feat: 域名解析新增 _resolved_ips 为解析出的所有 IP

backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sub-store",
-  "version": "2.14.337",
+  "version": "2.14.342",
   "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and ShadowRocket.",
   "main": "src/main.js",
   "scripts": {
@@ -25,6 +25,7 @@
     "express": "^4.17.1",
     "http-proxy-middleware": "^2.0.6",
     "js-base64": "^3.7.2",
+    "jsrsasign": "^11.1.0",
     "lodash": "^4.17.21",
     "request": "^2.88.2",
     "requests": "^0.3.0",

backend/pnpm-lock.yaml

@@ -29,6 +29,9 @@ dependencies:
   js-base64:
     specifier: ^3.7.2
     version: registry.npmmirror.com/js-base64@3.7.2
+  jsrsasign:
+    specifier: ^11.1.0
+    version: registry.npmmirror.com/jsrsasign@11.1.0
   lodash:
     specifier: ^4.17.21
     version: registry.npmmirror.com/lodash@4.17.21
@@ -6634,6 +6637,12 @@ packages:
       verror: registry.npmmirror.com/verror@1.10.0
     dev: false
 
+  registry.npmmirror.com/jsrsasign@11.1.0:
+    resolution: {integrity: sha512-Ov74K9GihaK9/9WncTe1mPmvrO7Py665TUfUKvraXBpu+xcTWitrtuOwcjf4KMU9maPaYn0OuaWy0HOzy/GBXg==, registry: http://registry.npm.taobao.org/, tarball: https://registry.npmmirror.com/jsrsasign/-/jsrsasign-11.1.0.tgz}
+    name: jsrsasign
+    version: 11.1.0
+    dev: false
+
   registry.npmmirror.com/just-debounce@1.1.0:
     resolution: {integrity: sha512-qpcRocdkUmf+UTNBYx5w6dexX5J31AKK1OmPwH630a83DdVVUIngk55RSAiIGpQyoH0dlr872VHfPjnQnK1qDQ==, registry: http://registry.npm.taobao.org/, tarball: https://registry.npmmirror.com/just-debounce/-/just-debounce-1.1.0.tgz}
     name: just-debounce

backend/src/core/proxy-utils/index.js

@@ -1,3 +1,4 @@
+import rs from '@/utils/rs';
 import YAML from '@/utils/yaml';
 import download from '@/utils/download';
 import {
@@ -463,6 +464,25 @@ function lastParse(proxy) {
     if (['', 'off'].includes(proxy.sni)) {
         proxy['disable-sni'] = true;
     }
+    let caStr = proxy['ca_str'];
+    if (proxy['ca-str']) {
+        caStr = proxy['ca-str'];
+    } else if (caStr) {
+        delete proxy['ca_str'];
+        proxy['ca-str'] = caStr;
+    }
+    try {
+        if ($.env.isNode && !caStr && proxy['_ca']) {
+            caStr = $.node.fs.readFileSync(proxy['_ca'], {
+                encoding: 'utf8',
+            });
+        }
+    } catch (e) {
+        $.error(`Read ca file failed\nReason: ${e}`);
+    }
+    if (!proxy['tls-fingerprint'] && caStr) {
+        proxy['tls-fingerprint'] = rs.generateFingerprint(caStr);
+    }
     return proxy;
 }
 

backend/src/core/proxy-utils/parsers/peggy/loon.js

@@ -68,7 +68,7 @@ trojan = tag equals "trojan"i address password (transport/transport_host/transpo
     proxy.type = "trojan";
     handleTransport();
 }
-hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/udp_relay/fast_open/download_bandwidth/ecn/others)* {
+hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/udp_relay/fast_open/download_bandwidth/salamander_password/ecn/others)* {
     proxy.type = "hysteria2";
 }
 https = tag equals "https"i address (username password)? (tls_host/tls_verification/fast_open/udp_relay/others)* {
@@ -178,6 +178,7 @@ udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
 
 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
 download_bandwidth = comma "download-bandwidth" equals match:[^,]+ { proxy.down = match.join(""); }
+salamander_password = comma "salamander-password" equals match:[^,]+ { proxy['obfs-password'] = match.join(""); proxy.obfs = 'salamander'; }
 
 tag = match:[^=,]* { proxy.name = match.join("").trim(); }
 comma = _ "," _

backend/src/core/proxy-utils/parsers/peggy/loon.peg

@@ -66,7 +66,7 @@ trojan = tag equals "trojan"i address password (transport/transport_host/transpo
     proxy.type = "trojan";
     handleTransport();
 }
-hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/udp_relay/fast_open/download_bandwidth/ecn/others)* {
+hysteria2 = tag equals "hysteria2"i address password (tls_host/tls_verification/udp_relay/fast_open/download_bandwidth/salamander_password/ecn/others)* {
     proxy.type = "hysteria2";
 }
 https = tag equals "https"i address (username password)? (tls_host/tls_verification/fast_open/udp_relay/others)* {
@@ -176,6 +176,7 @@ udp_relay = comma "udp" equals flag:bool { proxy.udp = flag; }
 
 ecn = comma "ecn" equals flag:bool { proxy.ecn = flag; }
 download_bandwidth = comma "download-bandwidth" equals match:[^,]+ { proxy.down = match.join(""); }
+salamander_password = comma "salamander-password" equals match:[^,]+ { proxy['obfs-password'] = match.join(""); proxy.obfs = 'salamander'; }
 
 tag = match:[^=,]* { proxy.name = match.join("").trim(); }
 comma = _ "," _

backend/src/core/proxy-utils/processors/index.js

@@ -406,10 +406,13 @@ const DOMAIN_RESOLVERS = {
             throw new Error(`Status is ${body['Status']}`);
         }
         const answers = body['Answer'];
-        if (answers.length === 0) {
+        if (!Array.isArray(answers) || answers.length === 0) {
+            throw new Error('No answers');
+        }
+        const result = answers.map((i) => i?.data).filter((i) => i);
+        if (result.length === 0) {
             throw new Error('No answers');
         }
-        const result = answers[answers.length - 1].data;
         resourceCache.set(id, result);
         return result;
     },
@@ -429,7 +432,13 @@ const DOMAIN_RESOLVERS = {
         if (body['status'] !== 'success') {
             throw new Error(`Status is ${body['status']}`);
         }
-        const result = body.query;
+        if (!body.query || body.query === 0) {
+            throw new Error('No answers');
+        }
+        const result = [body.query];
+        if (result.length === 0) {
+            throw new Error('No answers');
+        }
         resourceCache.set(id, result);
         return result;
     },
@@ -450,10 +459,13 @@ const DOMAIN_RESOLVERS = {
             throw new Error(`Status is ${body['Status']}`);
         }
         const answers = body['Answer'];
-        if (answers.length === 0) {
+        if (!Array.isArray(answers) || answers.length === 0) {
+            throw new Error('No answers');
+        }
+        const result = answers.map((i) => i?.data).filter((i) => i);
+        if (result.length === 0) {
             throw new Error('No answers');
         }
-        const result = answers[answers.length - 1].data;
         resourceCache.set(id, result);
         return result;
     },
@@ -470,15 +482,18 @@ const DOMAIN_RESOLVERS = {
             },
         });
         const answers = JSON.parse(resp.body);
-        if (answers.length === 0) {
+        if (!Array.isArray(answers) || answers.length === 0) {
+            throw new Error('No answers');
+        }
+        const result = answers;
+        if (result.length === 0) {
             throw new Error('No answers');
         }
-        const result = answers[answers.length - 1];
         resourceCache.set(id, result);
         return result;
     },
     Tencent: async function (domain, type, noCache) {
-        const id = hex_md5(`ALI:${domain}:${type}`);
+        const id = hex_md5(`TENCENT:${domain}:${type}`);
         const cached = resourceCache.get(id);
         if (!noCache && cached) return cached;
         const resp = await $.http.get({
@@ -493,7 +508,10 @@ const DOMAIN_RESOLVERS = {
         if (answers.length === 0 || String(answers) === '0') {
             throw new Error('No answers');
         }
-        const result = answers[answers.length - 1];
+        const result = answers;
+        if (result.length === 0) {
+            throw new Error('No answers');
+        }
         resourceCache.set(id, result);
         return result;
     },
@@ -550,10 +568,16 @@ function ResolveDomainOperator({ provider, type: _type, filter, cache }) {
             proxies.forEach((p) => {
                 if (!p['_no-resolve']) {
                     if (results[p.server]) {
+                        p._resolved_ips = results[p.server];
+                        const ip = Array.isArray(results[p.server])
+                            ? results[p.server][
+                                  Math.floor(
+                                      Math.random() * results[p.server].length,
+                                  )
+                              ]
+                            : results[p.server];
                         if (_type === 'IP4P') {
-                            const { server, port } = parseIP4P(
-                                results[p.server],
-                            );
+                            const { server, port } = parseIP4P(ip);
                             if (server && port) {
                                 p._domain = p.server;
                                 p.server = server;
@@ -568,7 +592,7 @@ function ResolveDomainOperator({ provider, type: _type, filter, cache }) {
                             }
                         } else {
                             p._domain = p.server;
-                            p.server = results[p.server];
+                            p.server = ip;
                             p.resolved = true;
                             p[`_${type}`] = p.server;
                             if (!isIP(p._IP)) {

backend/src/core/proxy-utils/producers/loon.js

@@ -408,8 +408,8 @@ function wireguard(proxy) {
 }
 
 function hysteria2(proxy) {
-    if (proxy.obfs || proxy['obfs-password']) {
-        throw new Error(`obfs is unsupported`);
+    if (proxy['obfs-password'] && proxy.obfs != 'salamander') {
+        throw new Error(`only salamander obfs is supported`);
     }
     const result = new Result(proxy);
     result.append(`${proxy.name}=Hysteria2,${proxy.server},${proxy.port}`);
@@ -423,6 +423,10 @@ function hysteria2(proxy) {
         'skip-cert-verify',
     );
 
+    if (proxy['obfs-password'] && proxy.obfs == 'salamander') {
+        result.append(`,salamander-password=${proxy['obfs-password']}`);
+    }
+
     // tfo
     result.appendIfPresent(`,fast-open=${proxy.tfo}`, 'tfo');
 

backend/src/utils/rs.js

@@ -0,0 +1,11 @@
+import rs from 'jsrsasign';
+
+export function generateFingerprint(caStr) {
+    const hex = rs.pemtohex(caStr);
+    const fingerPrint = rs.KJUR.crypto.Util.hashHex(hex, 'sha256');
+    return fingerPrint.match(/.{2}/g).join(':').toUpperCase();
+}
+
+export default {
+    generateFingerprint,
+};

scripts/demo.js

@@ -8,11 +8,16 @@ function operator(proxies = [], targetPlatform, context) {
   // 结构大致参考了 Clash.Meta(mihomo) 有私货
   // 可在预览界面点击节点查看 JSON 结构 或查看 `target=JSON` 的通用订阅
   // 1. `_no-resolve` 为不解析域名
-  // 2. 域名解析后 会多一个 `_resolved` 字段
-  // 3. 域名解析后会有`_IPv4`, `_IPv6`, `_IP`(若有多个步骤, 只取第一次成功的 v4 或 v6 数据), `_domain` 字段
+  // 2. 域名解析后 会多一个 `_resolved` 字段, 表示是否解析成功
+  // 3. 域名解析后会有`_IPv4`, `_IPv6`, `_IP`(若有多个步骤, 只取第一次成功的 v4 或 v6 数据), `_domain` 字段, `_resolved_ips` 为解析出的所有 IP
   // 4. 节点字段 `exec` 为 `ssr-local` 路径, 默认 `/usr/local/bin/ssr-local`; 端口从 10000 开始递增(暂不支持配置)
   // 5. `_subName` 为单条订阅名
   // 6. `_collectionName` 为组合订阅名
+  // 7. `tls-fingerprint` 为 tls 指纹
+  // 8. `underlying-proxy` 为前置代理
+  // 9. `trojan`, `tuic`, `hysteria`, `hysteria2`, `juicity` 会在解析时设置 `tls`: true (会使用 tls 类协议的通用逻辑),  输出时删除
+  // 10. `sni` 在某些协议里会自动与 `servername` 转换
+  // 11. 读取节点的 ca-str 和 _ca (后端文件路径) 字段, 自动计算 fingerprint (参考 https://t.me/zhetengsha/1512)
 
   // $arguments 为传入的脚本参数