add tls to shadowrocket #654

2026-03-14 05:23:09 +00:00 · 2023-11-29 23:56:53 +01:00
parent 02053fea83
commit 3dd8dbdecf
2 changed files with 58 additions and 5 deletions
--- a/sub/subService.go
+++ b/sub/subService.go
@@ -718,6 +718,35 @@ func (s *SubService) genShadowsocksLink(inbound *model.Inbound, email string) st
 		}
 	}

+	security, _ := stream["security"].(string)
+	if security == "tls" {
+		params["security"] = "tls"
+		tlsSetting, _ := stream["tlsSettings"].(map[string]interface{})
+		alpns, _ := tlsSetting["alpn"].([]interface{})
+		var alpn []string
+		for _, a := range alpns {
+			alpn = append(alpn, a.(string))
+		}
+		if len(alpn) > 0 {
+			params["alpn"] = strings.Join(alpn, ",")
+		}
+		if sniValue, ok := searchKey(tlsSetting, "serverName"); ok {
+			params["sni"], _ = sniValue.(string)
+		}
+
+		tlsSettings, _ := searchKey(tlsSetting, "settings")
+		if tlsSetting != nil {
+			if fpValue, ok := searchKey(tlsSettings, "fingerprint"); ok {
+				params["fp"], _ = fpValue.(string)
+			}
+			if insecure, ok := searchKey(tlsSettings, "allowInsecure"); ok {
+				if insecure.(bool) {
+					params["allowInsecure"] = "1"
+				}
+			}
+		}
+	}
+
 	encPart := fmt.Sprintf("%s:%s", method, clients[clientIndex].Password)
 	if method[0] == '2' {
 		encPart = fmt.Sprintf("%s:%s:%s", method, inboundPassword, clients[clientIndex].Password)
@@ -729,6 +758,7 @@ func (s *SubService) genShadowsocksLink(inbound *model.Inbound, email string) st
 		links := ""
 		for index, externalProxy := range externalProxies {
 			ep, _ := externalProxy.(map[string]interface{})
+			newSecurity, _ := ep["forceTls"].(string)
 			dest, _ := ep["dest"].(string)
 			d := strings.Split(dest, ":")
 			link := ""
@@ -737,11 +767,18 @@ func (s *SubService) genShadowsocksLink(inbound *model.Inbound, email string) st
 			} else {
 				link = fmt.Sprintf("ss://%s@%s:%d", base64.StdEncoding.EncodeToString([]byte(encPart)), d[0], inbound.Port)
 			}
+			if newSecurity != "same" {
+				params["security"] = newSecurity
+			} else {
+				params["security"] = security
+			}
 			url, _ := url.Parse(link)
 			q := url.Query()

 			for k, v := range params {
-				q.Add(k, v)
+				if !(newSecurity == "none" && (k == "alpn" || k == "sni" || k == "fp" || k == "allowInsecure")) {
+					q.Add(k, v)
+				}
 			}

 			// Set the new query values on the URL
--- a/web/assets/js/model/xray.js
+++ b/web/assets/js/model/xray.js
@@ -962,7 +962,7 @@ class Inbound extends XrayCommonClass {
    }

    canEnableTls() {
-        if(![Protocols.VMESS, Protocols.VLESS, Protocols.TROJAN].includes(this.protocol)) return false;
+        if(![Protocols.VMESS, Protocols.VLESS, Protocols.TROJAN, Protocols.SHADOWSOCKS].includes(this.protocol)) return false;
        return ["tcp", "ws", "http", "quic", "grpc"].includes(this.network);
    }

@@ -1166,9 +1166,10 @@ class Inbound extends XrayCommonClass {
        return url.toString();
    }

-    genSSLink(address='', port=this.port, remark='', clientPassword) {
+    genSSLink(address='', port=this.port, forceTls, remark='', clientPassword) {
        let settings = this.settings;
        const type = this.stream.network;
+        const security = forceTls == 'same' ? this.stream.security : forceTls;
        const params = new Map();
        params.set("type", this.stream.network);
        switch (type) {
@@ -1219,6 +1220,21 @@ class Inbound extends XrayCommonClass {
                break;
        }

+        if (security === 'tls') {
+            params.set("security", "tls");
+            if (this.stream.isTls){
+                params.set("fp" , this.stream.tls.settings.fingerprint);
+                params.set("alpn", this.stream.tls.alpn);
+                if(this.stream.tls.settings.allowInsecure){
+                    params.set("allowInsecure", "1");
+                }
+                if (!ObjectUtil.isEmpty(this.stream.tls.sni)){
+                    params.set("sni", this.stream.tls.sni);
+                }
+            }
+        }
+
+
        let password = new Array();
        if (this.isSS2022) password.push(settings.password);
        if (this.isSSMultiUser) password.push(clientPassword);
@@ -1330,7 +1346,7 @@ class Inbound extends XrayCommonClass {
            case Protocols.VLESS:
                return this.genVLESSLink(address, port, forceTls, remark, client.id, client.flow);
            case Protocols.SHADOWSOCKS: 
-                return this.genSSLink(address, port, remark, this.isSSMultiUser ? client.password : '');
+                return this.genSSLink(address, port, forceTls, remark, this.isSSMultiUser ? client.password : '');
            case Protocols.TROJAN:
                return this.genTrojanLink(address, port, forceTls, remark, client.password);
            default: return '';
@@ -1377,7 +1393,7 @@ class Inbound extends XrayCommonClass {
            });
            return links.join('\r\n');
        } else {
-            if(this.protocol == Protocols.SHADOWSOCKS && !this.isSSMultiUser) return this.genSSLink(this.listen, this.port, remark);
+            if(this.protocol == Protocols.SHADOWSOCKS && !this.isSSMultiUser) return this.genSSLink(this.listen, this.port, forceTls, remark);
            return '';
        }
    }