mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-12-17 05:01:35 +03:00
aac36a2d2f
Updates #951. Squashed commit of the following: commit 6b840fd516f5a87fde0420e3aceb9c239b22c974 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Tue Aug 29 19:53:03 2023 +0300 client: imp docs more commit 7fc8f0363fbe4c4266cb0f67428fe4d18c351d2d Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Tue Aug 29 19:40:00 2023 +0300 client: imp docs commit 00bc14d5760614f2797714cdc2c4c19b1a94b86e Author: Ildar Kamalov <ik@adguard.com> Date: Mon Aug 28 18:43:49 2023 +0300 try to fix lock file commit d749df74b576091e0b58928d86ea8b3b49f919da Merge: c69f9230be1f6229e5Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Mon Aug 28 18:14:02 2023 +0300 Merge branch 'master' into 951-blocked-services-schedule-api commit c69f9230b12f7c983db06b74324b3df77d74b32b Author: Ildar Kamalov <ik@adguard.com> Date: Mon Aug 28 17:16:20 2023 +0300 revert eslintrc commit b37916c2dff0ddea5293d87570bb58e3443d2d21 Author: Ildar Kamalov <ik@adguard.com> Date: Mon Aug 28 12:02:39 2023 +0300 fix translations commit f5bb67d81506c687d0abd580049a3eee0af808e0 Author: Ildar Kamalov <ik@adguard.com> Date: Mon Aug 28 11:43:57 2023 +0300 fix helpers commit 13ec6a8b3a0acfb62762ae7e46c6e98eb7c82212 Author: Ildar Kamalov <ik@adguard.com> Date: Mon Aug 28 11:24:57 2023 +0300 remove todo commit 23724ec2fd683ed17b9f1cee841ad9aaf4c9d04f Author: Ildar Kamalov <ik@adguard.com> Date: Mon Aug 28 09:56:56 2023 +0300 add clients schedule form commit 84d29e558a329068e64e7a95ee183946aa4515b5 Author: Ildar Kamalov <ik@adguard.com> Date: Fri Aug 25 17:44:40 2023 +0300 fix schedule form commit 83e4017688082e9eb670091d5a24d98157050502 Author: Ildar Kamalov <ik@adguard.com> Date: Fri Aug 18 12:58:16 2023 +0300 remove unused commit ef2b68e138da382e3cf42586ae604e12d9493504 Author: Ildar Kamalov <ik@adguard.com> Date: Fri Aug 18 12:57:37 2023 +0300 client: fix translation string commit 32ea80c968f52f18adbc811b2f06874644cdfe20 Author: Ildar Kamalov <ik@adguard.com> Date: Fri Aug 18 12:26:26 2023 +0300 wip schedule commit 9b770873859186c9424c8d108812e32ddff33bad Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Fri Jul 21 14:29:50 2023 +0300 all: imp naming commit ea4e9514ea3b264bcce7f2a301db817de4e87059 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Wed Jul 19 18:09:27 2023 +0300 all: imp code commit 98a705bdaa5c1e79394c73e5d75af2416fe9f297 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Tue Jul 18 18:23:26 2023 +0300 all: imp naming commit 4f84b55c7bfc9f7b680feac0ec45f5ea9189299a Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Fri Jul 14 15:01:17 2023 +0300 all: add global schedule api commit 87cf1646869ee9138964b47a27b7493674c8854a Merge: cabb80ac12adc8624cAuthor: Stanislav Chzhen <s.chzhen@adguard.com> Date: Fri Jul 14 12:09:29 2023 +0300 Merge branch 'master' into 951-blocked-services-schedule-api commit cabb80ac16de437a8118bb0166479574379c97a3 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Thu Jul 13 13:37:23 2023 +0300 openapi: fix typo commit 2279b03acbcfc3d76216f8aaf30ae1c7894127bc Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Thu Jul 13 12:26:19 2023 +0300 all: imp docs ... and 3 more commits
511 lines
13 KiB
Go
511 lines
13 KiB
Go
package home
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/netip"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
"runtime"
|
|
"time"
|
|
"unicode/utf8"
|
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/version"
|
|
"github.com/AdguardTeam/golibs/errors"
|
|
"github.com/AdguardTeam/golibs/log"
|
|
"github.com/quic-go/quic-go/http3"
|
|
)
|
|
|
|
// getAddrsResponse is the response for /install/get_addresses endpoint.
|
|
type getAddrsResponse struct {
|
|
Interfaces map[string]*aghnet.NetInterface `json:"interfaces"`
|
|
|
|
// Version is the version of AdGuard Home.
|
|
//
|
|
// TODO(a.garipov): In the new API, rename this endpoint to something more
|
|
// general, since there will be more information here than just network
|
|
// interfaces.
|
|
Version string `json:"version"`
|
|
|
|
WebPort int `json:"web_port"`
|
|
DNSPort int `json:"dns_port"`
|
|
}
|
|
|
|
// handleInstallGetAddresses is the handler for /install/get_addresses endpoint.
|
|
func (web *webAPI) handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
|
|
data := getAddrsResponse{
|
|
Version: version.Version(),
|
|
|
|
WebPort: defaultPortHTTP,
|
|
DNSPort: defaultPortDNS,
|
|
}
|
|
|
|
ifaces, err := aghnet.GetValidNetInterfacesForWeb()
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "Couldn't get interfaces: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
data.Interfaces = make(map[string]*aghnet.NetInterface)
|
|
for _, iface := range ifaces {
|
|
data.Interfaces[iface.Name] = iface
|
|
}
|
|
|
|
aghhttp.WriteJSONResponseOK(w, r, data)
|
|
}
|
|
|
|
type checkConfReqEnt struct {
|
|
IP netip.Addr `json:"ip"`
|
|
Port int `json:"port"`
|
|
Autofix bool `json:"autofix"`
|
|
}
|
|
|
|
type checkConfReq struct {
|
|
Web checkConfReqEnt `json:"web"`
|
|
DNS checkConfReqEnt `json:"dns"`
|
|
SetStaticIP bool `json:"set_static_ip"`
|
|
}
|
|
|
|
type checkConfRespEnt struct {
|
|
Status string `json:"status"`
|
|
CanAutofix bool `json:"can_autofix"`
|
|
}
|
|
|
|
type staticIPJSON struct {
|
|
Static string `json:"static"`
|
|
IP string `json:"ip"`
|
|
Error string `json:"error"`
|
|
}
|
|
|
|
type checkConfResp struct {
|
|
StaticIP staticIPJSON `json:"static_ip"`
|
|
Web checkConfRespEnt `json:"web"`
|
|
DNS checkConfRespEnt `json:"dns"`
|
|
}
|
|
|
|
// validateWeb returns error is the web part if the initial configuration can't
|
|
// be set.
|
|
func (req *checkConfReq) validateWeb(tcpPorts aghalg.UniqChecker[tcpPort]) (err error) {
|
|
defer func() { err = errors.Annotate(err, "validating ports: %w") }()
|
|
|
|
// TODO(a.garipov): Declare all port variables anywhere as uint16.
|
|
reqPort := uint16(req.Web.Port)
|
|
port := tcpPort(reqPort)
|
|
addPorts(tcpPorts, port)
|
|
if err = tcpPorts.Validate(); err != nil {
|
|
// Reset the value for the port to 1 to make sure that validateDNS
|
|
// doesn't throw the same error, unless the same TCP port is set there
|
|
// as well.
|
|
tcpPorts[port] = 1
|
|
|
|
return err
|
|
}
|
|
|
|
switch reqPort {
|
|
case 0, config.HTTPConfig.Address.Port():
|
|
return nil
|
|
default:
|
|
// Go on and check the port binding only if it's not zero or won't be
|
|
// unbound after install.
|
|
}
|
|
|
|
return aghnet.CheckPort("tcp", netip.AddrPortFrom(req.Web.IP, reqPort))
|
|
}
|
|
|
|
// validateDNS returns error if the DNS part of the initial configuration can't
|
|
// be set. canAutofix is true if the port can be unbound by AdGuard Home
|
|
// automatically.
|
|
func (req *checkConfReq) validateDNS(
|
|
tcpPorts aghalg.UniqChecker[tcpPort],
|
|
) (canAutofix bool, err error) {
|
|
defer func() { err = errors.Annotate(err, "validating ports: %w") }()
|
|
|
|
port := uint16(req.DNS.Port)
|
|
switch port {
|
|
case 0:
|
|
return false, nil
|
|
case config.HTTPConfig.Address.Port():
|
|
// Go on and only check the UDP port since the TCP one is already bound
|
|
// by AdGuard Home for web interface.
|
|
default:
|
|
// Check TCP as well.
|
|
addPorts(tcpPorts, tcpPort(port))
|
|
if err = tcpPorts.Validate(); err != nil {
|
|
return false, err
|
|
}
|
|
|
|
err = aghnet.CheckPort("tcp", netip.AddrPortFrom(req.DNS.IP, uint16(port)))
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
}
|
|
|
|
err = aghnet.CheckPort("udp", netip.AddrPortFrom(req.DNS.IP, uint16(port)))
|
|
if !aghnet.IsAddrInUse(err) {
|
|
return false, err
|
|
}
|
|
|
|
// Try to fix automatically.
|
|
canAutofix = checkDNSStubListener()
|
|
if canAutofix && req.DNS.Autofix {
|
|
if derr := disableDNSStubListener(); derr != nil {
|
|
log.Error("disabling DNSStubListener: %s", err)
|
|
}
|
|
|
|
err = aghnet.CheckPort("udp", netip.AddrPortFrom(req.DNS.IP, uint16(port)))
|
|
canAutofix = false
|
|
}
|
|
|
|
return canAutofix, err
|
|
}
|
|
|
|
// handleInstallCheckConfig handles the /check_config endpoint.
|
|
func (web *webAPI) handleInstallCheckConfig(w http.ResponseWriter, r *http.Request) {
|
|
req := &checkConfReq{}
|
|
|
|
err := json.NewDecoder(r.Body).Decode(req)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "decoding the request: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
resp := &checkConfResp{}
|
|
tcpPorts := aghalg.UniqChecker[tcpPort]{}
|
|
if err = req.validateWeb(tcpPorts); err != nil {
|
|
resp.Web.Status = err.Error()
|
|
}
|
|
|
|
if resp.DNS.CanAutofix, err = req.validateDNS(tcpPorts); err != nil {
|
|
resp.DNS.Status = err.Error()
|
|
} else if !req.DNS.IP.IsUnspecified() {
|
|
resp.StaticIP = handleStaticIP(req.DNS.IP, req.SetStaticIP)
|
|
}
|
|
|
|
aghhttp.WriteJSONResponseOK(w, r, resp)
|
|
}
|
|
|
|
// handleStaticIP - handles static IP request
|
|
// It either checks if we have a static IP
|
|
// Or if set=true, it tries to set it
|
|
func handleStaticIP(ip netip.Addr, set bool) staticIPJSON {
|
|
resp := staticIPJSON{}
|
|
|
|
interfaceName := aghnet.InterfaceByIP(ip)
|
|
resp.Static = "no"
|
|
|
|
if len(interfaceName) == 0 {
|
|
resp.Static = "error"
|
|
resp.Error = fmt.Sprintf("Couldn't find network interface by IP %s", ip)
|
|
return resp
|
|
}
|
|
|
|
if set {
|
|
// Try to set static IP for the specified interface
|
|
err := aghnet.IfaceSetStaticIP(interfaceName)
|
|
if err != nil {
|
|
resp.Static = "error"
|
|
resp.Error = err.Error()
|
|
return resp
|
|
}
|
|
}
|
|
|
|
// Fallthrough here even if we set static IP
|
|
// Check if we have a static IP and return the details
|
|
isStaticIP, err := aghnet.IfaceHasStaticIP(interfaceName)
|
|
if err != nil {
|
|
resp.Static = "error"
|
|
resp.Error = err.Error()
|
|
} else {
|
|
if isStaticIP {
|
|
resp.Static = "yes"
|
|
}
|
|
resp.IP = aghnet.GetSubnet(interfaceName).String()
|
|
}
|
|
return resp
|
|
}
|
|
|
|
// Check if DNSStubListener is active
|
|
func checkDNSStubListener() bool {
|
|
if runtime.GOOS != "linux" {
|
|
return false
|
|
}
|
|
|
|
cmd := exec.Command("systemctl", "is-enabled", "systemd-resolved")
|
|
log.Tracef("executing %s %v", cmd.Path, cmd.Args)
|
|
_, err := cmd.Output()
|
|
if err != nil || cmd.ProcessState.ExitCode() != 0 {
|
|
log.Info("command %s has failed: %v code:%d",
|
|
cmd.Path, err, cmd.ProcessState.ExitCode())
|
|
return false
|
|
}
|
|
|
|
cmd = exec.Command("grep", "-E", "#?DNSStubListener=yes", "/etc/systemd/resolved.conf")
|
|
log.Tracef("executing %s %v", cmd.Path, cmd.Args)
|
|
_, err = cmd.Output()
|
|
if err != nil || cmd.ProcessState.ExitCode() != 0 {
|
|
log.Info("command %s has failed: %v code:%d",
|
|
cmd.Path, err, cmd.ProcessState.ExitCode())
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
const (
|
|
resolvedConfPath = "/etc/systemd/resolved.conf.d/adguardhome.conf"
|
|
resolvedConfData = `[Resolve]
|
|
DNS=127.0.0.1
|
|
DNSStubListener=no
|
|
`
|
|
)
|
|
const resolvConfPath = "/etc/resolv.conf"
|
|
|
|
// Deactivate DNSStubListener
|
|
func disableDNSStubListener() error {
|
|
dir := filepath.Dir(resolvedConfPath)
|
|
err := os.MkdirAll(dir, 0o755)
|
|
if err != nil {
|
|
return fmt.Errorf("os.MkdirAll: %s: %w", dir, err)
|
|
}
|
|
|
|
err = os.WriteFile(resolvedConfPath, []byte(resolvedConfData), 0o644)
|
|
if err != nil {
|
|
return fmt.Errorf("os.WriteFile: %s: %w", resolvedConfPath, err)
|
|
}
|
|
|
|
_ = os.Rename(resolvConfPath, resolvConfPath+".backup")
|
|
err = os.Symlink("/run/systemd/resolve/resolv.conf", resolvConfPath)
|
|
if err != nil {
|
|
_ = os.Remove(resolvedConfPath) // remove the file we've just created
|
|
return fmt.Errorf("os.Symlink: %s: %w", resolvConfPath, err)
|
|
}
|
|
|
|
cmd := exec.Command("systemctl", "reload-or-restart", "systemd-resolved")
|
|
log.Tracef("executing %s %v", cmd.Path, cmd.Args)
|
|
_, err = cmd.Output()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if cmd.ProcessState.ExitCode() != 0 {
|
|
return fmt.Errorf("process %s exited with an error: %d",
|
|
cmd.Path, cmd.ProcessState.ExitCode())
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
type applyConfigReqEnt struct {
|
|
IP netip.Addr `json:"ip"`
|
|
Port int `json:"port"`
|
|
}
|
|
|
|
type applyConfigReq struct {
|
|
Username string `json:"username"`
|
|
Password string `json:"password"`
|
|
|
|
Web applyConfigReqEnt `json:"web"`
|
|
DNS applyConfigReqEnt `json:"dns"`
|
|
}
|
|
|
|
// copyInstallSettings copies the installation parameters between two
|
|
// configuration structures.
|
|
func copyInstallSettings(dst, src *configuration) {
|
|
dst.HTTPConfig = src.HTTPConfig
|
|
dst.DNS.BindHosts = src.DNS.BindHosts
|
|
dst.DNS.Port = src.DNS.Port
|
|
}
|
|
|
|
// shutdownTimeout is the timeout for shutting HTTP server down operation.
|
|
const shutdownTimeout = 5 * time.Second
|
|
|
|
// shutdownSrv shuts srv down and prints error messages to the log.
|
|
func shutdownSrv(ctx context.Context, srv *http.Server) {
|
|
defer log.OnPanic("")
|
|
|
|
if srv == nil {
|
|
return
|
|
}
|
|
|
|
err := srv.Shutdown(ctx)
|
|
if err == nil {
|
|
return
|
|
}
|
|
|
|
const msgFmt = "shutting down http server %q: %s"
|
|
if errors.Is(err, context.Canceled) {
|
|
log.Debug(msgFmt, srv.Addr, err)
|
|
} else {
|
|
log.Error(msgFmt, srv.Addr, err)
|
|
}
|
|
}
|
|
|
|
// shutdownSrv3 shuts srv down and prints error messages to the log.
|
|
//
|
|
// TODO(a.garipov): Think of a good way to merge with [shutdownSrv].
|
|
func shutdownSrv3(srv *http3.Server) {
|
|
defer log.OnPanic("")
|
|
|
|
if srv == nil {
|
|
return
|
|
}
|
|
|
|
err := srv.Close()
|
|
if err == nil {
|
|
return
|
|
}
|
|
|
|
const msgFmt = "shutting down http/3 server %q: %s"
|
|
if errors.Is(err, context.Canceled) {
|
|
log.Debug(msgFmt, srv.Addr, err)
|
|
} else {
|
|
log.Error(msgFmt, srv.Addr, err)
|
|
}
|
|
}
|
|
|
|
// PasswordMinRunes is the minimum length of user's password in runes.
|
|
const PasswordMinRunes = 8
|
|
|
|
// Apply new configuration, start DNS server, restart Web server
|
|
func (web *webAPI) handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
|
|
req, restartHTTP, err := decodeApplyConfigReq(r.Body)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
if utf8.RuneCountInString(req.Password) < PasswordMinRunes {
|
|
aghhttp.Error(
|
|
r,
|
|
w,
|
|
http.StatusUnprocessableEntity,
|
|
"password must be at least %d symbols long",
|
|
PasswordMinRunes,
|
|
)
|
|
|
|
return
|
|
}
|
|
|
|
err = aghnet.CheckPort("udp", netip.AddrPortFrom(req.DNS.IP, uint16(req.DNS.Port)))
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
err = aghnet.CheckPort("tcp", netip.AddrPortFrom(req.DNS.IP, uint16(req.DNS.Port)))
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
curConfig := &configuration{}
|
|
copyInstallSettings(curConfig, config)
|
|
|
|
Context.firstRun = false
|
|
config.HTTPConfig.Address = netip.AddrPortFrom(req.Web.IP, uint16(req.Web.Port))
|
|
config.DNS.BindHosts = []netip.Addr{req.DNS.IP}
|
|
config.DNS.Port = req.DNS.Port
|
|
|
|
// TODO(e.burkov): StartMods() should be put in a separate goroutine at the
|
|
// moment we'll allow setting up TLS in the initial configuration or the
|
|
// configuration itself will use HTTPS protocol, because the underlying
|
|
// functions potentially restart the HTTPS server.
|
|
err = startMods()
|
|
if err != nil {
|
|
Context.firstRun = true
|
|
copyInstallSettings(config, curConfig)
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
u := &webUser{
|
|
Name: req.Username,
|
|
}
|
|
Context.auth.UserAdd(u, req.Password)
|
|
|
|
err = config.write()
|
|
if err != nil {
|
|
Context.firstRun = true
|
|
copyInstallSettings(config, curConfig)
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "Couldn't write config: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
web.conf.firstRun = false
|
|
web.conf.BindHost = req.Web.IP
|
|
web.conf.BindPort = req.Web.Port
|
|
|
|
registerControlHandlers(web)
|
|
|
|
aghhttp.OK(w)
|
|
if f, ok := w.(http.Flusher); ok {
|
|
f.Flush()
|
|
}
|
|
|
|
if !restartHTTP {
|
|
return
|
|
}
|
|
|
|
// Method http.(*Server).Shutdown needs to be called in a separate goroutine
|
|
// and with its own context, because it waits until all requests are handled
|
|
// and will be blocked by it's own caller.
|
|
go func(timeout time.Duration) {
|
|
defer log.OnPanic("web")
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), timeout)
|
|
defer cancel()
|
|
|
|
shutdownSrv(ctx, web.httpServer)
|
|
}(shutdownTimeout)
|
|
}
|
|
|
|
// decodeApplyConfigReq decodes the configuration, validates some parameters,
|
|
// and returns it along with the boolean indicating whether or not the HTTP
|
|
// server must be restarted.
|
|
func decodeApplyConfigReq(r io.Reader) (req *applyConfigReq, restartHTTP bool, err error) {
|
|
req = &applyConfigReq{}
|
|
err = json.NewDecoder(r).Decode(&req)
|
|
if err != nil {
|
|
return nil, false, fmt.Errorf("parsing request: %w", err)
|
|
}
|
|
|
|
if req.Web.Port == 0 || req.DNS.Port == 0 {
|
|
return nil, false, errors.Error("ports cannot be 0")
|
|
}
|
|
|
|
addrPort := config.HTTPConfig.Address
|
|
restartHTTP = addrPort.Addr() != req.Web.IP || int(addrPort.Port()) != req.Web.Port
|
|
if restartHTTP {
|
|
err = aghnet.CheckPort("tcp", netip.AddrPortFrom(req.Web.IP, uint16(req.Web.Port)))
|
|
if err != nil {
|
|
return nil, false, fmt.Errorf(
|
|
"checking address %s:%d: %w",
|
|
req.Web.IP.String(),
|
|
req.Web.Port,
|
|
err,
|
|
)
|
|
}
|
|
}
|
|
|
|
return req, restartHTTP, err
|
|
}
|
|
|
|
func (web *webAPI) registerInstallHandlers() {
|
|
Context.mux.HandleFunc("/control/install/get_addresses", preInstall(ensureGET(web.handleInstallGetAddresses)))
|
|
Context.mux.HandleFunc("/control/install/check_config", preInstall(ensurePOST(web.handleInstallCheckConfig)))
|
|
Context.mux.HandleFunc("/control/install/configure", preInstall(ensurePOST(web.handleInstallConfigure)))
|
|
}
|