fix: wrong Trojan WSS config format for Quantumult X

lib/utils/__tests__/quantumult.test.ts

@@ -329,7 +329,7 @@ test('getQuantumultXNodes', (t) => {
         password: 'password1',
       },
     ]),
-    'trojan=example.com:443, password=password1, over-tls=true, tls-verification=true, tag=trojan',
+    'trojan=example.com:443, password=password1, tls-verification=true, over-tls=true, tag=trojan',
   );
   t.is(
     quantumult.getQuantumultXNodes([
@@ -344,7 +344,7 @@ test('getQuantumultXNodes', (t) => {
         tfo: true,
       },
     ]),
-    'trojan=example.com:443, password=password1, over-tls=true, tls-verification=false, fast-open=true, udp-relay=true, tag=trojan',
+    'trojan=example.com:443, password=password1, tls-verification=false, fast-open=true, udp-relay=true, over-tls=true, tag=trojan',
   );
   t.is(
     quantumult.getQuantumultXNodes([
@@ -361,7 +361,7 @@ test('getQuantumultXNodes', (t) => {
         tls13: true,
       },
     ]),
-    'trojan=example.com:443, password=password1, over-tls=true, tls-verification=false, tls-host=sni.example.com, fast-open=true, udp-relay=true, tls13=true, tag=trojan',
+    'trojan=example.com:443, password=password1, tls-verification=false, fast-open=true, udp-relay=true, tls13=true, over-tls=true, tls-host=sni.example.com, tag=trojan',
   );
   t.is(
     quantumult.getQuantumultXNodes([
@@ -384,6 +384,6 @@ test('getQuantumultXNodes', (t) => {
         },
       },
     ]),
-    'trojan=example.com:443, password=password1, over-tls=true, tls-verification=false, tls-host=sni.example.com, fast-open=true, udp-relay=true, tls13=true, obfs=wss, obfs-uri=/ws, obfs-host=example.com, tag=trojan',
+    'trojan=example.com:443, password=password1, tls-verification=false, fast-open=true, udp-relay=true, tls13=true, obfs=wss, obfs-uri=/ws, obfs-host=sni.example.com, tag=trojan',
   );
 });

lib/utils/quantumult.ts

@@ -296,23 +296,40 @@ export const getQuantumultXNodes = function (
           const config = [
             `${nodeConfig.hostname}:${nodeConfig.port}`,
             ...pickAndFormatStringList(nodeConfig, ['password']),
-            'over-tls=true',
             `tls-verification=${nodeConfig.skipCertVerify !== true}`,
-            ...(nodeConfig.sni ? [`tls-host=${nodeConfig.sni}`] : []),
             ...(nodeConfig.tfo ? [`fast-open=${nodeConfig.tfo}`] : []),
             ...(nodeConfig['udp-relay'] ? [`udp-relay=true`] : []),
             ...(nodeConfig.tls13 ? [`tls13=${nodeConfig.tls13}`] : []),
           ];
 
           if (nodeConfig.network === 'ws') {
+            /**
+             * The obfs field is only supported with websocket over tls for trojan. When using websocket over
+             * tls you should not set over-tls and tls-host options anymore, instead set obfs=wss and
+             * obfs-host options.
+             */
             config.push('obfs=wss');
 
             if (nodeConfig.wsPath) {
               config.push(`obfs-uri=${nodeConfig.wsPath}`);
             }
-            if (nodeConfig.wsHeaders && nodeConfig.wsHeaders.host) {
-              config.push(`obfs-host=${nodeConfig.wsHeaders.host}`);
 
+            const hostHeader = nodeConfig?.wsHeaders?.host;
+            const sni = nodeConfig.sni;
+
+            if (sni) {
+              config.push(`obfs-host=${sni}`);
+            } else if (hostHeader) {
+              config.push(`obfs-host=${hostHeader}`);
+            }
+
+            if (sni && hostHeader) {
+              logger.warn(
+                `Quantumult X 不支持同时定义 sni 和 wsHeaders.host，配置以 sni 为准，节点 ${nodeConfig.nodeName} 可能不可用`,
+              );
+            }
+
+            if (nodeConfig?.wsHeaders) {
               // istanbul ignore next
               if (
                 Object.keys(_.omit(nodeConfig.wsHeaders, ['host'])).length > 0
@@ -322,6 +339,12 @@ export const getQuantumultXNodes = function (
                 );
               }
             }
+          } else {
+            config.push('over-tls=true');
+
+            if (nodeConfig.sni) {
+              config.push(`tls-host=${nodeConfig.sni}`);
+            }
           }
 
           config.push(`tag=${nodeConfig.nodeName}`);

test/snapshots/cli.test.ts.md

@@ -42,9 +42,9 @@ Generated by [AVA](https://avajs.dev).
     shadowsocks=us.example.com:443, method=chacha20-ietf-poly1305, password=password, obfs=wss, obfs-host=gateway-carry.icloud.com, obfs-uri=/, fast-open=true, tls-verification=true, tag=🇺🇸US 3␊
     shadowsocks=us.example.com:443, method=chacha20-ietf-poly1305, password=password, obfs=tls, obfs-host=gateway-carry.icloud.com, udp-relay=true, fast-open=true, tag=🇺🇸 US␊
     http=us.example.com:443, username=username, password=password, fast-open=true, over-tls=true, tls-verification=true, tls13=true, tag=HTTPS␊
-    trojan=trojan.example.com:443, password=password, over-tls=true, tls-verification=true, tag=trojan node␊
-    trojan=trojan.example.com:443, password=password, over-tls=true, tls-verification=true, tag=🚀 火箭 trojan node␊
-    trojan=trojan.example.com:443, password=password, over-tls=true, tls-verification=true, tag=🎉 foobar trojan node␊
+    trojan=trojan.example.com:443, password=password, tls-verification=true, over-tls=true, tag=trojan node␊
+    trojan=trojan.example.com:443, password=password, tls-verification=true, over-tls=true, tag=🚀 火箭 trojan node␊
+    trojan=trojan.example.com:443, password=password, tls-verification=true, over-tls=true, tag=🎉 foobar trojan node␊
     shadowsocks=us.example.com:443, method=chacha20-ietf-poly1305, password=password, obfs=tls, obfs-host=gateway-carry.icloud.com, tag=🇺🇸US 1␊
     shadowsocks=us.example.com:444, method=chacha20-ietf-poly1305, password=password, tag=🇺🇸US 2␊
     shadowsocks=us.example.com:445, method=chacha20-ietf-poly1305, password=password, obfs=tls, obfs-host=www.bing.com, tag=🇺🇸US 3␊