feat: ✨ implement geo-filtering with whitelist and blacklist support

- Added support for geo-filtering in the proxy pool, allowing configuration of allowed and blocked countries via environment variables.
- Updated `.env.example` and `docker-compose.yml` to include `ALLOWED_COUNTRIES` for whitelist functionality.
- Enhanced `CLAUDE.md`, `GEO_FILTER.md`, and `README.md` to document the new geo-filtering features and usage instructions.
- Modified proxy validation logic to prioritize whitelist over blacklist during admission checks.
- Improved WebUI to allow dynamic configuration of geo-filter settings.

validator/validator.go

@@ -208,13 +208,28 @@ func (v *Validator) ValidateOne(p storage.Proxy) (bool, time.Duration, string, s
 		return false, latency, exitIP, exitLocation
 	}
 	
-	// 过滤屏蔽国家出口（根据配置）
-	if v.cfg != nil && len(v.cfg.BlockedCountries) > 0 && len(exitLocation) >= 2 {
+	// 地理过滤：白名单优先，否则走黑名单
+	if v.cfg != nil && len(exitLocation) >= 2 {
 		countryCode := exitLocation[:2]
-		for _, blocked := range v.cfg.BlockedCountries {
-			if countryCode == blocked {
+		if len(v.cfg.AllowedCountries) > 0 {
+			// 白名单模式：不在白名单中则拒绝
+			allowed := false
+			for _, a := range v.cfg.AllowedCountries {
+				if countryCode == a {
+					allowed = true
+					break
+				}
+			}
+			if !allowed {
 				return false, latency, exitIP, exitLocation
 			}
+		} else if len(v.cfg.BlockedCountries) > 0 {
+			// 黑名单模式
+			for _, blocked := range v.cfg.BlockedCountries {
+				if countryCode == blocked {
+					return false, latency, exitIP, exitLocation
+				}
+			}
 		}
 	}