diff --git a/.github/workflows/check-source-domain.yml b/.github/workflows/check-source-domain.yml index d7a124f6a..4bc0fa07b 100644 --- a/.github/workflows/check-source-domain.yml +++ b/.github/workflows/check-source-domain.yml @@ -4,8 +4,8 @@ on: workflow_dispatch: jobs: - build: - name: Build + check: + name: Check runs-on: ubuntu-latest steps: diff --git a/Build/build-domestic-direct-lan-ruleset-dns-mapping-module.ts b/Build/build-domestic-direct-lan-ruleset-dns-mapping-module.ts index 8fd86cab6..e501aded1 100644 --- a/Build/build-domestic-direct-lan-ruleset-dns-mapping-module.ts +++ b/Build/build-domestic-direct-lan-ruleset-dns-mapping-module.ts @@ -1,6 +1,6 @@ // @ts-check import path from 'node:path'; -import { DOMESTICS, DOH_BOOTSTRAP } from '../Source/non_ip/domestic'; +import { DOMESTICS, DOH_BOOTSTRAP, AdGuardHomeDNSMapping } from '../Source/non_ip/domestic'; import { DIRECTS, LAN } from '../Source/non_ip/direct'; import type { DNSMapping } from '../Source/non_ip/direct'; import { readFileIntoProcessedArray } from './lib/fetch-text-by-line'; @@ -186,20 +186,28 @@ export const buildDomesticRuleset = task(require.main === module, __filename)(as span, [ '# Local DNS Mapping for AdGuard Home', - '', + 'tls://1.12.12.12', + 'tls://120.53.53.53', + 'https://1.12.12.12/dns-query', + 'https://120.53.53.53/dns-query', '[//]udp://10.10.1.1:53', - ...dataset.flatMap(({ domains, dns: _dns }) => domains.flatMap((domain) => { - const dns = _dns === 'system' - ? 'udp://10.10.1.1:53' - : _dns; - if ( - // AdGuard Home has built-in AS112 / private PTR handling - domain.endsWith('.arpa') - // Ignore simple hostname - || !domain.includes('.') - ) { - return []; + ...(([DOMESTICS, DIRECTS, LAN] as const).flatMap(Object.values) as DNSMapping[]).flatMap(({ domains, dns: _dns }) => domains.flatMap((domain) => { + let dns; + if (_dns in AdGuardHomeDNSMapping) { + dns = AdGuardHomeDNSMapping[_dns as keyof typeof AdGuardHomeDNSMapping].join(' '); + } else { + console.warn(`Unknown DNS "${_dns}" not in AdGuardHomeDNSMapping`); + dns = _dns; } + + // if ( + // // AdGuard Home has built-in AS112 / private PTR handling + // domain.endsWith('.arpa') + // // Ignore simple hostname + // || !domain.includes('.') + // ) { + // return []; + // } if (domain[0] === '$') { return [ `[/${domain.slice(1)}/]${dns}` diff --git a/Build/build-public.ts b/Build/build-public.ts index e71d596ee..ac750a513 100644 --- a/Build/build-public.ts +++ b/Build/build-public.ts @@ -51,10 +51,12 @@ export const buildPublic = task(require.main === module, __filename)(async (span span, [ '/*', - ' cloudflare-cdn-cache-control: public, max-age=180, stale-while-revalidate=60, stale-if-error=30', + ' cache-control: public, max-age=180, stale-while-revalidate=60, stale-if-error=30', 'https://:project.pages.dev/*', ' X-Robots-Tag: noindex', '/Modules/*', + ' content-type: text/plain; charset=utf-8', + '/List/*', ' content-type: text/plain; charset=utf-8' ], path.join(PUBLIC_DIR, '_headers') diff --git a/Build/lib/fetch-retry.ts b/Build/lib/fetch-retry.ts index 6863c81af..bcd233b03 100644 --- a/Build/lib/fetch-retry.ts +++ b/Build/lib/fetch-retry.ts @@ -7,12 +7,15 @@ import undici, { import type { Dispatcher, - Response + Response, + RequestInit } from 'undici'; +import { BetterSqlite3CacheStore } from 'undici-cache-store-better-sqlite3'; export type UndiciResponseData = Dispatcher.ResponseData; import { inspect } from 'node:util'; +import path from 'node:path'; const agent = new Agent({}); @@ -99,6 +102,11 @@ setGlobalDispatcher(agent.compose( }), interceptors.redirect({ maxRedirections: 5 + }), + interceptors.cache({ + store: new BetterSqlite3CacheStore({ + location: path.resolve(__dirname, '../../.cache/undici-better-sqlite3-cache-store.db') + }) }) )); @@ -133,34 +141,35 @@ export const defaultRequestInit = { } }; -// export async function fetchWithLog(url: string, init?: RequestInit) { -// try { -// const res = await undici.fetch(url, init); -// if (res.status >= 400) { -// throw new ResponseError(res, url); -// } - -// if (!(res.status >= 200 && res.status <= 299) && res.status !== 304) { -// throw new ResponseError(res, url); -// } - -// return res; -// } catch (err: unknown) { -// if (typeof err === 'object' && err !== null && 'name' in err) { -// if (( -// err.name === 'AbortError' -// || ('digest' in err && err.digest === 'AbortError') -// )) { -// console.log(picocolors.gray('[fetch abort]'), url); -// } -// } else { -// console.log(picocolors.gray('[fetch fail]'), url, { name: (err as any).name }, err); -// } - -// throw err; -// } -// } +export async function $$fetch(url: string, init?: RequestInit) { + try { + const res = await undici.fetch(url, init); + if (res.status >= 400) { + throw new ResponseError(res, url); + } + + if (!(res.status >= 200 && res.status <= 299) && res.status !== 304) { + throw new ResponseError(res, url); + } + + return res; + } catch (err: unknown) { + if (typeof err === 'object' && err !== null && 'name' in err) { + if (( + err.name === 'AbortError' + || ('digest' in err && err.digest === 'AbortError') + )) { + console.log(picocolors.gray('[fetch abort]'), url); + } + } else { + console.log(picocolors.gray('[fetch fail]'), url, { name: (err as any).name }, err); + } + + throw err; + } +} +/** @deprecated -- undici.requests doesn't support gzip/br/deflate, and has difficulty w/ undidi cache */ export async function requestWithLog(url: string, opt?: Parameters[1]) { try { const res = await undici.request(url, opt); diff --git a/Source/domainset/cdn.conf b/Source/domainset/cdn.conf index 999f13d87..f9f497fac 100644 --- a/Source/domainset/cdn.conf +++ b/Source/domainset/cdn.conf @@ -596,6 +596,26 @@ embed-ssl.wistia.com cdn.vidible.tv .video-cdn.net demo.unified-streaming.com +.mapi.4kvm.net +.v82u1l.com +.whweitao.com +.fsvod1.com +.szjal.cn +.hdzyk-cdn.com +.wolongzywcdn3.com +.ceres9350.com +.wolongcdnm3u8.com +.img.haiwaikan.com +.cdn.iz8qkg.com +.tokyvideo.com +.hey10.cjkypo.com +.yle888.vip +static-cdn.bytegiftia.top +.ffzy888.com +.image8899.net +.rrcdnbf3.com +.myvideos.info +.vplay.life # vimeo player.vimeo.com .vimeocdn.com @@ -906,6 +926,8 @@ telemetry.business.githubcopilot.com # but they can definitely go through secondary policy .ogads-pa.googleapis.com .ogads-pa.clients6.google.com +# Surge Diagnostic Report Upload, powered by LeanCloud Global +lc.nssurge.com # >> Telegram .cdn-telegram.org @@ -1057,7 +1079,6 @@ app-static.turtl.co .intuitcdn.net adkit.9pub.io .dwcdn.net -tags.bkrtx.com public.flourish.studio players.brightcove.net sync.getpublica.com @@ -1695,6 +1716,7 @@ checkout.stripe.com .stripeassets.com # response header has a x-amz-bucket-region: us-west-2, which means AWS S3 js.stripe.com +connect-js.stripe.com # >> SimilarWeb .similarcdn.com @@ -2421,6 +2443,7 @@ ubistatic-a.ubisoft.com ubistatic2-a.akamaihd.net # >> RedHat +cdn.redhat.com static.redhat.com assets.openshift.com assets.openshift.net @@ -3405,6 +3428,8 @@ assets.vogue.com .sixyik.com .fivetiu.com static.oomol.com +package-assets.oomol.com +registry.oomol.com uploads.sitepoint.com static.gnome.org assets.exercism.org @@ -3741,7 +3766,7 @@ cdn2.edgedatg.com cdn3.edgedatg.com cdn4.edgedatg.com cdn5.edgedatg.com -cdn6.edgedatg. +cdn6.edgedatg.com .dtci-pe-vp-image-resizer.platform.edgedatg.com img.3movs.com image.ap-mail.org @@ -3766,3 +3791,4 @@ cdn.nba.com sp.nba.com tags.nba.com cdn.royaleapi.com +cdn.lemonsqueezy.com diff --git a/Source/domainset/reject_sukka.conf b/Source/domainset/reject_sukka.conf index ea9864457..06653239f 100644 --- a/Source/domainset/reject_sukka.conf +++ b/Source/domainset/reject_sukka.conf @@ -959,6 +959,7 @@ a.tool.lu eas.etherscan.com bitanalytics.casperverswijvelt.be .unifyintent.com +.bkrtx.com # CNAME: dualstack.beaconserver-ce-vpc0-1537565064.eu-west-1.elb.amazonaws.com # note "beaconserver" @@ -2358,7 +2359,7 @@ tongji.tom.com .svd-cdn.com .hola-shopping.com .hola.hk -.hola.ph +# .hola.ph # expired .hola.sk .hola.org .holacdn.com diff --git a/Source/non_ip/domestic.ts b/Source/non_ip/domestic.ts index b22070036..fb00d5dee 100644 --- a/Source/non_ip/domestic.ts +++ b/Source/non_ip/domestic.ts @@ -392,3 +392,12 @@ export const DOH_BOOTSTRAP: Record = { ] } }; + +export const AdGuardHomeDNSMapping = { + system: ['udp://10.10.1.1:53'], + 'https://doh.pub/dns-query': ['tls://1.12.12.12', 'tls://120.53.53.53', 'https://1.12.12.12/dns-query', 'https://120.53.53.53/dns-query'], + 'quic://dns.alidns.com:853': ['quic://223.5.5.5', 'quic://223.6.6.6', 'h3://223.5.5.5/dns-query', 'h3://223.6.6.6/dns-query'], + 'https://doh.360.cn/dns-query': ['https://doh.360.cn/dns-query', 'tls://dot.360.cn'], + '180.76.76.76': ['udp://180.76.76.76'], + '180.184.2.2': ['udp://180.184.2.2', 'udp://180.184.1.1'] +}; diff --git a/Source/non_ip/global.conf b/Source/non_ip/global.conf index 57eebc154..3532ce086 100644 --- a/Source/non_ip/global.conf +++ b/Source/non_ip/global.conf @@ -796,6 +796,7 @@ DOMAIN-SUFFIX,producthunt.com DOMAIN-SUFFIX,proton.me DOMAIN-SUFFIX,phncdn.com DOMAIN-SUFFIX,pusher.com +DOMAIN-SUFFIX,quad9.net DOMAIN-SUFFIX,quora.com DOMAIN-SUFFIX,quoracdn.net DOMAIN-SUFFIX,raspberrypi.com @@ -807,6 +808,7 @@ DOMAIN-SUFFIX,redditmail.com DOMAIN-SUFFIX,redditmedia.com DOMAIN-SUFFIX,redditstatic.com DOMAIN-SUFFIX,redditspace.com +DOMAIN-SUFFIX,redhat.org DOMAIN-SUFFIX,redtube.com DOMAIN-SUFFIX,redtubepremium.com DOMAIN-SUFFIX,render.com diff --git a/Source/non_ip/my_plus.conf b/Source/non_ip/my_plus.conf index 6eedc09ee..15d8ee0b0 100644 --- a/Source/non_ip/my_plus.conf +++ b/Source/non_ip/my_plus.conf @@ -1,27 +1,7 @@ # $ meta_title Sukka's Ruleset - Internal Special # Video CDN -DOMAIN-SUFFIX,mapi.4kvm.net -DOMAIN-SUFFIX,v82u1l.com -DOMAIN-SUFFIX,whweitao.com -DOMAIN-SUFFIX,fsvod1.com -DOMAIN-SUFFIX,szjal.cn -DOMAIN-SUFFIX,hdzyk-cdn.com -DOMAIN-SUFFIX,wolongzywcdn3.com -DOMAIN-SUFFIX,ceres9350.com -DOMAIN-SUFFIX,wolongcdnm3u8.com -DOMAIN-SUFFIX,img.haiwaikan.com -DOMAIN-SUFFIX,cdn.iz8qkg.com -DOMAIN-SUFFIX,tokyvideo.com -DOMAIN-SUFFIX,hey10.cjkypo.com -DOMAIN-SUFFIX,yle888.vip -DOMAIN,static-cdn.bytegiftia.top -DOMAIN,cdn-ms.cosplayeringoodfunk.me -DOMAIN-SUFFIX,ffzy888.com -DOMAIN-SUFFIX,image8899.net -DOMAIN-SUFFIX,rrcdnbf3.com -DOMAIN-SUFFIX,myvideos.info -DOMAIN-SUFFIX,vplay.life + # SKK.MOE DOMAIN,hv-monster-submit.skk.moe # Wakatime diff --git a/package.json b/package.json index cebbb0865..0cba06c8e 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,8 @@ "tinyexec": "^0.3.1", "tldts": "^6.1.68", "tldts-experimental": "^6.1.68", - "undici": "^7.1.0", + "undici": "^7.1.1", + "undici-cache-store-better-sqlite3": "^0.1.1", "whoiser": "^1.18.0", "why-is-node-running": "^3.2.1", "xbits": "^0.2.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index bfa5c1d5f..ab540b2af 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -75,8 +75,11 @@ importers: specifier: ^6.1.68 version: 6.1.68 undici: - specifier: ^7.1.0 - version: 7.1.0 + specifier: ^7.1.1 + version: 7.1.1 + undici-cache-store-better-sqlite3: + specifier: ^0.1.1 + version: 0.1.1(undici@7.1.1) whoiser: specifier: ^1.18.0 version: 1.18.0 @@ -1788,11 +1791,16 @@ packages: engines: {node: '>=14.17'} hasBin: true + undici-cache-store-better-sqlite3@0.1.1: + resolution: {integrity: sha512-F/PxGx+QY3oScnFQ/YGbN7AYtqKLTzps0izFi8LddDaobso3SYXyQORuPcnUd2JbqpdxmLLkvS2zSvG6VPPMpw==} + peerDependencies: + undici: '>=7.0.0' + undici-types@6.20.0: resolution: {integrity: sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==} - undici@7.1.0: - resolution: {integrity: sha512-3+mdX2R31khuLCm2mKExSlMdJsfol7bJkIMH80tdXA74W34rT1jKemUTlYR7WY3TqsV4wfOgpatWmmB2Jl1+5g==} + undici@7.1.1: + resolution: {integrity: sha512-WZkQ6eH9f5ZT93gaIffsbUaDpBwjbpvmMbfaEhOnbdUneurTESeRxwPGwjI28mRFESH3W3e8Togijh37ptOQqA==} engines: {node: '>=20.18.1'} unique-filename@4.0.0: @@ -3644,9 +3652,14 @@ snapshots: typescript@5.7.2: {} + undici-cache-store-better-sqlite3@0.1.1(undici@7.1.1): + dependencies: + better-sqlite3: 11.7.0 + undici: 7.1.1 + undici-types@6.20.0: {} - undici@7.1.0: {} + undici@7.1.1: {} unique-filename@4.0.0: dependencies: