luci-app-passwall: bump to 24.12.25

luci-app-passwall: sync upstream luci-app-passwall: optimize and improve luci-app-passwall: adjust and fix luci-app-passwall: adjust luci-app-passwall: Add Backup and Restore Functionality luci-app-passwall: optimize and improve luci-app-passwall: optimize and improve luci-app-passwall: chinadns-ng support sing-box fakedns luci-app-passwall: fix and compat luci-app-passwall: Sing-Box cache path change luci-app-passwall: add Sing-Box DNS client_subnet option luci-app-passwall: fix dnsmasq with procd-ujail luci-app-passwall: re-add Xray FakeDNS logic luci-app-passwall: optimize code luci-app-passwall: optimize code luci-app-passwall: optimize backup code luci-app-passwall: fix acl rule when source address is empty luci-app-passwall: Xray Transport: Remove HTTP luci-app-passwall: optimize backup file download code
immortalwrt · Dec 25, 2024 · 45d2618 · 45d2618
1 parent 988a993
commit 45d2618
Show file tree

Hide file tree

Showing 47 changed files with 2,896 additions and 2,172 deletions.
diff --git a/applications/luci-app-passwall/Makefile b/applications/luci-app-passwall/Makefile
@@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=24.12.17
-PKG_RELEASE:=2
+PKG_VERSION:=24.12.25
+PKG_RELEASE:=1
 
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Haproxy \

diff --git a/applications/luci-app-passwall/luasrc/controller/passwall.lua b/applications/luci-app-passwall/luasrc/controller/passwall.lua
@@ -8,6 +8,7 @@ local uci = luci.model.uci.cursor()		-- in funtion index()
 local http = require "luci.http"
 local util = require "luci.util"
 local i18n = require "luci.i18n"
+local fs = require "nixio.fs"
 
 function index()
 	if not nixio.fs.access("/etc/config/passwall") then
@@ -46,7 +47,7 @@ function index()
 	entry({"admin", "services", appname, "socks_config"}, cbi(appname .. "/client/socks_config")).leaf = true
 	entry({"admin", "services", appname, "acl"}, cbi(appname .. "/client/acl"), _("Access control"), 98).leaf = true
 	entry({"admin", "services", appname, "acl_config"}, cbi(appname .. "/client/acl_config")).leaf = true
-	entry({"admin", "services", appname, "log"}, form(appname .. "/client/log"), _("Watch Logs"), 999).leaf = true
+	entry({"admin", "services", appname, "log"}, form(appname .. "/client/log"), _("Log Maint"), 999).leaf = true
 
 	--[[ Server ]]
 	entry({"admin", "services", appname, "server"}, cbi(appname .. "/server/index"), _("Server-Side"), 99).leaf = true
@@ -78,9 +79,7 @@ function index()
 	entry({"admin", "services", appname, "update_rules"}, call("update_rules")).leaf = true
 
 	--[[rule_list]]
-	entry({"admin", "services", appname, "read_gfwlist"}, call("read_rulelist", "gfw")).leaf = true
-	entry({"admin", "services", appname, "read_chnlist"}, call("read_rulelist", "chn")).leaf = true
-	entry({"admin", "services", appname, "read_chnroute"}, call("read_rulelist", "chnroute")).leaf = true
+	entry({"admin", "services", appname, "read_rulelist"}, call("read_rulelist")).leaf = true
 
 	--[[Components update]]
 	entry({"admin", "services", appname, "check_passwall"}, call("app_check")).leaf = true
@@ -90,6 +89,9 @@ function index()
 		entry({"admin", "services", appname, "check_" .. com}, call("com_check", com)).leaf = true
 		entry({"admin", "services", appname, "update_" .. com}, call("com_update", com)).leaf = true
 	end
+
+	--[[Backup]]
+	entry({"admin", "services", appname, "backup"}, call("create_backup")).leaf = true
 end
 
 local function http_write_json(content)
@@ -166,11 +168,11 @@ end
 function get_now_use_node()
 	local path = "/tmp/etc/passwall/acl/default"
 	local e = {}
-	local tcp_node = api.get_cache_var("GLOBAL_TCP_node")
+	local tcp_node = api.get_cache_var("ACL_GLOBAL_TCP_node")
 	if tcp_node then
 		e["TCP"] = tcp_node
 	end
-	local udp_node = api.get_cache_var("GLOBAL_UDP_node")
+	local udp_node = api.get_cache_var("ACL_GLOBAL_UDP_node")
 	if udp_node then
 		e["UDP"] = udp_node
 	end
@@ -364,8 +366,8 @@ end
 
 function clear_all_nodes()
 	uci:set(appname, '@global[0]', "enabled", "0")
-	uci:set(appname, '@global[0]', "tcp_node", "nil")
-	uci:set(appname, '@global[0]', "udp_node", "nil")
+	uci:delete(appname, '@global[0]', "tcp_node")
+	uci:delete(appname, '@global[0]', "udp_node")
 	uci:foreach(appname, "socks", function(t)
 		uci:delete(appname, t[".name"])
 		uci:set_list(appname, t[".name"], "autoswitch_backup_node", {})
@@ -374,8 +376,8 @@ function clear_all_nodes()
 		uci:delete(appname, t[".name"])
 	end)
 	uci:foreach(appname, "acl_rule", function(t)
-		uci:set(appname, t[".name"], "tcp_node", "nil")
-		uci:set(appname, t[".name"], "udp_node", "nil")
+		uci:delete(appname, t[".name"], "tcp_node")
+		uci:delete(appname, t[".name"], "udp_node")
 	end)
 	uci:foreach(appname, "nodes", function(node)
 		uci:delete(appname, node['.name'])
@@ -388,11 +390,11 @@ end
 function delete_select_nodes()
 	local ids = luci.http.formvalue("ids")
 	string.gsub(ids, '[^' .. "," .. ']+', function(w)
-		if (uci:get(appname, "@global[0]", "tcp_node") or "nil") == w then
-			uci:set(appname, '@global[0]', "tcp_node", "nil")
+		if (uci:get(appname, "@global[0]", "tcp_node") or "") == w then
+			uci:delete(appname, '@global[0]', "tcp_node")
 		end
-		if (uci:get(appname, "@global[0]", "udp_node") or "nil") == w then
-			uci:set(appname, '@global[0]', "udp_node", "nil")
+		if (uci:get(appname, "@global[0]", "udp_node") or "") == w then
+			uci:delete(appname, '@global[0]', "udp_node")
 		end
 		uci:foreach(appname, "socks", function(t)
 			if t["node"] == w then
@@ -413,10 +415,10 @@ function delete_select_nodes()
 		end)
 		uci:foreach(appname, "acl_rule", function(t)
 			if t["tcp_node"] == w then
-				uci:set(appname, t[".name"], "tcp_node", "nil")
+				uci:delete(appname, t[".name"], "tcp_node")
 			end
 			if t["udp_node"] == w then
-				uci:set(appname, t[".name"], "udp_node", "nil")
+				uci:delete(appname, t[".name"], "udp_node")
 			end
 		end)
 		uci:foreach(appname, "nodes", function(t)
@@ -491,17 +493,44 @@ function com_update(comname)
 	http_write_json(json)
 end
 
-function read_rulelist(list)
+function read_rulelist()
+	local rule_type = http.formvalue("type")
 	local rule_path
-	if list == "gfw" then
+	if rule_type == "gfw" then
 		rule_path = "/usr/share/passwall/rules/gfwlist"
-	elseif list == "chn" then
+	elseif rule_type == "chn" then
 		rule_path = "/usr/share/passwall/rules/chnlist"
-	else
+	elseif rule_type == "chnroute" then
 		rule_path = "/usr/share/passwall/rules/chnroute"
+	else
+		http.status(400, "Invalid rule type")
+		return
 	end
-	if api.fs.access(rule_path) then
-		luci.http.prepare_content("text/plain")
-		luci.http.write(api.fs.readfile(rule_path))
+	if fs.access(rule_path) then
+		http.prepare_content("text/plain")
+		http.write(fs.readfile(rule_path))
 	end
 end
+
+function create_backup()
+	local backup_files = {
+		"/etc/config/passwall",
+		"/etc/config/passwall_server",
+		"/usr/share/passwall/rules/block_host",
+		"/usr/share/passwall/rules/block_ip",
+		"/usr/share/passwall/rules/direct_host",
+		"/usr/share/passwall/rules/direct_ip",
+		"/usr/share/passwall/rules/proxy_host",
+		"/usr/share/passwall/rules/proxy_ip"
+	}
+	local date = os.date("%Y%m%d")
+	local tar_file = "/tmp/passwall-" .. date .. "-backup.tar.gz"
+	fs.remove(tar_file)
+	local cmd = "tar -czf " .. tar_file .. " " .. table.concat(backup_files, " ")
+	api.sys.call(cmd)
+	http.header("Content-Disposition", "attachment; filename=passwall-" .. date .. "-backup.tar.gz")
+	http.header("X-Backup-Filename", "passwall-" .. date .. "-backup.tar.gz")
+	http.prepare_content("application/octet-stream")
+	http.write(fs.readfile(tar_file))
+	fs.remove(tar_file)
+end
diff --git a/applications/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/applications/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
@@ -52,7 +52,7 @@ o.rmempty = false
 ---- Remarks
 o = s:option(Value, "remarks", translate("Remarks"))
 o.default = arg[1]
-o.rmempty = true
+o.rmempty = false
 
 o = s:option(ListValue, "interface", translate("Source Interface"))
 o:value("", translate("All"))
@@ -148,97 +148,117 @@ sources.write = dynamicList_write
 ---- TCP No Redir Ports
 local TCP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_no_redir_ports")
 o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
-o.default = "default"
+o:value("", translate("Use global config") .. "(" .. TCP_NO_REDIR_PORTS .. ")")
 o:value("disable", translate("No patterns are used"))
-o:value("default", translate("Use global config") .. "(" .. TCP_NO_REDIR_PORTS .. ")")
 o:value("1:65535", translate("All"))
 o.validate = port_validate
 
 ---- UDP No Redir Ports
 local UDP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "udp_no_redir_ports")
 o = s:option(Value, "udp_no_redir_ports", translate("UDP No Redir Ports"),
-			 "<font color='red'>" .. translate(
-				 "Fill in the ports you don't want to be forwarded by the agent, with the highest priority.") ..
-				 "</font>")
-o.default = "default"
+	"<font color='red'>" ..
+		translate("Fill in the ports you don't want to be forwarded by the agent, with the highest priority.") ..
+	"</font>")
+o:value("", translate("Use global config") .. "(" .. UDP_NO_REDIR_PORTS .. ")")
 o:value("disable", translate("No patterns are used"))
-o:value("default", translate("Use global config") .. "(" .. UDP_NO_REDIR_PORTS .. ")")
 o:value("1:65535", translate("All"))
 o.validate = port_validate
 
+o = s:option(DummyValue, "_hide_node_option", "")
+o.template = "passwall/cbi/hidevalue"
+o.value = "1"
+o:depends({ tcp_no_redir_ports = "1:65535", udp_no_redir_ports = "1:65535" })
+if TCP_NO_REDIR_PORTS == "1:65535" and UDP_NO_REDIR_PORTS == "1:65535" then
+	o:depends({ tcp_no_redir_ports = "", udp_no_redir_ports = "" })
+end
+
 o = s:option(Flag, "use_global_config", translatef("Use global config"))
 o.default = "0"
 o.rmempty = false
+o:depends({ _hide_node_option = "1",  ['!reverse'] = true })
 
-tcp_node = s:option(ListValue, "tcp_node", "<a style='color: red'>" .. translate("TCP Node") .. "</a>")
-tcp_node.default = ""
-tcp_node:value("", translate("Close"))
-tcp_node:depends("use_global_config", false)
+o = s:option(ListValue, "tcp_node", "<a style='color: red'>" .. translate("TCP Node") .. "</a>")
+o.default = ""
+o:depends({ _hide_node_option = false, use_global_config = false })
+
+o = s:option(DummyValue, "_tcp_node_bool", "")
+o.template = "passwall/cbi/hidevalue"
+o.value = "1"
+o:depends({ tcp_node = "",  ['!reverse'] = true })
 
-udp_node = s:option(ListValue, "udp_node", "<a style='color: red'>" .. translate("UDP Node") .. "</a>")
-udp_node.default = ""
-udp_node:value("", translate("Close"))
-udp_node:value("tcp", translate("Same as the tcp node"))
-udp_node:depends({ tcp_node = "",  ['!reverse'] = true })
+o = s:option(ListValue, "udp_node", "<a style='color: red'>" .. translate("UDP Node") .. "</a>")
+o.default = ""
+o:value("", translate("Close"))
+o:value("tcp", translate("Same as the tcp node"))
+o:depends({ _tcp_node_bool = "1" })
 
 for k, v in pairs(nodes_table) do
-	tcp_node:value(v.id, v["remark"])
-	udp_node:value(v.id, v["remark"])
+	s.fields["tcp_node"]:value(v.id, v["remark"])
+	s.fields["udp_node"]:value(v.id, v["remark"])
 end
 
+o = s:option(DummyValue, "_udp_node_bool", "")
+o.template = "passwall/cbi/hidevalue"
+o.value = "1"
+o:depends({ udp_node = "",  ['!reverse'] = true })
+
 ---- TCP Proxy Drop Ports
 local TCP_PROXY_DROP_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_proxy_drop_ports")
 o = s:option(Value, "tcp_proxy_drop_ports", translate("TCP Proxy Drop Ports"))
-o.default = "default"
+o:value("", translate("Use global config") .. "(" .. TCP_PROXY_DROP_PORTS .. ")")
 o:value("disable", translate("No patterns are used"))
-o:value("default", translate("Use global config") .. "(" .. TCP_PROXY_DROP_PORTS .. ")")
 o.validate = port_validate
+o:depends({ use_global_config = true })
+o:depends({ _tcp_node_bool = "1" })
 
 ---- UDP Proxy Drop Ports
 local UDP_PROXY_DROP_PORTS = uci:get(appname, "@global_forwarding[0]", "udp_proxy_drop_ports")
 o = s:option(Value, "udp_proxy_drop_ports", translate("UDP Proxy Drop Ports"))
-o.default = "default"
+o:value("", translate("Use global config") .. "(" .. UDP_PROXY_DROP_PORTS .. ")")
 o:value("disable", translate("No patterns are used"))
-o:value("default", translate("Use global config") .. "(" .. UDP_PROXY_DROP_PORTS .. ")")
 o:value("443", translate("QUIC"))
 o.validate = port_validate
+o:depends({ use_global_config = true })
+o:depends({ _tcp_node_bool = "1" })
 
 ---- TCP Redir Ports
 local TCP_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_redir_ports")
 o = s:option(Value, "tcp_redir_ports", translate("TCP Redir Ports"), translatef("Only work with using the %s node.", "TCP"))
-o.default = "default"
-o:value("default", translate("Use global config") .. "(" .. TCP_REDIR_PORTS .. ")")
+o:value("", translate("Use global config") .. "(" .. TCP_REDIR_PORTS .. ")")
 o:value("1:65535", translate("All"))
 o:value("80,443", "80,443")
 o:value("80:65535", "80 " .. translate("or more"))
 o:value("1:443", "443 " .. translate("or less"))
 o.validate = port_validate
+o:depends({ use_global_config = true })
+o:depends({ _tcp_node_bool = "1" })
 
 ---- UDP Redir Ports
 local UDP_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "udp_redir_ports")
 o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports"), translatef("Only work with using the %s node.", "UDP"))
-o.default = "default"
-o:value("default", translate("Use global config") .. "(" .. UDP_REDIR_PORTS .. ")")
+o:value("", translate("Use global config") .. "(" .. UDP_REDIR_PORTS .. ")")
 o:value("1:65535", translate("All"))
 o:value("53", "53")
 o.validate = port_validate
+o:depends({ use_global_config = true })
+o:depends({ _udp_node_bool = "1" })
 
 o = s:option(Flag, "use_direct_list", translatef("Use %s", translate("Direct List")))
 o.default = "1"
-o:depends({ tcp_node = "",  ['!reverse'] = true })
+o:depends({ _tcp_node_bool = "1" })
 
 o = s:option(Flag, "use_proxy_list", translatef("Use %s", translate("Proxy List")))
 o.default = "1"
-o:depends({ tcp_node = "",  ['!reverse'] = true })
+o:depends({ _tcp_node_bool = "1" })
 
 o = s:option(Flag, "use_block_list", translatef("Use %s", translate("Block List")))
 o.default = "1"
-o:depends({ tcp_node = "",  ['!reverse'] = true })
+o:depends({ _tcp_node_bool = "1" })
 
 if has_gfwlist then
 	o = s:option(Flag, "use_gfw_list", translatef("Use %s", translate("GFW List")))
 	o.default = "1"
-	o:depends({ tcp_node = "",  ['!reverse'] = true })
+	o:depends({ _tcp_node_bool = "1" })
 end
 
 if has_chnlist or has_chnroute then
@@ -247,36 +267,36 @@ if has_chnlist or has_chnroute then
 	o:value("direct", translate("Direct Connection"))
 	o:value("proxy", translate("Proxy"))
 	o.default = "direct"
-	o:depends({ tcp_node = "",  ['!reverse'] = true })
+	o:depends({ _tcp_node_bool = "1" })
 end
 
 o = s:option(ListValue, "tcp_proxy_mode", "TCP " .. translate("Proxy Mode"))
 o:value("disable", translate("No Proxy"))
 o:value("proxy", translate("Proxy"))
-o:depends({ tcp_node = "",  ['!reverse'] = true })
+o:depends({ _tcp_node_bool = "1" })
 
 o = s:option(ListValue, "udp_proxy_mode", "UDP " .. translate("Proxy Mode"))
 o:value("disable", translate("No Proxy"))
 o:value("proxy", translate("Proxy"))
-o:depends({ udp_node = "",  ['!reverse'] = true })
+o:depends({ _udp_node_bool = "1" })
 
 o = s:option(DummyValue, "switch_mode", " ")
 o.template = appname .. "/global/proxy"
-o:depends({ tcp_node = "",  ['!reverse'] = true })
+o:depends({ _tcp_node_bool = "1" })
 
 ---- DNS
 o = s:option(ListValue, "dns_shunt", "DNS " .. translate("Shunt"))
-o:depends({ tcp_node = "",  ['!reverse'] = true })
+o:depends({ _tcp_node_bool = "1" })
 o:value("dnsmasq", "Dnsmasq")
 o:value("chinadns-ng", translate("ChinaDNS-NG (recommended)"))
 
 o = s:option(Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
 o.default = "0"
-o:depends({ tcp_node = "",  ['!reverse'] = true })
+o:depends({ _tcp_node_bool = "1" })
 
 ---- DNS Forward Mode
 o = s:option(ListValue, "dns_mode", translate("Filter Mode"))
-o:depends({ tcp_node = "",  ['!reverse'] = true })
+o:depends({ _tcp_node_bool = "1" })
 if api.is_finded("dns2socks") then
 	o:value("dns2socks", "dns2socks")
 end
@@ -367,11 +387,10 @@ if has_singbox or has_xray then
 	o:depends({xray_dns_mode = "tcp+doh"})
 	o:depends({singbox_dns_mode = "doh"})
 
-	if has_xray then
-		o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet"))
-		o.datatype = "ipaddr"
-		o:depends({dns_mode = "xray"})
-	end
+	o = s:option(Value, "remote_dns_client_ip", translate("EDNS Client Subnet"))
+	o.datatype = "ipaddr"
+	o:depends({dns_mode = "sing-box"})
+	o:depends({dns_mode = "xray"})
 end
 
 o = s:option(ListValue, "chinadns_ng_default_tag", translate("Default DNS"))