update 2023-06-11 16:20:07

homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js

@@ -177,6 +177,7 @@ function parseShareLink(uri, features) {
 		case 'trojan':
 			/* https://p4gefau1t.github.io/trojan-go/developer/url/ */
 			var url = new URL('http://' + uri[1]);
+			var params = url.searchParams;
 
 			/* Check if password exists */
 			if (!url.username)
@@ -188,9 +189,26 @@ function parseShareLink(uri, features) {
 				address: url.hostname,
 				port: url.port || '80',
 				password: decodeURIComponent(url.username),
+				transport: params.get('type') !== 'tcp' ? params.get('type') : null,
 				tls: '1',
-				tls_sni: url.searchParams.get('sni')
+				tls_sni: params.get('sni')
 			};
+			switch (params.get('type')) {
+			case 'grpc':
+				config.grpc_servicename = params.get('serviceName');
+				break;
+			case 'ws':
+				/* We don't parse "host" param when TLS is enabled, as some providers are abusing it (host vs sni)
+				 * config.ws_host = params.get('host') ? decodeURIComponent(params.get('host')) : null;
+				 */
+				config.ws_path = params.get('path') ? decodeURIComponent(params.get('path')) : null;
+				if (config.ws_path && config.ws_path.includes('?ed=')) {
+					config.websocket_early_data_header = 'Sec-WebSocket-Protocol';
+					config.websocket_early_data = config.ws_path.split('?ed=')[1];
+					config.ws_path = config.ws_path.split('?ed=')[0];
+				}
+				break;
+			}
 
 			break;
 		case 'vless':
@@ -235,6 +253,7 @@ function parseShareLink(uri, features) {
 				}
 				break;
 			case 'ws':
+				/* We don't parse "host" param when TLS is enabled, as some providers are abusing it (host vs sni) */
 				config.ws_host = (config.tls !== '1' && params.get('host')) ? decodeURIComponent(params.get('host')) : null;
 				config.ws_path = params.get('path') ? decodeURIComponent(params.get('path')) : null;
 				if (config.ws_path && config.ws_path.includes('?ed=')) {
@@ -292,6 +311,7 @@ function parseShareLink(uri, features) {
 				}
 				break;
 			case 'ws':
+				/* We don't parse "host" param when TLS is enabled, as some providers are abusing it (host vs sni) */
 				config.ws_host = (config.tls !== '1') ? uri.host : null;
 				config.ws_path = uri.path;
 				if (config.ws_path && config.ws_path.includes('?ed=')) {
@@ -1111,7 +1131,6 @@ return view.extend({
 
 			so = ss.option(form.Value, 'tls_reality_short_id', _('REALITY short ID'));
 			so.depends('tls_reality', '1');
-			so.rmempty = false;
 			so.modalonly = true;
 		}
 		/* TLS config end */

homeproxy/root/etc/homeproxy/scripts/update_subscriptions.uc

@@ -243,7 +243,8 @@ function parse_uri(uri) {
 			break;
 		case 'trojan':
 			/* https://p4gefau1t.github.io/trojan-go/developer/url/ */
-			const trojan_url = parseURL('http://' + uri[1]);
+			const trojan_url = parseURL('http://' + uri[1]),
+			      trojan_params = trojan_url.searchParams || {};
 
 			config = {
 				label: trojan_url.hash ? urldecode(trojan_url.hash) : null,
@@ -251,9 +252,26 @@ function parse_uri(uri) {
 				address: trojan_url.hostname,
 				port: trojan_url.port,
 				password: urldecode(trojan_url.username),
+				transport: (trojan_params.type !== 'tcp') ? trojan_params.type : null,
 				tls: '1',
-				tls_sni: trojan_url.searchParams ? trojan_url.searchParams.sni : null
+				tls_sni: trojan_params.sni
 			};
+			switch(trojan_params.type) {
+			case 'grpc':
+				config.grpc_servicename = trojan_params.serviceName;
+				break;
+			case 'ws':
+				/* We don't parse "host" param when TLS is enabled, as some providers are abusing it (host vs sni)
+				 * config.ws_host = trojan_params.host ? urldecode(trojan_params.host) : null;
+				 */
+				config.ws_path = trojan_params.path ? urldecode(trojan_params.path) : null;
+				if (config.ws_path && match(config.ws_path, /\?ed=/)) {
+					config.websocket_early_data_header = 'Sec-WebSocket-Protocol';
+					config.websocket_early_data = split(config.ws_path, '?ed=')[1];
+					config.ws_path = split(config.ws_path, '?ed=')[0];
+				}
+				break;
+			}
 
 			break;
 		case 'vless':
@@ -301,6 +319,7 @@ function parse_uri(uri) {
 				}
 				break;
 			case 'ws':
+				/* We don't parse "host" param when TLS is enabled, as some providers are abusing it (host vs sni) */
 				config.ws_host = (config.tls !== '1' && vless_params.host) ? urldecode(vless_params.host) : null;
 				config.ws_path = vless_params.path ? urldecode(vless_params.path) : null;
 				if (config.ws_path && match(config.ws_path, /\?ed=/)) {
@@ -376,6 +395,7 @@ function parse_uri(uri) {
 				}
 				break;
 			case 'ws':
+				/* We don't parse "host" param when TLS is enabled, as some providers are abusing it (host vs sni) */
 				config.ws_host = (config.tls !== '1') ? uri.host : null;
 				config.ws_path = uri.path;
 				if (config.ws_path && match(config.ws_path, /\?ed=/)) {

homeproxy/root/etc/init.d/homeproxy

@@ -161,6 +161,8 @@ start_service() {
 			procd_add_jail_mount_rw "$RUN_DIR/sing-box-c.log"
 			procd_add_jail_mount "$HP_DIR/certs/"
 			procd_add_jail_mount "/etc/ssl/"
+			procd_add_jail_mount "/etc/localtime"
+			procd_add_jail_mount "/etc/TZ"
 			procd_set_param capabilities "/etc/capabilities/homeproxy.json"
 			procd_set_param no_new_privs 1
 			procd_set_param user sing-box
@@ -234,6 +236,8 @@ start_service() {
 			procd_add_jail_mount "$RUN_DIR/sing-box-s.json"
 			procd_add_jail_mount_rw "$RUN_DIR/sing-box-s.log"
 			procd_add_jail_mount "$HP_DIR/certs/"
+			procd_add_jail_mount "/etc/localtime"
+			procd_add_jail_mount "/etc/TZ"
 			procd_set_param capabilities "/etc/capabilities/homeproxy.json"
 			procd_set_param no_new_privs 1
 			procd_set_param user sing-box

luci-app-amlogic/Makefile

@@ -16,7 +16,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-amlogic
-PKG_VERSION:=3.1.184
+PKG_VERSION:=3.1.186
 PKG_RELEASE:=1
 
 PKG_LICENSE:=GPL-2.0 License

luci-app-amlogic/root/usr/share/amlogic/amlogic_check_firmware.sh

@@ -133,25 +133,60 @@ fi
 check_updated() {
     tolog "02. Start checking for the latest version..."
 
-    # Query the latest version
-    latest_version="$(
-        curl -s \
-            -H "Accept: application/vnd.github+json" \
-            https://api.github.com/repos/${server_firmware_url}/releases |
-            jq '.[]' |
-            jq -s --arg RTK "${releases_tag_keywords}" '.[] | select(.tag_name | contains($RTK))' |
-            jq -s '.[].assets[] | {data:.updated_at, url:.browser_download_url}' |
-            jq -s --arg BOARD "_${BOARD}_" --arg MLV "${main_line_version}." --arg FSX "${firmware_suffix}" \
-                '.[] | select((.url | contains($BOARD)) and (.url | contains($MLV)) and (.url | endswith($FSX)))' |
-            jq -s 'sort_by(.data)|reverse[]' |
-            jq -s '.[0]' -c
-    )"
-    [[ "${latest_version}" == "null" ]] && tolog "02.01 Invalid OpenWrt download address." "1"
-    latest_updated_at="$(echo ${latest_version} | jq -r '.data')"
-    latest_url="$(echo ${latest_version} | jq -r '.url')"
+    # Set github API default value
+    github_page="1"
+    github_per_page="100"
+    github_releases_results=()
 
-    # Convert to readable date format
-    date_display_format="$(echo ${latest_updated_at} | tr 'T' '(' | tr 'Z' ')')"
+    # Get the release list
+    while true; do
+        response=$(curl -s -L \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            "https://api.github.com/repos/${server_firmware_url}/releases?per_page=${github_per_page}&page=${github_page}")
+
+        # Check if the response is empty or an error occurred
+        if [ -z "${response}" ] || [[ "${response}" == *"Not Found"* ]]; then
+            break
+        fi
+
+        # Append the current page's results to the overall results array
+        github_releases_results+=("${response}")
+
+        # Check if the current page has fewer results than the per_page limit
+        if [ "$(echo "${response}" | jq '. | length')" -lt "${github_per_page}" ]; then
+            break
+        fi
+
+        ((github_page++))
+    done
+
+    # Get the latest version
+    if [[ "${#github_releases_results[*]}" -ne "0" ]]; then
+        # Concatenate all the results into a single JSON array
+        all_results=$(echo "${github_releases_results[*]}" | jq -s 'add')
+
+        # Sort the results
+        latest_version="$(
+            echo "${all_results[*]}" |
+                jq '.[]' |
+                jq -s --arg RTK "${releases_tag_keywords}" '.[] | select(.tag_name | contains($RTK))' |
+                jq -s '.[].assets[] | {data:.updated_at, url:.browser_download_url}' |
+                jq -s --arg BOARD "_${BOARD}_" --arg MLV "${main_line_version}." --arg FSX "${firmware_suffix}" \
+                    '.[] | select((.url | contains($BOARD)) and (.url | contains($MLV)) and (.url | endswith($FSX)))' |
+                jq -s 'sort_by(.data) | reverse | .[0]' -c
+        )"
+        [[ "${latest_version}" == "null" ]] && tolog "02.01 Invalid OpenWrt download address." "1"
+
+        # Get the latest version
+        latest_updated_at="$(echo ${latest_version} | jq -r '.data')"
+        latest_url="$(echo ${latest_version} | jq -r '.url')"
+
+        # Convert to readable date format
+        date_display_format="$(echo ${latest_updated_at} | tr 'T' '(' | tr 'Z' ')')"
+    else
+        tolog "02.02 The search results for releases are empty." "1"
+    fi
 
     # Check the firmware update code
     down_check_code="${latest_updated_at}.${main_line_version}"

luci-app-amlogic/root/usr/share/amlogic/amlogic_check_plugin.sh

@@ -98,18 +98,56 @@ sleep 2
 # 02. Check the version on the server
 tolog "02. Start querying plugin version..."
 
-# Query the latest version
-latest_version="$(
-    curl -s \
-        -H "Accept: application/vnd.github+json" \
-        https://api.github.com/repos/ophub/luci-app-amlogic/releases |
-        jq -r '.[].tag_name' |
-        sort -rV | head -n 1
-)"
-[[ -n "${latest_version}" ]] || tolog "02.01 Query failed, please try again." "1"
-tolog "02.01 current version: ${current_plugin_v}, Latest version: ${latest_version}"
-sleep 2
+# Set github API default value
+github_page="1"
+github_per_page="100"
+github_releases_results=()
 
+# Get the release list
+while true; do
+    response=$(curl -s -L \
+        -H "Accept: application/vnd.github+json" \
+        -H "X-GitHub-Api-Version: 2022-11-28" \
+        "https://api.github.com/repos/ophub/luci-app-amlogic/releases?per_page=${github_per_page}&page=${github_page}")
+
+    # Check if the response is empty or an error occurred
+    if [ -z "${response}" ] || [[ "${response}" == *"Not Found"* ]]; then
+        break
+    fi
+
+    # Append the current page's results to the overall results array
+    github_releases_results+=("${response}")
+
+    # Check if the current page has fewer results than the per_page limit
+    if [ "$(echo "${response}" | jq '. | length')" -lt "${github_per_page}" ]; then
+        break
+    fi
+
+    ((github_page++))
+done
+
+# Get the latest version
+if [[ "${#github_releases_results[*]}" -ne "0" ]]; then
+    # Concatenate all the results into a single JSON array
+    all_results=$(echo "${github_releases_results[*]}" | jq -s 'add')
+
+    # Sort the results
+    latest_version="$(
+        echo "${all_results[*]}" |
+            jq -r '.[].tag_name' |
+            sort -rV | head -n 1
+    )"
+    if [[ "${latest_version}" == "null" ]]; then
+        tolog "02.01 Query failed, please try again." "1"
+    else
+        tolog "02.01 current version: ${current_plugin_v}, Latest version: ${latest_version}"
+        sleep 2
+    fi
+else
+    tolog "02.01 The search results for releases are empty." "1"
+fi
+
+# Compare the version and download the latest version
 if [[ "${current_plugin_v}" == "${latest_version}" ]]; then
     tolog "02.02 Already the latest version, no need to update." "1"
 else
@@ -143,6 +181,6 @@ tolog "03. The plug is ready, you can update."
 sleep 2
 
 #echo '<a href=upload>Update</a>' >$START_LOG
-tolog '<input type="button" class="cbi-button cbi-button-reload" value="Update" onclick="return amlogic_plugin(this)"/> Latest version: '${server_plugin_version}'' "1"
+tolog '<input type="button" class="cbi-button cbi-button-reload" value="Update" onclick="return amlogic_plugin(this)"/> Latest version: '${latest_version}'' "1"
 
 exit 0

luci-app-xray/README.md

@@ -54,6 +54,7 @@ Then find `luci-app-xray` under `Extra Packages`.
 * 2023-04-29 fix: make `fw3` variant actually usable; add REALITY support for `fw3` variant
 * 2023-05-24 feat: `[OpenWrt 22.03 or above only]` support transparent proxy ports filter (fw4)
 * 2023-05-29 feat: `[OpenWrt 22.03 or above only]` add counter in fw4
+* 2023-05-29 chore: change default config to not using proxy
 
 ## Changelog 2022
 

luci-app-xray/fw3/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-xray-fw3
-PKG_VERSION:=2.0.1
+PKG_VERSION:=2.1.1
 PKG_RELEASE:=1
 
 PKG_LICENSE:=MPLv2

luci-app-xray/fw3/root/etc/config/xray_fw3

@@ -19,8 +19,8 @@ config general
 	option lan_ifaces 'br-lan'
 	list wan_bp_ips '114.114.114.114'
 	option xray_api '1'
-	option main_server 'cfg024a8f'
-	option tproxy_udp_server 'cfg034a8f'
+	option main_server 'disabled'
+	option tproxy_udp_server 'disabled'
 	option tproxy_sniffing '1'
 	option routing_domain_strategy 'AsIs'
 	option conn_idle '300'
@@ -30,34 +30,3 @@ config general
 	option downlink_only '5'
 	option buffer_size '512'
 	option direct_bittorrent '1'
-
-config servers
-	option security 'auto'
-	option transport 'tcp'
-	option tcp_guise 'none'
-	option tls '0'
-	option tests_enabled 'none'
-	option protocol 'vless'
-	option server_port '443'
-	option password '00000000-0000-0000-0000-000000000000'
-	option vless_security 'none'
-	option vless_encryption 'none'
-	option server 'example.org'
-	option alias 'VLESS XTLS Splice Example'
-	option vless_flow 'xtls-rprx-splice'
-	option vless_tls 'xtls'
-	option vless_xtls_host 'example.org'
-	option vless_xtls_insecure '0'
-
-config servers
-	option password 'supersecret'
-	option transport 'tcp'
-	option tcp_guise 'none'
-	option server 'example.org'
-	option server_port '443'
-	option protocol 'trojan'
-	option alias 'Trojan Example'
-	option trojan_flow 'none'
-	option trojan_tls 'tls'
-	option trojan_tls_host 'example.org'
-	option trojan_tls_insecure '0'

luci-app-xray/fw4/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-xray-fw4
-PKG_VERSION:=2.1.0
+PKG_VERSION:=2.1.1
 PKG_RELEASE:=1
 
 PKG_LICENSE:=MPLv2

luci-app-xray/fw4/root/etc/config/xray_fw4

@@ -19,8 +19,8 @@ config general
 	option lan_ifaces 'br-lan'
 	list wan_bp_ips '114.114.114.114'
 	option xray_api '1'
-	option main_server 'cfg024a8f'
-	option tproxy_udp_server 'cfg034a8f'
+	option main_server 'disabled'
+	option tproxy_udp_server 'disabled'
 	option tproxy_sniffing '1'
 	option routing_domain_strategy 'AsIs'
 	option conn_idle '300'
@@ -30,34 +30,4 @@ config general
 	option downlink_only '5'
 	option buffer_size '512'
 	option direct_bittorrent '1'
-
-config servers
-	option security 'auto'
-	option transport 'tcp'
-	option tcp_guise 'none'
-	option tls '0'
-	option tests_enabled 'none'
-	option protocol 'vless'
-	option server_port '443'
-	option password '00000000-0000-0000-0000-000000000000'
-	option vless_security 'none'
-	option vless_encryption 'none'
-	option server 'example.org'
-	option alias 'VLESS XTLS Splice Example'
-	option vless_flow 'xtls-rprx-splice'
-	option vless_tls 'xtls'
-	option vless_xtls_host 'example.org'
-	option vless_xtls_insecure '0'
-
-config servers
-	option password 'supersecret'
-	option transport 'tcp'
-	option tcp_guise 'none'
-	option server 'example.org'
-	option server_port '443'
-	option protocol 'trojan'
-	option alias 'Trojan Example'
-	option trojan_flow 'none'
-	option trojan_tls 'tls'
-	option trojan_tls_host 'example.org'
-	option trojan_tls_insecure '0'
+	option transparent_default_port_policy 'forwarded'

luci-app-xray/shared/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-xray-shared
-PKG_VERSION:=2.0.0
+PKG_VERSION:=2.1.1
 PKG_RELEASE:=1
 
 PKG_LICENSE:=MPLv2