fix: fix trajan protocol (#2)

Author: bitxwave

src/protocols/singbox/common/tls.rs

@@ -49,22 +49,27 @@ pub struct ExternalAccount {
 #[skip_serializing_none]
 #[derive(Default, Serialize, Deserialize, Debug, Clone)]
 pub struct Ech {
-    enabled: Option<bool>,
-    pq_signature_schemes_enabled: Option<bool>,
-    dynamic_record_sizing_disabled: Option<bool>,
-    key: Option<Vec<String>>,
-    key_path: Option<String>,
+    pub enabled: Option<bool>,
+    pub config: Option<SingleOrMultipleValue<String>>,
+    pub config_path: Option<String>,
+    pub query_server_name: Option<String>,
+    // deprecated fields kept for backwards compat
+    pub pq_signature_schemes_enabled: Option<bool>,
+    pub dynamic_record_sizing_disabled: Option<bool>,
+    pub key: Option<Vec<String>>,
+    pub key_path: Option<String>,
 }
 
 #[skip_serializing_none]
 #[derive(Default, Serialize, Deserialize, Debug, Clone)]
 pub struct Reality {
-    enabled: Option<bool>,
-    handshake: Option<RealityHandshake>,
-    public_key: Option<String>,
-    private_key: Option<String>,
-    short_id: Option<SingleOrMultipleValue<String>>,
-    max_time_difference: Option<String>,
+    pub enabled: Option<bool>,
+    pub public_key: Option<String>,
+    pub short_id: Option<SingleOrMultipleValue<String>>,
+    // server-side fields
+    pub handshake: Option<RealityHandshake>,
+    pub private_key: Option<String>,
+    pub max_time_difference: Option<String>,
 }
 
 #[skip_serializing_none]
@@ -123,14 +128,36 @@ pub struct Inbound {
 #[derive(Serialize, Deserialize, Debug, Clone)]
 pub struct Outbound {
     pub enabled: Option<bool>,
-    pub insecure: Option<bool>,
+    pub engine: Option<String>,
+    pub disable_sni: Option<bool>,
     pub server_name: Option<String>,
-    pub certificate: Option<SingleOrMultipleValue<String>>,
-    pub fingerprint: Option<TlsFingerprint>,
+    pub insecure: Option<bool>,
     pub alpn: Option<Vec<String>>,
     pub alpn_mode: Option<AlpnMode>,
     pub min_version: Option<String>,
     pub max_version: Option<String>,
+    pub cipher_suites: Option<Vec<String>>,
+    pub curve_preferences: Option<Vec<String>>,
+    pub certificate: Option<SingleOrMultipleValue<String>>,
+    pub certificate_path: Option<String>,
+    pub certificate_public_key_sha256: Option<Vec<String>>,
+    pub client_certificate: Option<SingleOrMultipleValue<String>>,
+    pub client_certificate_path: Option<String>,
+    pub client_key: Option<SingleOrMultipleValue<String>>,
+    pub client_key_path: Option<String>,
+    pub fragment: Option<bool>,
+    pub fragment_fallback_delay: Option<String>,
+    pub record_fragment: Option<bool>,
+    pub spoof: Option<String>,
+    pub spoof_method: Option<String>,
+    pub kernel_tx: Option<bool>,
+    pub kernel_rx: Option<bool>,
+    pub handshake_timeout: Option<String>,
+    pub ech: Option<Ech>,
+    pub utls: Option<Utls>,
+    pub reality: Option<Reality>,
+    // deprecated fields kept for backwards compatibility during deserialization
+    pub fingerprint: Option<TlsFingerprint>,
     pub session_ticket: Option<bool>,
     pub curves: Option<Vec<String>>,
     pub signature_algorithms: Option<String>,
@@ -140,7 +167,13 @@ pub struct Outbound {
     pub early_data_size: Option<u32>,
     pub session_cache_size: Option<u32>,
     pub session_cache_timeout: Option<u64>,
-    pub client_certificate: Option<ClientCertificateConfig>,
+}
+
+#[skip_serializing_none]
+#[derive(Default, Serialize, Deserialize, Debug, Clone)]
+pub struct Utls {
+    pub enabled: Option<bool>,
+    pub fingerprint: Option<String>,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
@@ -163,10 +196,3 @@ pub enum AlpnMode {
     Strict,
 }
 
-#[derive(Debug, Clone, Serialize, Deserialize, Default)]
-pub struct ClientCertificateConfig {
-    pub certificate_path: Option<String>,
-    pub key_path: Option<String>,
-    pub password: Option<String>,
-    pub ocsp_stapling: Option<u64>,
-}

src/protocols/singbox/template_processor.rs

@@ -78,7 +78,8 @@ impl SingboxProcessor {
         serde_json::to_string(&names).unwrap_or_else(|_| "[]".to_string())
     }
 
-    /// Convert Clash VMess parameters to Sing-box format
+    /// Convert VMess parameters to Sing-box format
+    /// Handles both Clash-style flat params and Sing-box-style nested objects
     pub fn convert_vmess_params_to_singbox(
         config: &mut serde_json::Map<String, serde_json::Value>,
         params: &std::collections::HashMap<String, serde_json::Value>,
@@ -102,31 +103,44 @@ impl SingboxProcessor {
             }
         }
 
+        // TLS handling — detect sing-box style nested tls object vs Clash-style boolean
+        if let Some(tls) = params.get("tls") {
+            if let Some(tls_obj) = tls.as_object() {
+                // Sing-box style: tls is already a full object, pass through
+                let mut tls_config = tls_obj.clone();
+                tls_config
+                    .entry("enabled".to_string())
+                    .or_insert(serde_json::Value::Bool(true));
+                config.insert("tls".to_string(), serde_json::Value::Object(tls_config));
+            } else if tls.as_bool().unwrap_or(false) {
+                // Clash style: tls is a boolean, build from flat params
+                let mut tls_config = serde_json::Map::new();
+                tls_config.insert("enabled".to_string(), serde_json::Value::Bool(true));
+
+                if let Some(servername) = params.get("servername").or(params.get("sni")) {
+                    tls_config.insert("server_name".to_string(), servername.clone());
+                }
 
-        // TLS handling
-        let tls_enabled = params
-            .get("tls")
-            .and_then(|v| v.as_bool())
-            .unwrap_or(false);
-
-        if tls_enabled {
-            let mut tls_config = serde_json::Map::new();
-            tls_config.insert("enabled".to_string(), serde_json::Value::Bool(true));
+                if let Some(skip) = params.get("skip-cert-verify") {
+                    tls_config.insert("insecure".to_string(), skip.clone());
+                }
 
-            // servername → server_name
-            if let Some(servername) = params.get("servername").or(params.get("sni")) {
-                tls_config.insert("server_name".to_string(), servername.clone());
+                config.insert("tls".to_string(), serde_json::Value::Object(tls_config));
             }
+        }
 
-            // skip-cert-verify → insecure
-            if let Some(skip) = params.get("skip-cert-verify") {
-                tls_config.insert("insecure".to_string(), skip.clone());
+        // Transport handling — detect sing-box style nested transport object first
+        if let Some(transport) = params.get("transport") {
+            if let Some(transport_obj) = transport.as_object() {
+                config.insert(
+                    "transport".to_string(),
+                    serde_json::Value::Object(transport_obj.clone()),
+                );
+                return;
             }
-
-            config.insert("tls".to_string(), serde_json::Value::Object(tls_config));
         }
 
-        // Transport handling (ws, grpc, h2, http)
+        // Clash-style transport from "network" + opts
         if let Some(network) = params.get("network").and_then(|v| v.as_str()) {
             let mut transport = serde_json::Map::new();
             transport.insert(
@@ -194,30 +208,42 @@ impl SingboxProcessor {
         }
     }
 
-    /// Convert Clash Trojan parameters to Sing-box format
+    /// Convert Trojan parameters to Sing-box format
+    /// Handles both Clash-style flat params (sni, skip-cert-verify) and
+    /// Sing-box-style nested objects (tls: {enabled, server_name, insecure})
     pub fn convert_trojan_params_to_singbox(
         config: &mut serde_json::Map<String, serde_json::Value>,
         params: &std::collections::HashMap<String, serde_json::Value>,
     ) {
-        // TLS is typically enabled by default for Trojan
-        let mut tls_config = serde_json::Map::new();
-        tls_config.insert("enabled".to_string(), serde_json::Value::Bool(true));
-
-        if let Some(sni) = params.get("sni").or(params.get("servername")) {
-            tls_config.insert("server_name".to_string(), sni.clone());
-        }
-
-        if let Some(skip) = params.get("skip-cert-verify") {
-            tls_config.insert("insecure".to_string(), skip.clone());
+        // Check if params already contain a sing-box style tls object
+        if let Some(tls) = params.get("tls") {
+            if let Some(tls_obj) = tls.as_object() {
+                let mut tls_config = tls_obj.clone();
+                tls_config
+                    .entry("enabled".to_string())
+                    .or_insert(serde_json::Value::Bool(true));
+                config.insert("tls".to_string(), serde_json::Value::Object(tls_config));
+            } else {
+                // tls is a boolean or other non-object — build from flat params
+                Self::build_trojan_tls_from_flat_params(config, params);
+            }
+        } else {
+            // No tls key — build from Clash-style flat params
+            Self::build_trojan_tls_from_flat_params(config, params);
         }
 
-        if let Some(alpn) = params.get("alpn") {
-            tls_config.insert("alpn".to_string(), alpn.clone());
+        // Check if params already contain a sing-box style transport object
+        if let Some(transport) = params.get("transport") {
+            if let Some(transport_obj) = transport.as_object() {
+                config.insert(
+                    "transport".to_string(),
+                    serde_json::Value::Object(transport_obj.clone()),
+                );
+                return;
+            }
         }
 
-        config.insert("tls".to_string(), serde_json::Value::Object(tls_config));
-
-        // Transport handling
+        // Clash-style transport from "network" + opts
         if let Some(network) = params.get("network").and_then(|v| v.as_str()) {
             let mut transport = serde_json::Map::new();
             transport.insert(
@@ -254,6 +280,28 @@ impl SingboxProcessor {
             }
         }
     }
+
+    fn build_trojan_tls_from_flat_params(
+        config: &mut serde_json::Map<String, serde_json::Value>,
+        params: &std::collections::HashMap<String, serde_json::Value>,
+    ) {
+        let mut tls_config = serde_json::Map::new();
+        tls_config.insert("enabled".to_string(), serde_json::Value::Bool(true));
+
+        if let Some(sni) = params.get("sni").or(params.get("servername")) {
+            tls_config.insert("server_name".to_string(), sni.clone());
+        }
+
+        if let Some(skip) = params.get("skip-cert-verify") {
+            tls_config.insert("insecure".to_string(), skip.clone());
+        }
+
+        if let Some(alpn) = params.get("alpn") {
+            tls_config.insert("alpn".to_string(), alpn.clone());
+        }
+
+        config.insert("tls".to_string(), serde_json::Value::Object(tls_config));
+    }
 }
 
 impl ProtocolProcessor for SingboxProcessor {