mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-12-15 11:22:49 +03:00
2b5e4850d0
Merge in DNS/adguard-home from 1163-safesearch-1-2-1 to master Squashed commit of the following: commit d3a5ebef35210019842145074e898129b42f1f2c Merge: b85264aec6706445Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Mar 15 09:17:53 2023 +0700 Merge remote-tracking branch 'origin/master' into 1163-safesearch-1-2-1 # Conflicts: # CHANGELOG.md commit b85264aefc5f191ac6cb194b519f03ba15829a4e Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Mar 14 00:16:07 2023 +0700 home: imp code commit ac2ed7a5ce8db40628e7d4d1c8634641e5f38b0b Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Mar 13 23:02:06 2023 +0700 all: changelog commit f0fccafcb01f50c7051df53bbe9b02cab75aa71e Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Mar 13 22:42:36 2023 +0700 all: changelog commit 37df29bf6372939644fb28e3d70365496e0cb4f6 Merge: b227b277595484e0Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Mar 13 22:38:57 2023 +0700 Merge remote-tracking branch 'origin/master' into 1163-safesearch-1-2-1 commit b227b2775b4866d69241ad87acf99700715552cb Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Mar 13 16:56:01 2023 +0700 all: imp docs commit 6fd39fc3565c3f4bc7a7113d17733c20dfe24d8d Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Mar 13 16:55:03 2023 +0700 home: imp code commit 3bb3bb7c7dcf97b2a5602a7d2b6770c08b4d863d Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Mar 13 12:16:53 2023 +0700 home: imp docs commit 5f573a56a9fd9942ad677fa0fae6b24228dab653 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Mar 13 11:56:47 2023 +0700 home: imp code commit 23eeb5552cf2510596b2311cc3eda53ac678ffcc Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Fri Mar 10 10:57:33 2023 +0700 home: imp code commit 643de2fca1b5917c61fe83e1e472222404f3cd21 Merge: dada6e63a2053526Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Mar 9 21:03:08 2023 +0700 Merge remote-tracking branch 'origin/master' into 1163-safesearch-1-2-1 commit dada6e63ca5324d30775e2da1727da891743f654 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Mar 9 17:09:03 2023 +0700 all: imp docs commit 81a180d99dd9a995440d5f4e2ebca34678e7d0c7 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Mar 9 15:12:43 2023 +0700 all: imp code commit fa84877bc777004d246d71d0a9ae0bd9ee568a91 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Mar 9 10:53:05 2023 +0700 all: imp code commit 6d7e02e745d72921a693d4f09eec7ce21c2aefd4 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Mar 9 10:40:02 2023 +0700 all: imp docs commit 0a4332997070fb8d2fb3a34d32b92f57a325ff06 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Mar 7 22:00:52 2023 +0700 safesearch: fix merge commit 145c2222ba4cf7f8909b816d83829d2217c94243 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Mar 2 11:41:48 2023 +0700 safesearch: fix merge commit 14c6a8005fe15b5d5a39f91b17c96d8670975811 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Mar 1 12:50:09 2023 +0700 all: docs commit 2a85c8831866bf1c34c423a289461fc1e32667b5 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Mar 1 12:47:00 2023 +0700 all: use safesearch package
303 lines
8.2 KiB
Go
303 lines
8.2 KiB
Go
package home
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"net/netip"
|
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/filtering"
|
|
)
|
|
|
|
// clientJSON is a common structure used by several handlers to deal with
|
|
// clients. Some of the fields are only necessary in one or two handlers and
|
|
// are thus made pointers with an omitempty tag.
|
|
//
|
|
// TODO(a.garipov): Consider using nullbool and an optional string here? Or
|
|
// split into several structs?
|
|
type clientJSON struct {
|
|
// Disallowed, if non-nil and false, means that the client's IP is
|
|
// allowed. Otherwise, the IP is blocked.
|
|
Disallowed *bool `json:"disallowed,omitempty"`
|
|
|
|
// DisallowedRule is the rule due to which the client is disallowed.
|
|
// If Disallowed is true and this string is empty, the client IP is
|
|
// disallowed by the "allowed IP list", that is it is not included in
|
|
// the allowlist.
|
|
DisallowedRule *string `json:"disallowed_rule,omitempty"`
|
|
|
|
WHOISInfo *RuntimeClientWHOISInfo `json:"whois_info,omitempty"`
|
|
|
|
Name string `json:"name"`
|
|
|
|
BlockedServices []string `json:"blocked_services"`
|
|
IDs []string `json:"ids"`
|
|
Tags []string `json:"tags"`
|
|
Upstreams []string `json:"upstreams"`
|
|
|
|
FilteringEnabled bool `json:"filtering_enabled"`
|
|
ParentalEnabled bool `json:"parental_enabled"`
|
|
SafeBrowsingEnabled bool `json:"safebrowsing_enabled"`
|
|
// Deprecated: use safeSearchConf.
|
|
SafeSearchEnabled bool `json:"safesearch_enabled"`
|
|
UseGlobalBlockedServices bool `json:"use_global_blocked_services"`
|
|
UseGlobalSettings bool `json:"use_global_settings"`
|
|
}
|
|
|
|
type runtimeClientJSON struct {
|
|
WHOISInfo *RuntimeClientWHOISInfo `json:"whois_info"`
|
|
|
|
Name string `json:"name"`
|
|
IP netip.Addr `json:"ip"`
|
|
Source clientSource `json:"source"`
|
|
}
|
|
|
|
type clientListJSON struct {
|
|
Clients []*clientJSON `json:"clients"`
|
|
RuntimeClients []runtimeClientJSON `json:"auto_clients"`
|
|
Tags []string `json:"supported_tags"`
|
|
}
|
|
|
|
// respond with information about configured clients
|
|
func (clients *clientsContainer) handleGetClients(w http.ResponseWriter, r *http.Request) {
|
|
data := clientListJSON{}
|
|
|
|
clients.lock.Lock()
|
|
defer clients.lock.Unlock()
|
|
|
|
for _, c := range clients.list {
|
|
cj := clientToJSON(c)
|
|
data.Clients = append(data.Clients, cj)
|
|
}
|
|
|
|
for ip, rc := range clients.ipToRC {
|
|
cj := runtimeClientJSON{
|
|
WHOISInfo: rc.WHOISInfo,
|
|
|
|
Name: rc.Host,
|
|
Source: rc.Source,
|
|
IP: ip,
|
|
}
|
|
|
|
data.RuntimeClients = append(data.RuntimeClients, cj)
|
|
}
|
|
|
|
data.Tags = clientTags
|
|
|
|
_ = aghhttp.WriteJSONResponse(w, r, data)
|
|
}
|
|
|
|
// Convert JSON object to Client object
|
|
func jsonToClient(cj clientJSON) (c *Client) {
|
|
// TODO(d.kolyshev): Remove after cleaning the deprecated
|
|
// [clientJSON.SafeSearchEnabled] field.
|
|
safeSearchConf := filtering.SafeSearchConfig{Enabled: cj.SafeSearchEnabled}
|
|
|
|
// Set default service flags for enabled safesearch.
|
|
if safeSearchConf.Enabled {
|
|
safeSearchConf.Bing = true
|
|
safeSearchConf.DuckDuckGo = true
|
|
safeSearchConf.Google = true
|
|
safeSearchConf.Pixabay = true
|
|
safeSearchConf.Yandex = true
|
|
safeSearchConf.YouTube = true
|
|
}
|
|
|
|
return &Client{
|
|
Name: cj.Name,
|
|
IDs: cj.IDs,
|
|
Tags: cj.Tags,
|
|
UseOwnSettings: !cj.UseGlobalSettings,
|
|
FilteringEnabled: cj.FilteringEnabled,
|
|
ParentalEnabled: cj.ParentalEnabled,
|
|
safeSearchConf: safeSearchConf,
|
|
SafeBrowsingEnabled: cj.SafeBrowsingEnabled,
|
|
|
|
UseOwnBlockedServices: !cj.UseGlobalBlockedServices,
|
|
BlockedServices: cj.BlockedServices,
|
|
|
|
Upstreams: cj.Upstreams,
|
|
}
|
|
}
|
|
|
|
// Convert Client object to JSON
|
|
func clientToJSON(c *Client) (cj *clientJSON) {
|
|
// TODO(d.kolyshev): Remove after cleaning the deprecated
|
|
// [clientJSON.SafeSearchEnabled] field.
|
|
cloneVal := c.safeSearchConf
|
|
safeSearchConf := &cloneVal
|
|
|
|
return &clientJSON{
|
|
Name: c.Name,
|
|
IDs: c.IDs,
|
|
Tags: c.Tags,
|
|
UseGlobalSettings: !c.UseOwnSettings,
|
|
FilteringEnabled: c.FilteringEnabled,
|
|
ParentalEnabled: c.ParentalEnabled,
|
|
SafeSearchEnabled: safeSearchConf.Enabled,
|
|
SafeBrowsingEnabled: c.SafeBrowsingEnabled,
|
|
|
|
UseGlobalBlockedServices: !c.UseOwnBlockedServices,
|
|
BlockedServices: c.BlockedServices,
|
|
|
|
Upstreams: c.Upstreams,
|
|
}
|
|
}
|
|
|
|
// Add a new client
|
|
func (clients *clientsContainer) handleAddClient(w http.ResponseWriter, r *http.Request) {
|
|
cj := clientJSON{}
|
|
err := json.NewDecoder(r.Body).Decode(&cj)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "failed to process request body: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
c := jsonToClient(cj)
|
|
ok, err := clients.Add(c)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
if !ok {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "Client already exists")
|
|
|
|
return
|
|
}
|
|
|
|
onConfigModified()
|
|
}
|
|
|
|
// Remove client
|
|
func (clients *clientsContainer) handleDelClient(w http.ResponseWriter, r *http.Request) {
|
|
cj := clientJSON{}
|
|
err := json.NewDecoder(r.Body).Decode(&cj)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "failed to process request body: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
if len(cj.Name) == 0 {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "client's name must be non-empty")
|
|
|
|
return
|
|
}
|
|
|
|
if !clients.Del(cj.Name) {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "Client not found")
|
|
|
|
return
|
|
}
|
|
|
|
onConfigModified()
|
|
}
|
|
|
|
type updateJSON struct {
|
|
Name string `json:"name"`
|
|
Data clientJSON `json:"data"`
|
|
}
|
|
|
|
// Update client's properties
|
|
func (clients *clientsContainer) handleUpdateClient(w http.ResponseWriter, r *http.Request) {
|
|
dj := updateJSON{}
|
|
err := json.NewDecoder(r.Body).Decode(&dj)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "failed to process request body: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
if len(dj.Name) == 0 {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "Invalid request")
|
|
|
|
return
|
|
}
|
|
|
|
c := jsonToClient(dj.Data)
|
|
err = clients.Update(dj.Name, c)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
onConfigModified()
|
|
}
|
|
|
|
// Get the list of clients by IP address list
|
|
func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http.Request) {
|
|
q := r.URL.Query()
|
|
data := []map[string]*clientJSON{}
|
|
for i := 0; i < len(q); i++ {
|
|
idStr := q.Get(fmt.Sprintf("ip%d", i))
|
|
if idStr == "" {
|
|
break
|
|
}
|
|
|
|
ip, _ := netip.ParseAddr(idStr)
|
|
c, ok := clients.Find(idStr)
|
|
var cj *clientJSON
|
|
if !ok {
|
|
cj = clients.findRuntime(ip, idStr)
|
|
} else {
|
|
cj = clientToJSON(c)
|
|
disallowed, rule := clients.dnsServer.IsBlockedClient(ip, idStr)
|
|
cj.Disallowed, cj.DisallowedRule = &disallowed, &rule
|
|
}
|
|
|
|
data = append(data, map[string]*clientJSON{
|
|
idStr: cj,
|
|
})
|
|
}
|
|
|
|
_ = aghhttp.WriteJSONResponse(w, r, data)
|
|
}
|
|
|
|
// findRuntime looks up the IP in runtime and temporary storages, like
|
|
// /etc/hosts tables, DHCP leases, or blocklists. cj is guaranteed to be
|
|
// non-nil.
|
|
func (clients *clientsContainer) findRuntime(ip netip.Addr, idStr string) (cj *clientJSON) {
|
|
rc, ok := clients.findRuntimeClient(ip)
|
|
if !ok {
|
|
// It is still possible that the IP used to be in the runtime clients
|
|
// list, but then the server was reloaded. So, check the DNS server's
|
|
// blocked IP list.
|
|
//
|
|
// See https://github.com/AdguardTeam/AdGuardHome/issues/2428.
|
|
disallowed, rule := clients.dnsServer.IsBlockedClient(ip, idStr)
|
|
cj = &clientJSON{
|
|
IDs: []string{idStr},
|
|
Disallowed: &disallowed,
|
|
DisallowedRule: &rule,
|
|
WHOISInfo: &RuntimeClientWHOISInfo{},
|
|
}
|
|
|
|
return cj
|
|
}
|
|
|
|
cj = &clientJSON{
|
|
Name: rc.Host,
|
|
IDs: []string{idStr},
|
|
WHOISInfo: rc.WHOISInfo,
|
|
}
|
|
|
|
disallowed, rule := clients.dnsServer.IsBlockedClient(ip, idStr)
|
|
cj.Disallowed, cj.DisallowedRule = &disallowed, &rule
|
|
|
|
return cj
|
|
}
|
|
|
|
// RegisterClientsHandlers registers HTTP handlers
|
|
func (clients *clientsContainer) registerWebHandlers() {
|
|
httpRegister(http.MethodGet, "/control/clients", clients.handleGetClients)
|
|
httpRegister(http.MethodPost, "/control/clients/add", clients.handleAddClient)
|
|
httpRegister(http.MethodPost, "/control/clients/delete", clients.handleDelClient)
|
|
httpRegister(http.MethodPost, "/control/clients/update", clients.handleUpdateClient)
|
|
httpRegister(http.MethodGet, "/control/clients/find", clients.handleFindClient)
|
|
}
|