feat: SSH 新增 clash.meta(mihomo), 调整 Surge 和 sing-box

backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sub-store",
-  "version": "2.14.236",
+  "version": "2.14.244",
   "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and ShadowRocket.",
   "main": "src/main.js",
   "scripts": {

backend/src/core/proxy-utils/parsers/index.js

@@ -722,6 +722,7 @@ function Clash_All() {
                 'hysteria',
                 'hysteria2',
                 'wireguard',
+                'ssh',
             ].includes(proxy.type)
         ) {
             throw new Error(

backend/src/core/proxy-utils/parsers/peggy/surge.js

@@ -77,7 +77,7 @@ http = tag equals "http" address (username password)? (usernamek passwordk)? (ip
     proxy.type = "http";
     handleShadowTLS();
 }
-ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/private_key/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "ssh";
     handleShadowTLS();
 }
@@ -229,6 +229,7 @@ interface = comma "interface" equals match:[^,]+ { proxy.interface = match.join(
 allow_other_interface = comma "allow-other-interface" equals flag:bool { proxy["allow-other-interface"] = flag; }
 hybrid = comma "hybrid" equals flag:bool { proxy.hybrid = flag; }
 idle_timeout = comma "idle-timeout" equals match:$[0-9]+ { proxy["idle-timeout"] = parseInt(match.trim()); }
+private_key = comma "private-key" equals match:[^,]+ { proxy["keystore-private-key"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 server_fingerprint = comma "server-fingerprint" equals match:[^,]+ { proxy["server-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 block_quic = comma "block-quic" equals match:[^,]+ { proxy["block-quic"] = match.join(""); }
 shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }

backend/src/core/proxy-utils/parsers/peggy/surge.peg

@@ -75,7 +75,7 @@ http = tag equals "http" address (username password)? (usernamek passwordk)? (ip
     proxy.type = "http";
     handleShadowTLS();
 }
-ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
+ssh = tag equals "ssh" address (username password)? (usernamek passwordk)? (server_fingerprint/idle_timeout/private_key/ip_version/underlying_proxy/tos/allow_other_interface/interface/test_url/test_udp/test_timeout/hybrid/no_error_alert/fast_open/shadow_tls_version/shadow_tls_sni/shadow_tls_password/block_quic/others)* {
     proxy.type = "ssh";
     handleShadowTLS();
 }
@@ -227,6 +227,7 @@ interface = comma "interface" equals match:[^,]+ { proxy.interface = match.join(
 allow_other_interface = comma "allow-other-interface" equals flag:bool { proxy["allow-other-interface"] = flag; }
 hybrid = comma "hybrid" equals flag:bool { proxy.hybrid = flag; }
 idle_timeout = comma "idle-timeout" equals match:$[0-9]+ { proxy["idle-timeout"] = parseInt(match.trim()); }
+private_key = comma "private-key" equals match:[^,]+ { proxy["keystore-private-key"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 server_fingerprint = comma "server-fingerprint" equals match:[^,]+ { proxy["server-fingerprint"] = match.join("").replace(/^"(.*)"$/, '$1'); }
 block_quic = comma "block-quic" equals match:[^,]+ { proxy["block-quic"] = match.join(""); }
 shadow_tls_version = comma "shadow-tls-version" equals match:$[0-9]+ { proxy["shadow-tls-version"] = parseInt(match.trim()); }

backend/src/core/proxy-utils/processors/index.js

@@ -357,11 +357,41 @@ function ScriptOperator(script, targetPlatform, $arguments, source) {
     };
 }
 
+function parseIP4P(IP4P) {
+    let server;
+    let port;
+    try {
+        if (!/^2001::[^:]+:[^:]+:[^:]+$/.test(IP4P)) {
+            throw new Error(`Invalid IP4P: ${IP4P}`);
+        }
+        let array = IP4P.split(':');
+
+        port = parseInt(array[2], 16);
+        let ipab = parseInt(array[3], 16);
+        let ipcd = parseInt(array[4], 16);
+        let ipa = ipab >> 8;
+        let ipb = ipab & 0xff;
+        let ipc = ipcd >> 8;
+        let ipd = ipcd & 0xff;
+        server = `${ipa}.${ipb}.${ipc}.${ipd}`;
+        if (port <= 0 || port > 65535) {
+            throw new Error(`Invalid port number: ${port}`);
+        }
+        if (!isIPv4(server)) {
+            throw new Error(`Invalid IP address: ${server}`);
+        }
+    } catch (e) {
+        // throw new Error(`IP4P 解析失败: ${e}`);
+        $.error(`IP4P 解析失败: ${e}`);
+    }
+    return { server, port };
+}
+
 const DOMAIN_RESOLVERS = {
-    Google: async function (domain, type) {
+    Google: async function (domain, type, noCache) {
         const id = hex_md5(`GOOGLE:${domain}:${type}`);
         const cached = resourceCache.get(id);
-        if (cached) return cached;
+        if (!noCache && cached) return cached;
         const resp = await $.http.get({
             url: `https://8.8.4.4/resolve?name=${encodeURIComponent(
                 domain,
@@ -382,10 +412,13 @@ const DOMAIN_RESOLVERS = {
         resourceCache.set(id, result);
         return result;
     },
-    'IP-API': async function (domain) {
+    'IP-API': async function (domain, type, noCache) {
+        if (['IPv6'].includes(type)) {
+            throw new Error(`域名解析服务提供方 IP-API 不支持 ${type}`);
+        }
         const id = hex_md5(`IP-API:${domain}`);
         const cached = resourceCache.get(id);
-        if (cached) return cached;
+        if (!noCache && cached) return cached;
         const resp = await $.http.get({
             url: `http://ip-api.com/json/${encodeURIComponent(
                 domain,
@@ -399,10 +432,10 @@ const DOMAIN_RESOLVERS = {
         resourceCache.set(id, result);
         return result;
     },
-    Cloudflare: async function (domain, type) {
+    Cloudflare: async function (domain, type, noCache) {
         const id = hex_md5(`CLOUDFLARE:${domain}:${type}`);
         const cached = resourceCache.get(id);
-        if (cached) return cached;
+        if (!noCache && cached) return cached;
         const resp = await $.http.get({
             url: `https://1.0.0.1/dns-query?name=${encodeURIComponent(
                 domain,
@@ -423,10 +456,10 @@ const DOMAIN_RESOLVERS = {
         resourceCache.set(id, result);
         return result;
     },
-    Ali: async function (domain, type) {
+    Ali: async function (domain, type, noCache) {
         const id = hex_md5(`ALI:${domain}:${type}`);
         const cached = resourceCache.get(id);
-        if (cached) return cached;
+        if (!noCache && cached) return cached;
         const resp = await $.http.get({
             url: `http://223.6.6.6/resolve?name=${encodeURIComponent(
                 domain,
@@ -443,10 +476,10 @@ const DOMAIN_RESOLVERS = {
         resourceCache.set(id, result);
         return result;
     },
-    Tencent: async function (domain, type) {
+    Tencent: async function (domain, type, noCache) {
         const id = hex_md5(`ALI:${domain}:${type}`);
         const cached = resourceCache.get(id);
-        if (cached) return cached;
+        if (!noCache && cached) return cached;
         const resp = await $.http.get({
             url: `http://119.28.28.28/d?type=${
                 type === 'IPv6' ? 'AAAA' : 'A'
@@ -465,10 +498,12 @@ const DOMAIN_RESOLVERS = {
     },
 };
 
-function ResolveDomainOperator({ provider, type, filter }) {
-    if (type === 'IPv6' && ['IP-API'].includes(provider)) {
-        throw new Error(`域名解析服务提供方 ${provider} 不支持 IPv6`);
+function ResolveDomainOperator({ provider, type: _type, filter, cache }) {
+    if (['IPv6', 'IP4P'].includes(_type) && ['IP-API'].includes(provider)) {
+        throw new Error(`域名解析服务提供方 ${provider} 不支持 ${_type}`);
     }
+    let type = ['IPv6', 'IP4P'].includes(_type) ? 'IPv6' : 'IPv4';
+
     const resolver = DOMAIN_RESOLVERS[provider];
     if (!resolver) {
         throw new Error(`找不到域名解析服务提供方: ${provider}`);
@@ -490,7 +525,7 @@ function ResolveDomainOperator({ provider, type, filter }) {
                 const currentBatch = [];
                 for (let domain of totalDomain.splice(0, limit)) {
                     currentBatch.push(
-                        resolver(domain, type)
+                        resolver(domain, type, cache === 'disabled')
                             .then((ip) => {
                                 results[domain] = ip;
                                 $.info(
@@ -509,8 +544,19 @@ function ResolveDomainOperator({ provider, type, filter }) {
             proxies.forEach((p) => {
                 if (!p['no-resolve']) {
                     if (results[p.server]) {
-                        p.server = results[p.server];
-                        p.resolved = true;
+                        if (_type === 'IP4P') {
+                            const { server, port } = parseIP4P(
+                                results[p.server],
+                            );
+                            if (server && port) {
+                                p.server = server;
+                                p.port = port;
+                                p.resolved = true;
+                            }
+                        } else {
+                            p.server = results[p.server];
+                            p.resolved = true;
+                        }
                     } else {
                         p.resolved = false;
                     }

backend/src/core/proxy-utils/producers/sing-box.js

@@ -228,6 +228,9 @@ const sshParser = (proxy = {}) => {
         throw 'invalid port';
     if (proxy.username) parsedProxy.user = proxy.username;
     if (proxy.password) parsedProxy.password = proxy.password;
+    // https://wiki.metacubex.one/config/proxies/ssh
+    // https://sing-box.sagernet.org/zh/configuration/outbound/ssh
+    if (proxy['privateKey']) parsedProxy.private_key_path = proxy['privateKey'];
     if (proxy['server-fingerprint']) {
         parsedProxy.host_key = [proxy['server-fingerprint']];
         // https://manual.nssurge.com/policy/ssh.html

backend/src/core/proxy-utils/producers/surge.js

@@ -356,8 +356,15 @@ function ssh(proxy) {
     const result = new Result(proxy);
     result.append(`${proxy.name}=ssh,${proxy.server},${proxy.port}`);
     result.appendIfPresent(`,${proxy.username}`, 'username');
+    // 所有的类似的字段都有双引号的问题 暂不处理
     result.appendIfPresent(`,${proxy.password}`, 'password');
 
+    // https://manual.nssurge.com/policy/ssh.html
+    // 需配合 Keystore
+    result.appendIfPresent(
+        `,private-key=${proxy['keystore-private-key']}`,
+        'keystore-private-key',
+    );
     result.appendIfPresent(
         `,idle-timeout=${proxy['idle-timeout']}`,
         'idle-timeout',
@@ -843,7 +850,7 @@ private-key = ${proxy['private-key']}`);
     }
     const peer = {
         'public-key': proxy['public-key'],
-        'allowed-ips': allowedIps,
+        'allowed-ips': allowedIps ? `"${allowedIps}"` : undefined,
         endpoint: `${proxy.server}:${proxy.port}`,
         keepalive: proxy['persistent-keepalive'] || proxy.keepalive,
         'client-id': reserved,

backend/src/restful/subscriptions.js

@@ -43,7 +43,10 @@ async function getFlowInfo(req, res) {
         );
         return;
     }
-    if (sub.source === 'local') {
+    if (
+        sub.source === 'local' &&
+        !['localFirst', 'remoteFirst'].includes(sub.mergeSources)
+    ) {
         failed(
             res,
             new RequestInvalidError(
@@ -55,7 +58,42 @@ async function getFlowInfo(req, res) {
         return;
     }
     try {
-        const flowHeaders = await getFlowHeaders(sub.url);
+        let url = `${sub.url}`
+            .split(/[\r\n]+/)
+            .map((i) => i.trim())
+            .filter((i) => i.length)?.[0];
+
+        let $arguments = {};
+        const rawArgs = url.split('#');
+        url = url.split('#')[0];
+        if (rawArgs.length > 1) {
+            try {
+                // 支持 `#${encodeURIComponent(JSON.stringify({arg1: "1"}))}`
+                $arguments = JSON.parse(decodeURIComponent(rawArgs[1]));
+            } catch (e) {
+                for (const pair of rawArgs[1].split('&')) {
+                    const key = pair.split('=')[0];
+                    const value = pair.split('=')[1];
+                    // 部分兼容之前的逻辑 const value = pair.split('=')[1] || true;
+                    $arguments[key] =
+                        value == null || value === ''
+                            ? true
+                            : decodeURIComponent(value);
+                }
+            }
+        }
+        if ($arguments.noFlow) {
+            failed(
+                res,
+                new RequestInvalidError(
+                    'NO_FLOW_INFO',
+                    'N/A',
+                    `Subscription ${name}: noFlow`,
+                ),
+            );
+            return;
+        }
+        const flowHeaders = await getFlowHeaders(url);
         if (!flowHeaders) {
             failed(
                 res,

backend/src/utils/download.js

@@ -53,7 +53,8 @@ export default async function download(rawUrl, ua, timeout) {
     // }
 
     const { isNode } = ENV();
-    const { defaultUserAgent, defaultTimeout } = $.read(SETTINGS_KEY);
+    const { defaultUserAgent, defaultTimeout, cacheThreshold } =
+        $.read(SETTINGS_KEY);
     const userAgent = ua || defaultUserAgent || 'clash.meta';
     const requestTimeout = timeout || defaultTimeout;
     const id = hex_md5(userAgent + url);
@@ -90,8 +91,22 @@ export default async function download(rawUrl, ua, timeout) {
             }
             if (body.replace(/\s/g, '').length === 0)
                 throw new Error(new Error('远程资源内容为空'));
+            let shouldCache = true;
+            if (cacheThreshold) {
+                const size = body.length / 1024;
+                if (size > cacheThreshold) {
+                    $.info(
+                        `资源大小 ${size.toFixed(
+                            2,
+                        )} KB 超过了 ${cacheThreshold} KB, 不缓存`,
+                    );
+                    shouldCache = false;
+                }
+            }
+            if (shouldCache) {
+                resourceCache.set(id, body);
+            }
 
-            resourceCache.set(id, body);
             result = body;
         } catch (e) {
             throw new Error(`无法下载 URL ${url}: ${e.message ?? e}`);

backend/src/utils/env.js

@@ -1,7 +1,16 @@
 import { version as substoreVersion } from '../../package.json';
 import { ENV } from '@/vendor/open-api';
 
-const { isNode, isQX, isLoon, isSurge, isStash, isShadowRocket } = ENV();
+const {
+    isNode,
+    isQX,
+    isLoon,
+    isSurge,
+    isStash,
+    isShadowRocket,
+    isLanceX,
+    isEgern,
+} = ENV();
 let backend = 'Node';
 if (isNode) backend = 'Node';
 if (isQX) backend = 'QX';
@@ -9,8 +18,44 @@ if (isLoon) backend = 'Loon';
 if (isSurge) backend = 'Surge';
 if (isStash) backend = 'Stash';
 if (isShadowRocket) backend = 'ShadowRocket';
+if (isEgern) backend = 'Egern';
+if (isLanceX) backend = 'LanceX';
+
+let meta = {};
+
+try {
+    if (typeof $environment !== 'undefined') {
+        // eslint-disable-next-line no-undef
+        meta.env = $environment;
+    }
+    if (typeof $loon !== 'undefined') {
+        // eslint-disable-next-line no-undef
+        meta.loon = $loon;
+    }
+    if (typeof $script !== 'undefined') {
+        // eslint-disable-next-line no-undef
+        meta.script = $script;
+    }
+    if (isNode) {
+        meta.node = {
+            version: eval('process.version'),
+            argv: eval('process.argv'),
+            filename: eval('__filename'),
+            dirname: eval('__dirname'),
+            env: {},
+        };
+        const env = eval('process.env');
+        for (const key in env) {
+            if (/^SUB_STORE_/.test(key)) {
+                meta.node.env[key] = env[key];
+            }
+        }
+    }
+    // eslint-disable-next-line no-empty
+} catch (e) {}
 
 export default {
     backend,
     version: substoreVersion,
+    meta,
 };

backend/src/vendor/open-api.js

@@ -6,6 +6,8 @@ const isNode = eval(`typeof process !== "undefined"`); // eval is needed in orde
 const isStash =
     'undefined' !== typeof $environment && $environment['stash-version'];
 const isShadowRocket = 'undefined' !== typeof $rocket;
+const isEgern = 'object' == typeof egern;
+const isLanceX = 'undefined' != typeof $native;
 
 export class OpenAPI {
     constructor(name = 'untitled', debug = false) {
@@ -251,7 +253,16 @@ export class OpenAPI {
 }
 
 export function ENV() {
-    return { isQX, isLoon, isSurge, isNode, isStash, isShadowRocket };
+    return {
+        isQX,
+        isLoon,
+        isSurge,
+        isNode,
+        isStash,
+        isShadowRocket,
+        isEgern,
+        isLanceX,
+    };
 }
 
 export function HTTP(defaultOptions = { baseURL: '' }) {