diff --git a/app/Protocols/Clash.php b/app/Protocols/Clash.php index f84d99f..563ac5f 100644 --- a/app/Protocols/Clash.php +++ b/app/Protocols/Clash.php @@ -238,10 +238,10 @@ class Clash extends AbstractProtocol $array['port'] = $server['port']; $array['password'] = $password; $array['udp'] = true; - if ($serverName = data_get($protocol_settings, 'server_name')) { + if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) { $array['sni'] = $serverName; } - $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'allow_insecure'); + $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false); switch (data_get($protocol_settings, 'network')) { case 'tcp': diff --git a/app/Protocols/ClashMeta.php b/app/Protocols/ClashMeta.php index 43b9c00..f76cc8a 100644 --- a/app/Protocols/ClashMeta.php +++ b/app/Protocols/ClashMeta.php @@ -535,8 +535,8 @@ class ClashMeta extends AbstractProtocol ]; break; default: // Standard TLS - $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', data_get($protocol_settings, 'allow_insecure', false)); - if ($serverName = data_get($protocol_settings, 'tls_settings.server_name', data_get($protocol_settings, 'server_name'))) { + $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false); + if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) { $array['sni'] = $serverName; } self::appendEch($array, data_get($protocol_settings, 'tls_settings.ech')); diff --git a/app/Protocols/General.php b/app/Protocols/General.php index cbb6ff6..458265d 100644 --- a/app/Protocols/General.php +++ b/app/Protocols/General.php @@ -262,8 +262,8 @@ class General extends AbstractProtocol } break; default: // Standard TLS - $array['allowInsecure'] = data_get($protocol_settings, 'allow_insecure', false); - if ($serverName = data_get($protocol_settings, 'server_name')) { + $array['allowInsecure'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false); + if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) { $array['peer'] = $serverName; $array['sni'] = $serverName; } diff --git a/app/Protocols/Loon.php b/app/Protocols/Loon.php index 737aaea..5bf847b 100644 --- a/app/Protocols/Loon.php +++ b/app/Protocols/Loon.php @@ -205,10 +205,10 @@ class Loon extends AbstractProtocol $config[] = 'skip-cert-verify=' . (data_get($protocol_settings, 'reality_settings.allow_insecure', false) ? 'true' : 'false'); break; default: // Standard TLS - if ($serverName = data_get($protocol_settings, 'server_name')) { + if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) { $config[] = "tls-name={$serverName}"; } - $config[] = 'skip-cert-verify=' . (data_get($protocol_settings, 'allow_insecure') ? 'true' : 'false'); + $config[] = 'skip-cert-verify=' . (data_get($protocol_settings, 'tls_settings.allow_insecure', false) ? 'true' : 'false'); break; } diff --git a/app/Protocols/QuantumultX.php b/app/Protocols/QuantumultX.php index 15f48ab..ed7953f 100644 --- a/app/Protocols/QuantumultX.php +++ b/app/Protocols/QuantumultX.php @@ -191,8 +191,8 @@ class QuantumultX extends AbstractProtocol ]; $tlsData = [ - 'allow_insecure' => data_get($protocol_settings, 'allow_insecure', false), - 'server_name' => data_get($protocol_settings, 'server_name'), + 'allow_insecure' => data_get($protocol_settings, 'tls_settings.allow_insecure', false), + 'server_name' => data_get($protocol_settings, 'tls_settings.server_name'), ]; self::applyTransportSettings($config, $protocol_settings, true, $tlsData); self::applyCommonSettings($config, $server); diff --git a/app/Protocols/SingBox.php b/app/Protocols/SingBox.php index 6d18f13..c2ae572 100644 --- a/app/Protocols/SingBox.php +++ b/app/Protocols/SingBox.php @@ -546,9 +546,9 @@ class SingBox extends AbstractProtocol ]; break; default: // Standard TLS - $tlsConfig['insecure'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', data_get($protocol_settings, 'allow_insecure', false)); + $tlsConfig['insecure'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false); $this->appendEch($tlsConfig, data_get($protocol_settings, 'tls_settings.ech')); - if ($serverName = data_get($protocol_settings, 'tls_settings.server_name', data_get($protocol_settings, 'server_name'))) { + if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) { $tlsConfig['server_name'] = $serverName; } break; diff --git a/app/Protocols/Stash.php b/app/Protocols/Stash.php index 8a3eadc..ef788df 100644 --- a/app/Protocols/Stash.php +++ b/app/Protocols/Stash.php @@ -397,10 +397,10 @@ class Stash extends AbstractProtocol ]; break; default: // Standard TLS - if ($serverName = data_get($protocol_settings, 'server_name')) { + if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) { $array['sni'] = $serverName; } - $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'allow_insecure', false); + $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false); break; } diff --git a/app/Protocols/Surfboard.php b/app/Protocols/Surfboard.php index 23fcf09..d98e1cf 100644 --- a/app/Protocols/Surfboard.php +++ b/app/Protocols/Surfboard.php @@ -186,12 +186,12 @@ class Surfboard extends AbstractProtocol "{$server['host']}", "{$server['port']}", "password={$password}", - data_get($protocol_settings, 'server_name') ? "sni=" . data_get($protocol_settings, 'server_name') : "", + data_get($protocol_settings, 'tls_settings.server_name') ? "sni=" . data_get($protocol_settings, 'tls_settings.server_name') : "", 'tfo=true', 'udp-relay=true' ]; - if (data_get($protocol_settings, 'allow_insecure')) { - array_push($config, !!data_get($protocol_settings, 'allow_insecure') ? 'skip-cert-verify=true' : 'skip-cert-verify=false'); + if (data_get($protocol_settings, 'tls_settings.allow_insecure', false)) { + $config[] = 'skip-cert-verify=true'; } $config = array_filter($config); $uri = implode(',', $config); diff --git a/app/Protocols/Surge.php b/app/Protocols/Surge.php index ee1ea62..f61f2e3 100644 --- a/app/Protocols/Surge.php +++ b/app/Protocols/Surge.php @@ -195,12 +195,12 @@ class Surge extends AbstractProtocol "{$server['host']}", "{$server['port']}", "password={$password}", - data_get($protocol_settings, 'server_name') ? "sni=" . data_get($protocol_settings, 'server_name') : "", + data_get($protocol_settings, 'tls_settings.server_name') ? "sni=" . data_get($protocol_settings, 'tls_settings.server_name') : "", 'tfo=true', 'udp-relay=true' ]; - if (!empty($protocol_settings['allow_insecure'])) { - array_push($config, !!data_get($protocol_settings, 'allow_insecure') ? 'skip-cert-verify=true' : 'skip-cert-verify=false'); + if (data_get($protocol_settings, 'tls_settings.allow_insecure', false)) { + $config[] = 'skip-cert-verify=true'; } $config = array_filter($config); $uri = implode(',', $config); diff --git a/app/Services/ServerService.php b/app/Services/ServerService.php index f25d19d..1271b92 100644 --- a/app/Services/ServerService.php +++ b/app/Services/ServerService.php @@ -284,15 +284,12 @@ class ServerService 'trojan' => [ ...$baseConfig, 'host' => $host, - 'server_name' => data_get($protocolSettings, 'tls_settings.server_name') ?? $protocolSettings['server_name'], + 'server_name' => data_get($protocolSettings, 'tls_settings.server_name'), 'multiplex' => data_get($protocolSettings, 'multiplex'), 'tls' => (int) $protocolSettings['tls'], 'tls_settings' => match ((int) $protocolSettings['tls']) { 2 => $protocolSettings['reality_settings'], - default => array_merge($protocolSettings['tls_settings'] ?? [], [ - 'server_name' => data_get($protocolSettings, 'tls_settings.server_name') ?? $protocolSettings['server_name'], - 'allow_insecure' => data_get($protocolSettings, 'tls_settings.allow_insecure', $protocolSettings['allow_insecure']), - ]), + default => $protocolSettings['tls_settings'], }, ], 'vless' => [ diff --git a/database/migrations/2026_04_22_000001_normalize_trojan_tls_settings.php b/database/migrations/2026_04_22_000001_normalize_trojan_tls_settings.php new file mode 100644 index 0000000..117a00b --- /dev/null +++ b/database/migrations/2026_04_22_000001_normalize_trojan_tls_settings.php @@ -0,0 +1,55 @@ +where('type', 'trojan') + ->chunkById(100, function ($servers) { + foreach ($servers as $server) { + $settings = json_decode($server->protocol_settings, true); + if (!$settings) continue; + + $rootSni = $settings['server_name'] ?? null; + $rootInsecure = $settings['allow_insecure'] ?? false; + $tlsSettings = $settings['tls_settings'] ?? null; + + $needsUpdate = false; + + if (!is_array($tlsSettings)) { + if ($rootSni !== null || $rootInsecure) { + $settings['tls_settings'] = [ + 'server_name' => $rootSni, + 'allow_insecure' => (bool) $rootInsecure, + ]; + $needsUpdate = true; + } + } else { + $tlsSni = $tlsSettings['server_name'] ?? null; + if (($tlsSni === null || $tlsSni === '') && $rootSni !== null && $rootSni !== '') { + $settings['tls_settings']['server_name'] = $rootSni; + $needsUpdate = true; + } + if (($tlsSettings['allow_insecure'] ?? null) === null && $rootInsecure) { + $settings['tls_settings']['allow_insecure'] = true; + $needsUpdate = true; + } + } + + if ($needsUpdate) { + DB::table('v2_server') + ->where('id', $server->id) + ->update(['protocol_settings' => json_encode($settings)]); + } + } + }); + } + + public function down(): void + { + } +};