fix: unify Trojan server_name/allow_insecure to tls_settings across all protocols

app/Protocols/Clash.php

@@ -238,10 +238,10 @@ class Clash extends AbstractProtocol
         $array['port'] = $server['port'];
         $array['password'] = $password;
         $array['udp'] = true;
-        if ($serverName = data_get($protocol_settings, 'server_name')) {
+        if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
             $array['sni'] = $serverName;
         }
-        $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'allow_insecure');
+        $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false);
 
         switch (data_get($protocol_settings, 'network')) {
             case 'tcp':

app/Protocols/ClashMeta.php

@@ -535,8 +535,8 @@ class ClashMeta extends AbstractProtocol
                 ];
                 break;
             default: // Standard TLS
-                $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', data_get($protocol_settings, 'allow_insecure', false));
-                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name', data_get($protocol_settings, 'server_name'))) {
+                $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false);
+                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
                     $array['sni'] = $serverName;
                 }
                 self::appendEch($array, data_get($protocol_settings, 'tls_settings.ech'));

app/Protocols/General.php

@@ -262,8 +262,8 @@ class General extends AbstractProtocol
                 }
                 break;
             default: // Standard TLS
-                $array['allowInsecure'] = data_get($protocol_settings, 'allow_insecure', false);
-                if ($serverName = data_get($protocol_settings, 'server_name')) {
+                $array['allowInsecure'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false);
+                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
                     $array['peer'] = $serverName;
                     $array['sni'] = $serverName;
                 }

app/Protocols/Loon.php

@@ -205,10 +205,10 @@ class Loon extends AbstractProtocol
                 $config[] = 'skip-cert-verify=' . (data_get($protocol_settings, 'reality_settings.allow_insecure', false) ? 'true' : 'false');
                 break;
             default: // Standard TLS
-                if ($serverName = data_get($protocol_settings, 'server_name')) {
+                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
                     $config[] = "tls-name={$serverName}";
                 }
-                $config[] = 'skip-cert-verify=' . (data_get($protocol_settings, 'allow_insecure') ? 'true' : 'false');
+                $config[] = 'skip-cert-verify=' . (data_get($protocol_settings, 'tls_settings.allow_insecure', false) ? 'true' : 'false');
                 break;
         }
 

app/Protocols/QuantumultX.php

@@ -191,8 +191,8 @@ class QuantumultX extends AbstractProtocol
         ];
 
         $tlsData = [
-            'allow_insecure' => data_get($protocol_settings, 'allow_insecure', false),
-            'server_name' => data_get($protocol_settings, 'server_name'),
+            'allow_insecure' => data_get($protocol_settings, 'tls_settings.allow_insecure', false),
+            'server_name' => data_get($protocol_settings, 'tls_settings.server_name'),
         ];
         self::applyTransportSettings($config, $protocol_settings, true, $tlsData);
         self::applyCommonSettings($config, $server);

app/Protocols/SingBox.php

@@ -546,9 +546,9 @@ class SingBox extends AbstractProtocol
                 ];
                 break;
             default: // Standard TLS
-                $tlsConfig['insecure'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', data_get($protocol_settings, 'allow_insecure', false));
+                $tlsConfig['insecure'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false);
                 $this->appendEch($tlsConfig, data_get($protocol_settings, 'tls_settings.ech'));
-                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name', data_get($protocol_settings, 'server_name'))) {
+                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
                     $tlsConfig['server_name'] = $serverName;
                 }
                 break;

app/Protocols/Stash.php

@@ -397,10 +397,10 @@ class Stash extends AbstractProtocol
                 ];
                 break;
             default: // Standard TLS
-                if ($serverName = data_get($protocol_settings, 'server_name')) {
+                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
                     $array['sni'] = $serverName;
                 }
-                $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'allow_insecure', false);
+                $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false);
                 break;
         }
 

app/Protocols/Surfboard.php

@@ -186,12 +186,12 @@ class Surfboard extends AbstractProtocol
             "{$server['host']}",
             "{$server['port']}",
             "password={$password}",
-            data_get($protocol_settings, 'server_name') ? "sni=" . data_get($protocol_settings, 'server_name') : "",
+            data_get($protocol_settings, 'tls_settings.server_name') ? "sni=" . data_get($protocol_settings, 'tls_settings.server_name') : "",
             'tfo=true',
             'udp-relay=true'
         ];
-        if (data_get($protocol_settings, 'allow_insecure')) {
-            array_push($config, !!data_get($protocol_settings, 'allow_insecure') ? 'skip-cert-verify=true' : 'skip-cert-verify=false');
+        if (data_get($protocol_settings, 'tls_settings.allow_insecure', false)) {
+            $config[] = 'skip-cert-verify=true';
         }
         $config = array_filter($config);
         $uri = implode(',', $config);

app/Protocols/Surge.php

@@ -195,12 +195,12 @@ class Surge extends AbstractProtocol
             "{$server['host']}",
             "{$server['port']}",
             "password={$password}",
-            data_get($protocol_settings, 'server_name') ? "sni=" . data_get($protocol_settings, 'server_name') : "",
+            data_get($protocol_settings, 'tls_settings.server_name') ? "sni=" . data_get($protocol_settings, 'tls_settings.server_name') : "",
             'tfo=true',
             'udp-relay=true'
         ];
-        if (!empty($protocol_settings['allow_insecure'])) {
-            array_push($config, !!data_get($protocol_settings, 'allow_insecure') ? 'skip-cert-verify=true' : 'skip-cert-verify=false');
+        if (data_get($protocol_settings, 'tls_settings.allow_insecure', false)) {
+            $config[] = 'skip-cert-verify=true';
         }
         $config = array_filter($config);
         $uri = implode(',', $config);

app/Services/ServerService.php

@@ -284,15 +284,12 @@ class ServerService
             'trojan' => [
                 ...$baseConfig,
                 'host' => $host,
-                'server_name' => data_get($protocolSettings, 'tls_settings.server_name') ?? $protocolSettings['server_name'],
+                'server_name' => data_get($protocolSettings, 'tls_settings.server_name'),
                 'multiplex' => data_get($protocolSettings, 'multiplex'),
                 'tls' => (int) $protocolSettings['tls'],
                 'tls_settings' => match ((int) $protocolSettings['tls']) {
                         2 => $protocolSettings['reality_settings'],
-                        default => array_merge($protocolSettings['tls_settings'] ?? [], [
-                            'server_name' => data_get($protocolSettings, 'tls_settings.server_name') ?? $protocolSettings['server_name'],
-                            'allow_insecure' => data_get($protocolSettings, 'tls_settings.allow_insecure', $protocolSettings['allow_insecure']),
-                        ]),
+                        default => $protocolSettings['tls_settings'],
                     },
             ],
             'vless' => [

database/migrations/2026_04_22_000001_normalize_trojan_tls_settings.php

@@ -0,0 +1,55 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\DB;
+
+return new class extends Migration
+{
+    public function up(): void
+    {
+        DB::table('v2_server')
+            ->where('type', 'trojan')
+            ->chunkById(100, function ($servers) {
+                foreach ($servers as $server) {
+                    $settings = json_decode($server->protocol_settings, true);
+                    if (!$settings) continue;
+
+                    $rootSni = $settings['server_name'] ?? null;
+                    $rootInsecure = $settings['allow_insecure'] ?? false;
+                    $tlsSettings = $settings['tls_settings'] ?? null;
+
+                    $needsUpdate = false;
+
+                    if (!is_array($tlsSettings)) {
+                        if ($rootSni !== null || $rootInsecure) {
+                            $settings['tls_settings'] = [
+                                'server_name' => $rootSni,
+                                'allow_insecure' => (bool) $rootInsecure,
+                            ];
+                            $needsUpdate = true;
+                        }
+                    } else {
+                        $tlsSni = $tlsSettings['server_name'] ?? null;
+                        if (($tlsSni === null || $tlsSni === '') && $rootSni !== null && $rootSni !== '') {
+                            $settings['tls_settings']['server_name'] = $rootSni;
+                            $needsUpdate = true;
+                        }
+                        if (($tlsSettings['allow_insecure'] ?? null) === null && $rootInsecure) {
+                            $settings['tls_settings']['allow_insecure'] = true;
+                            $needsUpdate = true;
+                        }
+                    }
+
+                    if ($needsUpdate) {
+                        DB::table('v2_server')
+                            ->where('id', $server->id)
+                            ->update(['protocol_settings' => json_encode($settings)]);
+                    }
+                }
+            });
+    }
+
+    public function down(): void
+    {
+    }
+};