#!/bin/bash
C="/etc/sing-box/config.json";I="/root/.sb_info.json";D="/root/AnyTLS/tls";S="sing-box";R='\033[0;31m';G='\033[0;32m';P='\033[0m'
[[ $EUID -ne 0 ]] && echo -e "${R}需要Root权限${P}" && exit 1
dep(){ rm -f /etc/sing-box/client_info.json;apt update -y;apt install -y curl jq net-tools openssl;curl -fsSL https://sing-box.app/install.sh|sh -s -- --beta;}
chk(){ [[ "$1" =~ ^[0-9]+$ ]] && [ "$1" -ge 1 ] && [ "$1" -le 65535 ];}; occ(){ netstat -tuln|grep -q ":$1 ";}; ip(){ local i=$(curl -s4 ifconfig.me);[[ -z "$i" ]] && i=$(curl -s6 ifconfig.me);echo "$i";}
gen(){ mkdir -p $D;echo -e "${G}生成证书(CN=$1)...${P}";openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name prime256v1) -keyout $D/server.key -out $D/server.crt -subj "/CN=$1" -days 3650 2>/dev/null;}
inst(){ dep;echo -e "${G}1.仅AnyReality 2.仅AnyTLS 3.双协议${P}";read -p "选择: " m;ib="[]";if="{}";
if [[ "$m" == "1" || "$m" == "3" ]];then echo -e "\n${G}配置AnyReality${P}";while :;do read -p "端口(默认1443): " rp;rp=${rp:-1443};chk "$rp"||continue;occ "$rp"&&echo "${R}占用${P}"&&continue;break;done;read -p "密码(默认随机生成): " rw;[[ -z "$rw" ]]&&rw=$(openssl rand -hex 16);read -p "Reality域名(默认genshin.hoyoverse.com): " rs;rs=${rs:-genshin.hoyoverse.com};k=$(/usr/bin/sing-box generate reality-keypair);sk=$(echo "$k"|grep Private|awk '{print $2}');pk=$(echo "$k"|grep Public|awk '{print $2}');id=$(openssl rand -hex 8);rb=$(jq -n --arg p "$rp" --arg w "$rw" --arg s "$rs" --arg k "$sk" --arg id "$id" '{type:"anytls",listen:"::",listen_port:($p|tonumber),users:[{name:"user",password:$w}],padding_scheme:["stop=8","0=30-30","1=100-400","2=400-500,c,500-1000,c,500-1000,c,500-1000,c,500-1000","3=9-9,500-1000","4=500-1000","5=500-1000","6=500-1000","7=500-1000"],tls:{enabled:true,server_name:$s,reality:{enabled:true,handshake:{server:$s,server_port:443},private_key:$k,short_id:[$id]}}}');ib=$(echo "$ib"|jq --argjson new "$rb" '. + [$new]');if=$(echo "$if"|jq --arg p "$rp" --arg w "$rw" --arg s "$rs" --arg pk "$pk" --arg id "$id" '. + {reality:{port:$p,pwd:$w,sni:$s,pk:$pk,id:$id}}');fi
if [[ "$m" == "2" || "$m" == "3" ]];then echo -e "\n${G}配置AnyTLS${P}";while :;do read -p "端口(默认2026): " tp;tp=${tp:-2026};chk "$tp"||continue;[[ "$m" == "3" && "$tp" == "$rp" ]]&&echo "${R}端口重复${P}"&&continue;occ "$tp"&&echo "${R}占用${P}"&&continue;break;done;read -p "密码(默认随机生成): " tw;[[ -z "$tw" ]]&&tw=$(openssl rand -hex 16);read -p "TLS域名(默认genshin.hoyoverse.com): " ts;ts=${ts:-genshin.hoyoverse.com};gen "$ts";tb=$(jq -n --arg p "$tp" --arg w "$tw" '{type:"anytls",listen:"::",listen_port:($p|tonumber),users:[{password:$w}],padding_scheme:["stop=6","0=23-23","1=50-200","2=330-400,c,500-600,c,700-750,c,780-790,c,800-1200","3=1-1,2800-998","4=670-1800","5=340-600"],tls:{enabled:true,certificate_path:"/root/AnyTLS/tls/server.crt",key_path:"/root/AnyTLS/tls/server.key"}}');ib=$(echo "$ib"|jq --argjson new "$tb" '. + [$new]');if=$(echo "$if"|jq --arg p "$tp" --arg w "$tw" --arg s "$ts" '. + {anytls:{port:$p,pwd:$w,sni:$s}}');fi
echo "$if" > $I;jq -n --argjson ib "$ib" '{log:{level:"info",timestamp:true},inbounds:$ib}' > $C;systemctl daemon-reload;systemctl enable $S;systemctl restart $S;link;}
link(){ [[ ! -f $I ]]&&echo "无配置"&&return;x=$(ip);if jq -e .reality $I >/dev/null;then p=$(jq -r .reality.port $I);w=$(jq -r .reality.pwd $I);s=$(jq -r .reality.sni $I);k=$(jq -r .reality.pk $I);d=$(jq -r .reality.id $I);echo -e "\n${G}[AnyReality]:${P} anytls://${w}@${x}:${p}/?sni=${s}&fp=chrome&pbk=${k}&sid=${d}#AnyReality_${x}";fi;if jq -e .anytls $I >/dev/null;then p=$(jq -r .anytls.port $I);w=$(jq -r .anytls.pwd $I);s=$(jq -r .anytls.sni $I);echo -e "\n${G}[AnyTLS]:${P} anytls://${w}@${x}:${p}/?sni=${s}&insecure=1#AnyTLS_${x}";fi;echo "";}
uninst(){ systemctl stop $S;systemctl disable $S;rm -f /etc/systemd/system/$S.service /usr/bin/$S /usr/local/bin/$S $I;rm -rf /etc/$S /root/AnyTLS;systemctl daemon-reload;echo -e "${G}已卸载${P}";}
menu(){ echo -e "${G}1.安装 2.管理 3.链接 4.状态 5.日志 6.卸载 0.退出${P}";read -p "选项: " o;case $o in 1) inst;;2) read -p "1.启动 2.停止 3.重启: " a;[[ $a == 1 ]]&&systemctl start $S;[[ $a == 2 ]]&&systemctl stop $S;[[ $a == 3 ]]&&systemctl restart $S;;3) link;;4) systemctl status $S;;5) journalctl -u $S -e;;6) uninst;;0) exit;;esac;};while :;do menu;done