feat: SSH 新增 clash.meta(mihomo), 调整 Surge 和 sing-box

2025-08-10 09:39:02 +08:00 · 2024-03-08 19:01:01 +08:00 · 2024-03-08 19:01:01 +08:00 · aaef97cf5d
commit aaef97cf5d
parent 7beff4013f
5 changed files with 15 additions and 3 deletions
--- a/backend/package.json
+++ b/backend/package.json
@ -1,6 +1,6 @@
 {
  "name": "sub-store",
-  "version": "2.14.243",
+  "version": "2.14.244",
  "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and ShadowRocket.",
  "main": "src/main.js",
  "scripts": {
--- a/backend/src/core/proxy-utils/parsers/peggy/surge.js
+++ b/backend/src/core/proxy-utils/parsers/peggy/surge.js
@ -77,7 +77,7 @@ http = tag equals "http" address (username password)? (usernamek passwordk)? (ip
    proxy.type = "http";
    handleShadowTLS();
 }
-ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/private_key/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "ssh";
    handleShadowTLS();
 }
@ -229,6 +229,7 @@ interface = comma "interface" equals match:[^,]+ { proxy.interface = match.join(
 allow_other_interface = comma "allow-other-interface" equals flag:bool { proxy["allow-other-interface"] = flag; }
 hybrid = comma "hybrid" equals flag:bool { proxy.hybrid = flag; }
 idle_timeout = comma "idle-timeout" equals match:$[0-9]+ { proxy["idle-timeout"] = parseInt(match.trim()); }
+private_key = comma "private-key" equals match:[^,]+ { proxy["keystore-private-key"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 server_fingerprint = comma "server-fingerprint" equals match:[^,]+ { proxy["server-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 block_quic = comma "block-quic" equals match:[^,]+ { proxy["block-quic"] = match.join(""); }
 shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
--- a/backend/src/core/proxy-utils/parsers/peggy/surge.peg
+++ b/backend/src/core/proxy-utils/parsers/peggy/surge.peg
@ -75,7 +75,7 @@ http = tag equals "http" address (username password)? (usernamek passwordk)? (ip
    proxy.type = "http";
    handleShadowTLS();
 }
-ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/private_key/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
    proxy.type = "ssh";
    handleShadowTLS();
 }
@ -227,6 +227,7 @@ interface = comma "interface" equals match:[^,]+ { proxy.interface = match.join(
 allow_other_interface = comma "allow-other-interface" equals flag:bool { proxy["allow-other-interface"] = flag; }
 hybrid = comma "hybrid" equals flag:bool { proxy.hybrid = flag; }
 idle_timeout = comma "idle-timeout" equals match:$[0-9]+ { proxy["idle-timeout"] = parseInt(match.trim()); }
+private_key = comma "private-key" equals match:[^,]+ { proxy["keystore-private-key"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 server_fingerprint = comma "server-fingerprint" equals match:[^,]+ { proxy["server-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 block_quic = comma "block-quic" equals match:[^,]+ { proxy["block-quic"] = match.join(""); }
 shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
--- a/backend/src/core/proxy-utils/producers/sing-box.js
+++ b/backend/src/core/proxy-utils/producers/sing-box.js
@ -228,6 +228,9 @@ const sshParser = (proxy = {}) => {
        throw 'invalid port';
    if (proxy.username) parsedProxy.user = proxy.username;
    if (proxy.password) parsedProxy.password = proxy.password;
+    // https://wiki.metacubex.one/config/proxies/ssh
+    // https://sing-box.sagernet.org/zh/configuration/outbound/ssh
+    if (proxy['privateKey']) parsedProxy.private_key_path = proxy['privateKey'];
    if (proxy['server-fingerprint']) {
        parsedProxy.host_key = [proxy['server-fingerprint']];
        // https://manual.nssurge.com/policy/ssh.html
--- a/backend/src/core/proxy-utils/producers/surge.js
+++ b/backend/src/core/proxy-utils/producers/surge.js
@ -356,8 +356,15 @@ function ssh(proxy) {
    const result = new Result(proxy);
    result.append(`${proxy.name}=ssh,${proxy.server},${proxy.port}`);
    result.appendIfPresent(`,${proxy.username}`, 'username');
+    // 所有的类似的字段都有双引号的问题 暂不处理
    result.appendIfPresent(`,${proxy.password}`, 'password');

+    // https://manual.nssurge.com/policy/ssh.html
+    // 需配合 Keystore
+    result.appendIfPresent(
+        `,private-key=${proxy['keystore-private-key']}`,
+        'keystore-private-key',
+    );
    result.appendIfPresent(
        `,idle-timeout=${proxy['idle-timeout']}`,
        'idle-timeout',