feat: 调整规则参数

修复IP-CIDR的option错误

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "web"]
-	path = web
-	url = https://github.com/sub-store-org/Sub-Store-Front-End.git

README.md

@@ -26,15 +26,13 @@ Core functionalities:
 
 ### Supported Input Formats
 
-- [x] SS URI
-- [x] SSR URI
-- [x] SSD URI
-- [x] V2RayN URI
-- [x] Hysteria 2 URI
+- [x] URI(SS, SSR, VMess, VLESS, Trojan, Hysteria, Hysteria 2, TUIC v5)
+- [x] Clash Proxies YAML
+- [x] Clash Proxy JSON(single line)
 - [x] QX (SS, SSR, VMess, Trojan, HTTP, SOCKS5, VLESS)
 - [x] Loon (SS, SSR, VMess, Trojan, HTTP, SOCKS5, WireGuard, VLESS, Hysteria 2)
-- [x] Surge (SS, VMess, Trojan, HTTP, SOCKS5, TUIC, Snell, Hysteria 2, SSR(external, only for macOS), External Proxy Program(only for macOS), WireGuard(Surge to Surge))
-- [x] Surfboard (SS, VMess, Trojan, HTTP, SOCKS5, WireGuard(Surfboard to Surfboard))
+- [x] Surge (SS, VMess, Trojan, HTTP, SOCKS5, SOCKS5-TLS, TUIC, Snell, Hysteria 2, SSH(Password authentication only), SSR(external, only for macOS), External Proxy Program(only for macOS), WireGuard(Surge to Surge))
+- [x] Surfboard (SS, VMess, Trojan, HTTP, SOCKS5, SOCKS5-TLS, WireGuard(Surfboard to Surfboard))
 - [x] Shadowrocket (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, Hysteria 2, TUIC)
 - [x] Clash.Meta (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, Hysteria 2, TUIC)
 - [x] Stash (SS, SSR, VMess, Trojan, HTTP, SOCKS5, Snell, VLESS, WireGuard, Hysteria, TUIC)

backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sub-store",
-  "version": "2.14.218",
+  "version": "2.14.229",
   "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and ShadowRocket.",
   "main": "src/main.js",
   "scripts": {

backend/src/core/proxy-utils/index.js

@@ -1,11 +1,14 @@
 import YAML from '@/utils/yaml';
 import download from '@/utils/download';
-import { isIPv4, isIPv6, isValidPortNumber } from '@/utils';
+import { isIPv4, isIPv6, isValidPortNumber, isNotBlank } from '@/utils';
 import PROXY_PROCESSORS, { ApplyProcessor } from './processors';
 import PROXY_PREPROCESSORS from './preprocessors';
 import PROXY_PRODUCERS from './producers';
 import PROXY_PARSERS from './parsers';
 import $ from '@/core/app';
+import { FILES_KEY, MODULES_KEY } from '@/constants';
+import { findByName } from '@/utils/database';
+import { produceArtifact } from '@/restful/sync';
 
 function preprocess(raw) {
     for (const processor of PROXY_PREPROCESSORS) {
@@ -95,18 +98,50 @@ async function processFn(proxies, operators = [], targetPlatform, source) {
                         }
                     }
                 }
+                url = `${url.split('#')[0]}${noCache ? '#noCache' : ''}`;
+                const downloadUrlMatch = url.match(
+                    /^\/api\/(file|module)\/(.+)/,
+                );
+                if (downloadUrlMatch) {
+                    let type = '';
+                    try {
+                        type = downloadUrlMatch?.[1];
+                        let name = downloadUrlMatch?.[2];
+                        if (name == null) {
+                            throw new Error(`本地 ${type} URL 无效: ${url}`);
+                        }
+                        name = decodeURIComponent(name);
+                        const key = type === 'module' ? MODULES_KEY : FILES_KEY;
+                        const item = findByName($.read(key), name);
+                        if (!item) {
+                            throw new Error(`找不到 ${type}: ${name}`);
+                        }
 
-                // if this is a remote script, download it
-                try {
-                    script = await download(
-                        `${url.split('#')[0]}${noCache ? '#noCache' : ''}`,
-                    );
-                    // $.info(`Script loaded: >>>\n ${script}`);
-                } catch (err) {
-                    $.error(
-                        `Error when downloading remote script: ${item.args.content}.\n Reason: ${err}`,
-                    );
-                    throw new Error(`无法下载脚本: ${url}`);
+                        if (type === 'module') {
+                            script = item.content;
+                        } else {
+                            script = await produceArtifact({
+                                type: 'file',
+                                name,
+                            });
+                        }
+                    } catch (err) {
+                        $.error(
+                            `Error when loading ${type}: ${item.args.content}.\n Reason: ${err}`,
+                        );
+                        throw new Error(`无法加载 ${type}: ${url}`);
+                    }
+                } else {
+                    // if this is a remote script, download it
+                    try {
+                        script = await download(url);
+                        // $.info(`Script loaded: >>>\n ${script}`);
+                    } catch (err) {
+                        $.error(
+                            `Error when downloading remote script: ${item.args.content}.\n Reason: ${err}`,
+                        );
+                        throw new Error(`无法下载脚本: ${url}`);
+                    }
                 }
             } else {
                 script = content;
@@ -151,6 +186,13 @@ function produce(proxies, targetPlatform, type, opts = {}) {
             !(proxy.supported && proxy.supported[targetPlatform] === false),
     );
 
+    proxies = proxies.map((proxy) => {
+        if (!isNotBlank(proxy.name)) {
+            proxy.name = `${proxy.type} ${proxy.server}:${proxy.port}`;
+        }
+        return proxy;
+    });
+
     $.info(`Producing proxies for target: ${targetPlatform}`);
     if (typeof producer.type === 'undefined' || producer.type === 'SINGLE') {
         let localPort = 10000;

backend/src/core/proxy-utils/parsers/index.js

@@ -273,11 +273,17 @@ function URI_VMess() {
                 params.port = port;
                 params.add = server;
             }
+            const server = params.add;
+            const port = parseInt(getIfPresent(params.port), 10);
             const proxy = {
-                name: params.ps ?? params.remarks,
+                name:
+                    params.ps ??
+                    params.remarks ??
+                    params.remark ??
+                    `VMess ${server}:${port}`,
                 type: 'vmess',
-                server: params.add,
-                port: parseInt(getIfPresent(params.port), 10),
+                server,
+                port,
                 cipher: getIfPresent(params.scy, 'auto'),
                 uuid: params.id,
                 alterId: parseInt(
@@ -399,14 +405,18 @@ function URI_VLESS() {
             params[key] = value;
         }
 
-        proxy.name = name ?? params.remarks ?? `VLESS ${server}:${port}`;
+        proxy.name =
+            name ??
+            params.remarks ??
+            params.remark ??
+            `VLESS ${server}:${port}`;
 
         proxy.tls = params.security && params.security !== 'none';
         if (isShadowrocket && /TRUE|1/i.test(params.tls)) {
             proxy.tls = true;
             params.security = params.security ?? 'reality';
         }
-        proxy.sni = params.sni ?? params.peer;
+        proxy.sni = params.sni || params.peer;
         proxy.flow = params.flow;
         if (!proxy.flow && isShadowrocket && params.xtls) {
             // "none" is undefined
@@ -742,6 +752,9 @@ function Clash_All() {
         if (proxy['benchmark-url']) {
             proxy['test-url'] = proxy['benchmark-url'];
         }
+        if (proxy['benchmark-timeout']) {
+            proxy['test-timeout'] = proxy['benchmark-timeout'];
+        }
 
         return proxy;
     };
@@ -1003,6 +1016,14 @@ function Loon_WireGuard() {
     return { name, test, parse };
 }
 
+function Surge_SSH() {
+    const name = 'Surge SSH Parser';
+    const test = (line) => {
+        return /^.*=\s*ssh/.test(line.split(',')[0]);
+    };
+    const parse = (line) => getSurgeParser().parse(line);
+    return { name, test, parse };
+}
 function Surge_SS() {
     const name = 'Surge SS Parser';
     const test = (line) => {
@@ -1173,6 +1194,7 @@ export default [
     URI_Hysteria2(),
     URI_Trojan(),
     Clash_All(),
+    Surge_SSH(),
     Surge_SS(),
     Surge_VMess(),
     Surge_Trojan(),

backend/src/core/proxy-utils/parsers/peggy/surge.js

@@ -37,11 +37,11 @@ const grammars = String.raw`
     }
 }
 
-start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2) {
+start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2/ssh) {
     return proxy;
 }
 
-shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/test_url/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "ss";
     // handle obfs
     if (obfs.type == "http" || obfs.type === "tls") {
@@ -52,7 +52,7 @@ shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/
     }
     handleShadowTLS();
 }
-vmess = tag equals "vmess" address (vmess_uuid/vmess_aead/ws/ws_path/ws_headers/method/ip_version/underlying_proxy/test_url/no_error_alert/tls/sni/tls_fingerprint/tls_verification/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+vmess = tag equals "vmess" address (vmess_uuid/vmess_aead/ws/ws_path/ws_headers/method/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls/sni/tls_fingerprint/tls_verification/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "vmess";
     proxy.cipher = proxy.cipher || "none";
     if (proxy.aead) {
@@ -63,21 +63,25 @@ vmess = tag equals "vmess" address (vmess_uuid/vmess_aead/ws/ws_path/ws_headers/
     handleWebsocket();
     handleShadowTLS();
 }
-trojan = tag equals "trojan" address (passwordk/ws/ws_path/ws_headers/tls/sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/test_url/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+trojan = tag equals "trojan" address (passwordk/ws/ws_path/ws_headers/tls/sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "trojan";
     handleWebsocket();
     handleShadowTLS();
 }
-https = tag equals "https" address (username password)? (usernamek passwordk)? (sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/test_url/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+https = tag equals "https" address (username password)? (usernamek passwordk)? (sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "http";
     proxy.tls = true;
     handleShadowTLS();
 }
-http = tag equals "http" address (username password)? (usernamek passwordk)? (ip_version/underlying_proxy/test_url/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+http = tag equals "http" address (username password)? (usernamek passwordk)? (ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "http";
     handleShadowTLS();
 }
-snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/test_url/no_error_alert/fast_open/udp_relay/reuse/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+    proxy.type = "ssh";
+    handleShadowTLS();
+}
+snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/reuse/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "snell";
     // handle obfs
     if (obfs.type == "http" || obfs.type === "tls") {
@@ -87,28 +91,28 @@ snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_
     }
     handleShadowTLS();
 }
-tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/test_url/no_error_alert/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "tuic";
     handleShadowTLS();
 }
-tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/test_url/no_error_alert/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "tuic";
     proxy.version = 5;
     handleShadowTLS();
 }
-wireguard = tag equals "wireguard" (section_name/no_error_alert/ip_version/underlying_proxy/test_url/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+wireguard = tag equals "wireguard" (section_name/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "wireguard-surge";
     handleShadowTLS();
 }
-hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/test_url/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "hysteria2";
     handleShadowTLS();
 }
-socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/test_url/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "socks5";
     handleShadowTLS();
 }
-socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/test_url/sni/tls_fingerprint/tls_verification/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_fingerprint/tls_verification/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "socks5";
     proxy.tls = true;
     handleShadowTLS();
@@ -218,6 +222,14 @@ no_error_alert = comma "no-error-alert" equals match:[^,]+ { proxy["no-error-ale
 underlying_proxy = comma "underlying-proxy" equals match:[^,]+ { proxy["underlying-proxy"] = match.join(""); }
 download_bandwidth = comma "download-bandwidth" equals match:[^,]+ { proxy.down = match.join(""); }
 test_url = comma "test-url" equals match:[^,]+ { proxy["test-url"] = match.join(""); }
+test_udp = comma "test-udp" equals match:[^,]+ { proxy["test-udp"] = match.join(""); }
+test_timeout = comma "test-timeout" equals match:$[0-9]+ { proxy["test-timeout"] = parseInt(match.trim()); }
+tos = comma "tos" equals match:$[0-9]+ { proxy.tos = parseInt(match.trim()); }
+interface = comma "interface" equals match:[^,]+ { proxy.interface = match.join(""); }
+allow_other_interface = comma "allow-other-interface" equals flag:bool { proxy["allow-other-interface"] = flag; }
+hybrid = comma "hybrid" equals flag:bool { proxy.hybrid = flag; }
+idle_timeout = comma "idle-timeout" equals match:$[0-9]+ { proxy["idle-timeout"] = parseInt(match.trim()); }
+server_fingerprint = comma "server-fingerprint" equals match:[^,]+ { proxy["server-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 block_quic = comma "block-quic" equals match:[^,]+ { proxy["block-quic"] = match.join(""); }
 shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
 shadow_tls_sni = comma "shadow-tls-sni" equals match:[^,]+ { proxy["shadow-tls-sni"] = match.join(""); }

backend/src/core/proxy-utils/parsers/peggy/surge.peg

@@ -35,11 +35,11 @@
     }
 }
 
-start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2) {
+start = (shadowsocks/vmess/trojan/https/http/snell/socks5/socks5_tls/tuic/tuic_v5/wireguard/hysteria2/ssh) {
     return proxy;
 }
 
-shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/test_url/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "ss";
     // handle obfs
     if (obfs.type == "http" || obfs.type === "tls") {
@@ -50,7 +50,7 @@ shadowsocks = tag equals "ss" address (method/passwordk/obfs/obfs_host/obfs_uri/
     }
     handleShadowTLS();
 }
-vmess = tag equals "vmess" address (vmess_uuid/vmess_aead/ws/ws_path/ws_headers/method/ip_version/underlying_proxy/test_url/no_error_alert/tls/sni/tls_fingerprint/tls_verification/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+vmess = tag equals "vmess" address (vmess_uuid/vmess_aead/ws/ws_path/ws_headers/method/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls/sni/tls_fingerprint/tls_verification/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "vmess";
     proxy.cipher = proxy.cipher || "none";
     if (proxy.aead) {
@@ -61,21 +61,25 @@ vmess = tag equals "vmess" address (vmess_uuid/vmess_aead/ws/ws_path/ws_headers/
     handleWebsocket();
     handleShadowTLS();
 }
-trojan = tag equals "trojan" address (passwordk/ws/ws_path/ws_headers/tls/sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/test_url/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+trojan = tag equals "trojan" address (passwordk/ws/ws_path/ws_headers/tls/sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "trojan";
     handleWebsocket();
     handleShadowTLS();
 }
-https = tag equals "https" address (username password)? (usernamek passwordk)? (sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/test_url/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+https = tag equals "https" address (username password)? (usernamek passwordk)? (sni/tls_fingerprint/tls_verification/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "http";
     proxy.tls = true;
     handleShadowTLS();
 }
-http = tag equals "http" address (username password)? (usernamek passwordk)? (ip_version/underlying_proxy/test_url/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+http = tag equals "http" address (username password)? (usernamek passwordk)? (ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "http";
     handleShadowTLS();
 }
-snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/test_url/no_error_alert/fast_open/udp_relay/reuse/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+    proxy.type = "ssh";
+    handleShadowTLS();
+}
+snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_uri/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/udp_relay/reuse/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "snell";
     // handle obfs
     if (obfs.type == "http" || obfs.type === "tls") {
@@ -85,28 +89,28 @@ snell = tag equals "snell" address (snell_version/snell_psk/obfs/obfs_host/obfs_
     }
     handleShadowTLS();
 }
-tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/test_url/no_error_alert/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic = tag equals "tuic" address (alpn/token/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "tuic";
     handleShadowTLS();
 }
-tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/test_url/no_error_alert/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+tuic_v5 = tag equals "tuic-v5" address (alpn/passwordk/uuidk/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/tls_fingerprint/tls_verification/sni/fast_open/tfo/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "tuic";
     proxy.version = 5;
     handleShadowTLS();
 }
-wireguard = tag equals "wireguard" (section_name/no_error_alert/ip_version/underlying_proxy/test_url/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+wireguard = tag equals "wireguard" (section_name/no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "wireguard-surge";
     handleShadowTLS();
 }
-hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/test_url/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+hysteria2 = tag equals "hysteria2" address (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_verification/passwordk/tls_fingerprint/download_bandwidth/ecn/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "hysteria2";
     handleShadowTLS();
 }
-socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/test_url/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5 = tag equals "socks5" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "socks5";
     handleShadowTLS();
 }
-socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/test_url/sni/tls_fingerprint/tls_verification/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+socks5_tls = tag equals "socks5-tls" address (username password)? (usernamek passwordk)? (no_error_alert/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/sni/tls_fingerprint/tls_verification/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "socks5";
     proxy.tls = true;
     handleShadowTLS();
@@ -216,6 +220,14 @@ no_error_alert = comma "no-error-alert" equals match:[^,]+ { proxy["no-error-ale
 underlying_proxy = comma "underlying-proxy" equals match:[^,]+ { proxy["underlying-proxy"] = match.join(""); }
 download_bandwidth = comma "download-bandwidth" equals match:[^,]+ { proxy.down = match.join(""); }
 test_url = comma "test-url" equals match:[^,]+ { proxy["test-url"] = match.join(""); }
+test_udp = comma "test-udp" equals match:[^,]+ { proxy["test-udp"] = match.join(""); }
+test_timeout = comma "test-timeout" equals match:$[0-9]+ { proxy["test-timeout"] = parseInt(match.trim()); }
+tos = comma "tos" equals match:$[0-9]+ { proxy.tos = parseInt(match.trim()); }
+interface = comma "interface" equals match:[^,]+ { proxy.interface = match.join(""); }
+allow_other_interface = comma "allow-other-interface" equals flag:bool { proxy["allow-other-interface"] = flag; }
+hybrid = comma "hybrid" equals flag:bool { proxy.hybrid = flag; }
+idle_timeout = comma "idle-timeout" equals match:$[0-9]+ { proxy["idle-timeout"] = parseInt(match.trim()); }
+server_fingerprint = comma "server-fingerprint" equals match:[^,]+ { proxy["server-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 block_quic = comma "block-quic" equals match:[^,]+ { proxy["block-quic"] = match.join(""); }
 shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }
 shadow_tls_sni = comma "shadow-tls-sni" equals match:[^,]+ { proxy["shadow-tls-sni"] = match.join(""); }

backend/src/core/proxy-utils/processors/index.js

@@ -121,7 +121,7 @@ function QuickSettingOperator(args) {
 }
 
 // add or remove flag for proxies
-function FlagOperator({ mode }) {
+function FlagOperator({ mode, tw }) {
     return {
         name: 'Flag Operator',
         func: (proxies) => {
@@ -135,7 +135,13 @@ function FlagOperator({ mode }) {
                     // remove old flag
                     proxy.name = removeFlag(proxy.name);
                     proxy.name = newFlag + ' ' + proxy.name;
-                    proxy.name = proxy.name.replace(/🇹🇼/g, '🇨🇳');
+                    if (tw == 'ws') {
+                        proxy.name = proxy.name.replace(/🇹🇼/g, '🇼🇸');
+                    } else if (tw == 'tw') {
+                        // 不变
+                    } else {
+                        proxy.name = proxy.name.replace(/🇹🇼/g, '🇨🇳');
+                    }
                 }
                 return proxy;
             });

backend/src/core/proxy-utils/producers/sing-box.js

@@ -178,8 +178,8 @@ const grpcParser = (proxy, parsedProxy) => {
     const transport = { type: 'grpc' };
     if (proxy['grpc-opts']) {
         const serviceName = proxy['grpc-opts']['grpc-service-name'];
-        if (serviceName && serviceName !== '')
-            transport.service_name = serviceName;
+        if (serviceName != null && serviceName !== '')
+            transport.service_name = `${serviceName}`;
     }
     parsedProxy.transport = transport;
 };
@@ -217,6 +217,31 @@ const tlsParser = (proxy, parsedProxy) => {
     if (!parsedProxy.tls.enabled) delete parsedProxy.tls;
 };
 
+const sshParser = (proxy = {}) => {
+    const parsedProxy = {
+        tag: proxy.name,
+        type: 'ssh',
+        server: proxy.server,
+        server_port: parseInt(`${proxy.port}`, 10),
+    };
+    if (parsedProxy.server_port < 0 || parsedProxy.server_port > 65535)
+        throw 'invalid port';
+    if (proxy.username) parsedProxy.user = proxy.username;
+    if (proxy.password) parsedProxy.password = proxy.password;
+    if (proxy['server-fingerprint']) {
+        parsedProxy.host_key = [proxy['server-fingerprint']];
+        // https://manual.nssurge.com/policy/ssh.html
+        // Surge only supports curve25519-sha256 as the kex algorithm and aes128-gcm as the encryption algorithm. It means that the SSH server must use OpenSSH v7.3 or above. (It should not be a problem since OpenSSH 7.3 was released on 2016-08-01.)
+        // TODO: ?
+        parsedProxy.host_key_algorithms = [
+            proxy['server-fingerprint'].split(' ')[0],
+        ];
+    }
+    if (proxy['fast-open']) parsedProxy.udp_fragment = true;
+    tfoParser(proxy, parsedProxy);
+    return parsedProxy;
+};
+
 const httpParser = (proxy = {}) => {
     const parsedProxy = {
         tag: proxy.name,
@@ -588,8 +613,10 @@ const wireguardParser = (proxy = {}) => {
     if (proxy['fast-open']) parsedProxy.udp_fragment = true;
     if (typeof proxy.reserved === 'string') {
         parsedProxy.reserved.push(proxy.reserved);
-    } else {
+    } else if (Array.isArray(proxy.reserved)) {
         for (const r of proxy.reserved) parsedProxy.reserved.push(r);
+    } else {
+        delete parsedProxy.reserved;
     }
     if (proxy.peers && proxy.peers.length > 0) {
         parsedProxy.peers = [];
@@ -603,8 +630,10 @@ const wireguardParser = (proxy = {}) => {
             };
             if (typeof p.reserved === 'string') {
                 peer.reserved.push(p.reserved);
-            } else {
+            } else if (Array.isArray(p.reserved)) {
                 for (const r of p.reserved) peer.reserved.push(r);
+            } else {
+                delete peer.reserved;
             }
             if (p['pre-shared-key']) peer.pre_shared_key = p['pre-shared-key'];
             parsedProxy.peers.push(peer);
@@ -624,6 +653,9 @@ export default function singbox_Producer() {
             .map((proxy) => {
                 try {
                     switch (proxy.type) {
+                        case 'ssh':
+                            list.push(sshParser(proxy));
+                            break;
                         case 'http':
                             list.push(httpParser(proxy));
                             break;

backend/src/core/proxy-utils/producers/stash.js

@@ -250,6 +250,10 @@ export default function Stash_Producer() {
                     proxy['benchmark-url'] = proxy['test-url'];
                     delete proxy['test-url'];
                 }
+                if (proxy['test-timeout']) {
+                    proxy['benchmark-timeout'] = proxy['test-timeout'];
+                    delete proxy['test-timeout'];
+                }
 
                 delete proxy.subName;
                 delete proxy.collectionName;

backend/src/core/proxy-utils/producers/surge.js

@@ -33,6 +33,8 @@ export default function Surge_Producer() {
                 return wireguard_surge(proxy);
             case 'hysteria2':
                 return hysteria2(proxy);
+            case 'ssh':
+                return ssh(proxy);
         }
 
         if (opts['include-unsupported-proxy'] && proxy.type === 'wireguard') {
@@ -119,6 +121,18 @@ function shadowsocks(proxy) {
 
     // test-url
     result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(`,interface=${proxy['interface']}`, 'interface');
 
     // shadow-tls
     if (isPresent(proxy, 'shadow-tls-password')) {
@@ -204,6 +218,18 @@ function trojan(proxy) {
 
     // test-url
     result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(`,interface=${proxy['interface']}`, 'interface');
 
     // shadow-tls
     if (isPresent(proxy, 'shadow-tls-password')) {
@@ -278,6 +304,18 @@ function vmess(proxy) {
 
     // test-url
     result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(`,interface=${proxy['interface']}`, 'interface');
 
     // shadow-tls
     if (isPresent(proxy, 'shadow-tls-password')) {
@@ -305,6 +343,61 @@ function vmess(proxy) {
     return result.toString();
 }
 
+function ssh(proxy) {
+    const result = new Result(proxy);
+    result.append(`${proxy.name}=ssh,${proxy.server},${proxy.port}`);
+    result.appendIfPresent(`,${proxy.username}`, 'username');
+    result.appendIfPresent(`,${proxy.password}`, 'password');
+
+    result.appendIfPresent(
+        `,idle-timeout=${proxy['idle-timeout']}`,
+        'idle-timeout',
+    );
+    result.appendIfPresent(
+        `,server-fingerprint="${proxy['server-fingerprint']}"`,
+        'server-fingerprint',
+    );
+
+    const ip_version = ipVersions[proxy['ip-version']] || proxy['ip-version'];
+    result.appendIfPresent(`,ip-version=${ip_version}`, 'ip-version');
+
+    result.appendIfPresent(
+        `,no-error-alert=${proxy['no-error-alert']}`,
+        'no-error-alert',
+    );
+
+    // tfo
+    result.appendIfPresent(`,tfo=${proxy.tfo}`, 'tfo');
+
+    // udp
+    result.appendIfPresent(`,udp-relay=${proxy.udp}`, 'udp');
+
+    // test-url
+    result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(`,interface=${proxy['interface']}`, 'interface');
+
+    // block-quic
+    result.appendIfPresent(`,block-quic=${proxy['block-quic']}`, 'block-quic');
+
+    // underlying-proxy
+    result.appendIfPresent(
+        `,underlying-proxy=${proxy['underlying-proxy']}`,
+        'underlying-proxy',
+    );
+
+    return result.toString();
+}
 function http(proxy) {
     const result = new Result(proxy);
     const type = proxy.tls ? 'https' : 'http';
@@ -341,6 +434,18 @@ function http(proxy) {
 
     // test-url
     result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(`,interface=${proxy['interface']}`, 'interface');
 
     // shadow-tls
     if (isPresent(proxy, 'shadow-tls-password')) {
@@ -406,6 +511,18 @@ function socks5(proxy) {
 
     // test-url
     result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(`,interface=${proxy['interface']}`, 'interface');
 
     // shadow-tls
     if (isPresent(proxy, 'shadow-tls-password')) {
@@ -469,6 +586,18 @@ function snell(proxy) {
 
     // test-url
     result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(`,interface=${proxy['interface']}`, 'interface');
 
     // shadow-tls
     if (isPresent(proxy, 'shadow-tls-password')) {
@@ -547,6 +676,18 @@ function tuic(proxy) {
 
     // test-url
     result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(`,interface=${proxy['interface']}`, 'interface');
 
     // shadow-tls
     if (isPresent(proxy, 'shadow-tls-password')) {
@@ -609,6 +750,18 @@ ${proxy.name}=wireguard`);
 
     // test-url
     result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(`,interface=${proxy['interface']}`, 'interface');
 
     // shadow-tls
     if (isPresent(proxy, 'shadow-tls-password')) {
@@ -696,6 +849,18 @@ function wireguard_surge(proxy) {
 
     // test-url
     result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(`,interface=${proxy['interface']}`, 'interface');
 
     // shadow-tls
     if (isPresent(proxy, 'shadow-tls-password')) {
@@ -760,6 +925,18 @@ function hysteria2(proxy) {
 
     // test-url
     result.appendIfPresent(`,test-url=${proxy['test-url']}`, 'test-url');
+    result.appendIfPresent(
+        `,test-timeout=${proxy['test-timeout']}`,
+        'test-timeout',
+    );
+    result.appendIfPresent(`,test-udp=${proxy['test-udp']}`, 'test-udp');
+    result.appendIfPresent(`,hybrid=${proxy['hybrid']}`, 'hybrid');
+    result.appendIfPresent(`,tos=${proxy['tos']}`, 'tos');
+    result.appendIfPresent(
+        `,allow-other-interface=${proxy['allow-other-interface']}`,
+        'allow-other-interface',
+    );
+    result.appendIfPresent(`,interface=${proxy['interface']}`, 'interface');
 
     // shadow-tls
     if (isPresent(proxy, 'shadow-tls-password')) {

backend/src/core/rule-utils/parsers.js

@@ -9,7 +9,7 @@ const RULE_TYPES_MAPPING = [
     [/^(IN|SRC)-PORT$/, 'IN-PORT'],
     [/^PROTOCOL$/, 'PROTOCOL'],
     [/^IP-CIDR$/i, 'IP-CIDR'],
-    [/^(IP-CIDR6|ip6-cidr|IP6-CIDR)$/],
+    [/^(IP-CIDR6|ip6-cidr|IP6-CIDR)$/, 'IP-CIDR6'],
 ];
 
 function AllRuleParser() {

backend/src/core/rule-utils/producers.js

@@ -30,8 +30,8 @@ function SurgeRuleSet() {
     const type = 'SINGLE';
     const func = (rule) => {
         let output = `${rule.type},${rule.content}`;
-        if (rule.type === 'IP-CIDR' || rule.type === 'IP-CIDR6') {
-            output += rule.options ? `,${rule.options[0]}` : '';
+        if (['IP-CIDR', 'IP-CIDR6'].includes(rule.type)) {
+            output += rule.options ? `,${rule.options.join(',')}` : '';
         }
         return output;
     };
@@ -44,6 +44,12 @@ function LoonRules() {
         // skip unsupported rules
         const UNSUPPORTED = ['DEST-PORT', 'SRC-IP', 'IN-PORT', 'PROTOCOL'];
         if (UNSUPPORTED.indexOf(rule.type) !== -1) return null;
+        if (['IP-CIDR', 'IP-CIDR6'].includes(rule.type) && rule.options) {
+            // Loon only supports the no-resolve option
+            rule.options = rule.options.filter((option) =>
+                ['no-resolve'].includes(option),
+            );
+        }
         return SurgeRuleSet().func(rule);
     };
     return { type, func };
@@ -62,8 +68,14 @@ function ClashRuleProvider() {
                 let output = `${TRANSFORM[rule.type] || rule.type},${
                     rule.content
                 }`;
-                if (rule.type === 'IP-CIDR' || rule.type === 'IP-CIDR6') {
-                    output += rule.options ? `,${rule.options[0]}` : '';
+                if (['IP-CIDR', 'IP-CIDR6'].includes(rule.type)) {
+                    if (rule.options) {
+                        // Clash only supports the no-resolve option
+                        rule.options = rule.options.filter((option) =>
+                            ['no-resolve'].includes(option),
+                        );
+                    }
+                    output += rule.options ? `,${rule.options.join(',')}` : '';
                 }
                 return output;
             }),

backend/src/utils/download.js

@@ -1,5 +1,4 @@
-import { FILES_KEY, MODULES_KEY, SETTINGS_KEY } from '@/constants';
-import { findByName } from '@/utils/database';
+import { SETTINGS_KEY } from '@/constants';
 import { HTTP, ENV } from '@/vendor/open-api';
 import { hex_md5 } from '@/vendor/md5';
 import resourceCache from '@/utils/resource-cache';
@@ -36,22 +35,22 @@ export default async function download(rawUrl, ua, timeout) {
         }
     }
 
-    const downloadUrlMatch = url.match(/^\/api\/(file|module)\/(.+)/);
-    if (downloadUrlMatch) {
-        let type = downloadUrlMatch?.[1];
-        let name = downloadUrlMatch?.[2];
-        if (name == null) {
-            throw new Error(`本地 ${type} URL 无效: ${url}`);
-        }
-        name = decodeURIComponent(name);
-        const key = type === 'module' ? MODULES_KEY : FILES_KEY;
-        const item = findByName($.read(key), name);
-        if (!item) {
-            throw new Error(`找不到本地 ${type}: ${name}`);
-        }
+    // const downloadUrlMatch = url.match(/^\/api\/(file|module)\/(.+)/);
+    // if (downloadUrlMatch) {
+    //     let type = downloadUrlMatch?.[1];
+    //     let name = downloadUrlMatch?.[2];
+    //     if (name == null) {
+    //         throw new Error(`本地 ${type} URL 无效: ${url}`);
+    //     }
+    //     name = decodeURIComponent(name);
+    //     const key = type === 'module' ? MODULES_KEY : FILES_KEY;
+    //     const item = findByName($.read(key), name);
+    //     if (!item) {
+    //         throw new Error(`找不到本地 ${type}: ${name}`);
+    //     }
 
-        return item.content;
-    }
+    //     return item.content;
+    // }
 
     const { isNode } = ENV();
     const { defaultUserAgent, defaultTimeout } = $.read(SETTINGS_KEY);

backend/src/utils/geo.js

@@ -213,11 +213,16 @@ export function getFlag(name) {
         '🇹🇼': [
             'Taiwan',
             '台湾',
+            '臺灣',
+            '台灣',
+            '中華民國',
+            '中华民国',
             '台北',
             '台中',
             '新北',
             '彰化',
             '台',
+            '臺',
             'Taipei',
         ],
         '🇺🇦': ['Ukraine', '乌克兰', '烏克蘭'],
@@ -371,7 +376,7 @@ export function getFlag(name) {
         '🇹🇭': ['TH', 'THA'],
         '🇹🇳': ['TN', 'TUN'],
         '🇹🇷': ['TR', 'TUR'],
-        '🇹🇼': ['TW', 'TWN', 'CHT', 'HINET'],
+        '🇹🇼': ['TW', 'TWN', 'CHT', 'HINET', 'ROC'],
         '🇺🇦': ['UA', 'UKR'],
         '🇺🇸': ['US', 'USA', 'LAX', 'SFO'],
         '🇺🇾': ['UY', 'URY'],

backend/src/vendor/open-api.js

@@ -312,7 +312,7 @@ export function HTTP(defaultOptions = { baseURL: '' }) {
                     ? eval("require('request')")
                     : $httpClient;
                 request[method.toLowerCase()](
-                    options,
+                    JSON.parse(JSON.stringify(options)),
                     (err, response, body) => {
                         // if (err) {
                         //     console.log(err);

config/Loon.plugin

@@ -1,5 +1,5 @@
 #!name=Sub-Store
-#!desc=高级订阅管理工具. 定时任务默认为每天 0 点
+#!desc=高级订阅管理工具. 定时任务默认为每天 23 点 55 分
 #!openUrl=https://sub.store
 #!author=Peng-YM
 #!homepage=https://github.com/sub-store-org/Sub-Store
@@ -17,4 +17,4 @@ hostname=sub.store
 http-request ^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))) script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js, requires-body=true, timeout=120, tag=Sub-Store Core
 http-request ^https?:\/\/sub\.store script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js, requires-body=true, timeout=120, tag=Sub-Store Simple
 
-cron "0 0 * * *" script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js, tag=Sub-Store Sync
+cron "55 23 * * *" script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js, tag=Sub-Store Sync

config/QX-Task.json

@@ -1,7 +1,7 @@
 {
   "name": "Sub-Store",
-  "description": "定时任务默认为每天 0 点",
+  "description": "定时任务默认为每天 23 点 55 分",
   "task": [
-    "0 0 * * * https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js, tag=Sub-Store Sync, img-url=https://raw.githubusercontent.com/58xinian/icon/master/Sub-Store1.png"
+    "55 23 * * * https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js, tag=Sub-Store Sync, img-url=https://raw.githubusercontent.com/58xinian/icon/master/Sub-Store1.png"
   ]
 }

config/README.md

@@ -17,7 +17,9 @@ Telegram 频道: [`https://t.me/cool_scripts` ](https://t.me/cool_scripts)
 
 1. 官方默认版模块(目前不带 ability 参数, 不保证以后不会改动): [`https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge.sgmodule`](https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge.sgmodule)
 
-2. 固定带 ability 参数版本,可能会爆内存, 如果需要使用指定节点功能 例如[加国旗脚本或者cname脚本] 请使用此带 ability 参数版本: [`https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge-ability.sgmodule`](https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge-ability.sgmodule)
+2. 固定带 ability 参数版本,可能会爆内存, 如果需要使用指定节点功能 例如[加旗帜脚本或者cname脚本] 请使用此带 ability 参数版本: [`https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge-ability.sgmodule`](https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge-ability.sgmodule)
+
+> 最新 Surge iOS TestFlight 版本应该没有内存问题了 可以大胆尝试带 ability 参数版本
 
 3. 固定不带 ability 参数版本： [`https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge-Noability.sgmodule`](https://raw.githubusercontent.com/sub-store-org/Sub-Store/master/config/Surge-Noability.sgmodule)
 

config/Stash.stoverride

@@ -1,5 +1,5 @@
 name: Sub-Store
-desc: 高级订阅管理工具 @Peng-YM. 定时任务默认为每天 0 点
+desc: 高级订阅管理工具 @Peng-YM. 定时任务默认为每天  23 点 55 分
 icon: https://raw.githubusercontent.com/cc63/ICON/main/Sub-Store.png
 
 http:
@@ -20,7 +20,7 @@ http:
 cron:
   script:
     - name: cron-sync-artifacts
-      cron: "0 0 * * *"
+      cron: "55 23 * * *"
       timeout: 120
 
 script-providers:

config/Surge-Beta.sgmodule

@@ -1,8 +1,8 @@
 #!name=Sub-Store(β)
-#!desc=支持最新 Surge iOS TestFlight 版本的参数设置功能. 测落地功能 ability: http-client-policy, 同步配置的定时 cronexp: 0 0 * * *
+#!desc=支持最新 Surge iOS TestFlight 版本的参数设置功能. 测落地功能 ability: http-client-policy, 同步配置的定时 cronexp: 55 23 * * *
 #!category=订阅管理
-#!arguments=ability:http-client-policy,cronexp:0 0 * * *,sync:"Sub-Store Sync"
-#!arguments-desc="\n1️⃣ ability\n默认已开启测落地能力\n需要配合脚本操作\n如 https://raw.githubusercontent.com/Keywos/rule/main/cname.js\n⚠️ Surge 上时候可能会爆内存\n不需要使用的时候应该关闭\n填写任意其他值关闭\n\n2️⃣ cronexp\n同步配置定时任务\n默认为每天 0 点\n\n3️⃣ sync\n自定义定时任务名\n便于在脚本编辑器中选择\n若设为 # 可取消定时任务"
+#!arguments=ability:http-client-policy,cronexp:55 23 * * *,sync:"Sub-Store Sync"
+#!arguments-desc="\n1️⃣ ability\n默认已开启测落地能力\n需要配合脚本操作\n如 https://raw.githubusercontent.com/Keywos/rule/main/cname.js\n⚠️ Surge 上时候可能会爆内存\n不需要使用的时候应该关闭\n填写任意其他值关闭\n\n2️⃣ cronexp\n同步配置定时任务\n默认为每天 23 点 55 分\n\n3️⃣ sync\n自定义定时任务名\n便于在脚本编辑器中选择\n若设为 # 可取消定时任务"
 
 [MITM]
 hostname = %APPEND% sub.store

config/Surge-Noability.sgmodule

@@ -1,13 +1,13 @@
 #!name=Sub-Store
-#!desc=高级订阅管理工具 @Peng-YM  无 ability 参数版本,不会爆内存, 如果需要使用指定节点功能 例如[加国旗脚本或者cname脚本] 可以用带 ability 参数. 定时任务默认为每天 0 点
+#!desc=高级订阅管理工具 @Peng-YM  无 ability 参数版本,不会爆内存, 如果需要使用指定节点功能 例如[加旗帜脚本或者cname脚本] 可以用带 ability 参数. 定时任务默认为每天  23 点 55 分
 #!category=订阅管理
 
 [MITM]
 hostname = %APPEND% sub.store
 
 [Script]
-# 主程序 已经去掉 Sub-Store Core 的参数 [,ability=http-client-policy] 不会爆内存，这个参数在 Surge 非常占用内存； 如果不需要使用指定节点功能 例如[加国旗脚本或者cname脚本] 则可以使用此脚本
+# 主程序 已经去掉 Sub-Store Core 的参数 [,ability=http-client-policy] 不会爆内存，这个参数在 Surge 非常占用内存； 如果不需要使用指定节点功能 例如[加旗帜脚本或者cname脚本] 则可以使用此脚本
 Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout=120
 Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true
 
-Sub-Store Sync=type=cron,cronexp=0 0 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
+Sub-Store Sync=type=cron,cronexp=55 23 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js

config/Surge-ability.sgmodule

@@ -1,5 +1,5 @@
 #!name=Sub-Store
-#!desc=高级订阅管理工具 @Peng-YM  带 ability 参数版本, 可能会爆内存, 如果不需要使用指定节点功能 例如[加国旗脚本或者cname脚本] 可以用不带 ability 参数版本. 定时任务默认为每天 0 点
+#!desc=高级订阅管理工具 @Peng-YM  带 ability 参数版本, 可能会爆内存, 如果不需要使用指定节点功能 例如[加旗帜脚本或者cname脚本] 可以用不带 ability 参数版本. 定时任务默认为每天 23 点 55 分
 #!category=订阅管理
 
 [MITM]
@@ -9,4 +9,4 @@ hostname = %APPEND% sub.store
 Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout=120,ability=http-client-policy
 Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true
 
-Sub-Store Sync=type=cron,cronexp=0 0 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
+Sub-Store Sync=type=cron,cronexp=55 23 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js

config/Surge.sgmodule

@@ -1,5 +1,5 @@
 #!name=Sub-Store
-#!desc=高级订阅管理工具 @Peng-YM  无 ability 参数版本,不会爆内存, 如果需要使用指定节点功能 例如[加国旗脚本或者cname脚本] 可以用带 ability 参数. 定时任务默认为每天 0 点
+#!desc=高级订阅管理工具 @Peng-YM  无 ability 参数版本,不会爆内存, 如果需要使用指定节点功能 例如[加旗帜脚本或者cname脚本] 可以用带 ability 参数. 定时任务默认为每天 23 点 55 分
 #!category=订阅管理
 
 [MITM]
@@ -9,4 +9,4 @@ hostname = %APPEND% sub.store
 Sub-Store Core=type=http-request,pattern=^https?:\/\/sub\.store\/((download)|api\/(preview|sync|(utils\/node-info))),script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-1.min.js,requires-body=true,timeout=120
 Sub-Store Simple=type=http-request,pattern=^https?:\/\/sub\.store,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store-0.min.js,requires-body=true
 
-Sub-Store Sync=type=cron,cronexp=0 0 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js
+Sub-Store Sync=type=cron,cronexp=55 23 * * *,wake-system=1,timeout=120,script-path=https://github.com/sub-store-org/Sub-Store/releases/latest/download/cron-sync-artifacts.min.js