From a8db33dd2853dea5102308612790a08639564ac0 Mon Sep 17 00:00:00 2001
From: Andrey Petelin <am.petelin@gmail.com>
Date: Fri, 3 Oct 2025 15:40:16 +0500
Subject: [PATCH] feat: add Trojan proxy support (#172)

---
 .../files/usr/lib/sing_box_config_facade.sh   | 129 +++++++++++-------
 1 file changed, 78 insertions(+), 51 deletions(-)

diff --git a/podkop/files/usr/lib/sing_box_config_facade.sh b/podkop/files/usr/lib/sing_box_config_facade.sh
index f087bb6..558b7b5 100644
--- a/podkop/files/usr/lib/sing_box_config_facade.sh
+++ b/podkop/files/usr/lib/sing_box_config_facade.sh
@@ -76,57 +76,8 @@ sing_box_cf_add_proxy_outbound() {
         packet_encoding=$(url_get_query_param "$url" "packetEncoding")
 
         config=$(sing_box_cm_add_vless_outbound "$config" "$tag" "$host" "$port" "$uuid" "$flow" "" "$packet_encoding")
-
-        local transport
-        transport=$(url_get_query_param "$url" "type")
-        case "$transport" in
-        tcp | raw) ;;
-        ws)
-            local ws_path ws_host ws_early_data
-            ws_path=$(url_get_query_param "$url" "path")
-            ws_host=$(url_get_query_param "$url" "host")
-            ws_early_data=$(url_get_query_param "$url" "ed")
-
-            config=$(sing_box_cm_set_ws_transport_for_outbound "$config" "$tag" "$ws_path" "$ws_host" "$ws_early_data")
-            ;;
-        grpc)
-            # TODO(ampetelin): Add handling of optional gRPC parameters; example links are needed.
-            config=$(sing_box_cm_set_grpc_transport_for_outbound "$config" "$tag")
-            ;;
-        *)
-            log "Unknown transport '$transport' detected." "error"
-            ;;
-        esac
-
-        local security
-        security=$(url_get_query_param "$url" "security")
-        case "$security" in
-        tls | reality)
-            local sni insecure alpn fingerprint public_key short_id
-            sni=$(url_get_query_param "$url" "sni")
-            insecure=$(url_get_query_param "$url" "allowInsecure")
-            alpn=$(comma_string_to_json_array "$(url_get_query_param "$url" "alpn")")
-            fingerprint=$(url_get_query_param "$url" "fp")
-            public_key=$(url_get_query_param "$url" "pbk")
-            short_id=$(url_get_query_param "$url" "sid")
-
-            config=$(
-                sing_box_cm_set_tls_for_outbound \
-                    "$config" \
-                    "$tag" \
-                    "$sni" \
-                    "$([ "$insecure" == "1" ] && echo true)" \
-                    "$([ "$alpn" == "[]" ] && echo null || echo "$alpn")" \
-                    "$fingerprint" \
-                    "$public_key" \
-                    "$short_id"
-            )
-            ;;
-        none) ;;
-        *)
-            log "Unknown security '$security' detected." "error"
-            ;;
-        esac
+        config=$(_add_outbound_security "$config" "$url")
+        config=$(_add_outbound_transport "$config" "$url")
         ;;
     ss)
         local userinfo tag host port method password udp_over_tcp
@@ -158,6 +109,17 @@ sing_box_cf_add_proxy_outbound() {
                 "$([ "$udp_over_tcp" == "1" ] && echo 2)" # if udp_over_tcp is enabled, enable version 2
         )
         ;;
+    trojan)
+        local tag host port password
+        tag=$(get_outbound_tag_by_section "$section")
+        host=$(url_get_host "$url")
+        port=$(url_get_port "$url")
+        password=$(url_get_userinfo "$url")
+
+        config=$(sing_box_cm_add_trojan_outbound "$config" "$tag" "$host" "$port" "$password")
+        config=$(_add_outbound_security "$config" "$url")
+        config=$(_add_outbound_transport "$config" "$url")
+        ;;
     *)
         log "Unsupported proxy $scheme type"
         exit 1
@@ -167,6 +129,71 @@ sing_box_cf_add_proxy_outbound() {
     echo "$config"
 }
 
+_add_outbound_security() {
+    local config="$1"
+    local url="$2"
+
+    local security
+    security=$(url_get_query_param "$url" "security")
+    case "$security" in
+    tls | reality)
+        local sni insecure alpn fingerprint public_key short_id
+        sni=$(url_get_query_param "$url" "sni")
+        insecure=$(url_get_query_param "$url" "allowInsecure")
+        alpn=$(comma_string_to_json_array "$(url_get_query_param "$url" "alpn")")
+        fingerprint=$(url_get_query_param "$url" "fp")
+        public_key=$(url_get_query_param "$url" "pbk")
+        short_id=$(url_get_query_param "$url" "sid")
+
+        config=$(
+            sing_box_cm_set_tls_for_outbound \
+                "$config" \
+                "$tag" \
+                "$sni" \
+                "$([ "$insecure" == "1" ] && echo true)" \
+                "$([ "$alpn" == "[]" ] && echo null || echo "$alpn")" \
+                "$fingerprint" \
+                "$public_key" \
+                "$short_id"
+        )
+        ;;
+    none) ;;
+    *)
+        log "Unknown security '$security' detected." "error"
+        ;;
+    esac
+
+    echo "$config"
+}
+
+_add_outbound_transport() {
+    local config="$1"
+    local url="$2"
+
+    local transport
+    transport=$(url_get_query_param "$url" "type")
+    case "$transport" in
+    tcp | raw) ;;
+    ws)
+        local ws_path ws_host ws_early_data
+        ws_path=$(url_get_query_param "$url" "path")
+        ws_host=$(url_get_query_param "$url" "host")
+        ws_early_data=$(url_get_query_param "$url" "ed")
+
+        config=$(sing_box_cm_set_ws_transport_for_outbound "$config" "$tag" "$ws_path" "$ws_host" "$ws_early_data")
+        ;;
+    grpc)
+        # TODO(ampetelin): Add handling of optional gRPC parameters; example links are needed.
+        config=$(sing_box_cm_set_grpc_transport_for_outbound "$config" "$tag")
+        ;;
+    *)
+        log "Unknown transport '$transport' detected." "error"
+        ;;
+    esac
+
+    echo "$config"
+}
+
 sing_box_cf_add_json_outbound() {
     local config="$1"
     local section="$2"