diff --git a/fe-app-podkop/locales/calls.json b/fe-app-podkop/locales/calls.json index fbaadad..f1bb11d 100644 --- a/fe-app-podkop/locales/calls.json +++ b/fe-app-podkop/locales/calls.json @@ -41,6 +41,13 @@ "src/podkop/tabs/diagnostic/checks/runNftCheck.ts:106" ] }, + { + "call": "Allows access to YACD from the WAN. Make sure to open the appropriate port in your firewall.", + "key": "Allows access to YACD from the WAN. Make sure to open the appropriate port in your firewall.", + "places": [ + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:247" + ] + }, { "call": "Applicable for SOCKS and Shadowsocks proxy", "key": "Applicable for SOCKS and Shadowsocks proxy", @@ -101,14 +108,14 @@ "call": "Cache File Path", "key": "Cache File Path", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:329" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:348" ] }, { "call": "Cache file path cannot be empty", "key": "Cache file path cannot be empty", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:343" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:362" ] }, { @@ -178,7 +185,7 @@ "call": "Config File Path", "key": "Config File Path", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:316" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:335" ] }, { @@ -276,14 +283,14 @@ "call": "Disable QUIC", "key": "Disable QUIC", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:246" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:265" ] }, { "call": "Disable the QUIC protocol to improve compatibility or fix issues with video streaming", "key": "Disable the QUIC protocol to improve compatibility or fix issues with video streaming", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:247" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:266" ] }, { @@ -365,7 +372,7 @@ "call": "Dont Touch My DHCP!", "key": "Dont Touch My DHCP!", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:307" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:326" ] }, { @@ -387,22 +394,22 @@ "call": "Download Lists via Proxy/VPN", "key": "Download Lists via Proxy/VPN", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:269" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:288" ] }, { "call": "Download Lists via specific proxy section", "key": "Download Lists via specific proxy section", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:278" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:297" ] }, { "call": "Downloading all lists via specific Proxy/VPN", "key": "Downloading all lists via specific Proxy/VPN", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:270", - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:279" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:289", + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:298" ] }, { @@ -455,6 +462,13 @@ "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:237" ] }, + { + "call": "Enable YACD WAN Access", + "key": "Enable YACD WAN Access", + "places": [ + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:246" + ] + }, { "call": "Enter complete outbound configuration in JSON format", "key": "Enter complete outbound configuration in JSON format", @@ -515,14 +529,14 @@ "call": "Exclude NTP", "key": "Exclude NTP", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:365" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:384" ] }, { "call": "Exclude NTP protocol traffic from the tunnel to prevent it from being routed through the proxy or VPN", "key": "Exclude NTP protocol traffic from the tunnel to prevent it from being routed through the proxy or VPN", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:366" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:385" ] }, { @@ -838,7 +852,7 @@ "call": "List Update Frequency", "key": "List Update Frequency", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:257" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:276" ] }, { @@ -977,21 +991,21 @@ "call": "Path must be absolute (start with /)", "key": "Path must be absolute (start with /)", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:347" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:366" ] }, { "call": "Path must contain at least one directory (like /tmp/cache.db)", "key": "Path must contain at least one directory (like /tmp/cache.db)", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:356" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:375" ] }, { "call": "Path must end with cache.db", "key": "Path must end with cache.db", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:351" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:370" ] }, { @@ -1023,7 +1037,7 @@ "call": "Podkop will not modify your DHCP configuration", "key": "Podkop will not modify your DHCP configuration", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:308" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:327" ] }, { @@ -1093,7 +1107,7 @@ "call": "Routing Excluded IPs", "key": "Routing Excluded IPs", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:376" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:395" ] }, { @@ -1152,6 +1166,13 @@ "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/section.js:328" ] }, + { + "call": "Secret key for authenticating remote access to YACD when WAN access is enabled.", + "key": "Secret key for authenticating remote access to YACD when WAN access is enabled.", + "places": [ + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:257" + ] + }, { "call": "Sections", "key": "Sections", @@ -1184,7 +1205,7 @@ "call": "Select how often the domain or subnet lists are updated automatically", "key": "Select how often the domain or subnet lists are updated automatically", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:258" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:277" ] }, { @@ -1213,14 +1234,14 @@ "call": "Select or enter path for sing-box cache file. Change this ONLY if you know what you are doing", "key": "Select or enter path for sing-box cache file. Change this ONLY if you know what you are doing", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:330" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:349" ] }, { "call": "Select path for sing-box config file. Change this ONLY if you know what you are doing", "key": "Select path for sing-box config file. Change this ONLY if you know what you are doing", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:317" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:336" ] }, { @@ -1347,7 +1368,7 @@ "call": "Specify a local IP address to be excluded from routing", "key": "Specify a local IP address to be excluded from routing", "places": [ - "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:377" + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:396" ] }, { @@ -1702,6 +1723,13 @@ "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/section.js:330" ] }, + { + "call": "YACD Secret Key", + "key": "YACD Secret Key", + "places": [ + "../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:256" + ] + }, { "call": "You can select Output Network Interface, by default autodetect", "key": "You can select Output Network Interface, by default autodetect", diff --git a/fe-app-podkop/locales/podkop.pot b/fe-app-podkop/locales/podkop.pot index f0f750a..0bf57c8 100644 --- a/fe-app-podkop/locales/podkop.pot +++ b/fe-app-podkop/locales/podkop.pot @@ -7,8 +7,8 @@ msgid "" msgstr "" "Project-Id-Version: PODKOP\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-10-27 11:15+0200\n" -"PO-Revision-Date: 2025-10-27 11:15+0200\n" +"POT-Creation-Date: 2025-11-06 14:19+0200\n" +"PO-Revision-Date: 2025-11-06 14:19+0200\n" "Last-Translator: divocat \n" "Language-Team: LANGUAGE \n" "Language: \n" @@ -40,6 +40,10 @@ msgstr "" msgid "Additional marking rules found" msgstr "" +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:247 +msgid "Allows access to YACD from the WAN. Make sure to open the appropriate port in your firewall." +msgstr "" + #: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/section.js:175 msgid "Applicable for SOCKS and Shadowsocks proxy" msgstr "" @@ -72,11 +76,11 @@ msgstr "" msgid "Browser is using FakeIP correctly" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:329 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:348 msgid "Cache File Path" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:343 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:362 msgid "Cache file path cannot be empty" msgstr "" @@ -119,7 +123,7 @@ msgstr "" msgid "Community Lists" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:316 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:335 msgid "Config File Path" msgstr "" @@ -175,11 +179,11 @@ msgstr "" msgid "Disable autostart" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:246 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:265 msgid "Disable QUIC" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:247 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:266 msgid "Disable the QUIC protocol to improve compatibility or fix issues with video streaming" msgstr "" @@ -228,7 +232,7 @@ msgstr "" msgid "Domain Resolver" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:307 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:326 msgid "Dont Touch My DHCP!" msgstr "" @@ -241,16 +245,16 @@ msgstr "" msgid "Download" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:269 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:288 msgid "Download Lists via Proxy/VPN" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:278 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:297 msgid "Download Lists via specific proxy section" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:270 -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:279 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:289 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:298 msgid "Downloading all lists via specific Proxy/VPN" msgstr "" @@ -283,6 +287,10 @@ msgstr "" msgid "Enable YACD" msgstr "" +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:246 +msgid "Enable YACD WAN Access" +msgstr "" + #: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/section.js:65 msgid "Enter complete outbound configuration in JSON format" msgstr "" @@ -315,11 +323,11 @@ msgstr "" msgid "Every 5 minutes" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:365 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:384 msgid "Exclude NTP" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:366 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:385 msgid "Exclude NTP protocol traffic from the tunnel to prevent it from being routed through the proxy or VPN" msgstr "" @@ -503,7 +511,7 @@ msgstr "" msgid "Latest" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:257 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:276 msgid "List Update Frequency" msgstr "" @@ -585,15 +593,15 @@ msgstr "" msgid "Path cannot be empty" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:347 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:366 msgid "Path must be absolute (start with /)" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:356 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:375 msgid "Path must contain at least one directory (like /tmp/cache.db)" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:351 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:370 msgid "Path must end with cache.db" msgstr "" @@ -613,7 +621,7 @@ msgstr "" msgid "Podkop Settings" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:308 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:327 msgid "Podkop will not modify your DHCP configuration" msgstr "" @@ -653,7 +661,7 @@ msgstr "" msgid "Router DNS is routed through sing-box" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:376 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:395 msgid "Routing Excluded IPs" msgstr "" @@ -689,6 +697,10 @@ msgstr "" msgid "Russia inside restrictions" msgstr "" +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:257 +msgid "Secret key for authenticating remote access to YACD when WAN access is enabled." +msgstr "" + #: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js:36 msgid "Sections" msgstr "" @@ -705,7 +717,7 @@ msgstr "" msgid "Select DNS protocol to use" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:258 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:277 msgid "Select how often the domain or subnet lists are updated automatically" msgstr "" @@ -722,11 +734,11 @@ msgstr "" msgid "Select or enter DNS server address" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:330 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:349 msgid "Select or enter path for sing-box cache file. Change this ONLY if you know what you are doing" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:317 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:336 msgid "Select path for sing-box config file. Change this ONLY if you know what you are doing" msgstr "" @@ -799,7 +811,7 @@ msgstr "" msgid "Source Network Interface" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:377 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:396 msgid "Specify a local IP address to be excluded from routing" msgstr "" @@ -1014,6 +1026,10 @@ msgstr "" msgid "Warning: Russia inside can only be used with %s. %s already in Russia inside and have been removed from selection." msgstr "" +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:256 +msgid "YACD Secret Key" +msgstr "" + #: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:127 msgid "You can select Output Network Interface, by default autodetect" msgstr "" diff --git a/fe-app-podkop/locales/podkop.ru.po b/fe-app-podkop/locales/podkop.ru.po index 2dcda99..25971ad 100644 --- a/fe-app-podkop/locales/podkop.ru.po +++ b/fe-app-podkop/locales/podkop.ru.po @@ -7,8 +7,8 @@ msgid "" msgstr "" "Project-Id-Version: PODKOP\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-10-27 13:15+0200\n" -"PO-Revision-Date: 2025-10-27 13:15+0200\n" +"POT-Creation-Date: 2025-11-06 16:19+0200\n" +"PO-Revision-Date: 2025-11-06 16:19+0200\n" "Last-Translator: divocat\n" "Language-Team: none\n" "Language: ru\n" @@ -35,6 +35,9 @@ msgstr "Активные соединения" msgid "Additional marking rules found" msgstr "Найдены дополнительные правила маркировки" +msgid "Allows access to YACD from the WAN. Make sure to open the appropriate port in your firewall." +msgstr "Обеспечивает доступ к YACD из WAN. Убедитесь, что в брандмауэре открыт соответствующий порт." + msgid "Applicable for SOCKS and Shadowsocks proxy" msgstr "Применимо для SOCKS и Shadowsocks прокси" @@ -206,6 +209,9 @@ msgstr "Включить смешанный прокси-сервер, разр msgid "Enable YACD" msgstr "Включить YACD" +msgid "Enable YACD WAN Access" +msgstr "Включить доступ YACD WAN" + msgid "Enter complete outbound configuration in JSON format" msgstr "Введите полную конфигурацию исходящего соединения в формате JSON" @@ -497,6 +503,9 @@ msgstr "Запустить диагностику" msgid "Russia inside restrictions" msgstr "Ограничения Russia inside" +msgid "Secret key for authenticating remote access to YACD when WAN access is enabled." +msgstr "Секретный ключ для аутентификации удаленного доступа к YACD при включенном доступе через WAN." + msgid "Sections" msgstr "Секции" @@ -722,5 +731,8 @@ msgstr "Предупреждение: %s нельзя использовать msgid "Warning: Russia inside can only be used with %s. %s already in Russia inside and have been removed from selection." msgstr "Предупреждение: Russia inside может быть использован только с %s. %s уже есть в Russia inside и будет удален из выбранных." +msgid "YACD Secret Key" +msgstr "Секретный ключ YACD" + msgid "You can select Output Network Interface, by default autodetect" msgstr "Вы можете выбрать выходной сетевой интерфейс, по умолчанию он определяется автоматически." diff --git a/fe-app-podkop/src/podkop/methods/custom/getClashApiSecret.ts b/fe-app-podkop/src/podkop/methods/custom/getClashApiSecret.ts new file mode 100644 index 0000000..4bc654a --- /dev/null +++ b/fe-app-podkop/src/podkop/methods/custom/getClashApiSecret.ts @@ -0,0 +1,9 @@ +import { getConfigSections } from './getConfigSections'; + +export async function getClashApiSecret() { + const sections = await getConfigSections(); + + const settings = sections.find((section) => section['.type'] === 'settings'); + + return settings?.yacd_secret_key || ''; +} diff --git a/fe-app-podkop/src/podkop/methods/custom/index.ts b/fe-app-podkop/src/podkop/methods/custom/index.ts index 7ade0fa..8aba225 100644 --- a/fe-app-podkop/src/podkop/methods/custom/index.ts +++ b/fe-app-podkop/src/podkop/methods/custom/index.ts @@ -1,7 +1,9 @@ import { getConfigSections } from './getConfigSections'; import { getDashboardSections } from './getDashboardSections'; +import { getClashApiSecret } from './getClashApiSecret'; export const CustomPodkopMethods = { getConfigSections, getDashboardSections, + getClashApiSecret, }; diff --git a/fe-app-podkop/src/podkop/tabs/dashboard/initController.ts b/fe-app-podkop/src/podkop/tabs/dashboard/initController.ts index e1abeab..2b8c948 100644 --- a/fe-app-podkop/src/podkop/tabs/dashboard/initController.ts +++ b/fe-app-podkop/src/podkop/tabs/dashboard/initController.ts @@ -8,6 +8,7 @@ import { CustomPodkopMethods, PodkopShellMethods } from '../../methods'; import { logger, socket, store, StoreType } from '../../services'; import { renderSections, renderWidget } from './partials'; import { fetchServicesInfo } from '../../fetchers'; +import { getClashApiSecret } from '../../methods/custom/getClashApiSecret'; // Fetchers @@ -38,8 +39,10 @@ async function fetchDashboardSections() { } async function connectToClashSockets() { + const clashApiSecret = await getClashApiSecret(); + socket.subscribe( - `${getClashWsUrl()}/traffic?token=`, + `${getClashWsUrl()}/traffic?token=${clashApiSecret}`, (msg) => { const parsedMsg = JSON.parse(msg); @@ -68,7 +71,7 @@ async function connectToClashSockets() { ); socket.subscribe( - `${getClashWsUrl()}/connections?token=`, + `${getClashWsUrl()}/connections?token=${clashApiSecret}`, (msg) => { const parsedMsg = JSON.parse(msg); diff --git a/fe-app-podkop/src/podkop/types.ts b/fe-app-podkop/src/podkop/types.ts index 25e65d7..0f4ed35 100644 --- a/fe-app-podkop/src/podkop/types.ts +++ b/fe-app-podkop/src/podkop/types.ts @@ -126,6 +126,7 @@ export namespace Podkop { export type ConfigSection = ConfigBaseSection & { '.name': string; '.type': 'settings' | 'section'; + yacd_secret_key?: string; }; export interface MethodSuccessResponse { diff --git a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/main.js b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/main.js index c4b7ee7..638867e 100644 --- a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/main.js +++ b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/main.js @@ -731,10 +731,18 @@ async function getDashboardSections() { }; } +// src/podkop/methods/custom/getClashApiSecret.ts +async function getClashApiSecret() { + const sections = await getConfigSections(); + const settings = sections.find((section) => section[".type"] === "settings"); + return settings?.yacd_secret_key || ""; +} + // src/podkop/methods/custom/index.ts var CustomPodkopMethods = { getConfigSections, - getDashboardSections + getDashboardSections, + getClashApiSecret }; // src/constants.ts @@ -1876,8 +1884,9 @@ async function fetchDashboardSections() { }); } async function connectToClashSockets() { + const clashApiSecret = await getClashApiSecret(); socket.subscribe( - `${getClashWsUrl()}/traffic?token=`, + `${getClashWsUrl()}/traffic?token=${clashApiSecret}`, (msg) => { const parsedMsg = JSON.parse(msg); store.set({ @@ -1904,7 +1913,7 @@ async function connectToClashSockets() { } ); socket.subscribe( - `${getClashWsUrl()}/connections?token=`, + `${getClashWsUrl()}/connections?token=${clashApiSecret}`, (msg) => { const parsedMsg = JSON.parse(msg); store.set({ diff --git a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js index d0b85b8..7dd8f20 100644 --- a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js +++ b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js @@ -240,6 +240,25 @@ function createSettingsContent(section) { o.default = "0"; o.rmempty = false; + o = section.option( + form.Flag, + "enable_yacd_wan_access", + _("Enable YACD WAN Access"), + _("Allows access to YACD from the WAN. Make sure to open the appropriate port in your firewall."), + ); + o.depends("enable_yacd", "1"); + o.default = "0"; + o.rmempty = false; + + o = section.option( + form.Value, + "yacd_secret_key", + _("YACD Secret Key"), + _("Secret key for authenticating remote access to YACD when WAN access is enabled."), + ); + o.depends("enable_yacd_wan_access", "1"); + o.rmempty = false; + o = section.option( form.Flag, "disable_quic", diff --git a/luci-app-podkop/po/ru/podkop.po b/luci-app-podkop/po/ru/podkop.po index 468a438..25971ad 100644 --- a/luci-app-podkop/po/ru/podkop.po +++ b/luci-app-podkop/po/ru/podkop.po @@ -7,8 +7,8 @@ msgid "" msgstr "" "Project-Id-Version: PODKOP\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-10-27 13:15+0200\n" -"PO-Revision-Date: 2025-10-27 13:15+0200\n" +"POT-Creation-Date: 2025-11-06 16:19+0200\n" +"PO-Revision-Date: 2025-11-06 16:19+0200\n" "Last-Translator: divocat\n" "Language-Team: none\n" "Language: ru\n" @@ -35,6 +35,9 @@ msgstr "Активные соединения" msgid "Additional marking rules found" msgstr "Найдены дополнительные правила маркировки" +msgid "Allows access to YACD from the WAN. Make sure to open the appropriate port in your firewall." +msgstr "Обеспечивает доступ к YACD из WAN. Убедитесь, что в брандмауэре открыт соответствующий порт." + msgid "Applicable for SOCKS and Shadowsocks proxy" msgstr "Применимо для SOCKS и Shadowsocks прокси" @@ -206,6 +209,9 @@ msgstr "Включить смешанный прокси-сервер, разр msgid "Enable YACD" msgstr "Включить YACD" +msgid "Enable YACD WAN Access" +msgstr "Включить доступ YACD WAN" + msgid "Enter complete outbound configuration in JSON format" msgstr "Введите полную конфигурацию исходящего соединения в формате JSON" @@ -497,6 +503,9 @@ msgstr "Запустить диагностику" msgid "Russia inside restrictions" msgstr "Ограничения Russia inside" +msgid "Secret key for authenticating remote access to YACD when WAN access is enabled." +msgstr "Секретный ключ для аутентификации удаленного доступа к YACD при включенном доступе через WAN." + msgid "Sections" msgstr "Секции" @@ -681,10 +690,10 @@ msgid "URLTest Proxy Links" msgstr "Ссылки прокси для URLTest" msgid "URLTest Testing URL" -msgstr "URL для тестирования URLTest" +msgstr "URLTest ссылка для проверки" msgid "URLTest Tolerance" -msgstr "Порог переключения URLTest" +msgstr "URLTest допустимое отклонение" msgid "User Domain List Type" msgstr "Тип пользовательского списка доменов" @@ -722,5 +731,8 @@ msgstr "Предупреждение: %s нельзя использовать msgid "Warning: Russia inside can only be used with %s. %s already in Russia inside and have been removed from selection." msgstr "Предупреждение: Russia inside может быть использован только с %s. %s уже есть в Russia inside и будет удален из выбранных." +msgid "YACD Secret Key" +msgstr "Секретный ключ YACD" + msgid "You can select Output Network Interface, by default autodetect" msgstr "Вы можете выбрать выходной сетевой интерфейс, по умолчанию он определяется автоматически." diff --git a/luci-app-podkop/po/templates/podkop.pot b/luci-app-podkop/po/templates/podkop.pot index f0f750a..0bf57c8 100644 --- a/luci-app-podkop/po/templates/podkop.pot +++ b/luci-app-podkop/po/templates/podkop.pot @@ -7,8 +7,8 @@ msgid "" msgstr "" "Project-Id-Version: PODKOP\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-10-27 11:15+0200\n" -"PO-Revision-Date: 2025-10-27 11:15+0200\n" +"POT-Creation-Date: 2025-11-06 14:19+0200\n" +"PO-Revision-Date: 2025-11-06 14:19+0200\n" "Last-Translator: divocat \n" "Language-Team: LANGUAGE \n" "Language: \n" @@ -40,6 +40,10 @@ msgstr "" msgid "Additional marking rules found" msgstr "" +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:247 +msgid "Allows access to YACD from the WAN. Make sure to open the appropriate port in your firewall." +msgstr "" + #: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/section.js:175 msgid "Applicable for SOCKS and Shadowsocks proxy" msgstr "" @@ -72,11 +76,11 @@ msgstr "" msgid "Browser is using FakeIP correctly" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:329 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:348 msgid "Cache File Path" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:343 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:362 msgid "Cache file path cannot be empty" msgstr "" @@ -119,7 +123,7 @@ msgstr "" msgid "Community Lists" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:316 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:335 msgid "Config File Path" msgstr "" @@ -175,11 +179,11 @@ msgstr "" msgid "Disable autostart" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:246 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:265 msgid "Disable QUIC" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:247 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:266 msgid "Disable the QUIC protocol to improve compatibility or fix issues with video streaming" msgstr "" @@ -228,7 +232,7 @@ msgstr "" msgid "Domain Resolver" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:307 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:326 msgid "Dont Touch My DHCP!" msgstr "" @@ -241,16 +245,16 @@ msgstr "" msgid "Download" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:269 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:288 msgid "Download Lists via Proxy/VPN" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:278 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:297 msgid "Download Lists via specific proxy section" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:270 -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:279 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:289 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:298 msgid "Downloading all lists via specific Proxy/VPN" msgstr "" @@ -283,6 +287,10 @@ msgstr "" msgid "Enable YACD" msgstr "" +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:246 +msgid "Enable YACD WAN Access" +msgstr "" + #: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/section.js:65 msgid "Enter complete outbound configuration in JSON format" msgstr "" @@ -315,11 +323,11 @@ msgstr "" msgid "Every 5 minutes" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:365 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:384 msgid "Exclude NTP" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:366 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:385 msgid "Exclude NTP protocol traffic from the tunnel to prevent it from being routed through the proxy or VPN" msgstr "" @@ -503,7 +511,7 @@ msgstr "" msgid "Latest" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:257 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:276 msgid "List Update Frequency" msgstr "" @@ -585,15 +593,15 @@ msgstr "" msgid "Path cannot be empty" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:347 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:366 msgid "Path must be absolute (start with /)" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:356 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:375 msgid "Path must contain at least one directory (like /tmp/cache.db)" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:351 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:370 msgid "Path must end with cache.db" msgstr "" @@ -613,7 +621,7 @@ msgstr "" msgid "Podkop Settings" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:308 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:327 msgid "Podkop will not modify your DHCP configuration" msgstr "" @@ -653,7 +661,7 @@ msgstr "" msgid "Router DNS is routed through sing-box" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:376 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:395 msgid "Routing Excluded IPs" msgstr "" @@ -689,6 +697,10 @@ msgstr "" msgid "Russia inside restrictions" msgstr "" +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:257 +msgid "Secret key for authenticating remote access to YACD when WAN access is enabled." +msgstr "" + #: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js:36 msgid "Sections" msgstr "" @@ -705,7 +717,7 @@ msgstr "" msgid "Select DNS protocol to use" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:258 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:277 msgid "Select how often the domain or subnet lists are updated automatically" msgstr "" @@ -722,11 +734,11 @@ msgstr "" msgid "Select or enter DNS server address" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:330 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:349 msgid "Select or enter path for sing-box cache file. Change this ONLY if you know what you are doing" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:317 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:336 msgid "Select path for sing-box config file. Change this ONLY if you know what you are doing" msgstr "" @@ -799,7 +811,7 @@ msgstr "" msgid "Source Network Interface" msgstr "" -#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:377 +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:396 msgid "Specify a local IP address to be excluded from routing" msgstr "" @@ -1014,6 +1026,10 @@ msgstr "" msgid "Warning: Russia inside can only be used with %s. %s already in Russia inside and have been removed from selection." msgstr "" +#: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:256 +msgid "YACD Secret Key" +msgstr "" + #: ../luci-app-podkop/htdocs/luci-static/resources/view/podkop/settings.js:127 msgid "You can select Output Network Interface, by default autodetect" msgstr "" diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop index b7f1295..6783d17 100755 --- a/podkop/files/usr/bin/podkop +++ b/podkop/files/usr/bin/podkop @@ -1079,16 +1079,39 @@ sing_box_configure_experimental() { config_get cache_file "settings" "cache_path" "/tmp/sing-box/cache.db" config=$(sing_box_cm_configure_cache_file "$config" true "$cache_file" true) - local enable_yacd external_controller_ui - config_get_bool enable_yacd "settings" "enable_yacd" 0 log "Configuring Clash API" + local enable_yacd enable_yacd_wan_access clash_api_controller_address + config_get_bool enable_yacd "settings" "enable_yacd" 0 + config_get_bool enable_yacd_wan_access "settings" "enable_yacd_wan_access" 0 + + if [ "$enable_yacd" -eq 1 ] && [ "$enable_yacd_wan_access" -eq 1 ]; then + clash_api_controller_address="0.0.0.0" + else + clash_api_controller_address="$(get_service_listen_address)" + if [ -z "$clash_api_controller_address" ]; then + log "Could not determine the listening IP address for the Clash API controller. It will run only on localhost." "warn" + clash_api_controller_address="127.0.0.1" + fi + fi + if [ "$enable_yacd" -eq 1 ]; then log "YACD is enabled, enabling Clash API with downloadable YACD" "debug" - local external_controller_ui="ui" - config=$(sing_box_cm_configure_clash_api "$config" "$SB_CLASH_API_CONTROLLER" "$external_controller_ui") + local yacd_secret_key external_controller_ui + config_get yacd_secret_key "settings" "yacd_secret_key" + external_controller_ui="ui" + + config=$( + sing_box_cm_configure_clash_api \ + "$config" \ + "$clash_api_controller_address:$SB_CLASH_API_CONTROLLER_PORT" \ + "$external_controller_ui" \ + "$yacd_secret_key" + ) else log "YACD is disabled, enabling Clash API in online mode" "debug" - config=$(sing_box_cm_configure_clash_api "$config" "$SB_CLASH_API_CONTROLLER") + config=$( + sing_box_cm_configure_clash_api "$config" "$clash_api_controller_address:$SB_CLASH_API_CONTROLLER_PORT" + ) fi } @@ -1117,8 +1140,13 @@ sing_box_additional_inbounds() { configure_section_mixed_proxy() { local section="$1" - local mixed_inbound_enabled mixed_proxy_port mixed_inbound_tag mixed_outbound_tag + local mixed_inbound_enabled mixed_proxy_port mixed_inbound_tag mixed_outbound_tag mixed_proxy_address config_get_bool mixed_inbound_enabled "$section" "mixed_proxy_enabled" 0 + mixed_proxy_address="$(get_service_listen_address)" + if [ -z "$mixed_proxy_address" ]; then + log "Could not determine the listening IP address for the Mixed Proxy. The proxy will not be created." "warn" + return 1 + fi config_get mixed_proxy_port "$section" "mixed_proxy_port" if [ "$mixed_inbound_enabled" -eq 1 ]; then mixed_inbound_tag="$(get_inbound_tag_by_section "$section-mixed")" @@ -1127,7 +1155,7 @@ configure_section_mixed_proxy() { sing_box_cf_add_mixed_inbound_and_route_rule \ "$config" \ "$mixed_inbound_tag" \ - "$SB_MIXED_INBOUND_ADDRESS" \ + "$mixed_proxy_address" \ "$mixed_proxy_port" \ "$mixed_outbound_tag" ) @@ -1460,6 +1488,23 @@ section_has_enabled_lists() { fi } +get_service_listen_address() { + local service_listen_address + + service_listen_address="$(uci_get "network" "lan" "ipaddr")" + + if [ -z "$service_listen_address" ]; then + config_get service_listen_address "settings" "service_listen_address" # TODO(ampetelin): Remove after testing + fi + + if [ -z "$service_listen_address" ]; then + log "Failed to determine the listening IP address. Please open an issue to report this problem: https://github.com/itdoginfo/podkop/issues" "error" + return 1 + fi + + echo "$service_listen_address" +} + ## nftables nft_list_all_traffic_from_ip() { local ip="$1" @@ -1671,7 +1716,7 @@ check_logs() { nolog "Logs not found" return 1 fi - ы + # Find the last occurrence of "Starting podkop" local start_line start_line=$(echo "$logs" | grep -n "podkop.*Starting podkop" | tail -n 1 | cut -d: -f1) @@ -1733,6 +1778,7 @@ show_config() { -e 's/\(list urltest_proxy_links\).*/\1 '\''MASKED'\''/g' \ -e "s@\\(option dns_server '[^/]*\\)/[^']*'@\\1/MASKED'@g" \ -e "s@\\(option domain_resolver_dns_server '[^/]*\\)/[^']*'@\\1/MASKED'@g" \ + -e 's/\(option yacd_secret_key\).*/\1 '\''MASKED'\''/g' \ "$PODKOP_CONFIG" > "$tmp_config" cat "$tmp_config" @@ -2112,13 +2158,28 @@ check_fakeip() { ####################################### clash_api() { - local CLASH_URL="127.0.0.1:9090" - local TEST_URL="https://www.gstatic.com/generate_204" local action="$1" + local clash_api_controller_address CLASH_URL TEST_URL + clash_api_controller_address="$(get_service_listen_address)" + if [ -z "$clash_api_controller_address" ]; then + clash_api_controller_address="127.0.0.1" + fi + CLASH_URL="$clash_api_controller_address:$SB_CLASH_API_CONTROLLER_PORT" + TEST_URL="https://www.gstatic.com/generate_204" + + local enable_yacd_wan_access yacd_secret_key auth_header + config_get_bool enable_yacd_wan_access "settings" "enable_yacd_wan_access" 0 + config_get yacd_secret_key "settings" "yacd_secret_key" + + if [ "$enable_yacd_wan_access" -eq 1 ]; then + auth_header="Authorization: Bearer $yacd_secret_key" + else + auth_header="" + fi case "$action" in get_proxies) - curl -s "$CLASH_URL/proxies" | jq . + curl -s --header "$auth_header" "$CLASH_URL/proxies" | jq . ;; get_proxy_latency) @@ -2131,6 +2192,7 @@ clash_api() { fi curl -G -s "$CLASH_URL/proxies/$proxy_tag/delay" \ + --header "$auth_header" \ --data-urlencode "url=$TEST_URL" \ --data-urlencode "timeout=$timeout" | jq . ;; @@ -2145,6 +2207,7 @@ clash_api() { fi curl -G -s "$CLASH_URL/group/$group_tag/delay" \ + --header "$auth_header" \ --data-urlencode "url=$TEST_URL" \ --data-urlencode "timeout=$timeout" | jq . ;; @@ -2159,8 +2222,11 @@ clash_api() { fi local response - response=$(curl -X PUT -s -w "\n%{http_code}" "$CLASH_URL/proxies/$group_tag" \ - --data-raw "{\"name\":\"$proxy_tag\"}") + response=$( + curl -X PUT -s -w "\n%{http_code}" "$CLASH_URL/proxies/$group_tag" \ + --header "$auth_header" \ + --data-raw "{\"name\":\"$proxy_tag\"}" + ) local http_code local body diff --git a/podkop/files/usr/lib/constants.sh b/podkop/files/usr/lib/constants.sh index 6d98d79..2d2612f 100644 --- a/podkop/files/usr/lib/constants.sh +++ b/podkop/files/usr/lib/constants.sh @@ -38,7 +38,6 @@ SB_TPROXY_INBOUND_PORT=1602 SB_DNS_INBOUND_TAG="dns-in" SB_DNS_INBOUND_ADDRESS="127.0.0.42" SB_DNS_INBOUND_PORT=53 -SB_MIXED_INBOUND_ADDRESS="0.0.0.0" # TODO(ampetelin): maybe to determine address? SB_SERVICE_MIXED_INBOUND_TAG="service-mixed-in" SB_SERVICE_MIXED_INBOUND_ADDRESS="127.0.0.1" SB_SERVICE_MIXED_INBOUND_PORT=4534 @@ -47,7 +46,7 @@ SB_DIRECT_OUTBOUND_TAG="direct-out" # Route SB_REJECT_RULE_TAG="reject-rule-tag" # Experimental -SB_CLASH_API_CONTROLLER="0.0.0.0:9090" +SB_CLASH_API_CONTROLLER_PORT=9090 ## Lists GITHUB_RAW_URL="https://raw.githubusercontent.com/itdoginfo/allow-domains/main" diff --git a/podkop/files/usr/lib/sing_box_config_manager.sh b/podkop/files/usr/lib/sing_box_config_manager.sh index f2b745a..ff817aa 100644 --- a/podkop/files/usr/lib/sing_box_config_manager.sh +++ b/podkop/files/usr/lib/sing_box_config_manager.sh @@ -1339,9 +1339,10 @@ sing_box_cm_configure_cache_file() { ####################################### # Configure the experimental clash_api section of a sing-box JSON configuration. # Arguments: -# config: JSON configuration (string) -# external_controller: API listening address; Clash API will be disabled if empty -# external_ui: Optional path to static web resources to serve at http://{{external-controller}}/ui +# config: string, JSON configuration +# external_controller: string, API listening address; Clash API will be disabled if empty +# external_ui: string, Optional path to static web resources to serve at http://{{external-controller}}/ui +# secret: string, Optional secret for the RESTful API Authenticate by specifying HTTP header # Outputs: # Writes updated JSON configuration to stdout # Example: @@ -1351,14 +1352,17 @@ sing_box_cm_configure_clash_api() { local config="$1" local external_controller="$2" local external_ui="$3" + local secret="$4" echo "$config" | jq \ --arg external_controller "$external_controller" \ --arg external_ui "$external_ui" \ + --arg secret "$secret" \ '.experimental.clash_api = { external_controller: $external_controller, } - + (if $external_ui != "" then { external_ui: $external_ui } else {} end)' + + (if $external_ui != "" then { external_ui: $external_ui } else {} end) + + (if $secret != "" then { secret: $secret } else {} end)' } #######################################