+ client, home: 2110 Generate .mobileconfig

Close #2110

Squashed commit of the following:

commit 3a652a23b21b4eb16dd7b09f149099c93bf7a977
Merge: 5d0d6c5e 65acfb75
Author: Andrey Meshkov <am@adguard.com>
Date:   Wed Oct 7 21:01:54 2020 +0300

    Merge branch 'master' into feature/2110

commit 5d0d6c5e8704c80ae526d92966dfee0c469019bb
Author: Andrey Meshkov <am@adguard.com>
Date:   Wed Oct 7 00:28:25 2020 +0300

    * (home): minor refactoring

commit e1d10252f5b00c94edb9faa85eaefa3d33ac9cbf
Merge: f859ef14 fb7ca942
Author: Andrey Meshkov <am@adguard.com>
Date:   Wed Oct 7 00:18:46 2020 +0300

    Merge branch 'master' into feature/2110

commit f859ef144c54123d8ff262177148959f7b41a5a4
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Tue Oct 6 19:30:18 2020 +0300

    Update ServerURL, generate all uniqie uuid

commit 3ce7c573229f87579ff150f6519077ced9c5ba23
Merge: e80cf6de a7d2dd7b
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Fri Oct 2 18:46:03 2020 +0300

    Merge branch 'master' into feature/2110

commit e80cf6ded1c20a4384cb94200134d67b29c0c948
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Fri Oct 2 18:33:12 2020 +0300

    Describe .mobileconfig in openapi, allow unauthorized access for .mobileconfig

commit 9887d1839f8f7e4888fc23bb64cfc43a42b6f58b
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Fri Oct 2 16:14:45 2020 +0300

    Change .mobileconfig generation

commit 5298dd706c107f5b02f4278a8773f6af387c36b1
Merge: cd4d1a74 128229ad
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Fri Oct 2 12:01:16 2020 +0300

    Merge branch 'master' into feature/2110

commit cd4d1a748e2471890b31533e4c24272a3d01cbee
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Thu Oct 1 23:10:14 2020 +0300

    Change dot and doh highlight in setup_dns_privacy_4 locale

commit 50e310ef3b988f2aad5accea92c6b34ecef28585
Merge: 92e0e28b 2f6f65a8
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Thu Oct 1 23:05:45 2020 +0300

    Merge branch 'master' into feature/2110

commit 92e0e28b757953efbbc211ae43b710b070308573
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Mon Sep 28 16:44:25 2020 +0300

    Add ServerAddresses property

commit c8c4cf88abcb0a76c6024d41d3eafab691ff1e38
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Mon Sep 28 13:51:53 2020 +0300

    Fix .mobileconfig display on SetupGuide

commit 9e4fad3c0ed0bfb980ad1cb030272781c13ebaad
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Fri Sep 25 19:08:50 2020 +0300

    2110 + client, home: Generate .mobileconfig

home/control.go

@@ -97,8 +97,11 @@ func registerControlHandlers() {
 	httpRegister(http.MethodGet, "/control/i18n/current_language", handleI18nCurrentLanguage)
 	http.HandleFunc("/control/version.json", postInstall(optionalAuth(handleGetVersionJSON)))
 	httpRegister(http.MethodPost, "/control/update", handleUpdate)
+	httpRegister(http.MethodGet, "/control/profile", handleGetProfile)
 
-	httpRegister("GET", "/control/profile", handleGetProfile)
+	// No auth is necessary for DOH/DOT configurations
+	http.HandleFunc("/apple/doh.mobileconfig", postInstall(handleMobileConfigDoh))
+	http.HandleFunc("/apple/dot.mobileconfig", postInstall(handleMobileConfigDot))
 	RegisterAuthHandlers()
 }
 

home/dns.go

@@ -197,6 +197,44 @@ func generateServerConfig() dnsforward.ServerConfig {
 	return newconfig
 }
 
+type DNSEncryption struct {
+	https string
+	tls   string
+	quic  string
+}
+
+func getDNSEncryption() DNSEncryption {
+	dnsEncryption := DNSEncryption{}
+
+	tlsConf := tlsConfigSettings{}
+
+	Context.tls.WriteDiskConfig(&tlsConf)
+
+	if tlsConf.Enabled && len(tlsConf.ServerName) != 0 {
+
+		if tlsConf.PortHTTPS != 0 {
+			addr := tlsConf.ServerName
+			if tlsConf.PortHTTPS != 443 {
+				addr = fmt.Sprintf("%s:%d", addr, tlsConf.PortHTTPS)
+			}
+			addr = fmt.Sprintf("https://%s/dns-query", addr)
+			dnsEncryption.https = addr
+		}
+
+		if tlsConf.PortDNSOverTLS != 0 {
+			addr := fmt.Sprintf("tls://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverTLS)
+			dnsEncryption.tls = addr
+		}
+
+		if tlsConf.PortDNSOverQUIC != 0 {
+			addr := fmt.Sprintf("quic://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverQUIC)
+			dnsEncryption.quic = addr
+		}
+	}
+
+	return dnsEncryption
+}
+
 // Get the list of DNS addresses the server is listening on
 func getDNSAddresses() []string {
 	dnsAddresses := []string{}
@@ -217,28 +255,15 @@ func getDNSAddresses() []string {
 		addDNSAddress(&dnsAddresses, config.DNS.BindHost)
 	}
 
-	tlsConf := tlsConfigSettings{}
-	Context.tls.WriteDiskConfig(&tlsConf)
-	if tlsConf.Enabled && len(tlsConf.ServerName) != 0 {
-
-		if tlsConf.PortHTTPS != 0 {
-			addr := tlsConf.ServerName
-			if tlsConf.PortHTTPS != 443 {
-				addr = fmt.Sprintf("%s:%d", addr, tlsConf.PortHTTPS)
-			}
-			addr = fmt.Sprintf("https://%s/dns-query", addr)
-			dnsAddresses = append(dnsAddresses, addr)
-		}
-
-		if tlsConf.PortDNSOverTLS != 0 {
-			addr := fmt.Sprintf("tls://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverTLS)
-			dnsAddresses = append(dnsAddresses, addr)
-		}
-
-		if tlsConf.PortDNSOverQUIC != 0 {
-			addr := fmt.Sprintf("quic://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverQUIC)
-			dnsAddresses = append(dnsAddresses, addr)
-		}
+	dnsEncryption := getDNSEncryption()
+	if dnsEncryption.https != "" {
+		dnsAddresses = append(dnsAddresses, dnsEncryption.https)
+	}
+	if dnsEncryption.tls != "" {
+		dnsAddresses = append(dnsAddresses, dnsEncryption.tls)
+	}
+	if dnsEncryption.quic != "" {
+		dnsAddresses = append(dnsAddresses, dnsEncryption.quic)
 	}
 
 	return dnsAddresses

home/mobileconfig.go

@@ -0,0 +1,92 @@
+package home
+
+import (
+	"fmt"
+	"net/http"
+
+	uuid "github.com/satori/go.uuid"
+	"howett.net/plist"
+)
+
+type DNSSettings struct {
+	DNSProtocol string
+	ServerURL   string `plist:",omitempty"`
+	ServerName  string `plist:",omitempty"`
+}
+
+type PayloadContent = struct {
+	Name               string
+	PayloadDescription string
+	PayloadDisplayName string
+	PayloadIdentifier  string
+	PayloadType        string
+	PayloadUUID        string
+	PayloadVersion     int
+	DNSSettings        DNSSettings
+}
+
+type MobileConfig = struct {
+	PayloadContent           []PayloadContent
+	PayloadDescription       string
+	PayloadDisplayName       string
+	PayloadIdentifier        string
+	PayloadRemovalDisallowed bool
+	PayloadType              string
+	PayloadUUID              string
+	PayloadVersion           int
+}
+
+func genUUIDv4() string {
+	return uuid.NewV4().String()
+}
+
+func getMobileConfig(r *http.Request, d DNSSettings) ([]byte, error) {
+	name := fmt.Sprintf("%s DNS over %s", r.Host, d.DNSProtocol)
+
+	data := MobileConfig{
+		PayloadContent: []PayloadContent{{
+			Name:               name,
+			PayloadDescription: "Configures device to use AdGuard Home",
+			PayloadDisplayName: name,
+			PayloadIdentifier:  fmt.Sprintf("com.apple.dnsSettings.managed.%s", genUUIDv4()),
+			PayloadType:        "com.apple.dnsSettings.managed",
+			PayloadUUID:        genUUIDv4(),
+			PayloadVersion:     1,
+			DNSSettings:        d,
+		}},
+		PayloadDescription:       "Adds AdGuard Home to Big Sur and iOS 14 or newer systems",
+		PayloadDisplayName:       name,
+		PayloadIdentifier:        genUUIDv4(),
+		PayloadRemovalDisallowed: false,
+		PayloadType:              "Configuration",
+		PayloadUUID:              genUUIDv4(),
+		PayloadVersion:           1,
+	}
+
+	return plist.MarshalIndent(data, plist.XMLFormat, "\t")
+}
+
+func handleMobileConfig(w http.ResponseWriter, r *http.Request, d DNSSettings) {
+	mobileconfig, err := getMobileConfig(r, d)
+
+	if err != nil {
+		httpError(w, http.StatusInternalServerError, "plist.MarshalIndent: %s", err)
+	}
+
+	w.Header().Set("Content-Type", "application/xml")
+	_, _ = w.Write(mobileconfig)
+}
+
+func handleMobileConfigDoh(w http.ResponseWriter, r *http.Request) {
+	handleMobileConfig(w, r, DNSSettings{
+		DNSProtocol: "HTTPS",
+		ServerURL:   fmt.Sprintf("https://%s/dns-query", r.Host),
+	})
+}
+
+func handleMobileConfigDot(w http.ResponseWriter, r *http.Request) {
+	handleMobileConfig(w, r, DNSSettings{
+		DNSProtocol: "TLS",
+		ServerName:  r.Host,
+	})
+}