Skip to content

feat(vless-enc): support Post-Quantum (ML-KEM-768) auth choice#1

Merged
UIMAK merged 2 commits into
UIMAK:mainfrom
YOUIMARK:feat/vless-enc-pq-auth
Jul 6, 2026
Merged

feat(vless-enc): support Post-Quantum (ML-KEM-768) auth choice#1
UIMAK merged 2 commits into
UIMAK:mainfrom
YOUIMARK:feat/vless-enc-pq-auth

Conversation

@YOUIMARK

@YOUIMARK YOUIMARK commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Summary

Add authentication algorithm selection (X25519 vs ML-KEM-768 Post-Quantum) when creating VLESS-ENC nodes.

Changes

  • _generate_vless_enc_keys\ now accepts auth_type parameter (x25519 | mlkem768)
  • New format detection: awk section-oriented parsing for dual-section \xray vlessenc\ output (v25.9+)
  • Backward compatible: falls back to jq -> grep+sed when no \Authentication:\ lines found
  • Node metadata gains \�uth\ field, node list table shows auth column
  • ML-KEM-768 creation shows client compatibility tip

Verification

  • bash -n all 11 shell files: PASS
  • Template JSON validation 8/8: PASS
  • Duplicate function check: PASS

Summary by CodeRabbit

  • New Features

    • VLESS+ENC 节点创建新增认证算法选择(默认与备选),并将选择持久化到节点信息中。
    • 节点列表新增“认证”列;节点详情页在可用时展示“认证算法”信息与客户端兼容提示。
  • Bug Fixes

    • 优化对新版/非标准 VLESS+ENC 输出的解析与密钥提取逻辑,提升兼容性与准确性。
    • 在输出非纯 JSON 或包含额外文本时启用兜底解析,减少关键信息缺失。

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: a52b0727-a895-4990-b0ad-3cc92edaa02d

📥 Commits

Reviewing files that changed from the base of the PR and between 0a526c5 and 38723c6.

📒 Files selected for processing (1)
  • lib/50-nodes.sh

📝 Walkthrough

Walkthrough

本 PR 为 VLESS+ENC 节点创建增加认证算法选择(x25519 或 mlkem768),并将该选择写入节点元数据。节点查看界面同步显示认证信息。

Changes

VLESS+ENC 认证算法支持

Layer / File(s) Summary
密钥生成解析
lib/50-nodes.sh
_generate_vless_enc_keys 接收认证类型参数,并按新的 Authentication: 分区或旧格式提取 decryption/encryption
创建流程与元数据写入
lib/50-nodes.sh
_add_vless_enc 提供认证算法选择,调用密钥生成时传入 AUTH_TYPE,并把 auth 写入节点元数据及创建提示。
节点查看展示
lib/50-nodes.sh
节点列表新增认证列,节点详情在存在认证值时输出认证算法。

Estimated code review effort: 3 (Moderate) | ~25 minutes

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant AddVlessEnc as _add_vless_enc
    participant KeyGen as _generate_vless_enc_keys
    participant Metadata as Node Metadata Store
    participant Viewer as _view_nodes

    User->>AddVlessEnc: 选择认证算法
    AddVlessEnc->>KeyGen: 传入 AUTH_TYPE
    KeyGen->>KeyGen: 解析 Authentication 分区或回退提取
    KeyGen-->>AddVlessEnc: 返回密钥
    AddVlessEnc->>Metadata: 写入 auth、flow、keys
    User->>Viewer: 查看节点列表/详情
    Viewer->>Metadata: 读取 auth
    Metadata-->>Viewer: 返回认证值或 —
    Viewer-->>User: 显示认证列/认证算法
Loading
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed 标题准确概括了本次对 VLESS-ENC 认证算法选择的支持,并点出了 ML-KEM-768 这一核心新增选项。
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@lib/50-nodes.sh`:
- Around line 1019-1058: The fallback parsing in the vlessenc handling is not
section-aware, so it can grab the first decryption/encryption values from the
whole output instead of the selected Authentication block. Update the parsing in
the relevant vlessenc logic to keep the grep + sed fallback scoped to the
auth_type-selected Authentication section, using the same section detection
approach as the awk branches. If the selected block cannot be matched, leave
VLESS_ENC_DECRYPTION and VLESS_ENC_ENCRYPTION empty so the caller can fail
rather than guessing.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: ced6647c-5ee0-4044-92f7-68b3dd15fb49

📥 Commits

Reviewing files that changed from the base of the PR and between e8561f1 and 0a526c5.

📒 Files selected for processing (1)
  • lib/50-nodes.sh

Comment thread lib/50-nodes.sh
UIMAK added 2 commits July 6, 2026 16:34
Add X25519/ML-KEM-768 auth algorithm selection. Parse new dual-section xray vlessenc output with awk, fallback to jq/grep+sed for old format. Add auth field to node metadata, show auth column in node list.
When new 'Authentication:' section format is detected but awk parsing fails, the non-section-aware jq/grep+sed fallback could silently grab X25519 keys instead of the selected ML-KEM-768 keys. Fix: if/else gate so old-format fallback only runs when no Authentication: lines are present. Add section-aware grep+sed fallback within the new-format branch: awk narrows to target section first, then grep+sed extracts values from only those lines.
@YOUIMARK YOUIMARK force-pushed the feat/vless-enc-pq-auth branch from 0a526c5 to 38723c6 Compare July 6, 2026 08:40
@UIMAK UIMAK merged commit c046a75 into UIMAK:main Jul 6, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants