diff --git a/scripts/menus/7_gateway.sh b/scripts/menus/7_gateway.sh index 1f01d0a2..664514f1 100644 --- a/scripts/menus/7_gateway.sh +++ b/scripts/menus/7_gateway.sh @@ -11,10 +11,7 @@ __IS_MODULE_7_GATEWAY_LOADED=1 # 访问与控制主菜单 gateway() { while true; do - line_break - separator_line "=" - content_line "\033[30;47m访问与控制\033[0m" - separator_line "=" + comp_box "\033[30;47m访问与控制菜单\033[0m" content_line "1) 配置\033[33m公网访问防火墙 \033[32m$fw_wan\033[0m" content_line "2) 配置\033[36mTelegram专属控制机器人 \033[32m$bot_tg_service\033[0m" content_line "3) 配置\033[36mDDNS自动域名\033[0m" @@ -24,6 +21,7 @@ gateway() { content_line "6) 配置\033[36mTailscale内网穿透\033[0m(限Singbox) \033[32m$ts_service\033[0m" content_line "7) 配置\033[36mWireguard客户端\033[0m(限Singbox) \033[32m$wg_service\033[0m" } + content_line "" content_line "0) 返回上级菜单" separator_line "=" read -r -p "请输入对应标号> " num @@ -32,15 +30,11 @@ gateway() { break ;; 1) - line_break - separator_line "=" if [ -n "$(pidof CrashCore)" ] && [ "$firewall_mod" = 'iptables' ]; then - content_line "\033[33m公网访问防火墙需要先停止服务\033[0m" - content_line "是否确认继续:" - separator_line "=" - content_line "1) 是" - content_line "0) 否,返回上级菜单" - separator_line "=" + comp_box "\033[33m公网访问防火墙需要先停止服务\033[0m" \ + "是否确认继续?" + btm_box "1) 是" \ + "0) 否,返回上级菜单" read -r -p "请输入对应标号> " res if [ "$res" = 1 ]; then "$CRASHDIR"/start.sh stop && set_fw_wan @@ -67,27 +61,18 @@ gateway() { if echo "$crashcore" | grep -q 'sing'; then set_tailscale else - line_break - separator_line "=" - content_line "\033[33m$crashcore内核暂不支持此功能,请先更换内核!\033[0m" - separator_line "=" - sleep 1 + msg_alert "\033[33m$crashcore内核暂不支持此功能,请先更换内核!\033[0m" fi ;; 7) if echo "$crashcore" | grep -q 'sing'; then set_wireguard else - line_break - separator_line "=" - content_line "\033[33m$crashcore内核暂不支持此功能,请先更换内核!\033[0m" - separator_line "=" - sleep 1 + msg_alert "\033[33m$crashcore内核暂不支持此功能,请先更换内核!\033[0m" fi ;; *) errornum - sleep 1 ;; esac done @@ -106,12 +91,12 @@ set_fw_wan() { content_line "当前自动放行端口:\033[36m$vms_port $sss_port\033[0m" content_line "默认拦截端口:\033[33m$mix_port,$db_port\033[0m" separator_line "=" - content_line "1) 启用/关闭公网防火墙:\033[36m$fw_wan\033[0m" - content_line "2) 添加放行端口(可包含默认拦截端口)" - content_line "3) 移除指定手动放行端口" - content_line "4) 清空全部手动放行端口" - content_line "0) 返回上级菜单" - separator_line "=" + btm_box "1) 启用/关闭公网防火墙:\033[36m$fw_wan\033[0m" \ + "2) 添加放行端口(可包含默认拦截端口)" \ + "3) 移除指定手动放行端口" \ + "4) 清空全部手动放行端口" \ + "" \ + "0) 返回上级菜单" read -r -p "请输入对应标号> " num case $num in "" | 0) @@ -119,14 +104,10 @@ set_fw_wan() { ;; 1) if [ "$fw_wan" = ON ]; then - line_break - separator_line "=" - content_line "是否确认关闭防火墙?" - content_line "这会带来极大的安全隐患!" - separator_line "=" - content_line "1) 是" - content_line "0) 否,返回上级菜单" - separator_line "=" + comp_box "是否确认关闭防火墙?" \ + "这会带来极大的安全隐患!" + btm_box "1) 是" \ + "0) 否,返回上级菜单" read -r -p "请输入对应标号> " res if [ "$res" = 1 ]; then fw_wan=OFF @@ -139,77 +120,55 @@ set_fw_wan() { setconfig fw_wan "$fw_wan" ;; 2) - line_break port_count=$(echo "$fw_wan_ports" | awk -F',' '{print NF}') if [ "$port_count" -ge 10 ]; then - separator_line "=" - content_line "\033[31m最多支持设置放行10个端口,请先减少一些!\033[0m" - separator_line "=" + msg_alert "\033[31m最多支持设置放行10个端口,请先减少一些!\033[0m" else + line_break read -r -p "请输入要放行的端口号> " port if echo ",$fw_wan_ports," | grep -q ",$port,"; then - line_break - separator_line "=" - content_line "\033[31m输入错误!请勿重复添加!\033[0m" - separator_line "=" + msg_alert "\033[31m输入错误!请勿重复添加!\033[0m" elif [ "$port" -lt 1 ] || [ "$port" -gt 65535 ]; then - line_break - separator_line "=" - content_line "\033[31m输入错误!请输入正确的数值(1-65535)!\033[0m" - separator_line "=" + msg_alert "\033[31m输入错误!请输入正确的数值(1-65535)!\033[0m" else fw_wan_ports=$(echo "$fw_wan_ports,$port" | sed "s/^,//") - setconfig fw_wan_ports "$fw_wan_ports" + if setconfig fw_wan_ports "$fw_wan_ports"; then + common_success + else + common_faileds + fi fi fi - sleep 1 ;; 3) while true; do - line_break - separator_line "=" - content_line "请直接输入要移除的端口号" - content_line "或输入 0 返回上级菜单" - separator_line "=" + comp_box "\033[36m请直接输入要移除的端口号\033[0m" \ + "或输入 0 返回上级菜单" read -r -p "请输入> " port if [ "$port" = 0 ]; then break elif echo ",$fw_wan_ports," | grep -q ",$port,"; then if [ "$port" -lt 1 ] || [ "$port" -gt 65535 ]; then - line_break - separator_line "=" - content_line "\033[31m输入错误!\033[0m" - content_line "\033[31m请输入正确的数值(1-65535)!\033[0m" - separator_line "=" - sleep 1 + msg_alert "\033[31m输入错误!\033[0m" \ + "\033[31m请输入正确的数值(1-65535)!\033[0m" else fw_wan_ports=$(echo ",$fw_wan_ports," | sed "s/,$port//; s/^,//; s/,$//") setconfig fw_wan_ports "$fw_wan_ports" break fi else - line_break - separator_line "=" - content_line "\033[31m输入错误!\033[0m" - content_line "\033[31m请输入已添加过的端口!\033[0m" - separator_line "=" - sleep 1 + msg_alert "\033[31m输入错误!\033[0m" \ + "\033[31m请输入已添加过的端口!\033[0m" fi done ;; 4) fw_wan_ports='' setconfig fw_wan_ports - - line_break - separator_line "=" - content_line "\033[32m操作成功\033[0m" - separator_line "=" - sleep 1 + msg_alert "\033[32m操作成功\033[0m" ;; *) errornum - sleep 1 ;; esac done @@ -236,10 +195,7 @@ EOF web_json_post "$bot_api/setMyCommands" "$JSON" web_json_post "$bot_api/sendMessage" '{"chat_id":"'"$chat_ID"'","text":"'"$TEXT"'","parse_mode":"Markdown"}' - line_break - separator_line "=" - content_line "\033[32m$TEXT\033[0m" - separator_line "=" + comp_box "\033[32m$TEXT\033[0m" } set_bot_tg_init() { @@ -267,14 +223,11 @@ set_bot_tg() { while true; do [ -n "$ts_auth_key" ] && ts_auth_key_info='已设置' [ -n "$TG_CHATID" ] && TG_CHATID_info='已绑定' - line_break - separator_line "=" - content_line "\033[31m注意:\033[0m由于网络环境原因,此机器人仅限服务启动时运行!" - separator_line "=" - content_line "1) 启用/关闭TG-BOT服务 \033[32m$bot_tg_service\033[0m" - content_line "2) TG-BOT绑定设置 \033[32m$TG_CHATID_info\033[0m" - content_line "0) 返回上级菜单" - separator_line "=" + comp_box "\033[31m注意:\033[0m由于网络环境原因,此机器人仅限服务启动时运行!" + btm_box "1) 启用/关闭TG-BOT服务 \033[32m$bot_tg_service\033[0m" \ + "2) TG-BOT绑定设置 \033[32m$TG_CHATID_info\033[0m" \ + "" \ + "0) 返回上级菜单" read -r -p "请输入对应标号> " num case "$num" in "" | 0) @@ -285,23 +238,15 @@ set_bot_tg() { if [ -n "$TG_CHATID" ]; then set_bot_tg_service else - line_break - separator_line "=" - content_line "\033[31m请先绑定TG-BOT!\033[0m" - separator_line "=" + msg_alert "\033[31m请先绑定TG-BOT!\033[0m" fi - sleep 1 ;; 2) if [ -n "$chat_ID" ] && [ -n "$push_TG" ] && [ "$push_TG" != 'publictoken' ]; then - line_break - separator_line "=" - content_line "检测到已经绑定了TG推送BOT" - content_line "是否直接使用:" - separator_line "=" - content_line "1) 是" - content_line "0) 否" - separator_line "=" + comp_box "检测到已经绑定了TG推送BOT" \ + "是否直接使用?" + btm_box "1) 是" \ + "0) 否" read -r -p "请输入对应标号> " res if [ "$res" = 1 ]; then TOKEN="$push_TG" @@ -313,7 +258,6 @@ set_bot_tg() { ;; *) errornum - sleep 1 ;; esac done @@ -322,13 +266,10 @@ set_bot_tg() { # 自定义入站 set_vmess() { while true; do - line_break - separator_line "=" - content_line "\033[31m注意:\033[0m" - content_line "设置的端口会添加到公网访问防火墙并自动放行!" - content_line "脚本只提供基础功能,更多需求请用自定义配置文件功能!" - content_line "\033[31m切勿用于搭建违法翻墙节点,违者后果自负!\033[0m" - separator_line "=" + comp_box "\033[31m注意:\033[0m" \ + "设置的端口会添加到公网访问防火墙并自动放行!" \ + "脚本只提供基础功能,更多需求请用自定义配置文件功能!" \ + "\033[31m切勿用于搭建违法翻墙节点,违者后果自负!\033[0m" content_line "1) \033[32m启用/关闭\033[0mVmess入站 \033[32m$vms_service\033[0m" content_line "2) 设置\033[36m监听端口\033[0m: \033[36m$vms_port\033[0m" content_line "3) 设置\033[33mWS-path(可选)\033[0m: \033[33m$vms_ws_path\033[0m" @@ -337,6 +278,7 @@ set_vmess() { gen_base64 1 >/dev/null 2>&1 && content_line "6) 设置\033[36m混淆host(可选)\033[0m: \033[33m$vms_host\033[0m" content_line "7) 一键生成\033[32m分享链接\033[0m" + content_line "" content_line "0) 返回上级菜单" separator_line "=" read -r -p "请输入对应标号> " num @@ -353,11 +295,7 @@ set_vmess() { vms_service=ON setconfig vms_service "$vms_service" else - line_break - separator_line "=" - content_line "\033[31m请先完成必选设置!\033[0m" - separator_line "=" - sleep 1 + msg_alert "\033[31m请先完成必选设置!\033[0m" fi fi ;; @@ -384,11 +322,7 @@ set_vmess() { vms_ws_path="$text" setconfig vms_ws_path "$text" "$GT_CFG_PATH" else - line_break - separator_line "=" - content_line "\033[31m不是合法的path路径,必须以【/】开头!\033[0m" - separator_line "=" - sleep 1 + msg_alert "\033[31m不是合法的path路径,必须以【/】开头!\033[0m" fi ;; 4) @@ -401,11 +335,7 @@ set_vmess() { vms_uuid="$text" setconfig vms_uuid "$text" "$GT_CFG_PATH" else - line_break - separator_line "=" - content_line "\033[31m不是合法的UUID格式,请重新输入或使用随机生成功能!\033[0m" - separator_line "=" - sleep 1 + msg_alert "\033[31m不是合法的UUID格式,请重新输入或使用随机生成功能!\033[0m" fi ;; 5) @@ -448,17 +378,13 @@ EOF vms_link="vmess://$(gen_base64 "$vms_json")" line_break echo -e "你的分享链接是(请勿随意分享给他人):\n\033[32m$vms_link\033[0m" + sleep 1 else - line_break - separator_line "=" - content_line "\033[31m请先完成必选设置!\033[0m" - separator_line "=" + msg_alert "\033[31m请先完成必选设置!\033[0m" fi - sleep 1 ;; *) errornum - sleep 1 ;; esac done @@ -466,19 +392,17 @@ EOF set_shadowsocks() { while true; do - line_break - separator_line "=" - content_line "\033[31m注意:\033[0m" - content_line "设置的端口会添加到公网访问防火墙并自动放行!" - content_line "脚本只提供基础功能,更多需求请用自定义配置文件功能!" - content_line "\033[31m切勿用于搭建违法翻墙节点,违者后果自负!\033[0m" - separator_line "=" + comp_box "\033[31m注意:\033[0m" \ + "设置的端口会添加到公网访问防火墙并自动放行!" \ + "脚本只提供基础功能,更多需求请用自定义配置文件功能!" \ + "\033[31m切勿用于搭建违法翻墙节点,违者后果自负!\033[0m" content_line "1) \033[32m启用/关闭\033[0mShadowSocks入站 \033[32m$sss_service\033[0m" content_line "2) 设置\033[36m监听端口\033[0m: \033[36m$sss_port\033[0m" content_line "3) 选择\033[33m加密协议\033[0m: \033[33m$sss_cipher\033[0m" content_line "4) 设置\033[36mpassword\033[0m: \033[36m$sss_pwd\033[0m" gen_base64 1 >/dev/null 2>&1 && content_line "5) 一键生成分享链接" + content_line "" content_line "0) 返回上级菜单" separator_line "=" read -r -p "请输入对应标号> " num @@ -495,11 +419,7 @@ set_shadowsocks() { sss_service=ON setconfig sss_service "$sss_service" else - line_break - separator_line "=" - content_line "\033[31m请先完成必选设置!\033[0m" - separator_line "=" - sleep 1 + msg_alert "\033[31m请先完成必选设置!\033[0m" fi fi ;; @@ -517,10 +437,7 @@ set_shadowsocks() { fi ;; 3) - line_break - separator_line "=" - content_line "请选择要使用的加密协议:" - separator_line "=" + comp_box "请选择要使用的加密协议:" content_line "1) \033[32mxchacha20-ietf-poly1305\033[0m" content_line "2) \033[32mchacha20-ietf-poly1305\033[0m" content_line "3) \033[32maes-128-gcm\033[0m" @@ -569,20 +486,16 @@ set_shadowsocks() { ;; *) errornum - sleep 1 ;; esac setconfig sss_cipher "$sss_cipher" "$GT_CFG_PATH" setconfig sss_pwd "$sss_pwd" "$GT_CFG_PATH" ;; 4) - line_break if echo "$sss_cipher" | grep -q '2022-blake3'; then - separator_line "=" - content_line "\033[31m注意:\033[0m2022系列加密必须使用脚本随机生成的password!" - separator_line "=" - sleep 1 + msg_alert "\033[31m注意:\033[0m2022系列加密必须使用脚本随机生成的password!" else + line_break read -r -p "请输入秘钥(输入0删除)> " text [ "$text" = 0 ] && sss_pwd='' || sss_pwd="$text" setconfig sss_pwd "$text" "$GT_CFG_PATH" @@ -595,17 +508,13 @@ set_shadowsocks() { ss_link="ss://$(gen_base64 "$sss_cipher":"$sss_pwd")@${text}:${sss_port}#ShellCrash_ss_in" line_break echo -e "你的分享链接是(请勿随意分享给他人):\n\033[32m$ss_link\033[0m" + sleep 1 else - line_break - separator_line "=" - content_line "\033[31m请先完成必选设置!\033[0m" - separator_line "=" + msg_alert "\033[31m请先完成必选设置!\033[0m" fi - sleep 1 ;; *) errornum - sleep 1 ;; esac done @@ -615,20 +524,17 @@ set_shadowsocks() { set_tailscale() { while true; do [ -n "$ts_auth_key" ] && ts_auth_key_info='*********' - line_break - separator_line "=" - content_line "\033[31m注意:\033[0m脚本默认内核为了节约内存没有编译Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件!" - content_line "创建秘钥:\033[32;4mhttps://login.tailscale.com/admin/settings/keys\033[0m" - content_line "访问非本机目标需允许通告:\033[32;4mhttps://login.tailscale.com\033[0m" - content_line "访问非本机目标需在终端设置使用Subnet或EXIT-NODE模式" - separator_line "=" - content_line "1) \033[32m启用/关闭\033[0mTailscale服务 \033[32m$ts_service\033[0m" - content_line "2) 设置\033[36m秘钥\033[0m(Auth Key) $ts_auth_key_info" - content_line "3) 通告路由\033[33m内网地址\033[0m(Subnet) \033[36m$ts_subnet\033[0m" - content_line "4) 通告路由\033[31m全部流量\033[0m(EXIT-NODE) \033[36m$ts_exit_node\033[0m" - content_line "5) 设置\033[36m设备名称\033[0m(可选) $ts_hostname" - content_line "0) 返回上级菜单" - separator_line "=" + comp_box "\033[31m注意:\033[0m脚本默认内核为了节约内存没有编译Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件!" \ + "创建秘钥:\033[32;4mhttps://login.tailscale.com/admin/settings/keys\033[0m" \ + "访问非本机目标需允许通告:\033[32;4mhttps://login.tailscale.com\033[0m" \ + "访问非本机目标需在终端设置使用Subnet或EXIT-NODE模式" + btm_box "1) \033[32m启用/关闭\033[0mTailscale服务 \033[32m$ts_service\033[0m" \ + "2) 设置\033[36m秘钥\033[0m(Auth Key) $ts_auth_key_info" \ + "3) 通告路由\033[33m内网地址\033[0m(Subnet) \033[36m$ts_subnet\033[0m" \ + "4) 通告路由\033[31m全部流量\033[0m(EXIT-NODE) \033[36m$ts_exit_node\033[0m" \ + "5) 设置\033[36m设备名称\033[0m(可选) $ts_hostname" \ + "" \ + "0) 返回上级菜单" read -r -p "请输入对应标号> " num case "$num" in "" | 0) @@ -639,11 +545,7 @@ set_tailscale() { [ "$ts_service" = ON ] && ts_service=OFF || ts_service=ON setconfig ts_service "$ts_service" else - line_break - separator_line "=" - content_line "\033[31m请先设置秘钥!\033[0m" - separator_line "=" - sleep 1 + msg_alert "\033[31m请先设置秘钥!\033[0m" fi ;; 2) @@ -661,20 +563,13 @@ set_tailscale() { ts_exit_node=false else ts_exit_node=true - line_break - separator_line "=" - content_line "\033[31m注意:\033[0m目前exitnode的官方DNS有bug,要么启用域名嗅探并禁用TailscaleDNS,\n要么必须在网页设置Globalname servers为分配的本设备子网IP且启用override" - separator_line "=" - sleep 3 + msg_alert -t 3 "\033[31m注意:\033[0m目前exitnode的官方DNS有bug,要么启用域名嗅探并禁用TailscaleDNS,\n要么必须在网页设置Globalname servers为分配的本设备子网IP且启用override" fi setconfig ts_exit_node "$ts_exit_node" "$GT_CFG_PATH" ;; 5) - line_break - separator_line "=" - content_line "请直接输入希望在Tailscale显示的设备名称" - content_line "或输入 0 返回上级菜单" - separator_line "=" + comp_box "\033[36m请直接输入希望在Tailscale显示的设备名称\033[0m" \ + "或输入 0 返回上级菜单" read -r -p "请输入> " ts_hostname if [ "$ts_hostname" != 0 ]; then setconfig ts_hostname "$ts_hostname" "$GT_CFG_PATH" @@ -682,7 +577,6 @@ set_tailscale() { ;; *) errornum - sleep 1 ;; esac done @@ -708,24 +602,19 @@ set_wireguard() { else unset wgpsk_key_info fi - - line_break - separator_line "=" - content_line "\033[31m注意:\033[0m脚本默认内核为了节约内存没有编译WireGuard模块\n如需使用请先前往自定义内核更新完整版内核文件!" - separator_line "=" - content_line "1) \033[32m启用/关闭\033[0mWireguard服务 \033[32m$wg_service\033[0m" - content_line "" - content_line "2) 设置\033[36mEndpoint地址\033[0m: \033[36m$wg_server\033[0m" - content_line "3) 设置\033[36mEndpoint端口\033[0m: \033[36m$wg_port\033[0m" - content_line "4) 设置\033[36m公钥-PublicKey\033[0m: \033[36m$wgp_key_info\033[0m" - content_line "5) 设置\033[36m密钥-PresharedKey\033[0m: \033[36m$wgpsk_key_info\033[0m" - content_line "" - content_line "6) 设置\033[33m私钥-PrivateKey\033[0m: \033[33m$wgv_key_info\033[0m" - content_line "7) 设置\033[33m组网IPV4地址\033[0m: \033[33m$wg_ipv4\033[0m" - content_line "8) 可选\033[33m组网IPV6地址\033[0m: \033[33m$wg_ipv6\033[0m" - content_line "" - content_line "0) 返回上级菜单" - separator_line "=" + comp_box "\033[31m注意:\033[0m脚本默认内核为了节约内存没有编译WireGuard模块\n如需使用请先前往自定义内核更新完整版内核文件!" + btm_box "1) \033[32m启用/关闭\033[0mWireguard服务 \033[32m$wg_service\033[0m" \ + "" \ + "2) 设置\033[36mEndpoint地址\033[0m: \033[36m$wg_server\033[0m" \ + "3) 设置\033[36mEndpoint端口\033[0m: \033[36m$wg_port\033[0m" \ + "4) 设置\033[36m公钥-PublicKey\033[0m: \033[36m$wgp_key_info\033[0m" \ + "5) 设置\033[36m密钥-PresharedKey\033[0m: \033[36m$wgpsk_key_info\033[0m" \ + "" \ + "6) 设置\033[33m私钥-PrivateKey\033[0m: \033[33m$wgv_key_info\033[0m" \ + "7) 设置\033[33m组网IPV4地址\033[0m: \033[33m$wg_ipv4\033[0m" \ + "8) 可选\033[33m组网IPV6地址\033[0m: \033[33m$wg_ipv6\033[0m" \ + "" \ + "0) 返回上级菜单" read -r -p "请输入对应标号> " num case "$num" in "" | 0) @@ -736,11 +625,7 @@ set_wireguard() { [ "$wg_service" = ON ] && wg_service=OFF || wg_service=ON setconfig wg_service "$wg_service" else - line_break - separator_line "=" - content_line "\033[31m请先完成必选设置!\033[0m" - separator_line "=" - sleep 1 + msg_alert "\033[31m请先完成必选设置!\033[0m" fi ;; [1-8]) @@ -780,7 +665,6 @@ set_wireguard() { ;; *) errornum - sleep 1 ;; esac done