mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-11-28 09:58:52 +03:00
4508ae860e
Squashed commit of the following:
commit a0527b86f10596a86357630117607a3c507e4ac2
Merge: 512edaf2d 9694f19ef
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Wed Jan 17 13:15:18 2024 +0300
Merge branch 'master' into AG-27492-client-persistent-ids
commit 512edaf2dc29f19c4fb7860b0c350a5e4180cda4
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Mon Jan 15 15:50:28 2024 +0300
home: imp docs
commit 4d4b3599918aab8ee6315c7f2f35f70db89e4d02
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Thu Jan 11 20:20:42 2024 +0300
home: imp code
commit 8031347b8613cc49a80968e162dd198851eafe7c
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Thu Jan 11 18:46:20 2024 +0300
home: fix typo
commit 5932b181fe6a0c0bc605070fd9ddcc6617703ab7
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Thu Jan 11 16:52:49 2024 +0300
home: imp code more
commit 9412f5846795acfb68b009491b1045d1e27d8ddc
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Thu Jan 11 15:41:23 2024 +0300
home: imp code
commit 855d3201ab1b176ed5fdd32bce933a7795601a6d
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Wed Jan 10 20:24:49 2024 +0300
home: add tests
commit 112f1bd13acf992b0ba9562c29365b22d5374ec2
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Fri Dec 29 18:29:11 2023 +0300
home: imp code
commit 8b295bfa8968c3767bcfaf05c7f109d75af8c961
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Fri Dec 29 14:58:17 2023 +0300
home: persistent client ids
504 lines
14 KiB
Go
504 lines
14 KiB
Go
package home
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"net/netip"
|
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/client"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/filtering"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/schedule"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/whois"
|
|
)
|
|
|
|
// clientJSON is a common structure used by several handlers to deal with
|
|
// clients. Some of the fields are only necessary in one or two handlers and
|
|
// are thus made pointers with an omitempty tag.
|
|
//
|
|
// TODO(a.garipov): Consider using nullbool and an optional string here? Or
|
|
// split into several structs?
|
|
type clientJSON struct {
|
|
// Disallowed, if non-nil and false, means that the client's IP is
|
|
// allowed. Otherwise, the IP is blocked.
|
|
Disallowed *bool `json:"disallowed,omitempty"`
|
|
|
|
// DisallowedRule is the rule due to which the client is disallowed.
|
|
// If Disallowed is true and this string is empty, the client IP is
|
|
// disallowed by the "allowed IP list", that is it is not included in
|
|
// the allowlist.
|
|
DisallowedRule *string `json:"disallowed_rule,omitempty"`
|
|
|
|
// WHOIS is the filtered WHOIS data of a client.
|
|
WHOIS *whois.Info `json:"whois_info,omitempty"`
|
|
SafeSearchConf *filtering.SafeSearchConfig `json:"safe_search"`
|
|
|
|
// Schedule is blocked services schedule for every day of the week.
|
|
Schedule *schedule.Weekly `json:"blocked_services_schedule"`
|
|
|
|
Name string `json:"name"`
|
|
|
|
// BlockedServices is the names of blocked services.
|
|
BlockedServices []string `json:"blocked_services"`
|
|
IDs []string `json:"ids"`
|
|
Tags []string `json:"tags"`
|
|
Upstreams []string `json:"upstreams"`
|
|
|
|
FilteringEnabled bool `json:"filtering_enabled"`
|
|
ParentalEnabled bool `json:"parental_enabled"`
|
|
SafeBrowsingEnabled bool `json:"safebrowsing_enabled"`
|
|
// Deprecated: use safeSearchConf.
|
|
SafeSearchEnabled bool `json:"safesearch_enabled"`
|
|
UseGlobalBlockedServices bool `json:"use_global_blocked_services"`
|
|
UseGlobalSettings bool `json:"use_global_settings"`
|
|
|
|
IgnoreQueryLog aghalg.NullBool `json:"ignore_querylog"`
|
|
IgnoreStatistics aghalg.NullBool `json:"ignore_statistics"`
|
|
|
|
UpstreamsCacheSize uint32 `json:"upstreams_cache_size"`
|
|
UpstreamsCacheEnabled aghalg.NullBool `json:"upstreams_cache_enabled"`
|
|
}
|
|
|
|
// runtimeClientJSON is a JSON representation of the [client.Runtime].
|
|
type runtimeClientJSON struct {
|
|
WHOIS *whois.Info `json:"whois_info"`
|
|
|
|
IP netip.Addr `json:"ip"`
|
|
Name string `json:"name"`
|
|
Source client.Source `json:"source"`
|
|
}
|
|
|
|
// clientListJSON contains lists of persistent clients, runtime clients and also
|
|
// supported tags.
|
|
type clientListJSON struct {
|
|
Clients []*clientJSON `json:"clients"`
|
|
RuntimeClients []runtimeClientJSON `json:"auto_clients"`
|
|
Tags []string `json:"supported_tags"`
|
|
}
|
|
|
|
// whoisOrEmpty returns a WHOIS client information or a pointer to an empty
|
|
// struct. Frontend expects a non-nil value.
|
|
func whoisOrEmpty(r *client.Runtime) (info *whois.Info) {
|
|
info = r.WHOIS()
|
|
if info != nil {
|
|
return info
|
|
}
|
|
|
|
return &whois.Info{}
|
|
}
|
|
|
|
// handleGetClients is the handler for GET /control/clients HTTP API.
|
|
func (clients *clientsContainer) handleGetClients(w http.ResponseWriter, r *http.Request) {
|
|
data := clientListJSON{}
|
|
|
|
clients.lock.Lock()
|
|
defer clients.lock.Unlock()
|
|
|
|
for _, c := range clients.list {
|
|
cj := clientToJSON(c)
|
|
data.Clients = append(data.Clients, cj)
|
|
}
|
|
|
|
for ip, rc := range clients.ipToRC {
|
|
src, host := rc.Info()
|
|
cj := runtimeClientJSON{
|
|
WHOIS: whoisOrEmpty(rc),
|
|
Name: host,
|
|
Source: src,
|
|
IP: ip,
|
|
}
|
|
|
|
data.RuntimeClients = append(data.RuntimeClients, cj)
|
|
}
|
|
|
|
for _, l := range clients.dhcp.Leases() {
|
|
cj := runtimeClientJSON{
|
|
Name: l.Hostname,
|
|
Source: client.SourceDHCP,
|
|
IP: l.IP,
|
|
WHOIS: &whois.Info{},
|
|
}
|
|
|
|
data.RuntimeClients = append(data.RuntimeClients, cj)
|
|
}
|
|
|
|
data.Tags = clientTags
|
|
|
|
aghhttp.WriteJSONResponseOK(w, r, data)
|
|
}
|
|
|
|
// initPrev initializes the persistent client with the default or previous
|
|
// client properties.
|
|
func initPrev(cj clientJSON, prev *persistentClient) (c *persistentClient, err error) {
|
|
var (
|
|
uid UID
|
|
ignoreQueryLog bool
|
|
ignoreStatistics bool
|
|
upsCacheEnabled bool
|
|
upsCacheSize uint32
|
|
)
|
|
|
|
if prev != nil {
|
|
uid = prev.UID
|
|
ignoreQueryLog = prev.IgnoreQueryLog
|
|
ignoreStatistics = prev.IgnoreStatistics
|
|
upsCacheEnabled = prev.UpstreamsCacheEnabled
|
|
upsCacheSize = prev.UpstreamsCacheSize
|
|
}
|
|
|
|
if cj.IgnoreQueryLog != aghalg.NBNull {
|
|
ignoreQueryLog = cj.IgnoreQueryLog == aghalg.NBTrue
|
|
}
|
|
|
|
if cj.IgnoreStatistics != aghalg.NBNull {
|
|
ignoreStatistics = cj.IgnoreStatistics == aghalg.NBTrue
|
|
}
|
|
|
|
if cj.UpstreamsCacheEnabled != aghalg.NBNull {
|
|
upsCacheEnabled = cj.UpstreamsCacheEnabled == aghalg.NBTrue
|
|
upsCacheSize = cj.UpstreamsCacheSize
|
|
}
|
|
|
|
svcs, err := copyBlockedServices(cj.Schedule, cj.BlockedServices, prev)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("invalid blocked services: %w", err)
|
|
}
|
|
|
|
if (uid == UID{}) {
|
|
uid, err = NewUID()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("generating uid: %w", err)
|
|
}
|
|
}
|
|
|
|
return &persistentClient{
|
|
BlockedServices: svcs,
|
|
UID: uid,
|
|
IgnoreQueryLog: ignoreQueryLog,
|
|
IgnoreStatistics: ignoreStatistics,
|
|
UpstreamsCacheEnabled: upsCacheEnabled,
|
|
UpstreamsCacheSize: upsCacheSize,
|
|
}, nil
|
|
}
|
|
|
|
// jsonToClient converts JSON object to persistent client object if there are no
|
|
// errors.
|
|
func (clients *clientsContainer) jsonToClient(
|
|
cj clientJSON,
|
|
prev *persistentClient,
|
|
) (c *persistentClient, err error) {
|
|
c, err = initPrev(cj, prev)
|
|
if err != nil {
|
|
// Don't wrap the error since it's informative enough as is.
|
|
return nil, err
|
|
}
|
|
|
|
err = c.setIDs(cj.IDs)
|
|
if err != nil {
|
|
// Don't wrap the error since it's informative enough as is.
|
|
return nil, err
|
|
}
|
|
|
|
c.safeSearchConf = copySafeSearch(cj.SafeSearchConf, cj.SafeSearchEnabled)
|
|
c.Name = cj.Name
|
|
c.Tags = cj.Tags
|
|
c.Upstreams = cj.Upstreams
|
|
c.UseOwnSettings = !cj.UseGlobalSettings
|
|
c.FilteringEnabled = cj.FilteringEnabled
|
|
c.ParentalEnabled = cj.ParentalEnabled
|
|
c.SafeBrowsingEnabled = cj.SafeBrowsingEnabled
|
|
c.UseOwnBlockedServices = !cj.UseGlobalBlockedServices
|
|
|
|
if c.safeSearchConf.Enabled {
|
|
err = c.setSafeSearch(
|
|
c.safeSearchConf,
|
|
clients.safeSearchCacheSize,
|
|
clients.safeSearchCacheTTL,
|
|
)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("creating safesearch for client %q: %w", c.Name, err)
|
|
}
|
|
}
|
|
|
|
return c, nil
|
|
}
|
|
|
|
// copySafeSearch returns safe search config created from provided parameters.
|
|
func copySafeSearch(
|
|
jsonConf *filtering.SafeSearchConfig,
|
|
enabled bool,
|
|
) (conf filtering.SafeSearchConfig) {
|
|
if jsonConf != nil {
|
|
return *jsonConf
|
|
}
|
|
|
|
// TODO(d.kolyshev): Remove after cleaning the deprecated
|
|
// [clientJSON.SafeSearchEnabled] field.
|
|
conf = filtering.SafeSearchConfig{
|
|
Enabled: enabled,
|
|
}
|
|
|
|
// Set default service flags for enabled safesearch.
|
|
if conf.Enabled {
|
|
conf.Bing = true
|
|
conf.DuckDuckGo = true
|
|
conf.Google = true
|
|
conf.Pixabay = true
|
|
conf.Yandex = true
|
|
conf.YouTube = true
|
|
}
|
|
|
|
return conf
|
|
}
|
|
|
|
// copyBlockedServices converts a json blocked services to an internal blocked
|
|
// services.
|
|
func copyBlockedServices(
|
|
sch *schedule.Weekly,
|
|
svcStrs []string,
|
|
prev *persistentClient,
|
|
) (svcs *filtering.BlockedServices, err error) {
|
|
var weekly *schedule.Weekly
|
|
if sch != nil {
|
|
weekly = sch.Clone()
|
|
} else if prev != nil && prev.BlockedServices != nil {
|
|
weekly = prev.BlockedServices.Schedule.Clone()
|
|
} else {
|
|
weekly = schedule.EmptyWeekly()
|
|
}
|
|
|
|
svcs = &filtering.BlockedServices{
|
|
Schedule: weekly,
|
|
IDs: svcStrs,
|
|
}
|
|
|
|
err = svcs.Validate()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("validating blocked services: %w", err)
|
|
}
|
|
|
|
return svcs, nil
|
|
}
|
|
|
|
// clientToJSON converts persistent client object to JSON object.
|
|
func clientToJSON(c *persistentClient) (cj *clientJSON) {
|
|
// TODO(d.kolyshev): Remove after cleaning the deprecated
|
|
// [clientJSON.SafeSearchEnabled] field.
|
|
cloneVal := c.safeSearchConf
|
|
safeSearchConf := &cloneVal
|
|
|
|
return &clientJSON{
|
|
Name: c.Name,
|
|
IDs: c.ids(),
|
|
Tags: c.Tags,
|
|
UseGlobalSettings: !c.UseOwnSettings,
|
|
FilteringEnabled: c.FilteringEnabled,
|
|
ParentalEnabled: c.ParentalEnabled,
|
|
SafeSearchEnabled: safeSearchConf.Enabled,
|
|
SafeSearchConf: safeSearchConf,
|
|
SafeBrowsingEnabled: c.SafeBrowsingEnabled,
|
|
|
|
UseGlobalBlockedServices: !c.UseOwnBlockedServices,
|
|
|
|
Schedule: c.BlockedServices.Schedule,
|
|
BlockedServices: c.BlockedServices.IDs,
|
|
|
|
Upstreams: c.Upstreams,
|
|
|
|
IgnoreQueryLog: aghalg.BoolToNullBool(c.IgnoreQueryLog),
|
|
IgnoreStatistics: aghalg.BoolToNullBool(c.IgnoreStatistics),
|
|
|
|
UpstreamsCacheSize: c.UpstreamsCacheSize,
|
|
UpstreamsCacheEnabled: aghalg.BoolToNullBool(c.UpstreamsCacheEnabled),
|
|
}
|
|
}
|
|
|
|
// handleAddClient is the handler for POST /control/clients/add HTTP API.
|
|
func (clients *clientsContainer) handleAddClient(w http.ResponseWriter, r *http.Request) {
|
|
cj := clientJSON{}
|
|
err := json.NewDecoder(r.Body).Decode(&cj)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "failed to process request body: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
c, err := clients.jsonToClient(cj, nil)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
ok, err := clients.add(c)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
if !ok {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "Client already exists")
|
|
|
|
return
|
|
}
|
|
|
|
onConfigModified()
|
|
}
|
|
|
|
// handleDelClient is the handler for POST /control/clients/delete HTTP API.
|
|
func (clients *clientsContainer) handleDelClient(w http.ResponseWriter, r *http.Request) {
|
|
cj := clientJSON{}
|
|
err := json.NewDecoder(r.Body).Decode(&cj)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "failed to process request body: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
if len(cj.Name) == 0 {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "client's name must be non-empty")
|
|
|
|
return
|
|
}
|
|
|
|
if !clients.remove(cj.Name) {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "Client not found")
|
|
|
|
return
|
|
}
|
|
|
|
onConfigModified()
|
|
}
|
|
|
|
// updateJSON contains the name and data of the updated persistent client.
|
|
type updateJSON struct {
|
|
Name string `json:"name"`
|
|
Data clientJSON `json:"data"`
|
|
}
|
|
|
|
// handleUpdateClient is the handler for POST /control/clients/update HTTP API.
|
|
//
|
|
// TODO(s.chzhen): Accept updated parameters instead of whole structure.
|
|
func (clients *clientsContainer) handleUpdateClient(w http.ResponseWriter, r *http.Request) {
|
|
dj := updateJSON{}
|
|
err := json.NewDecoder(r.Body).Decode(&dj)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "failed to process request body: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
if len(dj.Name) == 0 {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "Invalid request")
|
|
|
|
return
|
|
}
|
|
|
|
var prev *persistentClient
|
|
var ok bool
|
|
|
|
func() {
|
|
clients.lock.Lock()
|
|
defer clients.lock.Unlock()
|
|
|
|
prev, ok = clients.list[dj.Name]
|
|
}()
|
|
|
|
if !ok {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "client not found")
|
|
|
|
return
|
|
}
|
|
|
|
c, err := clients.jsonToClient(dj.Data, prev)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
err = clients.update(prev, c)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
onConfigModified()
|
|
}
|
|
|
|
// handleFindClient is the handler for GET /control/clients/find HTTP API.
|
|
func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http.Request) {
|
|
q := r.URL.Query()
|
|
data := []map[string]*clientJSON{}
|
|
for i := 0; i < len(q); i++ {
|
|
idStr := q.Get(fmt.Sprintf("ip%d", i))
|
|
if idStr == "" {
|
|
break
|
|
}
|
|
|
|
ip, _ := netip.ParseAddr(idStr)
|
|
c, ok := clients.find(idStr)
|
|
var cj *clientJSON
|
|
if !ok {
|
|
cj = clients.findRuntime(ip, idStr)
|
|
} else {
|
|
cj = clientToJSON(c)
|
|
disallowed, rule := clients.dnsServer.IsBlockedClient(ip, idStr)
|
|
cj.Disallowed, cj.DisallowedRule = &disallowed, &rule
|
|
}
|
|
|
|
data = append(data, map[string]*clientJSON{
|
|
idStr: cj,
|
|
})
|
|
}
|
|
|
|
aghhttp.WriteJSONResponseOK(w, r, data)
|
|
}
|
|
|
|
// findRuntime looks up the IP in runtime and temporary storages, like
|
|
// /etc/hosts tables, DHCP leases, or blocklists. cj is guaranteed to be
|
|
// non-nil.
|
|
func (clients *clientsContainer) findRuntime(ip netip.Addr, idStr string) (cj *clientJSON) {
|
|
rc, ok := clients.findRuntimeClient(ip)
|
|
if !ok {
|
|
// It is still possible that the IP used to be in the runtime clients
|
|
// list, but then the server was reloaded. So, check the DNS server's
|
|
// blocked IP list.
|
|
//
|
|
// See https://github.com/AdguardTeam/AdGuardHome/issues/2428.
|
|
disallowed, rule := clients.dnsServer.IsBlockedClient(ip, idStr)
|
|
cj = &clientJSON{
|
|
IDs: []string{idStr},
|
|
Disallowed: &disallowed,
|
|
DisallowedRule: &rule,
|
|
WHOIS: &whois.Info{},
|
|
}
|
|
|
|
return cj
|
|
}
|
|
|
|
_, host := rc.Info()
|
|
cj = &clientJSON{
|
|
Name: host,
|
|
IDs: []string{idStr},
|
|
WHOIS: whoisOrEmpty(rc),
|
|
}
|
|
|
|
disallowed, rule := clients.dnsServer.IsBlockedClient(ip, idStr)
|
|
cj.Disallowed, cj.DisallowedRule = &disallowed, &rule
|
|
|
|
return cj
|
|
}
|
|
|
|
// RegisterClientsHandlers registers HTTP handlers
|
|
func (clients *clientsContainer) registerWebHandlers() {
|
|
httpRegister(http.MethodGet, "/control/clients", clients.handleGetClients)
|
|
httpRegister(http.MethodPost, "/control/clients/add", clients.handleAddClient)
|
|
httpRegister(http.MethodPost, "/control/clients/delete", clients.handleDelClient)
|
|
httpRegister(http.MethodPost, "/control/clients/update", clients.handleUpdateClient)
|
|
httpRegister(http.MethodGet, "/control/clients/find", clients.handleFindClient)
|
|
}
|