Merge branch 'dev'

README.md

@@ -182,6 +182,8 @@ Trojan-Go的客户端内建一个简单实用的路由模块用以方便实现
 "router": {
     "enabled": true,
     "bypass": [
+        "geoip:tag1",
+        "geosite:tag2",
         "bypass_list1.txt",
         "bypass_list2.txt"
     ],
@@ -194,25 +196,24 @@ Trojan-Go的客户端内建一个简单实用的路由模块用以方便实现
 }
 ```
 
-其中bypass, block, proxy字段中填入相应的列表文件，文件每行是一个域名或者IP地址段(CIDR)。一旦匹配，则执行相应策略。
+其中```bypass```,```block```, ```proxy```字段中填入相应的列表文件或者geo数据库tag。列表文件每行是一个域名或者IP地址段(CIDR)。geo数据库geoip和geosite为IP数据库和域名数据库。一旦匹配，则执行相应策略。
 
-完整的选项说明参见Wiki
+完整的选项说明参见[这里](https://github.com/p4gefau1t/trojan-go/wiki/%E8%BF%9B%E9%98%B6%E9%85%8D%E7%BD%AE---%E5%9B%BD%E5%86%85%E7%9B%B4%E8%BF%9E)。
 
-下面是一个实现国内直连的选项，它将绕过中国大陆IP地址，中国大陆域名，以及内网IP等保留的私有IP地址，直接连接而不通过隧道代理。
+下面是一个实现国内直连的选项，它将绕过中国大陆IP地址，中国大陆域名，以及内网IP等保留的私有IP地址，直接连接远端而不通过隧道代理。
 
 ```
 "router": {
     "enabled": true,
     "bypass": [
-        "cn-domains.txt",
-        "cn-ipv4.txt",
-        "cn-ipv6.txt", 
-        "private-ip.txt"
+        "geoip:cn",
+        "geoip:private",
+        "geosite:cn"
     ]
 }
 ```
 
-上述的列表文件已经包含在release的压缩包中。其中的cn-domains.txt提取自v2ray的[domain-list-community](https://github.com/v2ray/domain-list-community)。
+所需要的geoip.dat和geosite.dat已经包含在release的压缩包中。它们来自v2ray的[domain-list-community](https://github.com/v2ray/domain-list-community)和[geoip](https://github.com/v2ray/geoip)。
 
 ## 构建
 
@@ -314,7 +315,7 @@ server.json
     ],
     "ssl": {
         "cert": "your_cert.crt",
-        "key": "your_key.key",
+        "key": "your_key.key"
     }
 }
 
@@ -338,13 +339,13 @@ client.json
 ```
 ## Certificate requesting
 
-use
+Use
 
 `` `
 sudo ./trojan-go -cert request
 `` `
 
-Request a certificate from Let's Encrypt.
+to request a certificate from Let's Encrypt.
 
 During the process, according to ACME protocol requirements, trojan-go needs to interact with letsencrypt server, so it needs to temporarily occupy local ports 443 and 80. At this time, please temporarily close services such as nginx, apache, or trojan.
 
@@ -405,6 +406,8 @@ To activate the module, setup the "router" option in your config file, for examp
 "router": {
     "enabled": true,
     "bypass": [
+        "geoip:tag1",
+        "geosite:tag2",
         "bypass_list1.txt",
         "bypass_list2.txt"
     ],

build-all.sh

@@ -124,14 +124,14 @@ for name in *;do
   rm $name
 done
 
+cp ../data/*.dat ./
 cp ../data/*.json ./
-cp ../data/*.txt ./
 
 for name in *.zip;do
-  zip -ur $name ./*.txt ./*.json
+  zip -ur $name ./*.dat ./*.json
   sha1sum $name > $name.sha1
 done
 
+rm ./*.dat
 rm ./*.json
-rm ./*.txt
 

cert/cert.go

@@ -8,11 +8,10 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
+	"fmt"
 	"io/ioutil"
 	"os"
 
-	"github.com/p4gefau1t/trojan-go/log"
-
 	"github.com/go-acme/lego/v3/certcrypto"
 	"github.com/go-acme/lego/v3/certificate"
 	"github.com/go-acme/lego/v3/challenge/http01"
@@ -22,7 +21,6 @@ import (
 	"github.com/p4gefau1t/trojan-go/common"
 )
 
-var logger = log.New(os.Stdout)
 var caDir string = "https://acme-v02.api.letsencrypt.org/directory"
 var tlsPort string = "443"
 var httpPort string = "80"
@@ -152,7 +150,7 @@ func obtainCertificate(domain, email string, userKey *ecdsa.PrivateKey, serverKe
 	// Each certificate comes back with the cert bytes, the bytes of the client's
 	// private key, and a certificate URL. SAVE THESE TO DISK.
 	//fmt.Printf("%#v\n", certificates)
-	logger.Info("certificates obtained:", certificates.Domain)
+	fmt.Println("certificates obtained:", certificates.Domain)
 
 	return certificates, nil
 }
@@ -177,13 +175,13 @@ func RequestCert(domain, email string) error {
 	}
 	userKey, err := loadUserKey()
 	if err != nil {
-		logger.Warn("failed to load user key, trying to create one..")
+		fmt.Println("failed to load user key, trying to create one..")
 		userKey, err = createAndSaveUserKey()
 		if err != nil {
 			return err
 		}
 	} else {
-		logger.Warn("found user.key, using exist user key")
+		fmt.Println("found user.key, using exist user key")
 	}
 	cert, err := obtainCertificate(domain, email, userKey, nil)
 	if err != nil {

cert/cli.go

@@ -7,6 +7,7 @@ import (
 	"os"
 
 	"github.com/p4gefau1t/trojan-go/common"
+	"github.com/p4gefau1t/trojan-go/log"
 )
 
 type domainInfo struct {
@@ -31,7 +32,7 @@ func askForConfirmation() bool {
 	var response string
 	_, err := fmt.Scanln(&response)
 	if err != nil {
-		logger.Fatal(err)
+		log.DefaultLogger.Fatal(err)
 	}
 	okayResponses := []string{"y", "Y", "yes", "Yes", "YES"}
 	nokayResponses := []string{"n", "N", "no", "No", "NO"}
@@ -46,11 +47,11 @@ func askForConfirmation() bool {
 }
 
 func RequestCertGuide() {
-	logger.Info("Guide mode: request cert")
+	log.DefaultLogger.Info("Guide mode: request cert")
 
-	logger.Warn("To perform a ACME challenge, trojan-go need the ROOT PRIVILEGE to bind port 80 and 443")
-	logger.Warn("Please make sure you HAVE sudo this program, and port 80/443 is NOT used by other process at this moment")
-	logger.Info("Continue? (y/n)")
+	log.DefaultLogger.Warn("To perform a ACME challenge, trojan-go need the ROOT PRIVILEGE to bind port 80 and 443")
+	log.DefaultLogger.Warn("Please make sure you HAVE sudo this program, and port 80/443 is NOT used by other process at this moment")
+	log.DefaultLogger.Info("Continue? (y/n)")
 
 	if !askForConfirmation() {
 		return
@@ -65,9 +66,9 @@ func RequestCertGuide() {
 		fmt.Println("Your email:")
 		fmt.Scanf("%s", &info.Email)
 	} else {
-		logger.Info("domain_info.json found")
+		log.DefaultLogger.Info("domain_info.json found")
 		if err := json.Unmarshal(data, info); err != nil {
-			logger.Error(common.NewError("failed to parse domain_info.json").Base(err))
+			log.DefaultLogger.Error(common.NewError("failed to parse domain_info.json").Base(err))
 			return
 		}
 	}
@@ -84,36 +85,36 @@ func RequestCertGuide() {
 	ioutil.WriteFile("domain_info.json", data, os.ModePerm)
 
 	if err := RequestCert(info.Domain, info.Email); err != nil {
-		logger.Error(common.NewError("Failed to create cert").Base(err))
+		log.DefaultLogger.Error(common.NewError("Failed to create cert").Base(err))
 		return
 	}
 
-	logger.Info("All done. Certificates has been saved to server.crt and server.key")
-	logger.Warn("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
-	logger.Warn("BACKUP DOMAIN_INFO.JSON, SERVER.KEY, SERVER.CRT AND USER.KEY TO A SAFE PLACE")
-	logger.Warn("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+	log.DefaultLogger.Info("All done. Certificates has been saved to server.crt and server.key")
+	log.DefaultLogger.Warn("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+	log.DefaultLogger.Warn("BACKUP DOMAIN_INFO.JSON, SERVER.KEY, SERVER.CRT AND USER.KEY TO A SAFE PLACE")
+	log.DefaultLogger.Warn("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
 }
 
 func RenewCertGuide() {
-	logger.Info("Guide mode: renew cert")
+	log.DefaultLogger.Info("Guide mode: renew cert")
 
-	logger.Warn("To perform a ACME challenge, trojan-go need the ROOT PRIVILEGE to bind port 80 and 443")
-	logger.Warn("Please make sure you HAVE sudo this program, and port 80/443 is NOT used by other process at this moment")
-	logger.Info("Continue? (y/n)")
+	log.DefaultLogger.Warn("To perform a ACME challenge, trojan-go need the ROOT PRIVILEGE to bind port 80 and 443")
+	log.DefaultLogger.Warn("Please make sure you HAVE sudo this program, and port 80/443 is NOT used by other process at this moment")
+	log.DefaultLogger.Info("Continue? (y/n)")
 
 	if !askForConfirmation() {
 		return
 	}
 
 	data, err := ioutil.ReadFile("domain_info.json")
 	if err != nil {
-		logger.Error(err)
+		log.DefaultLogger.Error(err)
 		return
 	}
 
 	info := &domainInfo{}
 	if err := json.Unmarshal(data, info); err != nil {
-		logger.Error(err)
+		log.DefaultLogger.Error(err)
 	}
 
 	fmt.Printf("Domain: %s, Email: %s\n", info.Domain, info.Email)
@@ -124,8 +125,8 @@ func RenewCertGuide() {
 	}
 
 	if err := RenewCert(info.Domain, info.Email); err != nil {
-		logger.Error(common.NewError("Failed to renew cert").Base(err))
+		log.DefaultLogger.Error(common.NewError("Failed to renew cert").Base(err))
 		return
 	}
-	logger.Info("All done")
+	log.DefaultLogger.Info("All done")
 }

cert/option.go

@@ -4,6 +4,7 @@ import (
 	"flag"
 
 	"github.com/p4gefau1t/trojan-go/common"
+	"github.com/p4gefau1t/trojan-go/log"
 )
 
 type certOption struct {
@@ -31,7 +32,7 @@ func (c *certOption) Handle() error {
 		return common.NewError("not specified")
 	default:
 		err := common.NewError("invalid args " + *c.args)
-		logger.Error(err)
+		log.DefaultLogger.Error(err)
 		return common.NewError("invalid args")
 	}
 }

common/common.go

@@ -8,7 +8,7 @@ import (
 )
 
 const (
-	Version = "v0.0.16"
+	Version = "v0.0.17"
 )
 
 type Runnable interface {

conf/conf.go

@@ -73,16 +73,25 @@ type SQLiteConfig struct {
 
 type RouterConfig struct {
 	Enabled             bool     `json:"enabled"`
-	BypassFiles         []string `json:"bypass"`
-	ProxyFiles          []string `json:"proxy"`
-	BlockFiles          []string `json:"block"`
+	Bypass              []string `json:"bypass"`
+	Proxy               []string `json:"proxy"`
+	Block               []string `json:"block"`
 	DefaultPolicy       string   `json:"default_policy"`
 	RouteByIP           bool     `json:"route_by_ip"`
 	RouteByIPOnNonmatch bool     `json:"route_by_ip_on_nonmatch"`
 
-	Bypass []byte
-	Proxy  []byte
-	Block  []byte
+	BypassList []byte
+	ProxyList  []byte
+	BlockList  []byte
+
+	GeoIP          []byte
+	BypassIPCode   []string
+	ProxyIPCode    []string
+	BlockIPCode    []string
+	GeoSite        []byte
+	BypassSiteCode []string
+	ProxySiteCode  []string
+	BlockSiteCode  []string
 }
 
 type GlobalConfig struct {