From d2e3ae6289b98d89e48350ca65cc9c39743e3df9 Mon Sep 17 00:00:00 2001
From: Nick Peng <pymumu@gmail.com>
Date: Sun, 19 Nov 2023 20:54:56 +0800
Subject: [PATCH] luci: support DOH, DOT server

---
 .../luci/files/luci/i18n/smartdns.zh-cn.po    | 42 +++++++++++++++++++
 .../resources/view/smartdns/smartdns.js       | 26 ++++++++++--
 package/openwrt/files/etc/init.d/smartdns     | 40 +++++++++++-------
 3 files changed, 89 insertions(+), 19 deletions(-)

diff --git a/package/luci/files/luci/i18n/smartdns.zh-cn.po b/package/luci/files/luci/i18n/smartdns.zh-cn.po
index 74113ff..86d3ebe 100644
--- a/package/luci/files/luci/i18n/smartdns.zh-cn.po
+++ b/package/luci/files/luci/i18n/smartdns.zh-cn.po
@@ -86,6 +86,18 @@ msgstr "自定义设置"
 msgid "Do not use these IP addresses."
 msgstr "忽略这些IP地址"
 
+msgid "DOH Server"
+msgstr "DOH服务器"
+
+msgid "DOH Server Port"
+msgstr "DOH服务器端口"
+
+msgid "DOT Server"
+msgstr "DOT服务器"
+
+msgid "DOT Server Port"
+msgstr "DOT服务器端口"
+
 msgid "DNS Block Setting"
 msgstr "域名屏蔽设置"
 
@@ -206,6 +218,12 @@ msgstr "启用TCP服务器。"
 msgid "Enable daily (weekly) auto update."
 msgstr "启用每日（每周）自动更新"
 
+msgid "Enable DOH DNS Server"
+msgstr "启用DOH服务器"
+
+msgid "Enable DOT DNS Server"
+msgstr "启用DOT服务器"
+
 msgid "Update time (every day)"
 msgstr "更新时间（每天）"
 
@@ -477,6 +495,15 @@ msgstr "重启服务"
 msgid "Second Server Settings"
 msgstr "第二DNS服务器"
 
+msgid "Server certificate file path."
+msgstr "服务器证书文件路径。"
+
+msgid "Server certificate key file path."
+msgstr "服务器证书私钥文件路径。"
+
+msgid "Server certificate key file password."
+msgstr "服务器证书私钥文件密码。"
+
 msgid "Serve expired"
 msgstr "缓存过期服务"
 
@@ -489,6 +516,15 @@ msgstr "服务器组%s不存在"
 msgid "Server Name"
 msgstr "服务器名称"
 
+msgid "Server Cert"
+msgstr "服务器证书"
+
+msgid "Server Cert Key"
+msgstr "服务器证书私钥"
+
+msgid "Server Cert Key Pass"
+msgstr "服务器证书私钥密码"
+
 msgid "Set Specific domain ip address."
 msgstr "设置指定域名的IP地址。"
 
@@ -560,6 +596,12 @@ msgstr "跳过Nameserver规则。"
 msgid "SmartDNS"
 msgstr "SmartDNS"
 
+msgid "Smartdns DOH server port."
+msgstr "Smartdns DOH服务器端口号。
+
+msgid "Smartdns DOT server port."
+msgstr "Smartdns DOT服务器端口号。"
+
 msgid "SmartDNS Server"
 msgstr "SmartDNS 服务器"
 
diff --git a/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js b/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js
index 2209c45..530dd09 100644
--- a/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js
+++ b/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js
@@ -242,11 +242,31 @@ return view.extend({
 		o.default = o.disabled;
 
 		o = s.taboption("advanced", form.Value, "doh_server_port", _("DOH Server Port"), _("Smartdns DOH server port."));
-		o.placeholder = 443;
-		o.default = 443;
+		o.placeholder = 843;
+		o.default = 843;
 		o.datatype = "port";
 		o.rempty = false;
-		o.depends('https_server', '1');
+		o.depends('doh_server', '1');
+
+		o = s.taboption("advanced", form.Value, "bind_cert", _("Server Cert"), _("Server certificate file path."));
+		o.datatype = "string";
+		o.placeholder = "/var/etc/smartdns/smartdns/smartdns-cert.pem"
+		o.rempty = true;
+		o.depends('tls_server', '1');
+		o.depends('doh_server', '1');
+	
+		o = s.taboption("advanced", form.Value, "bind_cert_key", _("Server Cert Key"), _("Server certificate key file path."));
+		o.datatype = "string";
+		o.placeholder = "/var/etc/smartdns/smartdns/smartdns-key.pem"
+		o.rempty = false;
+		o.depends('tls_server', '1');
+		o.depends('doh_server', '1');
+
+		o = s.taboption("advanced", form.Value, "bind_cert_key_pass", _("Server Cert Key Pass"), _("Server certificate key file password."));
+		o.datatype = "string";
+		o.rempty = false;
+		o.depends('tls_server', '1');
+		o.depends('doh_server', '1');
 
 		// Support IPV6;
 		o = s.taboption("advanced", form.Flag, "ipv6_server", _("IPV6 Server"), _("Enable IPV6 DNS Server"));
diff --git a/package/openwrt/files/etc/init.d/smartdns b/package/openwrt/files/etc/init.d/smartdns
index c10df2a..041d7b8 100644
--- a/package/openwrt/files/etc/init.d/smartdns
+++ b/package/openwrt/files/etc/init.d/smartdns
@@ -310,11 +310,11 @@ load_domain_rules()
 	[ ! -z "$block_domain_set_file" ] && {
 		[ ! -e "$block_domain_set_file" ] && touch $block_domain_set_file
 		conf_append "domain-set" "-name ${domain_set_name}-block-file -file '$block_domain_set_file'"
-		conf_append "domain-rules" "/domain-set:${domain_set_name}-block-file/ --address #"
+		conf_append "domain-rules" "/domain-set:${domain_set_name}-block-file/ -address #"
 	}
 
 	conf_append "domain-set" "-name ${domain_set_name}-block-list -file /etc/smartdns/domain-block.list"
-	conf_append "domain-rules" "/domain-set:${domain_set_name}-block-list/ --address #"
+	conf_append "domain-rules" "/domain-set:${domain_set_name}-block-list/ -address #"
 }
 
 load_domain_rule_list()
@@ -411,9 +411,10 @@ load_IP_rule_list()
 conf_append_bind()
 {
 	local ADDR=""
-	local port="$1"
-	local devices="$2"
-	local tcp_server="$3"
+	local bind_type="$1"
+	local port="$2"
+	local devices="$3"
+	local device=""
 	local ipv6_server="$4"
 	local ARGS="$5"
 
@@ -430,16 +431,8 @@ conf_append_bind()
 	for device in $devices; do
 		device="@$device"
 		[ "$device" = "@-" ] && device=""
-		conf_append "bind" "$ADDR:$port$device $ARGS"
+		conf_append "$bind_type" "$ADDR:$port$device $ARGS"
 	done
-
-	[ "$tcp_server" = "1" ] && {
-		for device in $devices; do
-			device="@$device"
-			[ "$device" = "@-" ] && device=""
-			conf_append "bind-tcp" "$ADDR:$port$device $ARGS"
-		done
-	}
 }
 
 load_second_server()
@@ -497,7 +490,8 @@ load_second_server()
 	config_get seconddns_server_flags "$section" "seconddns_server_flags" ""
 	[ -z "$seconddns_server_flags" ] || ARGS="$ARGS $seconddns_server_flags"
 
-	conf_append_bind "$seconddns_port" "$device" "$seconddns_tcp_server" "$ipv6_server" "$ARGS"
+	conf_append_bind "bind" "$seconddns_port" "$device" "$ipv6_server" "$ARGS"
+	[ "$seconddns_tcp_server" = "1" ] && conf_append_bind "bind-tcp" "$seconddns_port" "$device" "$ipv6_server" "$ARGS"
 }
 
 conf_append_conf_files()
@@ -545,6 +539,13 @@ load_service()
 	config_get port "$section" "port" "53"
 	config_get ipv6_server "$section" "ipv6_server" "1"
 	config_get tcp_server "$section" "tcp_server" "1"
+	config_get tls_server "$section" "tcp_server" "0"
+	config_get tls_server_port "$section" "tls_server_port" "853"
+	config_get doh_server "$section" "doh_server" "0"
+	config_get doh_server_port "$section" "doh_server_port" "843"
+	config_get bind_cert "$section" "bind_cert" ""
+	config_get bind_cert_key "$section" "bind_cert_key" ""
+	config_get bind_cert_key_pass "$section" "bind_cert_key_pass" ""
 	config_get server_flags "$section" "server_flags" ""
 
 	config_get auto_update_week_time "$section" "auto_update_week_time" "*"
@@ -701,7 +702,14 @@ load_service()
 		[ "$auto_set_dnsmasq" = "0" ] && [ "$old_auto_set_dnsmasq" = "1" ] && stop_forward_dnsmasq "$old_port" "0"
 	}
 
-	conf_append_bind "$port" "$device" "$tcp_server" "$ipv6_server" "$server_flags"
+	conf_append_bind "bind" "$port" "$device" "$ipv6_server" "$server_flags"
+	[ "$tcp_server" = "1" ] && conf_append_bind "bind-tcp" "$port" "$device" "$ipv6_server" "$server_flags"
+	[ "$tls_server" = "1" ] && conf_append_bind "bind-tls" "$tls_server_port" "$device" "$ipv6_server" "$server_flags"
+	[ "$doh_server" = "1" ] && conf_append_bind "bind-https" "$doh_server_port" "$device" "$ipv6_server" "$server_flags"
+
+	[ ! -z "$bind_cert" ] && conf_append "bind-cert-file" "$bind_cert"
+	[ ! -z "$bind_cert_key" ] && conf_append "bind-cert-key-file" "$bind_cert_key"
+	[ ! -z "$bind_cert_key_pass" ] && conf_append "bind-cert-key-pass" "$bind_cert_key_pass"
 
 	load_second_server "$section"