mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-14 00:26:06 +00:00
fix(sub): SS2022 share links must not base64-encode userinfo (#5432)
Per SIP022, ss:// links for 2022-blake3-* methods must NOT base64-encode the userinfo; method and password are percent-encoded instead. Clients like Hiddify reject the base64 form. Fix both the server-side subscription path and the client-side panel link, plus the matching parsers for round-trip import.
This commit is contained in:
@@ -617,6 +617,19 @@ export function genShadowsocksLink(input: GenShadowsocksLinkInput): string {
|
||||
if (isSS2022) passwords.push(settings.password);
|
||||
if (isSSMultiUser) passwords.push(clientPassword);
|
||||
|
||||
if (isSS2022) {
|
||||
// SIP022 (2022-blake3-*) forbids base64 userinfo: method and each key are
|
||||
// percent-encoded, joined by literal ':' separators. Built by hand because
|
||||
// `new URL` would re-encode the inner key separator to %3A.
|
||||
const userinfo = [settings.method, ...passwords].map(encodeURIComponent).join(':');
|
||||
let link = `ss://${userinfo}@${formatUrlHost(address)}:${port}`;
|
||||
const query = params.toString();
|
||||
if (query) link += `?${query}`;
|
||||
link += `#${encodeURIComponent(remark)}`;
|
||||
return link;
|
||||
}
|
||||
|
||||
// SIP002 userinfo is base64(method:pw).
|
||||
const userinfo = Base64.encode(`${settings.method}:${passwords.join(':')}`, true);
|
||||
const url = new URL(`ss://${userinfo}@${formatUrlHost(address)}:${port}`);
|
||||
for (const [key, value] of params) url.searchParams.set(key, value);
|
||||
|
||||
@@ -372,8 +372,15 @@ export function parseShadowsocksLink(link: string): Raw | null {
|
||||
const core = queryIndex >= 0 ? linkNoHash.slice(0, queryIndex) : linkNoHash;
|
||||
const atIndex = core.indexOf('@');
|
||||
if (atIndex >= 0) {
|
||||
try { userInfo = Base64.decode(core.slice('ss://'.length, atIndex)); }
|
||||
catch { userInfo = core.slice('ss://'.length, atIndex); }
|
||||
const rawUserInfo = core.slice('ss://'.length, atIndex);
|
||||
if (rawUserInfo.includes(':')) {
|
||||
// SIP022 (2022-blake3-*) userinfo is percent-encoded, never base64
|
||||
// (a literal ':' can't appear in a base64/base64url string).
|
||||
try { userInfo = decodeURIComponent(rawUserInfo); } catch { userInfo = rawUserInfo; }
|
||||
} else {
|
||||
try { userInfo = Base64.decode(rawUserInfo); }
|
||||
catch { userInfo = rawUserInfo; }
|
||||
}
|
||||
const hostPort = core.slice(atIndex + 1);
|
||||
const colon = hostPort.lastIndexOf(':');
|
||||
if (colon < 0) return null;
|
||||
|
||||
@@ -4,7 +4,7 @@ exports[`genHysteriaLink > hysteria-v1-tls: byte-stable 1`] = `"hysteria://hyst-
|
||||
|
||||
exports[`genInboundLinks orchestrator > hysteria-v1-tls: byte-stable 1`] = `"hysteria://hyst-v1-auth-XYZ@override.test:36715?security=tls&fp=chrome&alpn=h3&sni=hysteria.example.test#parity-test"`;
|
||||
|
||||
exports[`genInboundLinks orchestrator > shadowsocks-tcp-2022: byte-stable 1`] = `"ss://MjAyMi1ibGFrZTMtYWVzLTI1Ni1nY206Wm1GclpTMXpaWEoyWlhJdGNHRnpjM2R2Y21RdE1EQXdNUT09OmRHVnpkQzFqYkdsbGJuUXRjR0Z6YzNkdmNtUXRNUT09@override.test:8388?type=tcp#parity-test"`;
|
||||
exports[`genInboundLinks orchestrator > shadowsocks-tcp-2022: byte-stable 1`] = `"ss://2022-blake3-aes-256-gcm:ZmFrZS1zZXJ2ZXItcGFzc3dvcmQtMDAwMQ%3D%3D:dGVzdC1jbGllbnQtcGFzc3dvcmQtMQ%3D%3D@override.test:8388?type=tcp#parity-test"`;
|
||||
|
||||
exports[`genInboundLinks orchestrator > trojan-ws-tls: byte-stable 1`] = `"trojan://trojan-test-pw-XYZ@override.test:443?type=ws&path=%2Ftrojan&host=trojan.example.test&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=trojan.example.test#parity-test"`;
|
||||
|
||||
@@ -32,7 +32,7 @@ PersistentKeepalive = 25
|
||||
"
|
||||
`;
|
||||
|
||||
exports[`genShadowsocksLink > shadowsocks-tcp-2022: byte-stable 1`] = `"ss://MjAyMi1ibGFrZTMtYWVzLTI1Ni1nY206Wm1GclpTMXpaWEoyWlhJdGNHRnpjM2R2Y21RdE1EQXdNUT09OmRHVnpkQzFqYkdsbGJuUXRjR0Z6YzNkdmNtUXRNUT09@example.test:8388?type=tcp#parity-test"`;
|
||||
exports[`genShadowsocksLink > shadowsocks-tcp-2022: byte-stable 1`] = `"ss://2022-blake3-aes-256-gcm:ZmFrZS1zZXJ2ZXItcGFzc3dvcmQtMDAwMQ%3D%3D:dGVzdC1jbGllbnQtcGFzc3dvcmQtMQ%3D%3D@example.test:8388?type=tcp#parity-test"`;
|
||||
|
||||
exports[`genTrojanLink > trojan-ws-tls: byte-stable 1`] = `"trojan://trojan-test-pw-XYZ@example.test:443?type=ws&path=%2Ftrojan&host=trojan.example.test&security=tls&fp=chrome&alpn=h2%2Chttp%2F1.1&sni=trojan.example.test#parity-test"`;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user