From 2e30093ffd962aef7b1a9c4a4383ae23380cf685 Mon Sep 17 00:00:00 2001
From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com>
Date: Sun, 4 Dec 2022 18:24:46 -0500
Subject: [PATCH] Enforce specific none flow for xtls vision

In the past, when user open xtls vision on the server side, plain vless+tls can connect.
Pure tls is known to have certain tls in tls characters.
Now  server need to specify "xtls-rprx-vision,none" for it be able usable on the same port.
---
 infra/conf/vless.go            | 11 ++++++++++-
 proxy/vless/inbound/inbound.go | 20 +++++++++++++++++---
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/infra/conf/vless.go b/infra/conf/vless.go
index 1f69c7e4..79c32144 100644
--- a/infra/conf/vless.go
+++ b/infra/conf/vless.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"runtime"
 	"strconv"
+	"strings"
 	"syscall"
 
 	"github.com/golang/protobuf/proto"
@@ -52,7 +53,15 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
 		}
 		account.Id = u.String()
 
-		switch account.Flow {
+		accountFlow := account.Flow
+		flows := strings.Split(account.Flow, ",")
+		for _, f := range flows {
+			t := strings.TrimSpace(f)
+			if t != "none" {
+				accountFlow = t
+			}
+		}
+		switch accountFlow {
 		case "", vless.XRO, vless.XRD, vless.XRV:
 		case vless.XRS:
 			return nil, newError(`VLESS clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`)
diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go
index daa6cde9..c092ebef 100644
--- a/proxy/vless/inbound/inbound.go
+++ b/proxy/vless/inbound/inbound.go
@@ -441,10 +441,20 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 
 	var netConn net.Conn
 	var rawConn syscall.RawConn
-
+	allowNoneFlow := false
+	accountFlow := account.Flow
+	flows := strings.Split(account.Flow, ",")
+	for _, f := range flows {
+		t := strings.TrimSpace(f)
+		if t == "none" {
+			allowNoneFlow = true
+		} else {
+			accountFlow = t
+		}
+	}
 	switch requestAddons.Flow {
 	case vless.XRO, vless.XRD, vless.XRV:
-		if account.Flow == requestAddons.Flow {
+		if accountFlow == requestAddons.Flow {
 			switch request.Command {
 			case protocol.RequestCommandMux:
 				return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
@@ -481,7 +491,11 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 		} else {
 			return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
 		}
-	case "":
+	case "", "none":
+		if accountFlow == vless.XRV && !allowNoneFlow {
+			return newError(account.ID.String() + " is not able to use " + vless.XRV + 
+			". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning()
+		}
 	default:
 		return newError("unknown request flow " + requestAddons.Flow).AtWarning()
 	}