定期更新数据并生成 gfw.pac

.github/workflows/auto-generate-pac.yml

@@ -0,0 +1,55 @@
+name: Auto Generate PAC File
+
+on:
+  schedule:
+    - cron: '10 0 * * 4'
+  push:
+    paths:
+      - 'gfw-pac.py'
+      - 'pac-template'
+      - 'local-tlds.txt'
+      - 'direct-domains.txt'
+      - 'proxy-domains.txt'
+      - 'cidrs-cn.txt'
+  workflow_dispatch:
+
+jobs:
+  update-gfw-pac:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Check if gfw.pac is in the commit
+        id: check-file
+        run: |
+          if git diff --name-only HEAD^ HEAD | grep -q 'gfw\.pac'; then
+            echo "file-exists=true" >> $GITHUB_ENV
+          else
+            echo "file-exists=false" >> $GITHUB_ENV
+          fi
+
+      - name: Download the latest cn.txt
+        if: env.file-exists == 'false'
+        run: curl -L https://raw.githubusercontent.com/Loyalsoldier/geoip/release/text/cn.txt -o cidrs-cn.txt
+
+      - name: Run gfw-pac.py script
+        if: env.file-exists == 'false'
+        run: ./gfw-pac.py -f gfw.pac -p "PROXY 127.0.0.1:3128" --proxy-domains=proxy-domains.txt --direct-domains=direct-domains.txt --localtld-domains=local-tlds.txt --ip-file=cidrs-cn.txt
+
+      - name: Commit and push changes
+        if: env.file-exists == 'false'
+        run: |
+          last_commit_message=$(git log -1 --pretty=%B)
+          commit_message=$([[ "${{ github.event_name }}" == "schedule" ]] && echo "定期更新数据并生成 gfw.pac" || echo "自动生成 gfw.pac: $last_commit_message")
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          git add -A
+          git commit -a -m "${commit_message}"
+          git push
+
+      - name: Trigger Auto-Release
+        if: env.file-exists == 'false'
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: Auto Generate Release

.github/workflows/auto-release.yml

@@ -13,8 +13,6 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-        env:
-          GH_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
         with:
           fetch-depth: 0
 
@@ -23,20 +21,17 @@ jobs:
           git config --global user.name "GitHub Actions"
           git config --global user.email "actions@github.com"
 
-      - name: Get commit count for today
+      - name: Generate Release Name
         id: commit_count
-        env:
-          GH_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
         run: |
-          today=$(date +%Y%m%d)
+          today=$(TZ=Asia/Shanghai date +%Y%m%d)
           commit_count=$(TZ=Asia/Shanghai git log --date=local --since="$today 00:00:00" --until="$today 23:59:59" --pretty=format: --name-only | grep -c '^gfw.pac$')
           echo "COMMIT_COUNT=$commit_count" >> $GITHUB_ENV
           echo "RELEASE_NAME=v$(TZ='Asia/Shanghai' date +%Y%m%d).$commit_count" >> $GITHUB_ENV
+          echo "COMMIT_MESSAGE=$(git log -1 --pretty=%B)" >> $GITHUB_ENV
 
       - name: Create Tag
         id: create_tag
-        env:
-          GH_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
         run: |
           git tag "${{ env.RELEASE_NAME }}"
           git push origin ${{ env.RELEASE_NAME }}
@@ -44,16 +39,10 @@ jobs:
       - name: Create Release
         id: create_release
         uses: softprops/action-gh-release@v2
-        env:
-          GH_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
         with:
           tag_name: "${{ env.RELEASE_NAME }}"
           name: "${{ env.RELEASE_NAME }}"
-          body: "Automatically generated release for pac file update"
+          body: "${{ env.COMMIT_MESSAGE }}"
           draft: false
           prerelease: false
           files: gfw.pac
-
-      - name: Verify Release
-        run: |
-          echo "Release created with name ${{ env.RELEASE_NAME }}"

.github/workflows/auto-update-gfw-pac.yml

@@ -1,38 +0,0 @@
-name: GFW PAC Update
-
-on:
-  schedule:
-    - cron: '0 0 */7 * *'
-  workflow_dispatch:
-
-jobs:
-  update-gfw-pac:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        env:
-          GH_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
-        uses: actions/checkout@v4
-
-      - name: Download cn.txt
-        run: curl https://raw.githubusercontent.com/Loyalsoldier/geoip/refs/heads/release/text/cn.txt -o cidrs-cn.txt
-
-      - name: Run gfw-pac.py script
-        run: ./gfw-pac.py -f gfw.pac -p "PROXY 127.0.0.1:3128" --proxy-domains=proxy-domains.txt --direct-domains=direct-domains.txt --localtld-domains=local-tlds.txt --ip-file=cidrs-cn.txt
-
-      - name: Commit changes
-        env:
-          GH_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
-        run: |
-          git config --local user.email "action@github.com"
-          git config --local user.name "GitHub Action"
-          git add .
-          git commit -a -m "自动更新 gfw.pac"
-
-      - name: Push changes
-        uses: ad-m/github-push-action@master
-        env:
-          GH_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
-        with:
-          github_token: ${{ secrets.PERSONAL_TOKEN }}
-          branch: master

.gitignore

@@ -43,3 +43,5 @@ $RECYCLE.BIN/
 
 # Windows shortcuts
 *.lnk
+
+test.js

README.md

@@ -2,7 +2,7 @@
 
 科学上网 PAC 文件以及生成器。通过自定义域名和 CNIP 地址生成 PAC(Proxy auto-config) 文件。对存在于自定义域名和解析出的IP不是CNIP的域名使用代理，支持IPv6。
 
-**此仓库每 7 天自动通过 GitHub Action 从 `Loyalsoldier/geoip` 获取国内地址段并更新 `gfw.pac` 文件**
+**此仓库每周四自动通过 GitHub Action 从 `Loyalsoldier/geoip` 同步数据并更新 `gfw.pac` 文件**
 
 ## 特性
 * 开箱即用，直接可用的 `gfw.pac` 包含了常用的直连域名和代理域名以及国内IPv4/IPv6地址段

direct-domains.txt

@@ -69,8 +69,18 @@ douyinstatic.com
 douyinvod.com
 supercachenode.com
 bytedance.com
+bytedanceapi.com
 bytescm.com
 bytecdn.cn
+byteoc.com
+bytednsdoc.com
+bytetcc.com
+feishu.cn
+feishucdn.com
+toutiao.com
+toutiaoimg.com
+toutiaostatic.com
+yhgfb-cn-static.com
 cmbchina.com
 mi.com
 xiaomi.com
@@ -80,69 +90,39 @@ meituan.com
 meituan.net
 sogou.com
 dianping.com
-o.pki.goog
-www.googletagmanager.com
-www.google-analytics.com
-pagead2.googlesyndication.com
-adservice.google.com
-fonts.googleapis.com
-safebrowsing.googleapis.com
-fonts.gstatic.com
-www.gstatic.com
-ssl.gstatic.com
 quark.cn
+wps.cn
+wpscdn.cn
+xiaohongshu.com
+xhscdn.com
 push.apple.com
-time-ios.apple.com
-time.apple.com
-time-macos.apple.com
 setup.icloud.com
-www.apple.com.cn
-play.itunes.apple.com
 appldnld.apple.com
-configuration.apple.com
-mesu.apple.com
 oscdn.apple.com
 osrecovery.apple.com
-skl.apple.com
 swcdn.apple.com
 swdist.apple.com
 swdownload.apple.com
 swscan.apple.com
 updates-http.cdn-apple.com
 updates.cdn-apple.com
-xp.apple.com
 audiocontentdownload.apple.com
 devimages-cdn.apple.com
 devstreaming-cdn.apple.com
-icloud.cdn-apple.com
-iosdm-cn.cdn-apple.com
-js-cdn.music.apple.com
 oscdn.apple.com
-speed-test-cnc.cdn-apple.com
-download.developer.apple.com
-playgrounds-assets-cdn.apple.com
-sylvan.apple.com
-diagassets.apple.com
-doh.dns.apple.com
 certs.apple.com
-crl.apple.com
 ocsp.apple.com
 ocsp2.apple.com
 valid.apple.com
 appleid.cdn-apple.com
-apzones.com
 icloud.com.cn
 guzzoni.apple.com
 app-site-association.cdn-apple.com
 smp-device-content.apple.com
 idv.cdn-apple.com
-weatherkit.apple.com
 adcdownload.apple.com
 alpdownloadit.cdn-apple.com
 bricks.cdn-apple.com
-pancake.apple.com
-storage.live.com
-blob.core.windows.net
 self.events.data.microsoft.com
 mobile.events.data.microsoft.com
 browser.events.data.microsoft.com
@@ -150,3 +130,9 @@ ocsp.globalsign.com
 ocsp2.globalsign.com
 ocsp.digicert.cn
 ocsp.dcocsp.cn
+api.onedrive.com
+storage.live.com
+skyapi.live.net
+roaming.officeapps.live.com
+blob.core.windows.net
+default.exp-tas.com

gfw-pac.py

@@ -1,12 +1,10 @@
 #!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
-import urllib.parse
 import json
 import urllib.request, urllib.error, urllib.parse
 from argparse import ArgumentParser
 import ipaddress
-import json
 
 def parse_args():
     parser = ArgumentParser()
@@ -22,23 +20,25 @@ def parse_args():
                         help='直连的域名文件，每行一个')
     parser.add_argument('--localtld-domains', dest='localtld_rule',
                         help='本地 TLD 规则文件, 不走代理, 每行一个，以 . 开头')
-    parser.add_argument('--ip-file', dest='ip_file',
+    parser.add_argument('--ip-file', dest='ip_file', required=True,
                         help='中国IP地址段文件')
     return parser.parse_args()
 
 def convert_cidr(cidr):
     if '/' in cidr:
         network = ipaddress.ip_network(cidr.strip(), strict=False)
-        network_address = network.network_address
-        prefixlen = network.prefixlen
+        network_address = int(network.network_address) >> (network.max_prefixlen - network.prefixlen)
     else:
         network = ipaddress.ip_address(cidr.strip())
         network_address = network
-        prefixlen = network.max_prefixlen
-    if network.version == 4:
-        return hex(int(network_address))[2:] + '/' + str(prefixlen)
-    else:
-        return network.compressed
+    return hex(int(network_address))[2:]
+
+def longest_common_prefix(str1, str2):
+    min_length = min(len(str1), len(str2))
+    for i in range(min_length):
+        if str1[i] != str2[i]:
+            return str1[:i]
+    return str1[:min_length]
 
 def generate_cnip_cidrs():
     """ 从文件中读取CIDR地址 """
@@ -49,6 +49,22 @@ def generate_cnip_cidrs():
         for cidr in cidrs:
             converted_cidrs.append(convert_cidr(cidr))
 
+    converted_cidrs.sort(key=lambda x: (len(x), x), reverse=False)
+    converted_cidrs_clone = converted_cidrs[:]
+    
+    lastFullCidr = ''
+    for i in range(len(converted_cidrs)):
+        prevCidr = converted_cidrs_clone[i-1] if i > 0 else ''
+        currentCidr = converted_cidrs[i]
+        if len(prevCidr) != len(currentCidr):
+            lastFullCidr = currentCidr
+            continue
+        prefix = longest_common_prefix(lastFullCidr, currentCidr)
+        if len(prefix) < len(lastFullCidr)//1.2:
+            lastFullCidr = currentCidr
+            continue
+        converted_cidrs[i] = '~' + currentCidr[len(prefix):]
+    
     cidr_list = ','.join(converted_cidrs)
     return f"'{cidr_list}'.split(',')"
 

pac-template

@@ -10,35 +10,45 @@ var localTlds = __LOCAL_TLDS__;
 
 var cidrs = __CIDRS__;
 
-var hasOwnProperty = Object.hasOwnProperty;
-
 function isIpAddress(ip) {
     return /^\d{1,3}(\.\d{1,3}){3}$/.test(ip) || /^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}$/.test(ip);
 }
 
 function RadixTree() {
-    this.root = {};
+    this.root = new Map();
 }
 
 RadixTree.prototype.insert = function(string) {
     var node = this.root;
     for (var i = 0; i < string.length; i++) {
         var char = string[i];
-        if (!node[char]) {
-            node[char] = {};
+        if (!node.has(char)) {
+            node.set(char, new Map());
         }
-        node = node[char];
+        node = node.get(char);
     }
 };
 
-RadixTree.prototype.to_list = function() {
-    return this.root;
-};
+RadixTree.prototype.search = function(string) {
+    var currentNode = this.root;
+    var isLastNode = false;
+    for (var i=0; i < string.length; i++) {
+        var char = string[i];
+        if (currentNode.has(char)) {
+            currentNode = currentNode.get(char);
+            isLastNode = currentNode.size === 0;
+        } else {
+            break;
+        }
+    }
+    return isLastNode;
+}
 
 function ipToBinary(ip) {
+    var bin = ''
     // Check if it's IPv4
     if (/^\d{1,3}(\.\d{1,3}){3}$/.test(ip)) {
-        return ip.split('.').map(function(num) {
+        bin = ip.split('.').map(function(num) {
             return ("00000000" + parseInt(num, 10).toString(2)).slice(-8);
         }).join('');
     } else if (/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}$/.test(ip)) {
@@ -54,25 +64,11 @@ function ipToBinary(ip) {
         var fullAddress = left.concat(Array(zeroGroups + 1).join('0').split('')).concat(right);
         
         // Convert each group to binary and pad to 16 bits
-        return fullAddress.map(function(group) {
+        bin = fullAddress.map(function(group) {
             return ("0000000000000000" + parseInt(group || '0', 16).toString(2)).slice(-16);
         }).join('');
     }
-}
-
-function searchRadixTree(bits) {
-    var currentNode = radixTree;
-    var isLastNode = false;
-    for (var i=0; i<bits.length; i++) {
-        var char = bits[i];
-        if (currentNode[char]) {
-            currentNode = currentNode[char];
-            isLastNode = Object.keys(currentNode).length === 0;
-        } else {
-            break;
-        }
-    }
-    return isLastNode;
+    return bin.replace(/^0+/, '');
 }
   
 function isInDirectDomain(host) {
@@ -142,7 +138,7 @@ function FindProxyForURL(url, host) {
     } else if (isPrivateIp(ip)) {
         debug('域名解析后命中私有 IP 地址', host, ip);
         return direct;
-    } else if (searchRadixTree(ipToBinary(ip))) {
+    } else if (radixTree.search(ipToBinary(ip))) {
         debug('匹配到直连IP', host, ip);
         return direct;
     }
@@ -152,7 +148,7 @@ function FindProxyForURL(url, host) {
 }
 
 var allowAlert = true
-function debug(msg, host, ip) {
+function debug(msg, host='', ip='') {
     if (!allowAlert) {
         return
     }
@@ -166,19 +162,17 @@ function debug(msg, host, ip) {
 var radixTree = new RadixTree();
 
 (function () {
-    var startTime = new Date().getMilliseconds();
-    debug('开始生成 Radix Tree', 'PAC文件载入开始', startTime.toString());
+    debug('开始生成 Radix Tree', 'PAC文件载入开始');
+    lastFullPrefix = ''
     for (let i=0; i<cidrs.length; i++) {
-        var cidr = cidrs[i];
-        var [ip, prefixLen] = cidr.split('/');
-        if (!cidr.includes(':')) {
-            var ip = ip.match(/.{1,2}/g).map(function(byte) {
-                return parseInt(byte, 16);
-            }).join('.');
+        var prefix = cidrs[i];
+        if (prefix.substring(0, 1) !== '~') {
+            lastFullPrefix = prefix
+        } else {
+            prefix = lastFullPrefix.substring(0, lastFullPrefix.length-prefix.length+1) + prefix.substring(1)
         }
-        var bits = ipToBinary(ip).slice(0, prefixLen);
+        var bits = (parseInt(prefix, 16)).toString(2);
         radixTree.insert(bits);
     }
-    radixTree = radixTree.to_list();
     debug('Radix Tree 已生成', 'PAC文件载入完毕', cidrs.length.toString()+'个CIDR条目');
 })();

proxy-domains.txt

@@ -1,9 +1,5 @@
-google.com
 google.com.hk
-googleapis.com
-gstatic.com
-ggpht.com
-googleusercontent.com
+ent.com
 youtube.com
 googlevideo.com
 ytimg.com
@@ -14,12 +10,14 @@ githubassets.com
 bing.com
 bing.cn
 bing.net
+bingapis.com
 live.com
 stackoverflow.com
 wikipedia.org
 godaddy.com
 cloudflare.com
 twitter.com
+x.com
 twimg.com
 docker.com
 facebook.com
@@ -29,3 +27,9 @@ segment.io
 unpkg.com
 jsdelivr.com
 tv.apple.com
+instagram.com
+cdninstagram.com
+reddit.com
+redd.it
+whatsapp.com
+whatsapp.net