admin/Xboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: machine mode, ECH subscriptions, batch ops & security hardening

Browse Source
This commit is contained in:
xboard
2026-04-17 02:27:47 +08:00
parent edbd8de356
commit e297b5fe9f
25 changed files with 1564 additions and 343 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Protocols/SingBox.php
+60 -4
View File
@@ -37,16 +37,35 @@ class SingBox extends AbstractProtocol
],
'protocol_settings.tls' => [
'2' => '1.6.0' // Reality
],
'protocol_settings.tls_settings.ech.enabled' => [
1 => '1.5.0'
]
],
'vmess' => [
'protocol_settings.tls_settings.ech.enabled' => [
1 => '1.5.0'
]
],
'trojan' => [
'protocol_settings.tls_settings.ech.enabled' => [
1 => '1.5.0'
]
],
'hysteria' => [
'base_version' => '1.5.0',
'protocol_settings.version' => [
'2' => '1.5.0' // Hysteria 2
],
'protocol_settings.tls.ech.enabled' => [
1 => '1.5.0'
]
],
'tuic' => [
'base_version' => '1.5.0'
'base_version' => '1.5.0',
'protocol_settings.tls.ech.enabled' => [
1 => '1.5.0'
]
],
'ssh' => [
'base_version' => '1.8.0'
@@ -58,7 +77,25 @@ class SingBox extends AbstractProtocol
'base_version' => '1.5.0'
],
'anytls' => [
'base_version' => '1.12.0'
'base_version' => '1.12.0',
'protocol_settings.tls.ech.enabled' => [
1 => '1.12.0'
]
],
'socks' => [
'protocol_settings.tls_settings.ech.enabled' => [
1 => '1.5.0'
]
],
'naive' => [
'protocol_settings.tls_settings.ech.enabled' => [
1 => '1.5.0'
]
],
'http' => [
'protocol_settings.tls_settings.ech.enabled' => [
1 => '1.5.0'
]
],
]
];
@@ -405,6 +442,7 @@ class SingBox extends AbstractProtocol
];
$this->appendUtls($array['tls'], $protocol_settings);
$this->appendEch($array['tls'], data_get($protocol_settings, 'tls_settings.ech'));
if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
$array['tls']['server_name'] = $serverName;
@@ -447,6 +485,7 @@ class SingBox extends AbstractProtocol
switch ($tlsMode) {
case 1:
$this->appendEch($tlsConfig, data_get($protocol_settings, 'tls_settings.ech'));
if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
$tlsConfig['server_name'] = $serverName;
}
@@ -498,8 +537,9 @@ class SingBox extends AbstractProtocol
];
break;
default: // Standard TLS
$tlsConfig['insecure'] = (bool) data_get($protocol_settings, 'allow_insecure', false);
if ($serverName = data_get($protocol_settings, 'server_name')) {
$tlsConfig['insecure'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', data_get($protocol_settings, 'allow_insecure', false));
$this->appendEch($tlsConfig, data_get($protocol_settings, 'tls_settings.ech'));
if ($serverName = data_get($protocol_settings, 'tls_settings.server_name', data_get($protocol_settings, 'server_name'))) {
$tlsConfig['server_name'] = $serverName;
}
break;
@@ -541,6 +581,7 @@ class SingBox extends AbstractProtocol
if ($serverName = data_get($protocol_settings, 'tls.server_name')) {
$baseConfig['tls']['server_name'] = $serverName;
}
$this->appendEch($baseConfig['tls'], data_get($protocol_settings, 'tls.ech'));
$speedConfig = [
'up_mbps' => data_get($protocol_settings, 'bandwidth.up'),
'down_mbps' => data_get($protocol_settings, 'bandwidth.down'),
@@ -590,6 +631,7 @@ class SingBox extends AbstractProtocol
if ($serverName = data_get($protocol_settings, 'tls.server_name')) {
$array['tls']['server_name'] = $serverName;
}
$this->appendEch($array['tls'], data_get($protocol_settings, 'tls.ech'));
if (data_get($protocol_settings, 'version') === 4) {
$array['token'] = $password;
@@ -620,6 +662,7 @@ class SingBox extends AbstractProtocol
if ($serverName = data_get($protocol_settings, 'tls.server_name')) {
$array['tls']['server_name'] = $serverName;
}
$this->appendEch($array['tls'], data_get($protocol_settings, 'tls.ech'));
return $array;
}
@@ -673,6 +716,7 @@ class SingBox extends AbstractProtocol
if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
$array['tls']['server_name'] = $serverName;
}
$this->appendEch($array['tls'], data_get($protocol_settings, 'tls_settings.ech'));
}
return $array;
@@ -754,4 +798,16 @@ class SingBox extends AbstractProtocol
}
}
}
protected function appendEch(&$tlsConfig, $ech): void
{
if ($normalized = Helper::normalizeEchSettings($ech)) {
// Client outbound only needs the public ECH config, not the server's private key
$tlsConfig['ech'] = array_filter([
'enabled' => true,
'config' => data_get($normalized, 'config') ? [data_get($normalized, 'config')] : null,
'query_server_name' => data_get($normalized, 'query_server_name'),
], fn($value) => $value !== null);
}
}
}