Skip to content

Commit

Permalink
Strict DNS, routing rules for chaining. Revised Clash warp, Xray Fake…
Browse files Browse the repository at this point in the history
… DNS.
  • Loading branch information
bia-pain-bache committed Nov 7, 2024
1 parent e7d9766 commit ed02693
Show file tree
Hide file tree
Showing 4 changed files with 131 additions and 122 deletions.
89 changes: 52 additions & 37 deletions src/cores-configs/clash.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,14 @@ import { getConfigAddresses, extractWireguardParams, generateRemark, randomUpper
import { initializeParams, userID, trojanPassword, hostName, defaultHttpsPorts } from "../helpers/init";
import { getDataset } from '../kv/handlers';
import { renderErrorPage } from '../pages/errorPage';
import { isDomain } from '../helpers/helpers';

async function buildClashDNS (proxySettings, isWarp) {
async function buildClashDNS (proxySettings, isChain, isWarp) {
const {
remoteDNS,
resolvedRemoteDNS,
localDNS,
vlessTrojanFakeDNS,
vlessTrojanFakeDNS,
outProxyParams,
enableIPv6,
warpFakeDNS,
warpEnableIPv6,
Expand All @@ -34,25 +35,28 @@ async function buildClashDNS (proxySettings, isWarp) {
"listen": "0.0.0.0:1053",
"ipv6": isIPv6,
"respect-rules": true,
"use-hosts": true,
"use-system-hosts": false,
"nameserver": isWarp ? warpRemoteDNS : [remoteDNS],
"proxy-server-nameserver": [localDNS]
};

if (resolvedRemoteDNS.server && !isWarp) {
dns["hosts"] = {
[resolvedRemoteDNS.server]: resolvedRemoteDNS.staticIPs
};
}


if (isChain && !isWarp) {
const chainOutboundServer = JSON.parse(outProxyParams).server;
if (isDomain(chainOutboundServer)) dns["nameserver-policy"] = {
[chainOutboundServer]: remoteDNS
};
}

if (isBypass) {
let geosites = [];
bypassRules.forEach(({ rule, geosite }) => {
rule && geosites.push(geosite)
});

dns["nameserver-policy"] = {
[`geosite:${geosites.join(',')}`]: [localDNS],
"www.gstatic.com": [localDNS]
...dns["nameserver-policy"],
[`geosite:${geosites.join(',')}`]: [localDNS]
};
}

Expand All @@ -65,9 +69,11 @@ async function buildClashDNS (proxySettings, isWarp) {
return dns;
}

function buildClashRoutingRules (proxySettings) {
const {
localDNS,
function buildClashRoutingRules (proxySettings, isChain, isWarp) {
const {
remoteDNS,
localDNS,
warpEnableIPv6,
bypassLAN,
bypassIran,
bypassChina,
Expand All @@ -77,11 +83,13 @@ function buildClashRoutingRules (proxySettings) {
blockUDP443
} = proxySettings;

const url = new URL(remoteDNS);
const remoteDNSServer = url.hostname;
const isBypass = bypassIran || bypassChina || bypassLAN || bypassRussia;
const isBlock = blockAds || blockPorn;
let geositeDirectRules = [], geoipDirectRules = [], geositeBlockRules = [];
const geoRules = [
{ rule: bypassLAN, type: 'direct', geosite: "private", geoip: "private" },
{ rule: bypassLAN, type: 'direct', geosite: "private", geoip: "LAN" },
{ rule: bypassIran, type: 'direct', geosite: "category-ir", geoip: "ir" },
{ rule: bypassChina, type: 'direct', geosite: "cn", geoip: "cn" },
{ rule: bypassRussia, type: 'direct', geosite: "category-ru", geoip: "ru" },
Expand All @@ -104,16 +112,18 @@ function buildClashRoutingRules (proxySettings) {
}

let rules = [
`AND,((IP-CIDR,${localDNS}/32),(DST-PORT,53)),DIRECT`,
`AND,((IP-CIDR,${localDNS}/32),(NETWORK,udp),(DST-PORT,53)),DIRECT`,
...geositeDirectRules,
...geoipDirectRules,
...geositeBlockRules
];

blockUDP443 && rules.push("AND,((NETWORK,udp),(DST-PORT,443)),REJECT");
rules.push("IP-CIDR,10.10.34.34/32,REJECT,no-resolve");
rules.push("IP-CIDR,10.10.34.35/32,REJECT,no-resolve");
rules.push("IP-CIDR,10.10.34.36/32,REJECT,no-resolve");
if (isChain) {
isWarp && !warpEnableIPv6 && rules.push("OR,((IP-CIDR,1.1.1.1/32),(IP-CIDR,1.0.0.1/32)),💦 Warp - Best Ping 🚀");
isWarp && warpEnableIPv6 && rules.push("OR,((IP-CIDR,1.1.1.1/32),(IP-CIDR,1.0.0.1/32),(IP-CIDR6,2606:4700:4700::1111/128),(IP-CIDR6,2606:4700:4700::1001/128)),💦 Warp - Best Ping 🚀");
!isWarp && rules.push(`AND,((${isDomain(remoteDNSServer) ? 'DOMAIN' : 'IP-CIDR'},${isDomain(remoteDNSServer) ? remoteDNSServer : `${remoteDNSServer}/32`}),(NETWORK,tcp)),proxy-1`);
}
rules.push("MATCH,✅ Selector");
return rules;
}
Expand Down Expand Up @@ -198,32 +208,30 @@ function buildClashWarpOutbound (warpConfigs, remark, endpoint, chain) {
"reserved": reserved,
"udp": true,
"mtu": 1280,
"dialer-proxy": chain,
"remote-dns-resolve": true,
"dns": [ "1.1.1.1", "1.0.0.1" ]
"dialer-proxy": chain
};
}

function buildClashChainOutbound(chainProxyParams) {
if (["socks", "http"].includes(chainProxyParams.protocol)) {
const { protocol, host, port, user, pass } = chainProxyParams;
const { protocol, server, port, user, pass } = chainProxyParams;
const proxyType = protocol === 'socks' ? 'socks5' : protocol;
return {
"name": "",
"type": proxyType,
"server": host,
"server": server,
"port": +port,
"dialer-proxy": "",
"username": user,
"password": pass
};
}

const { hostName, port, uuid, flow, security, type, sni, fp, alpn, pbk, sid, headerType, host, path, serviceName } = chainProxyParams;
const { server, port, uuid, flow, security, type, sni, fp, alpn, pbk, sid, headerType, host, path, serviceName } = chainProxyParams;
let chainOutbound = {
"name": "💦 Chain Best Ping 💥",
"type": "vless",
"server": hostName,
"server": server,
"port": +port,
"udp": true,
"uuid": uuid,
Expand Down Expand Up @@ -287,11 +295,10 @@ function buildClashChainOutbound(chainProxyParams) {
export async function getClashWarpConfig(request, env) {
const { kvNotFound, proxySettings, warpConfigs } = await getDataset(request, env);
if (kvNotFound) return await renderErrorPage(request, env, 'KV Dataset is not properly set!', null, true);
const { warpEndpoints, warpEnableIPv6 } = proxySettings;
const { warpEndpoints } = proxySettings;
let config = structuredClone(clashConfigTemp);
config.ipv6 = warpEnableIPv6;
config.dns = await buildClashDNS(proxySettings, true);
config.rules = buildClashRoutingRules(proxySettings);
config.dns = await buildClashDNS(proxySettings, false, true);
config.rules = buildClashRoutingRules(proxySettings, true, true);
const selector = config['proxy-groups'][0];
const warpUrlTest = config['proxy-groups'][1];
selector.proxies = ['💦 Warp - Best Ping 🚀', '💦 WoW - Best Ping 🚀'];
Expand Down Expand Up @@ -331,6 +338,7 @@ export async function getClashNormalConfig (request, env) {
if (kvNotFound) return await renderErrorPage(request, env, 'KV Dataset is not properly set!', null, true);
let chainProxy;
const {
resolvedRemoteDNS,
cleanIPs,
proxyIP,
ports,
Expand Down Expand Up @@ -361,17 +369,23 @@ export async function getClashNormalConfig (request, env) {
}

let config = structuredClone(clashConfigTemp);
config.ipv6 = enableIPv6;
config.dns = await buildClashDNS(proxySettings, false);
config.rules = buildClashRoutingRules(proxySettings);
if (resolvedRemoteDNS.server) {
config.hosts = {
[resolvedRemoteDNS.server]: resolvedRemoteDNS.staticIPs
}
} else {
delete config.hosts;
}
const Addresses = await getConfigAddresses(hostName, cleanIPs, enableIPv6);
const customCdnAddresses = customCdnAddrs ? customCdnAddrs.split(',') : [];
const totalAddresses = [...Addresses, ...customCdnAddresses];
config.dns = await buildClashDNS(proxySettings, chainProxy, false);
config.rules = buildClashRoutingRules(proxySettings, chainProxy, false);
const selector = config['proxy-groups'][0];
const urlTest = config['proxy-groups'][1];
selector.proxies = ['💦 Best Ping 💥'];
urlTest.name = '💦 Best Ping 💥';
urlTest.interval = +bestVLESSTrojanInterval;
const Addresses = await getConfigAddresses(hostName, cleanIPs, enableIPv6);
const customCdnAddresses = customCdnAddrs ? customCdnAddrs.split(',') : [];
const totalAddresses = [...Addresses, ...customCdnAddresses];
let proxyIndex = 1, path;
const protocols = [
...(vlessConfigs ? ['VLESS'] : []),
Expand Down Expand Up @@ -465,6 +479,7 @@ const clashConfigTemp = {
"store-selected": true,
"store-fake-ip": true
},
"hosts": {},
"dns": {},
"tun": {
"enable": true,
Expand Down
57 changes: 27 additions & 30 deletions src/cores-configs/sing-box.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@ import { getConfigAddresses, extractWireguardParams, generateRemark, randomUpper
import { initializeParams, userID, trojanPassword, hostName, defaultHttpsPorts } from "../helpers/init";
import { renderErrorPage } from '../pages/errorPage';
import { getDataset } from '../kv/handlers';
import { isDomain } from '../helpers/helpers';

function buildSingBoxDNS (proxySettings, isChain, isWarp) {
function buildSingBoxDNS (proxySettings, outboundAddrs, isChain, isWarp) {
const {
remoteDNS,
localDNS,
Expand Down Expand Up @@ -37,7 +38,7 @@ function buildSingBoxDNS (proxySettings, isChain, isWarp) {
address: isWarp ? "1.1.1.1" : remoteDNS,
address_resolver: "dns-direct",
strategy: isIPv6 ? "prefer_ipv4" : "ipv4_only",
detour: isChain ? 'proxy-1' : "proxy",
detour: isWarp ? "💦 Warp - Best Ping 🚀" : isChain ? 'proxy-1' : "proxy",
tag: "dns-remote"
},
{
Expand All @@ -52,15 +53,22 @@ function buildSingBoxDNS (proxySettings, isChain, isWarp) {
}
];

let outboundRule;
if (isWarp) {
outboundRule = {
outbound: "any",
server: "dns-direct"
};
} else {
const outboundDomains = outboundAddrs.filter(address => isDomain(address));
outboundRule = {
domain: outboundDomains,
server: "dns-direct"
};
}

let rules = [
{
outbound: "any",
server: "dns-direct"
},
{
domain: "www.gstatic.com",
server: "dns-direct"
},
outboundRule,
{
clash_mode: "block",
server: "dns-block"
Expand Down Expand Up @@ -279,17 +287,6 @@ function buildSingBoxRoutingRules (proxySettings) {
protocol: "quic",
outbound: "block"
});

rules.push(
{
ip_cidr: ["10.10.34.34", "10.10.34.35", "10.10.34.36"],
outbound: "block"
},
{
ip_cidr: ["224.0.0.0/3", "ff00::/8"],
source_ip_cidr: ["224.0.0.0/3", "ff00::/8"],
outbound: "block"
});

return {rules: rules, rule_set: ruleSets};
}
Expand Down Expand Up @@ -430,12 +427,12 @@ function buildSingBoxWarpOutbound (proxySettings, warpConfigs, remark, endpoint,

function buildSingBoxChainOutbound (chainProxyParams, enableIPv6) {
if (["socks", "http"].includes(chainProxyParams.protocol)) {
const { protocol, host, port, user, pass } = chainProxyParams;
const { protocol, server, port, user, pass } = chainProxyParams;

let chainOutbound = {
type: protocol,
tag: "",
server: host,
server: server,
server_port: +port,
username: user,
password: pass,
Expand All @@ -446,11 +443,11 @@ function buildSingBoxChainOutbound (chainProxyParams, enableIPv6) {
return chainOutbound;
}

const { hostName, port, uuid, flow, security, type, sni, fp, alpn, pbk, sid, headerType, host, path, serviceName } = chainProxyParams;
const { server, port, uuid, flow, security, type, sni, fp, alpn, pbk, sid, headerType, host, path, serviceName } = chainProxyParams;
let chainOutbound = {
type: "vless",
tag: "",
server: hostName,
server: server,
server_port: +port,
domain_strategy: enableIPv6 ? "prefer_ipv4" : "ipv4_only",
uuid: uuid,
Expand Down Expand Up @@ -521,7 +518,7 @@ export async function getSingBoxWarpConfig (request, env, client) {
if (kvNotFound) return await renderErrorPage(request, env, 'KV Dataset is not properly set!', null, true);
const { warpEndpoints } = proxySettings;
let config = structuredClone(singboxConfigTemp);
const dnsObject = buildSingBoxDNS(proxySettings, false, true);
const dnsObject = buildSingBoxDNS(proxySettings, undefined, false, true);
const {rules, rule_set} = buildSingBoxRoutingRules(proxySettings);
config.dns.servers = dnsObject.servers;
config.dns.rules = dnsObject.rules;
Expand Down Expand Up @@ -597,8 +594,11 @@ export async function getSingBoxCustomConfig(request, env, isFragment) {
}
}

const Addresses = await getConfigAddresses(hostName, cleanIPs, enableIPv6);
const customCdnAddresses = customCdnAddrs ? customCdnAddrs.split(',') : [];
const totalAddresses = [...Addresses, ...customCdnAddresses];
let config = structuredClone(singboxConfigTemp);
const dnsObject = buildSingBoxDNS(proxySettings, chainProxyOutbound, false);
const dnsObject = buildSingBoxDNS(proxySettings, totalAddresses, chainProxyOutbound, false);
const {rules, rule_set} = buildSingBoxRoutingRules(proxySettings);
config.dns.servers = dnsObject.servers;
config.dns.rules = dnsObject.rules;
Expand All @@ -610,9 +610,6 @@ export async function getSingBoxCustomConfig(request, env, isFragment) {
selector.outbounds = ['💦 Best Ping 💥'];
urlTest.interval = `${bestVLESSTrojanInterval}s`;
urlTest.tag = '💦 Best Ping 💥';
const Addresses = await getConfigAddresses(hostName, cleanIPs, enableIPv6);
const customCdnAddresses = customCdnAddrs ? customCdnAddrs.split(',') : [];
const totalAddresses = [...Addresses, ...customCdnAddresses];
const totalPorts = ports.filter(port => isFragment ? defaultHttpsPorts.includes(port) : true);
let proxyIndex = 1;
const protocols = [
Expand Down
Loading

0 comments on commit ed02693

Please sign in to comment.