fix: unify Trojan server_name/allow_insecure to tls_settings across all protocols

2026-04-28 06:47:24 +08:00 · 2026-04-18 20:59:32 +08:00
parent bdd7820a69
commit fe62542b7c
11 changed files with 77 additions and 25 deletions
@@ -238,10 +238,10 @@ class Clash extends AbstractProtocol
        $array['port'] = $server['port'];
        $array['password'] = $password;
        $array['udp'] = true;
-        if ($serverName = data_get($protocol_settings, 'server_name')) {
+        if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
            $array['sni'] = $serverName;
        }
-        $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'allow_insecure');
+        $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false);
        switch (data_get($protocol_settings, 'network')) {
            case 'tcp':
@@ -535,8 +535,8 @@ class ClashMeta extends AbstractProtocol
                ];
                break;
            default: // Standard TLS
-                $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', data_get($protocol_settings, 'allow_insecure', false));
+                $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false);
-                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name', data_get($protocol_settings, 'server_name'))) {
+                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
                    $array['sni'] = $serverName;
                }
                self::appendEch($array, data_get($protocol_settings, 'tls_settings.ech'));
@@ -262,8 +262,8 @@ class General extends AbstractProtocol
                }
                break;
            default: // Standard TLS
-                $array['allowInsecure'] = data_get($protocol_settings, 'allow_insecure', false);
+                $array['allowInsecure'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false);
-                if ($serverName = data_get($protocol_settings, 'server_name')) {
+                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
                    $array['peer'] = $serverName;
                    $array['sni'] = $serverName;
                }
@@ -205,10 +205,10 @@ class Loon extends AbstractProtocol
                $config[] = 'skip-cert-verify=' . (data_get($protocol_settings, 'reality_settings.allow_insecure', false) ? 'true' : 'false');
                break;
            default: // Standard TLS
-                if ($serverName = data_get($protocol_settings, 'server_name')) {
+                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
                    $config[] = "tls-name={$serverName}";
                }
-                $config[] = 'skip-cert-verify=' . (data_get($protocol_settings, 'allow_insecure') ? 'true' : 'false');
+                $config[] = 'skip-cert-verify=' . (data_get($protocol_settings, 'tls_settings.allow_insecure', false) ? 'true' : 'false');
                break;
        }
@@ -191,8 +191,8 @@ class QuantumultX extends AbstractProtocol
        ];
        $tlsData = [
-            'allow_insecure' => data_get($protocol_settings, 'allow_insecure', false),
+            'allow_insecure' => data_get($protocol_settings, 'tls_settings.allow_insecure', false),
-            'server_name' => data_get($protocol_settings, 'server_name'),
+            'server_name' => data_get($protocol_settings, 'tls_settings.server_name'),
        ];
        self::applyTransportSettings($config, $protocol_settings, true, $tlsData);
        self::applyCommonSettings($config, $server);
@@ -546,9 +546,9 @@ class SingBox extends AbstractProtocol
                ];
                break;
            default: // Standard TLS
-                $tlsConfig['insecure'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', data_get($protocol_settings, 'allow_insecure', false));
+                $tlsConfig['insecure'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false);
                $this->appendEch($tlsConfig, data_get($protocol_settings, 'tls_settings.ech'));
-                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name', data_get($protocol_settings, 'server_name'))) {
+                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
                    $tlsConfig['server_name'] = $serverName;
                }
                break;
@@ -397,10 +397,10 @@ class Stash extends AbstractProtocol
                ];
                break;
            default: // Standard TLS
-                if ($serverName = data_get($protocol_settings, 'server_name')) {
+                if ($serverName = data_get($protocol_settings, 'tls_settings.server_name')) {
                    $array['sni'] = $serverName;
                }
-                $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'allow_insecure', false);
+                $array['skip-cert-verify'] = (bool) data_get($protocol_settings, 'tls_settings.allow_insecure', false);
                break;
        }
@@ -186,12 +186,12 @@ class Surfboard extends AbstractProtocol
            "{$server['host']}",
            "{$server['port']}",
            "password={$password}",
-            data_get($protocol_settings, 'server_name') ? "sni=" . data_get($protocol_settings, 'server_name') : "",
+            data_get($protocol_settings, 'tls_settings.server_name') ? "sni=" . data_get($protocol_settings, 'tls_settings.server_name') : "",
            'tfo=true',
            'udp-relay=true'
        ];
-        if (data_get($protocol_settings, 'allow_insecure')) {
+        if (data_get($protocol_settings, 'tls_settings.allow_insecure', false)) {
-            array_push($config, !!data_get($protocol_settings, 'allow_insecure') ? 'skip-cert-verify=true' : 'skip-cert-verify=false');
+            $config[] = 'skip-cert-verify=true';
        }
        $config = array_filter($config);
        $uri = implode(',', $config);
@@ -195,12 +195,12 @@ class Surge extends AbstractProtocol
            "{$server['host']}",
            "{$server['port']}",
            "password={$password}",
-            data_get($protocol_settings, 'server_name') ? "sni=" . data_get($protocol_settings, 'server_name') : "",
+            data_get($protocol_settings, 'tls_settings.server_name') ? "sni=" . data_get($protocol_settings, 'tls_settings.server_name') : "",
            'tfo=true',
            'udp-relay=true'
        ];
-        if (!empty($protocol_settings['allow_insecure'])) {
+        if (data_get($protocol_settings, 'tls_settings.allow_insecure', false)) {
-            array_push($config, !!data_get($protocol_settings, 'allow_insecure') ? 'skip-cert-verify=true' : 'skip-cert-verify=false');
+            $config[] = 'skip-cert-verify=true';
        }
        $config = array_filter($config);
        $uri = implode(',', $config);
@@ -284,15 +284,12 @@ class ServerService
            'trojan' => [
                ...$baseConfig,
                'host' => $host,
-                'server_name' => data_get($protocolSettings, 'tls_settings.server_name') ?? $protocolSettings['server_name'],
+                'server_name' => data_get($protocolSettings, 'tls_settings.server_name'),
                'multiplex' => data_get($protocolSettings, 'multiplex'),
                'tls' => (int) $protocolSettings['tls'],
                'tls_settings' => match ((int) $protocolSettings['tls']) {
                        2 => $protocolSettings['reality_settings'],
-                        default => array_merge($protocolSettings['tls_settings'] ?? [], [
+                        default => $protocolSettings['tls_settings'],
                            'server_name' => data_get($protocolSettings, 'tls_settings.server_name') ?? $protocolSettings['server_name'],
                            'allow_insecure' => data_get($protocolSettings, 'tls_settings.allow_insecure', $protocolSettings['allow_insecure']),
                        ]),
                    },
            ],
            'vless' => [
@@ -0,0 +1,55 @@
 <?php
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Support\Facades\DB;
 return new class extends Migration
 {
    public function up(): void
    {
        DB::table('v2_server')
            ->where('type', 'trojan')
            ->chunkById(100, function ($servers) {
                foreach ($servers as $server) {
                    $settings = json_decode($server->protocol_settings, true);
                    if (!$settings) continue;
                    $rootSni = $settings['server_name'] ?? null;
                    $rootInsecure = $settings['allow_insecure'] ?? false;
                    $tlsSettings = $settings['tls_settings'] ?? null;
                    $needsUpdate = false;
                    if (!is_array($tlsSettings)) {
                        if ($rootSni !== null || $rootInsecure) {
                            $settings['tls_settings'] = [
                                'server_name' => $rootSni,
                                'allow_insecure' => (bool) $rootInsecure,
                            ];
                            $needsUpdate = true;
                        }
                    } else {
                        $tlsSni = $tlsSettings['server_name'] ?? null;
                        if (($tlsSni === null || $tlsSni === '') && $rootSni !== null && $rootSni !== '') {
                            $settings['tls_settings']['server_name'] = $rootSni;
                            $needsUpdate = true;
                        }
                        if (($tlsSettings['allow_insecure'] ?? null) === null && $rootInsecure) {
                            $settings['tls_settings']['allow_insecure'] = true;
                            $needsUpdate = true;
                        }
                    }
                    if ($needsUpdate) {
                        DB::table('v2_server')
                            ->where('id', $server->id)
                            ->update(['protocol_settings' => json_encode($settings)]);
                    }
                }
            });
    }
    public function down(): void
    {
    }
 };