Improve the clients/find API response

2024-11-22 04:55:33 +03:00 · 2020-09-08 13:56:45 +03:00 · 2020-09-08 13:56:45 +03:00 · 2c12d5f860
commit 2c12d5f860
parent 49a5bab267
8 changed files with 103 additions and 80 deletions
--- a/AGHTechDoc.md
+++ b/AGHTechDoc.md
@ -940,7 +940,7 @@ Error response (Client not found):
 ### API: Find clients by IP

 This method returns the list of clients (manual and auto-clients) matching the IP list.
-For auto-clients only `name`, `ids`, `whois_info`, `disallowed` fields are set.  Other fields are empty.
+For auto-clients only `name`, `ids`, `whois_info`, `disallowed`, and `disallowed_rule` fields are set.  Other fields are empty.

 Request:

@ -967,17 +967,15 @@ Response:
 				...
 			}

-			"disallowed": "..."
+			"disallowed": false,
+			"disallowed_rule": "..."
 		}
 	}
 	...
 	]

-`disallowed`:
-* "": IP is allowed
-* not "", e.g. "127.0.0.0/24" - IP is disallowed by "disallowed IP list", and the string contains the matched rule (IP or CIDR)
-* "not-in-allowed-list" - IP is disallowed by "allowed IP list"
-
+* `disallowed` - whether the client's IP is blocked or not.
+* `disallowed_rule` - the rule due to which the client is disallowed. If `disallowed` is `true`, and this string is empty - it means that the client IP is disallowed by the "allowed IP list", i.e. it is not included in allowed.

 ## DNS general settings

--- a/dnsforward/access.go
+++ b/dnsforward/access.go
@ -80,6 +80,9 @@ func processIPCIDRArray(dst *map[string]bool, dstIPNet *[]net.IPNet, src []strin
 }

 // IsBlockedIP - return TRUE if this client should be blocked
+// Returns the item from the "disallowedClients" list that lead to blocking IP.
+// If it returns TRUE and an empty string, it means that the "allowedClients" is not empty,
+// but the ip does not belong to it.
 func (a *accessCtx) IsBlockedIP(ip string) (bool, string) {
 	a.lock.Lock()
 	defer a.lock.Unlock()
@ -99,7 +102,7 @@ func (a *accessCtx) IsBlockedIP(ip string) (bool, string) {
 			}
 		}

-		return true, "not-in-allowed-list"
+		return true, ""
 	}

 	_, ok := a.disallowedClients[ip]
--- a/dnsforward/access_test.go
+++ b/dnsforward/access_test.go
@ -0,0 +1,73 @@
+package dnsforward
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIsBlockedIPAllowed(t *testing.T) {
+	a := &accessCtx{}
+	assert.True(t, a.Init([]string{"1.1.1.1", "2.2.0.0/16"}, nil, nil) == nil)
+
+	disallowed, disallowedRule := a.IsBlockedIP("1.1.1.1")
+	assert.False(t, disallowed)
+	assert.Equal(t, "", disallowedRule)
+
+	disallowed, disallowedRule = a.IsBlockedIP("1.1.1.2")
+	assert.True(t, disallowed)
+	assert.Equal(t, "", disallowedRule)
+
+	disallowed, disallowedRule = a.IsBlockedIP("2.2.1.1")
+	assert.False(t, disallowed)
+	assert.Equal(t, "", disallowedRule)
+
+	disallowed, disallowedRule = a.IsBlockedIP("2.3.1.1")
+	assert.True(t, disallowed)
+	assert.Equal(t, "", disallowedRule)
+}
+
+func TestIsBlockedIPDisallowed(t *testing.T) {
+	a := &accessCtx{}
+	assert.True(t, a.Init(nil, []string{"1.1.1.1", "2.2.0.0/16"}, nil) == nil)
+
+	disallowed, disallowedRule := a.IsBlockedIP("1.1.1.1")
+	assert.True(t, disallowed)
+	assert.Equal(t, "1.1.1.1", disallowedRule)
+
+	disallowed, disallowedRule = a.IsBlockedIP("1.1.1.2")
+	assert.False(t, disallowed)
+	assert.Equal(t, "", disallowedRule)
+
+	disallowed, disallowedRule = a.IsBlockedIP("2.2.1.1")
+	assert.True(t, disallowed)
+	assert.Equal(t, "2.2.0.0/16", disallowedRule)
+
+	disallowed, disallowedRule = a.IsBlockedIP("2.3.1.1")
+	assert.False(t, disallowed)
+	assert.Equal(t, "", disallowedRule)
+}
+
+func TestIsBlockedIPBlockedDomain(t *testing.T) {
+	a := &accessCtx{}
+	assert.True(t, a.Init(nil, nil, []string{"host1",
+		"host2",
+		"*.host.com",
+		"||host3.com^",
+	}) == nil)
+
+	// match by "host2.com"
+	assert.True(t, a.IsBlockedDomain("host1"))
+	assert.True(t, a.IsBlockedDomain("host2"))
+	assert.True(t, !a.IsBlockedDomain("host3"))
+
+	// match by wildcard "*.host.com"
+	assert.True(t, !a.IsBlockedDomain("host.com"))
+	assert.True(t, a.IsBlockedDomain("asdf.host.com"))
+	assert.True(t, a.IsBlockedDomain("qwer.asdf.host.com"))
+	assert.True(t, !a.IsBlockedDomain("asdf.zhost.com"))
+
+	// match by wildcard "||host3.com^"
+	assert.True(t, a.IsBlockedDomain("host3.com"))
+	assert.True(t, a.IsBlockedDomain("asdf.host3.com"))
+}
--- a/dnsforward/dnsforward_test.go
+++ b/dnsforward/dnsforward_test.go
@ -874,58 +874,6 @@ func publicKey(priv interface{}) interface{} {
 	}
 }

-func TestIsBlockedIPAllowed(t *testing.T) {
-	a := &accessCtx{}
-	assert.True(t, a.Init([]string{"1.1.1.1", "2.2.0.0/16"}, nil, nil) == nil)
-
-	disallowed, _ := a.IsBlockedIP("1.1.1.1")
-	assert.False(t, disallowed)
-	disallowed, _ = a.IsBlockedIP("1.1.1.2")
-	assert.True(t, disallowed)
-	disallowed, _ = a.IsBlockedIP("2.2.1.1")
-	assert.False(t, disallowed)
-	disallowed, _ = a.IsBlockedIP("2.3.1.1")
-	assert.True(t, disallowed)
-}
-
-func TestIsBlockedIPDisallowed(t *testing.T) {
-	a := &accessCtx{}
-	assert.True(t, a.Init(nil, []string{"1.1.1.1", "2.2.0.0/16"}, nil) == nil)
-
-	disallowed, _ := a.IsBlockedIP("1.1.1.1")
-	assert.True(t, disallowed)
-	disallowed, _ = a.IsBlockedIP("1.1.1.2")
-	assert.False(t, disallowed)
-	disallowed, _ = a.IsBlockedIP("2.2.1.1")
-	assert.True(t, disallowed)
-	disallowed, _ = a.IsBlockedIP("2.3.1.1")
-	assert.False(t, disallowed)
-}
-
-func TestIsBlockedIPBlockedDomain(t *testing.T) {
-	a := &accessCtx{}
-	assert.True(t, a.Init(nil, nil, []string{"host1",
-		"host2",
-		"*.host.com",
-		"||host3.com^",
-	}) == nil)
-
-	// match by "host2.com"
-	assert.True(t, a.IsBlockedDomain("host1"))
-	assert.True(t, a.IsBlockedDomain("host2"))
-	assert.True(t, !a.IsBlockedDomain("host3"))
-
-	// match by wildcard "*.host.com"
-	assert.True(t, !a.IsBlockedDomain("host.com"))
-	assert.True(t, a.IsBlockedDomain("asdf.host.com"))
-	assert.True(t, a.IsBlockedDomain("qwer.asdf.host.com"))
-	assert.True(t, !a.IsBlockedDomain("asdf.zhost.com"))
-
-	// match by wildcard "||host3.com^"
-	assert.True(t, a.IsBlockedDomain("host3.com"))
-	assert.True(t, a.IsBlockedDomain("asdf.host3.com"))
-}
-
 func TestValidateUpstream(t *testing.T) {
 	invalidUpstreams := []string{"1.2.3.4.5",
 		"123.3.7m",
--- a/home/clients.go
+++ b/home/clients.go
@ -80,7 +80,8 @@ type clientsContainer struct {
 	// dhcpServer is used for looking up clients IP addresses by MAC addresses
 	dhcpServer *dhcpd.Server

-	DNSServer *dnsforward.Server
+	// dnsServer is used for checking clients IP status access list status
+	dnsServer *dnsforward.Server

 	autoHosts *util.AutoHosts // get entries from system hosts-files

--- a/home/clients_http.go
+++ b/home/clients_http.go
@ -24,10 +24,14 @@ type clientJSON struct {

 	WhoisInfo map[string]interface{} `json:"whois_info"`

-	// * "": IP is allowed
-	// * not "", e.g. "127.0.0.0/24" - IP is disallowed by "disallowed IP list", and the string contains the matched rule (IP or CIDR)
-	// * "not-in-allowed-list" - IP is disallowed by "allowed IP list"
-	Disallowed string `json:"disallowed"`
+	// Disallowed - if true -- client's IP is not disallowed
+	// Otherwise, it is blocked.
+	Disallowed bool `json:"disallowed"`
+
+	// DisallowedRule - the rule due to which the client is disallowed
+	// If Disallowed is true, and this string is empty - it means that the client IP
+	// is disallowed by the "allowed IP list", i.e. it is not included in allowed.
+	DisallowedRule string `json:"disallowed_rule"`
 }

 type clientHostJSON struct {
@ -45,7 +49,7 @@ type clientListJSON struct {
 }

 // respond with information about configured clients
-func (clients *clientsContainer) handleGetClients(w http.ResponseWriter, r *http.Request) {
+func (clients *clientsContainer) handleGetClients(w http.ResponseWriter, _ *http.Request) {
 	data := clientListJSON{}

 	clients.lock.Lock()
@ -257,20 +261,12 @@ func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http
 			}
 			cj := clientHostToJSON(ip, ch)

-			disallowed, disallowedRule := clients.DNSServer.IsBlockedIP(ip)
-			if disallowed {
-				cj.Disallowed = disallowedRule
-			}
-
+			cj.Disallowed, cj.DisallowedRule = clients.dnsServer.IsBlockedIP(ip)
 			el[ip] = cj
 		} else {
 			cj := clientToJSON(&c)

-			disallowed, disallowedRule := clients.DNSServer.IsBlockedIP(ip)
-			if disallowed {
-				cj.Disallowed = disallowedRule
-			}
-
+			cj.Disallowed, cj.DisallowedRule = clients.dnsServer.IsBlockedIP(ip)
 			el[ip] = cj
 		}

--- a/home/dns.go
+++ b/home/dns.go
@ -70,7 +70,7 @@ func initDNSServer() error {
 		p.DHCPServer = Context.dhcpServer
 	}
 	Context.dnsServer = dnsforward.NewServer(p)
-	Context.clients.DNSServer = Context.dnsServer
+	Context.clients.dnsServer = Context.dnsServer
 	dnsConfig := generateServerConfig()
 	err = Context.dnsServer.Prepare(&dnsConfig)
 	if err != nil {
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@ -1796,11 +1796,15 @@ components:
                    items:
                        $ref: "#/components/schemas/WhoisInfo"
                disallowed:
+                    type: boolean
                    description: >
-                        * "": IP is allowed
-                        * not "", e.g. "127.0.0.0/24" - IP is disallowed by "disallowed IP list", and the string contains the matched rule (IP or CIDR)
-                        * "not-in-allowed-list" - IP is disallowed by "allowed IP list"
+                        Whether the client's IP is blocked or not.
+                disallowed_rule:
                    type: string
+                    description: >
+                        The rule due to which the client is disallowed.
+                        If `disallowed` is `true`, and this string is empty - it means that
+                        the client IP is disallowed by the "allowed IP list", i.e. it is not included in allowed list.

        WhoisInfo:
            type: object