refactor: merge changes from js branch

Dropped useless nft support.

Signed-off-by: Tianling Shen <[email protected]>

luasrc/controller/unblockneteasemusic.lua

@@ -35,7 +35,7 @@ function update_core()
 	local core_cloud_ver = luci.sys.exec("uclient-fetch -qO- 'https://api.github.com/repos/UnblockNeteaseMusic/server/commits?sha=enhanced&path=precompiled' | jsonfilter -e '@[0].sha'")
 	local core_cloud_ver_mini = string.sub(core_cloud_ver, 1, 7)
 	local core_local_ver
-	if not core_cloud_ver or not core_cloud_ver_mini then
+	if (not core_cloud_ver) or (not core_cloud_ver_mini) then
 		return "1"
 	else
 		core_local_ver = luci.sys.exec("cat '/usr/share/unblockneteasemusic/core_local_ver' 2>'/dev/null'")

luasrc/model/cbi/unblockneteasemusic/log.lua

@@ -1,5 +1,5 @@
 local fs = require "nixio.fs"
-local conffile = "/tmp/unblockneteasemusic.log"
+local conffile = "/var/run/unblockneteasemusic/run.log"
 
 f = SimpleForm("logview")
 

luasrc/model/cbi/unblockneteasemusic/main.lua

@@ -29,41 +29,6 @@ o.description = translate("自定义模式下，多个音源请用空格隔开")
 o.default = "default"
 o.rmempty = false
 
-o = s:option(Flag, "follow_source_order", translate("顺序查询"))
-o.description = translate("默认为并行查询并返回第一个结果，开启后将严格按照配置音源的顺序进行查询")
-o.default = 0
-o.rmempty = false
-
-o = s:option(Flag, "search_album", translate("附加专辑名"))
-o.description = translate("在其他音源搜索歌曲时携带专辑名称（默认搜索条件 歌曲名 - 歌手，启用后搜索条件 歌曲名 - 歌手 专辑名）")
-o.default = 0
-o.rmempty = false
-
-o = s:option(Flag, "local_vip", translate("启用本地 VIP"))
-o.description = translate("启用后，可以使用去广告、个性换肤、鲸云音效等本地功能")
-o.default = 0
-o.rmempty = false
-
-o = s:option(Flag, "enable_flac", translate("启用无损音质"))
-o.description = translate("目前仅支持酷狗、酷我、咪咕、pyncmd、QQ 音源")
-o.default = 0
-o.rmempty = false
-
-o = s:option(Flag, "disable_upgrade_check", translate("禁用更新检查"))
-o.description = translate("禁止客户端检查更新，全平台支持")
-o.default = 1
-o.rmempty = false
-
-o = s:option(ListValue, "replace_music_source", translate("强制音乐音源替换"))
-o:value("dont_replace", translate("不强制替换音乐音源"))
-o:value("lower_than_192kbps", translate("当音质低于 192 Kbps（中）时"))
-o:value("lower_than_320kbps", translate("当音质低于 320 Kbps（高）时"))
-o:value("lower_than_999kbps", translate("当音质低于 999 Kbps（无损）时"))
-o:value("replace_all", translate("替换所有音乐音源"))
-o.description = translate("当音乐音质低于指定数值时，尝试强制使用其他平台的高音质版本进行替换")
-o.default = "dont_replace"
-o.rmempty = false
-
 o = s:option(Flag, "use_custom_cookie", translate("使用自定义 Cookie"))
 o.description = translate("使用自定义 Cookie 请求音源接口")
 o.default = 0
@@ -91,10 +56,46 @@ o.description = translate("API Key 申请地址：https://developers.google.com/
 o.datatype = "string"
 o:depends("use_custom_cookie", 1)
 
+o = s:option(Flag, "follow_source_order", translate("顺序查询"))
+o.description = translate("默认为并行查询并返回第一个结果，开启后将严格按照配置音源的顺序进行查询")
+o.default = 0
+
+o = s:option(Flag, "search_album", translate("附加专辑名"))
+o.description = translate("在其他音源搜索歌曲时携带专辑名称（默认搜索条件 歌曲名 - 歌手，启用后搜索条件 歌曲名 - 歌手 专辑名）")
+o.default = 0
+
+o = s:option(Flag, "enable_flac", translate("启用无损音质"))
+o.description = translate("目前仅支持酷狗、酷我、咪咕、pyncmd、QQ 音源")
+o.default = 0
+
+o = s:option(Flag, "select_max_br", translate("选取最高音质"))
+o.description = translate("选择所有音源中的最高码率替换音频。")
+o.default = 0
+
+o = s:option(ListValue, "replace_music_source", translate("音源替换"))
+o:value("dont_replace", translate("不强制替换音乐音源"))
+o:value("lower_than_192kbps", translate("当音质低于 192 Kbps（中）时"))
+o:value("lower_than_320kbps", translate("当音质低于 320 Kbps（高）时"))
+o:value("lower_than_999kbps", translate("当音质低于 999 Kbps（无损）时"))
+o:value("replace_all", translate("替换所有音乐音源"))
+o.description = translate("当音乐音质低于指定数值时，尝试强制使用其他平台的高音质版本进行替换")
+o.default = "dont_replace"
+
+o = s:option(Flag, "disable_upgrade_check", translate("禁用更新检查"))
+o.description = translate("禁止客户端检查更新，全平台支持")
+o.default = 0
+
+o = s:option(Flag, "block_ads", translate("屏蔽广告"))
+o.description = translate("启用后，可屏蔽应用内部分广告。")
+o.default = 0
+
+o = s:option(Flag, "local_vip", translate("启用本地 VIP"))
+o.description = translate("启用后，可以使用去广告、个性换肤、鲸云音效等本地功能")
+o.default = 0
+
 o = s:option(Flag, "auto_update", translate("启用自动更新"))
 o.description = translate("启用后，每天将定时自动检查最新版本并更新")
 o.default = 0
-o.rmempty = false
 
 o = s:option(ListValue, "update_time", translate("检查更新时间"))
 for update_time_hour = 0,23 do
@@ -132,7 +133,6 @@ end
 o = s:option(Flag, "advanced_mode", translate("启用进阶设置"))
 o.description = translate("非必要不推荐使用")
 o.default = 0
-o.rmempty = false
 
 o = s:option(ListValue, "log_level", translate("日志等级"))
 o:value("debug", translate("'调试"));
@@ -178,22 +178,14 @@ o.description = translate("如果使用Hosts劫持，程序监听的 HTTP/HTTPS
 o.default = "dont_hijack"
 o:depends("advanced_mode", 1)
 
-o = s:option(Flag, "keep_core_when_upgrade", translate("升级时保留核心程序"))
-o.description = translate("默认情况下，在系统升级后会导致核心程序丢失，开启此选项后会保留当前下载的核心程序")
-o.default = 0
-o.rmempty = false
-o:depends("advanced_mode", 1)
-
 o = s:option(Flag, "pub_access", translate("部署到公网"))
 o.description = translate("默认仅监听局域网，如需提供公开访问请勾选此选项")
 o.default = 0
-o.rmempty = false
 o:depends("advanced_mode", 1)
 
 o = s:option(Flag, "strict_mode", translate("启用严格模式"))
 o.description = translate("若将服务部署到公网，则强烈建议使用严格模式，此模式下仅放行网易云音乐所属域名的请求；注意：该模式下不能使用全局代理")
 o.default = 0
-o.rmempty = false
 o:depends("advanced_mode", 1)
 
 o = s:option(Value, "netease_server_ip", translate("网易云服务器 IP"))
@@ -226,10 +218,16 @@ s.sortable = true
 s.anonymous = true
 s.addremove = true
 
+o = s:option(Flag, "enable", ("启用"))
+o.width = "33%"
+o.default = 0
+o.rmempty = false
+
 o = s:option(Value, "ip_addr", translate("IP 地址"))
-o.width = "40%"
+o.width = "33%"
 o.datatype = "ip4addr"
 o.placeholder = "0.0.0.0/0"
+o.rmempty = false
 luci.ip.neighbors({ family = 4 }, function(entry)
 	if entry.reachable then
 		o:value(entry.dest:string())
@@ -237,7 +235,7 @@ luci.ip.neighbors({ family = 4 }, function(entry)
 end)
 
 o = s:option(ListValue, "filter_mode", translate("规则"))
-o.width = "40%"
+o.width = "33%"
 o.default = "disable_all"
 o.rmempty = false
 o:value("disable_all", translate("不代理 HTTP 和 HTTPS"))

root/etc/config/unblockneteasemusic

@@ -1,13 +1,7 @@
 
 config unblockneteasemusic 'config'
 	option enable '0'
-	option music_source 'default'
-	option follow_source_order '0'
-	option local_vip '0'
-	option enable_flac '0'
 	option disable_upgrade_check '1'
-	option replace_music_source 'dont_replace'
-	option use_custom_cookie '0'
 	option auto_update '1'
 	option update_time '3'
-	option advanced_mode '0'
+

root/etc/init.d/unblockneteasemusic

@@ -9,13 +9,11 @@ START=99
 STOP=10
 
 NAME="unblockneteasemusic"
-UPGRADE_CONF="/lib/upgrade/keep.d/$NAME"
+UNM_DIR="/usr/share/$NAME"
+RUN_DIR="/var/run/$NAME"
 
 IPT_N="iptables -t nat"
-
-FW4="$(command -v fw4)"
-RULES_UC="/usr/share/$NAME/rules/default.uc"
-RULES_NFT="/etc/nftables.d/90-$NAME-rules.nft"
+IPT_INPUT_RULE="unblockneteasemusic_input_rule"
 
 is_enabled() {
 	local enabled
@@ -50,6 +48,8 @@ append_param_boolenv() {
 append_filter_client() {
 	local cfg="$1"
 
+	is_enabled "$cfg" "enable" || return 1
+
 	local ip_addr filter_mode
 	config_get ip_addr "$cfg" "ip_addr"
 	config_get filter_mode "$cfg" "filter_mode"
@@ -57,27 +57,14 @@ append_filter_client() {
 
 	case "${filter_mode}" in
 	"disable_http")
-		if [ -n "$FW4" ]; then
-			acl_http_addr="${acl_http_addr:+$acl_http_addr\n}${ip_addr}"
-		else
-			ipset -! add "acl_neteasemusic_http" "${ip_addr}"
-		fi
+		ipset -! add "acl_neteasemusic_http" "${ip_addr}"
 		;;
 	"disable_https")
-		if [ -n "$FW4" ]; then
-			acl_https_addr="${acl_https_addr:+$acl_https_addr\n}${ip_addr}"
-		else
-			ipset -! add "acl_neteasemusic_https" "${ip_addr}"
-		fi
+		ipset -! add "acl_neteasemusic_https" "${ip_addr}"
 		;;
 	"disable_all")
-		if [ -n "$FW4" ]; then
-			acl_http_addr="${acl_http_addr:+$acl_http_addr\n}${ip_addr}"
-			acl_https_addr="${acl_https_addr:+$acl_https_addr\n}${ip_addr}"
-		else
-			ipset -! add "acl_neteasemusic_http" "${ip_addr}"
-			ipset -! add "acl_neteasemusic_https" "${ip_addr}"
-		fi
+		ipset -! add "acl_neteasemusic_http" "${ip_addr}"
+		ipset -! add "acl_neteasemusic_https" "${ip_addr}"
 		;;
 	esac
 }
@@ -89,43 +76,31 @@ start_service() {
 	local update_time
 	config_get update_time "config" "update_time" "3"
 	sed -i "/$NAME/d" /etc/crontabs/root
-	is_enabled "config" "auto_update" && echo "0 ${update_time} * * * /usr/share/$NAME/update.sh update_core" >> "/etc/crontabs/root"
-	echo "*/5 * * * * /usr/share/$NAME/log_check.sh" >> "/etc/crontabs/root"
+	is_enabled "config" "auto_update" && echo "0 ${update_time} * * * $UNM_DIR/update.sh update_core" >> "/etc/crontabs/root"
 	/etc/init.d/cron restart
 
-	[ ! -s "/usr/share/$NAME/core/app.js" ] && { rm -f "/usr/share/$NAME/local_ver"; sh "/usr/share/$NAME/update.sh" "update_core_non_restart"; }
-	[ ! -s "/usr/share/$NAME/core/app.js" ] && { echo "Core Not Found, please download it before starting." >> "/tmp/$NAME.log"; exit 1; }
+	mkdir -p "$RUN_DIR"
+	[ ! -s "$UNM_DIR/core/app.js" ] && { rm -f "$UNM_DIR/local_ver"; sh "$UNM_DIR/update.sh" "update_core_non_restart"; }
+	[ ! -s "$UNM_DIR/core/app.js" ] && { echo "Core Not Found, please download it before starting." >> "$RUN_DIR/run.log"; return 1; }
 
 	procd_open_instance "$NAME"
-	procd_set_param command node "/usr/share/$NAME/core/app.js"
+	procd_set_param command node "$UNM_DIR/core/app.js"
 	append_param "-a" "0.0.0.0"
 
 	local http_port https_port hijack_ways
 	config_get http_port "config" "http_port" "5200"
 	config_get https_port "config" "https_port" "5201"
 	config_get hijack_ways "config" "hijack_ways" "use_ipset"
-	[ "${hijack_ways}" = "use_hosts" ] && { http_port="80"; https_port="443"; }
+	[ "$hijack_ways" != "use_hosts" ] || { http_port="80"; https_port="443"; }
 	append_param "-p" "${http_port}":"${https_port}"
 
-	if [ -n "$FW4" ]; then
-		json_init
-		if is_enabled "config" "pub_access"; then
-			json_add_int o_pub_access "1"
-		else
-			json_add_int o_pub_access "0"
-		fi
-		json_add_int o_http_port "${http_port}"
-		json_add_int o_https_port "${https_port}"
-		json_add_string o_hijack_ways "${hijack_ways}"
-	else
-		if is_enabled "config" "pub_access"; then
-			iptables -I "INPUT" -p "tcp" --dport "${http_port}" -j "ACCEPT"
-			iptables -I "INPUT" -p "tcp" --dport "${https_port}" -j "ACCEPT"
-			echo "${http_port}:${https_port}" > "/tmp/$NAME.ports"
-
-			mkdir -p "/var/etc/"
-			echo "/etc/init.d/$NAME restart" > "/var/etc/$NAME.include"
-		fi
+	if is_enabled "config" "pub_access"; then
+		iptables -N "$IPT_RULE_NAME"
+		iptables -t filter -I INPUT -j "$IPT_RULE_NAME"
+		iptables -t filter -A "$IPT_RULE_NAME" -p tcp --dport "${http_port}" -j ACCEPT
+		iptables -t filter -A "$IPT_RULE_NAME" -p tcp --dport "${https_port}" -j ACCEPT
+
+		echo "/etc/init.d/$NAME restart" > "$RUN_DIR/fw3.include"
 	fi
 
 	local music_source
@@ -140,21 +115,23 @@ start_service() {
 
 	local log_level
 	config_get log_level "config" "log_level" "info"
-	procd_set_param env LOG_FILE="/tmp/$NAME.log"
+	procd_set_param env LOG_FILE="$RUN_DIR/run.log"
 	procd_append_param env LOG_LEVEL="$log_level"
 
 	append_param_env "config" "joox_cookie" "JOOX_COOKIE"
 	append_param_env "config" "migu_cookie" "MIGU_COOKIE"
 	append_param_env "config" "qq_cookie" "QQ_COOKIE"
 	append_param_env "config" "youtube_key" "YOUTUBE_KEY"
-	append_param_env "config" "self_issue_cert_crt" "SIGN_CERT" "/usr/share/$NAME/core/server.crt"
-	append_param_env "config" "self_issue_cert_key" "SIGN_KEY" "/usr/share/$NAME/core/server.key"
+	append_param_env "config" "self_issue_cert_crt" "SIGN_CERT" "$UNM_DIR/core/server.crt"
+	append_param_env "config" "self_issue_cert_key" "SIGN_KEY" "$UNM_DIR/core/server.key"
 
 	append_param_boolenv "config" "follow_source_order" "FOLLOW_SOURCE_ORDER"
 	append_param_boolenv "config" "search_album" "SEARCH_ALBUM"
 	append_param_boolenv "config" "enable_flac" "ENABLE_FLAC"
-	append_param_boolenv "config" "local_vip" "ENABLE_LOCAL_VIP"
+	append_param_boolenv "config" "select_max_br" "SELECT_MAX_BR"
 	append_param_boolenv "config" "disable_upgrade_check" "DISABLE_UPGRADE_CHECK"
+	append_param_boolenv "config" "block_ads" "BLOCK_ADS"
+	append_param_boolenv "config" "local_vip" "ENABLE_LOCAL_VIP"
 	case "$(config_get "config" "replace_music_source")" in
 		"lower_than_192kbps") procd_append_param env MIN_BR="192000" ;;
 		"lower_than_320kbps") procd_append_param env MIN_BR="320000" ;;
@@ -168,57 +145,39 @@ start_service() {
 
 	local lan_addr="$(uci -q get network.lan.ipaddr)"
 	if [ "${hijack_ways}" = "use_ipset" ]; then
-		local settype nftflag
-		if [ -n "$FW4" ]; then
-			settype="nftset"
-			nftflag="inet#fw4#"
-		else
-			settype="ipset"
-		fi
 		mkdir -p "/tmp/dnsmasq.d"
 		rm -f "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
 		cat <<-EOF > "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
 			dhcp-option=252,http://${lan_addr}:${http_port}/proxy.pac
-			${settype}=/.music.163.com/${nftflag}neteasemusic
-			${settype}=/interface.music.163.com/${nftflag}neteasemusic
-			${settype}=/interface3.music.163.com/${nftflag}neteasemusic
-			${settype}=/apm.music.163.com/${nftflag}neteasemusic
-			${settype}=/apm3.music.163.com/${nftflag}neteasemusic
-			${settype}=/clientlog.music.163.com/${nftflag}neteasemusic
-			${settype}=/clientlog3.music.163.com/${nftflag}neteasemusic
+			ipset=/.music.163.com/neteasemusic
+			ipset=/interface.music.163.com/neteasemusic
+			ipset=/interface3.music.163.com/neteasemusic
+			ipset=/apm.music.163.com/neteasemusic
+			ipset=/apm3.music.163.com/neteasemusic
+			ipset=/clientlog.music.163.com/neteasemusic
+			ipset=/clientlog3.music.163.com/neteasemusic
 		EOF
-		/etc/init.d/dnsmasq reload
+		/etc/init.d/dnsmasq reload 2>"/dev/null"
 
-		[ -n "$FW4" ] || {
-			ipset create "acl_neteasemusic_http" hash:ip
-			ipset create "acl_neteasemusic_https" hash:ip
-			ipset create "neteasemusic" hash:ip
-		}
+		ipset create "acl_neteasemusic_http" hash:ip
+		ipset create "acl_neteasemusic_https" hash:ip
+		ipset create "neteasemusic" hash:ip
 		config_foreach append_filter_client "acl_rule"
 
 		local netease_music_ips="$(uclient-fetch -qO- "http://httpdns.n.netease.com/httpdns/v2/d?domain=music.163.com,interface.music.163.com,interface3.music.163.com,apm.music.163.com,apm3.music.163.com,clientlog.music.163.com,clientlog3.music.163.com" |jsonfilter -e '@.data.*.ip.*')"
 		local netease_music_ips2="$(uclient-fetch -qO- "https://music.httpdns.c.163.com/d" --post-data="music.163.com,interface.music.163.com,interface3.music.163.com,apm.music.163.com,apm3.music.163.com,clientlog.music.163.com,clientlog3.music.163.com" |jsonfilter -e '@.dns.*["ips"].*')"
-		if [ -n "$FW4" ]; then
-			local neteasemusic_addr="$(echo -e "${netease_music_ips}\n${netease_music_ips2}" | sort -u | awk '{print $1}')"
-
-			json_add_string o_acl_http_addr "$(echo -e "${acl_http_addr}" | sort -u | awk '{print $1}')"
-			json_add_string o_acl_https_addr "$(echo -e "${acl_https_addr}" | sort -u | awk '{print $1}')"
-			json_add_string o_neteasemusic_addr "$neteasemusic_addr"
-		else
-			echo -e "${netease_music_ips}\n${netease_music_ips2}" | sort -u | awk '{print "ipset add neteasemusic "$1}' | sh
-
-			$IPT_N -N "netease_cloud_music"
-			for local_addr in "0.0.0.0/8" "10.0.0.0/8" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12" "192.168.0.0/16" "224.0.0.0/4" "240.0.0.0/4"; do
-				$IPT_N -A "netease_cloud_music" -d "${local_addr}" -j "RETURN"
-			done
-
-			$IPT_N -A "netease_cloud_music" -p "tcp" -m "set" ! --match-set "acl_neteasemusic_http" "src" --dport "80" -j "REDIRECT" --to-ports "${http_port}"
-			$IPT_N -A "netease_cloud_music" -p "tcp" -m "set" ! --match-set "acl_neteasemusic_https" "src" --dport "443" -j "REDIRECT" --to-ports "${https_port}"
-			$IPT_N -I "PREROUTING" -p "tcp" -m "set" --match-set "neteasemusic" "dst" -j "netease_cloud_music"
-
-			mkdir -p "/var/etc/"
-			echo "/etc/init.d/$NAME restart" > "/var/etc/$NAME.include"
-		fi
+		echo -e "${netease_music_ips}\n${netease_music_ips2}" | sort -u | awk '{print "ipset add neteasemusic "$1}' | sh
+
+		$IPT_N -N "netease_cloud_music"
+		for local_addr in "0.0.0.0/8" "10.0.0.0/8" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12" "192.168.0.0/16" "224.0.0.0/4" "240.0.0.0/4"; do
+			$IPT_N -A "netease_cloud_music" -d "${local_addr}" -j "RETURN"
+		done
+
+		$IPT_N -A "netease_cloud_music" -p "tcp" -m "set" ! --match-set "acl_neteasemusic_http" "src" --dport "80" -j "REDIRECT" --to-ports "${http_port}"
+		$IPT_N -A "netease_cloud_music" -p "tcp" -m "set" ! --match-set "acl_neteasemusic_https" "src" --dport "443" -j "REDIRECT" --to-ports "${https_port}"
+		$IPT_N -I "PREROUTING" -p "tcp" -m "set" --match-set "neteasemusic" "dst" -j "netease_cloud_music"
+
+		echo "/etc/init.d/$NAME restart" > "$RUN_DIR/fw3.include"
 	elif [ "${hijack_ways}" = "use_hosts" ]; then
 		mkdir -p "/tmp/dnsmasq.d"
 		rm -f "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
@@ -233,21 +192,16 @@ start_service() {
 			address=/clientlog3.music.163.com/${lan_addr}
 			address=/music.httpdns.c.163.com/0.0.0.0
 		EOF
-		/etc/init.d/dnsmasq reload
+		/etc/init.d/dnsmasq reload 2>"/dev/null"
 
 		ip route add "223.252.199.10" dev lo
 	fi
 
-	if [ -n "$FW4" ]; then
-		local nft_tmp="/tmp/$NAME"
-		json_dump -i > "$nft_tmp.json"
-		if utpl -F "$nft_tmp.json" -S "$RULES_UC" > "$nft_tmp.nft" && ! cmp -s "$nft_tmp.nft" "$RULES_NFT"; then
-			echo "table inet chk {include \"$nft_tmp.nft\";}" > "$nft_tmp.nft.chk"
-			! nft -f "$nft_tmp.nft.chk" -c || { mv -f "$nft_tmp.nft" "$RULES_NFT"; fw4 reload; }
-		fi
-		rm -f "$nft_tmp.json" "$nft_tmp.nft" "$nft_tmp.nft.chk"
-	fi
+	procd_close_instance
 
+	procd_open_instance "log-check"
+	procd_set_param command "$UNM_DIR/log_check.sh"
+	procd_set_param respawn
 	procd_close_instance
 }
 
@@ -257,54 +211,27 @@ stop_service() {
 	sed -i "/$NAME/d" "/etc/crontabs/root"
 	/etc/init.d/cron restart
 
-	rm -f "${UPGRADE_CONF}"
-	is_enabled "config" "keep_core_when_upgrade" && {
-		echo "/usr/share/$NAME/core/" >> "${UPGRADE_CONF}"
-		echo "/usr/share/$NAME/local_ver" >> "${UPGRADE_CONF}"
-	}
-
-	local self_issue_cert_crt self_issue_cert_key
-	config_get "self_issue_cert_crt" "config" "self_issue_cert_crt"
-	config_get "self_issue_cert_key" "config" "self_issue_cert_key"
-	{ [ -f "${self_issue_cert_crt}" ] && [ -f "${self_issue_cert_key}" ]; } && {
-		echo "${self_issue_cert_crt}" >> "${UPGRADE_CONF}"
-		echo "${self_issue_cert_key}" >> "${UPGRADE_CONF}"
-	}
-
-	local chain settable
-	if [ -n "$FW4" ]; then
-		for chain in "netease_cloud_music_redir" "netease_cloud_music"; do
-			nft flush chain inet fw4 "$chain" 2>"/dev/null"
-		done
-		for settable in "acl_neteasemusic_http" "acl_neteasemusic_https" "local_addr" "neteasemusic"; do
-			nft flush set inet fw4 "$settable" 2>"/dev/null"
-		done
+	local settable
+	iptables -t filter -D INPUT -j "$IPT_RULE_NAME" 2>"/dev/null"
+	iptables -F "$IPT_RULE_NAME" 2>"/dev/null"
+	iptables -X "$IPT_RULE_NAME" 2>"/dev/null"
 
-		rm -f "$RULES_NFT"
-		fw4 reload
-	else
-		[ ! -e "/tmp/$NAME.ports" ] || {
-			iptables -D "INPUT" -p "tcp" --dport "$(awk -F ':' '{print $1}' "/tmp/$NAME.ports")" -j "ACCEPT"
-			iptables -D "INPUT" -p "tcp" --dport "$(awk -F ':' '{print $2}' "/tmp/$NAME.ports")" -j "ACCEPT"
-			rm -f "/tmp/$NAME.ports"
-		}
-		$IPT_N -D "PREROUTING" -p "tcp" -m set --match-set "neteasemusic" "dst" -j "netease_cloud_music"
-		$IPT_N -F "netease_cloud_music"
-		$IPT_N -X "netease_cloud_music"
-
-		for settable in "acl_neteasemusic_http" "acl_neteasemusic_https" "local_addr" "neteasemusic"; do
-			ipset destroy "$settable" 2>"/dev/null"
-		done
+	$IPT_N -D "PREROUTING" -p "tcp" -m set --match-set "neteasemusic" "dst" -j "netease_cloud_music" 2>"/dev/null"
+	$IPT_N -F "netease_cloud_music" 2>"/dev/null"
+	$IPT_N -X "netease_cloud_music" 2>"/dev/null"
 
-		echo "" > "/var/etc/$NAME.include"
-	fi
+	for settable in "acl_neteasemusic_http" "acl_neteasemusic_https" "neteasemusic"; do
+		ipset destroy "$settable" 2>"/dev/null"
+	done
+
+	echo > "$RUN_DIR/fw3.include"
 
 	rm -f "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
-	/etc/init.d/dnsmasq reload
+	/etc/init.d/dnsmasq reload 2>"/dev/null"
 
 	ip route del "223.252.199.10" 2>"/dev/null"
 
-	rm -f "/tmp/$NAME.log"
+	rm -f "$RUN_DIR/run.log"
 }
 
 reload_service() {

root/etc/uci-defaults/luci-unblockneteasemusic

@@ -1,21 +1,20 @@
 #!/bin/sh
 
-uci -q batch <<-EOF >/dev/null
+uci -q batch <<-EOF >"/dev/null"
 	delete ucitrack.@unblockneteasemusic[-1]
 	add ucitrack unblockneteasemusic
 	set ucitrack.@unblockneteasemusic[-1].init=unblockneteasemusic
 	commit ucitrack
 EOF
-[ -e "$(command -v fw4)" ] || {
-uci -q batch <<-EOF >/dev/null
+
+uci -q batch <<-EOF >"/dev/null"
 	delete firewall.unblockneteasemusic
 	set firewall.unblockneteasemusic=include
 	set firewall.unblockneteasemusic.type=script
-	set firewall.unblockneteasemusic.path=/var/etc/unblockneteasemusic.include
+	set firewall.unblockneteasemusic.path=/var/run/unblockneteasemusic/fw3.include
 	set firewall.unblockneteasemusic.reload=1
 	commit firewall
 EOF
-}
 
 rm -f /tmp/luci-indexcache
 exit 0

root/usr/bin/unm-debug

@@ -3,14 +3,15 @@
 
 command -v "curl" >"/dev/null" || { echo -e "curl is not found."; exit 1; }
 
-mkdir -p "/tmp"
-/usr/share/unblockneteasemusic/debugging.sh 2>&1 | tee "/tmp/unm-debugging-output.txt"
+RUN_DIR="/var/run/unblockneteasemusic"
+mkdir -p "$RUN_DIR"
+/usr/share/unblockneteasemusic/debugging.sh 2>&1 | tee "$RUN_DIR/unm-debugging-output.txt"
 
-catbox_link="$(curl -fsS -F "reqtype=fileupload" -F "time=72h" -F "fileToUpload=@/tmp/unm-debugging-output.txt" "https://litterbox.catbox.moe/resources/internals/api.php")"
-transfer_link="$(curl -fsS --upload-file "/tmp/unm-debugging-output.txt" "https://transfer.sh/unm-debugging-output.txt")"
+catbox_link="$(curl -fsS -F "reqtype=fileupload" -F "time=72h" -F "fileToUpload=@$RUN_DIR/unm-debugging-output.txt" "https://litterbox.catbox.moe/resources/internals/api.php")"
+transfer_link="$(curl -fsS --upload-file "$RUN_DIR/unm-debugging-output.txt" "https://transfer.sh/unm-debugging-output.txt")"
 echo -e "\n"
 echo -e "Log is available at:"
 echo -e "$catbox_link"
 echo -e "$transfer_link"
 
-rm -f "/tmp/unm-debugging-output.txt"
+rm -f "$RUN_DIR/unm-debugging-output.txt"

root/usr/share/unblockneteasemusic/debugging.sh

@@ -71,33 +71,13 @@ echo -e "\n"
 
 [ -n "$is_stopped" ] || {
 	echo -e "Firewall info:"
-	if [ -e "$(command -v fw4)" ]; then
-		[ -e "/etc/nftables.d/90-$NAME-rules.nft" ] || echo -e 'netease_cloud_music nft rule file not found.'
-		echo -e ""
-		nft list set inet fw4 "acl_neteasemusic_http" 2>&1
-		echo -e ""
-		nft list set inet fw4 "acl_neteasemusic_https" 2>&1
-		echo -e ""
-		nft list set inet fw4 "local_addr" 2>&1
-		echo -e ""
-		nft list set inet fw4 "neteasemusic" 2>&1
-		echo -e ""
-		nft list chain inet fw4 "input_wan" | grep "unblockneteasemusic-http-" 2>"/dev/null" || echo -e 'Http Port pub access rule not found.'
-		echo -e ""
-		nft list chain inet fw4 "input_wan" | grep "unblockneteasemusic-https-" 2>"/dev/null" || echo -e 'Https Port pub access rule not found.'
-		echo -e ""
-		nft list chain inet fw4 "netease_cloud_music" 2>&1
-		echo -e ""
-		nft list chain inet fw4 "netease_cloud_music_redir" 2>&1
-	else
-		iptables -t "nat" -L "netease_cloud_music" 2>"/dev/null" || echo -e 'Chain "netease_cloud_music" not found.'
-		echo -e ""
-		ipset list "neteasemusic" 2>"/dev/null" || echo -e 'Table "neteasemusic" not found.'
-		echo -e ""
-		ipset list "acl_neteasemusic_http" 2>"/dev/null" || echo -e 'Table "acl_neteasemusic_http" not found.'
-		echo -e ""
-		ipset list "acl_neteasemusic_https" 2>"/dev/null" || echo -e 'Table "acl_neteasemusic_https" not found.'
-	fi
+	iptables -t "nat" -L "netease_cloud_music" 2>"/dev/null" || echo -e 'Chain "netease_cloud_music" not found.'
+	echo -e ""
+	ipset list "neteasemusic" 2>"/dev/null" || echo -e 'Table "neteasemusic" not found.'
+	echo -e ""
+	ipset list "acl_neteasemusic_http" 2>"/dev/null" || echo -e 'Table "acl_neteasemusic_http" not found.'
+	echo -e ""
+	ipset list "acl_neteasemusic_https" 2>"/dev/null" || echo -e 'Table "acl_neteasemusic_https" not found.'
 	echo -e ""
 	cat "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
 	echo -e "\n"
@@ -111,4 +91,4 @@ echo -e "\n"
 	echo -e ""
 }
 
-cat "/tmp/$NAME.log" 2>"/dev/null" || echo -e "Log is not avaiable."
+cat "/var/run/$NAME/run.log" 2>"/dev/null" || echo -e "Log is not avaiable."

root/usr/share/unblockneteasemusic/log_check.sh

@@ -1,11 +1,14 @@
 #!/bin/sh
 # SPDX-License-Identifier: GPL-3.0-only
-# Copyright (C) 2019-2022 Tianling Shen <[email protected]>
+# Copyright (C) 2019-2023 Tianling Shen <[email protected]>
 
 NAME="unblockneteasemusic"
 
-log_max_size="4" #使用KB计算
-log_file="/tmp/$NAME.log"
+log_max_size="10" #使用KB计算
+log_file="/var/run/$NAME/run.log"
 
-log_size="$(expr $(ls -l "${log_file}" | awk -F ' ' '{print $5}') / "1024")"
-[ "${log_size}" -lt "${log_max_size}" ] || echo "" > "${log_file}"
+while true; do
+	[ -s "$log_file" ] || continue
+	[ "$(( $(ls -l "$log_file" | awk -F ' ' '{print $5}') / 1024 >= log_max_size))" -eq "0" ] || echo "" > "$log_file"
+	sleep 300
+done

root/usr/share/unblockneteasemusic/rules/chain.uc

@@ -1,30 +0,0 @@
-{%
-
-let http_port = o_http_port;
-let https_port = o_https_port;
-let pub_access = o_pub_access;
-let hijack_ways = o_hijack_ways;
-
-%}
-
-{% if (pub_access == 1): %}
-chain input_wan {
-	tcp dport {{ http_port }} counter accept comment "!fw4: unblockneteasemusic-http-pub-access"
-	tcp dport {{ https_port }} counter accept comment "!fw4: unblockneteasemusic-https-pub-access"
-}
-{% endif %}
-
-{% if (hijack_ways == "use_ipset"): %}
-chain netease_cloud_music {
-	type nat hook prerouting priority -1; policy accept;
-	meta l4proto tcp ip daddr @neteasemusic jump netease_cloud_music_redir;
-}
-
-chain netease_cloud_music_redir {
-	ip daddr @local_addr return;
-	ip saddr @acl_neteasemusic_http accept;
-	ip saddr @acl_neteasemusic_https accept;
-	tcp dport 80 counter redirect to :{{ http_port }};
-	tcp dport 443 counter redirect to :{{ https_port }};
-}
-{% endif %}

root/usr/share/unblockneteasemusic/rules/default.uc

@@ -1,9 +0,0 @@
-{%
-
-let hijack_ways = o_hijack_ways;
-if (hijack_ways == "use_ipset") {
-    include("set.uc");
-}
-include("chain.uc");
-
-%}

root/usr/share/unblockneteasemusic/rules/set.uc

@@ -1,73 +0,0 @@
-{%
-
-let o_local_bypass = "
-	0.0.0.0/8
-	10.0.0.0/8
-	100.64.0.0/10
-	127.0.0.0/8
-	169.254.0.0/16
-	172.16.0.0/12
-	192.0.0.0/24
-	192.0.2.0/24
-	192.31.196.0/24
-	192.52.193.0/24
-	192.88.99.0/24
-	192.168.0.0/16
-	192.175.48.0/24
-	198.18.0.0/15
-	198.51.100.0/24
-	203.0.113.0/24
-	224.0.0.0/4
-	240.0.0.0/4
-";
-
-let set_suffix = {
-	"acl_neteasemusic_http": {
-		str: o_acl_http_addr,
-	},
-	"acl_neteasemusic_https": {
-		str: o_acl_https_addr,
-	},
-	"local_addr": {
-		str: o_local_bypass,
-	},
-	"neteasemusic": {
-		str: o_neteasemusic_addr,
-	},
-};
-
-function set_elements_parse(res, str) {
-	for (let addr in split(str, /[ \t\n]/)) {
-		addr = trim(addr);
-		if (!addr) continue;
-		push(res, addr);
-	}
-}
-
-function set_elements(suf) {
-	let obj = set_suffix[suf];
-	let res = [];
-	let addr;
-
-	let str = obj["str"];
-	if (str) {
-		set_elements_parse(res, str);
-	}
-
-	return res;
-}
-%}
-
-{% for (let suf in set_suffix): %}
-set {{ suf }} {
-	type ipv4_addr;
-	flags interval;
-{%   let elems = set_elements(suf); if (length(elems)): %}
-	elements = {
-{%     for (let i = 0; i < length(elems); i++): %}
-		{{ elems[i] }}{% if (i < length(elems) - 1): %},{% endif %}{% print("\n") %}
-{%     endfor %}
-	}
-{%   endif %}
-}
-{% endfor %}

root/usr/share/unblockneteasemusic/update.sh

@@ -1,13 +1,18 @@
 #!/bin/sh
 # SPDX-License-Identifier: GPL-3.0-only
-# Copyright (C) 2019-2022 Tianling Shen <[email protected]>
+# Copyright (C) 2019-2023 Tianling Shen <[email protected]>
 
 NAME="unblockneteasemusic"
-LOCK="/tmp/$NAME.update_core.lock"
+UNM_DIR="/usr/share/$NAME"
+RUN_DIR="/var/run/$NAME"
+mkdir -p "$RUN_DIR"
+
+LOCK="$RUN_DIR/update_core.lock"
+LOG="$RUN_DIR/run.log"
 
 check_core_if_already_running() {
 	if [ -e "$LOCK" ]; then
-		echo -e "\nA task is already running." >> "/tmp/$NAME.log"
+		echo -e "\nA task is already running." >> "$LOG"
 		exit 2
 	else
 		touch "$LOCK"
@@ -15,24 +20,24 @@ check_core_if_already_running() {
 }
 
 clean_log(){
-	echo "" > "/tmp/$NAME.log"
+	echo "" > "$LOG"
 }
 
 check_core_latest_version() {
 	core_latest_ver="$(uclient-fetch -qO- 'https://api.github.com/repos/UnblockNeteaseMusic/server/commits?sha=enhanced&path=precompiled' | jsonfilter -e '@[0].sha')"
-	[ -n "${core_latest_ver}" ] || { echo -e "\nFailed to check latest core version, please try again later." >> "/tmp/$NAME.log"; rm -f "$LOCK"; exit 1; }
-	if [ ! -e "/usr/share/$NAME/core_local_ver" ]; then
+	[ -n "$core_latest_ver" ] || { echo -e "\nFailed to check latest core version, please try again later." >> "$LOG"; rm -f "$LOCK"; exit 1; }
+	if [ ! -e "$$UNM_DIR/core_local_ver" ]; then
 		clean_log
-		echo -e "Local version: NOT FOUND, latest version: ${core_latest_ver}." >> "/tmp/$NAME.log"
+		echo -e "Local version: NOT FOUND, latest version: $core_latest_ver." >> "$LOG"
 		update_core
 	else
-		if [ "$(cat /usr/share/$NAME/core_local_ver)" != "${core_latest_ver}" ]; then
+		if [ "$(cat $UNM_DIR/core_local_ver)" != "$core_latest_ver" ]; then
 			clean_log
-			echo -e "Local version: $(cat /usr/share/$NAME/core_local_ver 2>"/dev/null"), latest version: ${core_latest_ver}." >> "/tmp/$NAME.log"
+			echo -e "Local version: $(cat $UNM_DIR/core_local_ver 2>"/dev/null"), latest version: $core_latest_ver." >> "$LOG"
 			update_core
 		else
-			echo -e "\nLocal version: $(cat /usr/share/$NAME/core_local_ver 2>"/dev/null"), latest version: ${core_latest_ver}." >> "/tmp/$NAME.log"
-			echo -e "You're already using the latest version." >> "/tmp/$NAME.log"
+			echo -e "\nLocal version: $(cat $UNM_DIR/core_local_ver 2>"/dev/null"), latest version: $core_latest_ver." >> "$LOG"
+			echo -e "You're already using the latest version." >> "$LOG"
 			rm -f "$LOCK"
 			exit 3
 		fi
@@ -40,16 +45,16 @@ check_core_latest_version() {
 }
 
 update_core() {
-	echo -e "Updating core..." >> "/tmp/$NAME.log"
+	echo -e "Updating core..." >> "$LOG"
 
-	mkdir -p "/usr/share/$NAME/core"
-	rm -rf "/usr/share/$NAME/core"/*
+	mkdir -p "$UNM_DIR/core"
+	rm -rf "$UNM_DIR/core"/*
 
 	for file in $(uclient-fetch -qO- "https://api.github.com/repos/UnblockNeteaseMusic/server/contents/precompiled" | jsonfilter -e '@[*].path')
 	do
-		uclient-fetch "https://fastly.jsdelivr.net/gh/UnblockNeteaseMusic/server@$core_latest_ver/$file" -qO "/usr/share/$NAME/core/${file##*/}"
-		[ -s "/usr/share/$NAME/core/${file##*/}" ] || {
-			echo -e "Failed to download ${file##*/}." >> "/tmp/$NAME.log"
+		uclient-fetch "https://fastly.jsdelivr.net/gh/UnblockNeteaseMusic/server@$core_latest_ver/$file" -qO "$UNM_DIR/core/${file##*/}"
+		[ -s "$UNM_DIR/core/${file##*/}" ] || {
+			echo -e "Failed to download ${file##*/}." >> "$LOG"
 			rm -f "$LOCK"
 			exit 1
 		}
@@ -57,20 +62,20 @@ update_core() {
 
 	for cert in "ca.crt" "server.crt" "server.key"
 	do
-		uclient-fetch "https://fastly.jsdelivr.net/gh/UnblockNeteaseMusic/server@enhanced/${cert}" -qO "/usr/share/$NAME/core/${cert}"
-		[ -s "/usr/share/$NAME/core/${cert}" ] || {
-			echo -e "Failed to download ${cert}." >> "/tmp/$NAME.log"
+		uclient-fetch "https://fastly.jsdelivr.net/gh/UnblockNeteaseMusic/server@$core_latest_ver/$cert" -qO "$UNM_DIR/core/$cert"
+		[ -s "$UNM_DIR/core/${cert}" ] || {
+			echo -e "Failed to download ${cert}." >> "$LOG"
 			rm -f "$LOCK"
 			exit 1
 		}
 	done
 
-	[ -z "${update_core_from_luci}" ] || touch "/usr/share/$NAME/update_core_successfully"
-	echo -e "${core_latest_ver}" > "/usr/share/$NAME/core_local_ver"
-	[ -n "${non_restart}" ] || /etc/init.d/"$NAME" restart
+	[ -z "$update_core_from_luci" ] || touch "$UNM_DIR/update_core_successfully"
+	echo -e "$core_latest_ver" > "$UNM_DIR/core_local_ver"
+	[ -n "$non_restart" ] || /etc/init.d/"$NAME" restart
 
-	echo -e "Succeeded in updating core." > "/tmp/$NAME.log"
-	echo -e "Current core version: ${core_latest_ver}.\n" >> "/tmp/$NAME.log"
+	echo -e "Succeeded in updating core." > "$LOG"
+	echo -e "Current core version: $core_latest_ver.\n" >> "$LOG"
 	rm -f "$LOCK"
 }
 
@@ -89,7 +94,11 @@ case "$1" in
 		check_core_if_already_running
 		check_core_latest_version
 		;;
+	"remove_core")
+		"/etc/init.d/$NAME" stop
+		rm -rf "$UNM_DIR/core" "$UNM_DIR/core_local_ver" "$LOCK"
+		;;
 	*)
-		echo -e "Usage: $0/update.sh update_core"
+		echo -e "Usage: $0/update.sh update_core | remove_core"
 		;;
 esac