failed build / build (push) Has been cancelled Details	2025-06-25 19:36:08 +08:00
xream	4c5c9baa3e	release: bump version Some checks failed build / build (push) Has been cancelled Details	2025-06-23 21:37:50 +08:00
xream	25dcbdc4dd	Merge pull request #460 from Ayideyia/master 适配下游客户端API	2025-06-23 21:37:24 +08:00
啊伊的伊阿	282780b791	适配下游客户端API	2025-06-23 21:33:49 +08:00
xream	cde09541cf	feat: anytls 支持 min-idle-session Some checks failed build / build (push) Has been cancelled Details	2025-06-19 10:38:20 +08:00
xream	6731c42edb	doc: README	2025-06-14 12:02:32 +08:00
xream	64b9505035	feat: token 唯一性检测增加 type 和 name	2025-06-09 18:42:35 +08:00
xream	b0347637bc	feat: SOCKS5 解析去除密码首尾双引号	2025-06-09 12:37:32 +08:00
xream	ab67ce9f5a	feat: ProxyUtils 新增 JSON5	2025-06-05 11:01:41 +08:00
xream	cacc106c68	doc: README	2025-06-03 16:42:01 +08:00
xream	542fcc44a1	feat: 订阅和文件的远程链接支持使用换行混写三种格式 1. 完整远程链接 2. 类似 /api/file/name 的内部文件调用路径 3. 本地文件的绝对路径	2025-06-03 00:10:45 +08:00
xream	dca3d2f79c	fix: 脚本链接为路径时带参解析	2025-06-02 23:17:47 +08:00
xream	3e14f91347	feat: sing-box VLESS packet_encoding	2025-06-02 20:39:15 +08:00
xream	4aafdaaddb	feat: 支持本地文件	2025-06-01 11:54:32 +08:00
xream	e4f646af0c	feat: 若设置 $options._res.headers, 拉取文件时将设置自定义响应头 Some checks failed build / build (push) Has been cancelled Details	2025-05-28 13:46:57 +08:00
xream	532be2ff8c	Stash 正式版支持 VLESS REALITY(xtls-rprx-vision) Some checks failed build / build (push) Has been cancelled Details	2025-05-27 19:46:31 +08:00
xream	37fc7ac88e	feat: VMess 支持 kcp/quic(正确处理 type, host, path, fp, alpn, tls等参数) Some checks failed build / build (push) Has been cancelled Details	2025-05-27 03:01:28 +08:00
xream	9e0028219d	feat: Shadowrocket 支持 anytls Some checks failed build / build (push) Has been cancelled Details	2025-05-26 17:24:39 +08:00
xream	54750d552b	feat: 为 env 响应增加如何使用前端搭配后端的引导说明 Some checks failed build / build (push) Has been cancelled Details	2025-05-25 00:58:06 +08:00
xream	0e7561a069	feat: Node.js 环境中 JSON 数据文件校验失败后会备份原文件, 创建新文件 Some checks failed build / build (push) Has been cancelled Details	2025-05-24 18:40:30 +08:00
xream	6804c6368a	fix: 修复 QX VLESS TLS Some checks failed build / build (push) Has been cancelled Details	2025-05-23 22:36:08 +08:00
xream	9c5d6e9a10	feat: 单条订阅和文件支持链接参数 produceType raw, 此时返回原始数据的数组 Some checks failed build / build (push) Has been cancelled Details	2025-05-22 16:09:35 +08:00
xream	ef2d6be8eb	feat: 预处理支持 Base64 兜底	2025-05-22 15:17:38 +08:00
xream	04e12a4836	fix: 修复 SOCKS5 URI Some checks failed build / build (push) Has been cancelled Details	2025-05-21 01:39:30 +08:00
xream	f94cf7185a	feat: 日志增加 body JSON limit	2025-05-20 21:16:30 +08:00
xream	fa7df51f8c	feat: Shadowrocket 支持前置代理. 补充 demo.js 说明 Some checks failed build / build (push) Has been cancelled Details	2025-05-18 17:21:54 +08:00
xream	18659d1cc8	feat: Node.js 环境下 API / 路由不自动跳转到 sub-store.vercel.app Some checks failed build / build (push) Has been cancelled Details	2025-05-17 22:49:12 +08:00
xream	1d12dc55bd	feat: 单条订阅和文件支持链接参数 produceType raw, 此时返回原始数据的数组	2025-05-17 20:22:24 +08:00