Pull request: HOFTIX-csrf

Merge in DNS/adguard-home from HOFTIX-csrf to master Squashed commit of the following: commit 75ab27bf6c52b80ab4e7347d7c254fa659eac244 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Sep 29 18:45:54 2022 +0300 all: imp cookie security; rm plain-text apis
2022-09-29 19:04:26 +03:00
parent b71a5d86de
commit 756b14a61d
23 changed files with 494 additions and 344 deletions
--- a/openapi/CHANGELOG.md
+++ b/openapi/CHANGELOG.md
@@ -4,6 +4,64 @@

 ## v0.108.0: API changes

+
+
+## v0.107.14: BREAKING API CHANGES
+
+A Cross-Site Request Forgery (CSRF) vulnerability has been discovered.  We have
+implemented several measures to prevent such vulnerabilities in the future, but
+some of these measures break backwards compatibility for the sake of better
+protection.
+
+All new formats for the request and response bodies are documented in
+`openapi.yaml`.
+
+### `POST /control/filtering/set_rules` And Other Plain-Text APIs
+
+The following APIs, which previously accepted or returned `text/plain` data,
+now accept or return data as JSON.
+
+#### `POST /control/filtering/set_rules`
+
+Previously, the API accepted a raw list of filters as a plain-text file.  Now,
+the filters must be presented in a JSON object with the following format:
+
+```json
+{
+  "rules":
+  [
+    "||example.com^",
+    "# comment",
+    "@@||www.example.com^"
+  ]
+}
+```
+
+#### `GET /control/i18n/current_language` And `POST /control/i18n/change_language`
+
+Previously, these APIs accepted and returned the language code in plain text.
+Now, they accept and return them in a JSON object with the following format:
+
+```json
+{
+  "language": "en"
+}
+```
+
+#### `POST /control/dhcp/find_active_dhcp`
+
+Previously, the API accepted the name of the network interface as a plain-text
+string.  Now, it must be contained within a JSON object with the following
+format:
+
+```json
+{
+  "interface": "eth0"
+}
+```
+
+
+
 ## v0.107.12: API changes

 ### `GET /control/blocked_services/services`
@@ -11,6 +69,8 @@
 * The new `GET /control/blocked_services/services` HTTP API allows inspecting
  all available services.

+
+
 ## v0.107.7: API changes

 ### The new optional field `"ecs"` in `QueryLogItem`
@@ -24,6 +84,8 @@
  `POST /install/configure` which means that the specified password does not
  meet the strength requirements.

+
+
 ## v0.107.3: API changes

 ### The new field `"version"` in `AddressesInfo`
@@ -31,6 +93,8 @@
 * The new field `"version"` in `GET /install/get_addresses` is the version of
  the AdGuard Home instance.

+
+
 ## v0.107.0: API changes

 ### The new field `"cached"` in `QueryLogItem`
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -413,6 +413,11 @@
      - 'dhcp'
      'operationId': 'checkActiveDhcp'
      'summary': 'Searches for an active DHCP server on the network'
+      'requestBody':
+        'content':
+          'application/json':
+            'schema':
+              '$ref': '#/components/schemas/DhcpFindActiveReq'
      'responses':
        '200':
          'description': 'OK.'
@@ -667,24 +672,6 @@
      - 'parental'
      'operationId': 'parentalEnable'
      'summary': 'Enable parental filtering'
-      'requestBody':
-        'content':
-          'text/plain':
-            'schema':
-              'type': 'string'
-              'enum':
-              - 'EARLY_CHILDHOOD'
-              - 'YOUNG'
-              - 'TEEN'
-              - 'MATURE'
-              'example': 'sensitivity=TEEN'
-        'description': |
-          Age sensitivity for parental filtering,
-          EARLY_CHILDHOOD is 3
-          YOUNG is 10
-          TEEN is 13
-          MATURE is 17
-        'required': true
      'responses':
        '200':
          'description': 'OK.'
@@ -958,10 +945,9 @@
        Change current language.  Argument must be an ISO 639-1 two-letter code.
      'requestBody':
        'content':
-          'text/plain':
+          'application/json':
            'schema':
-              'type': 'string'
-              'example': 'en'
+              '$ref': '#/components/schemas/LanguageSettings'
        'description': >
          New language.  It must be known to the server and must be an ISO 639-1
          two-letter code.
@@ -980,10 +966,9 @@
        '200':
          'description': 'OK.'
          'content':
-            'text/plain':
-              'examples':
-                'response':
-                  'value': 'en'
+            'application/json':
+              'schema':
+                '$ref': '#/components/schemas/LanguageSettings'
  '/install/get_addresses_beta':
    'get':
      'tags':
@@ -1777,6 +1762,16 @@
      'additionalProperties':
        '$ref': '#/components/schemas/NetInterface'

+    'DhcpFindActiveReq':
+      'description': >
+        Request for checking for other DHCP servers in the network.
+      'properties':
+        'interface':
+          'description': 'The name of the network interface'
+          'example': 'eth0'
+          'type': 'string'
+      'type': 'object'
+
    'DhcpSearchResult':
      'type': 'object'
      'description': >
@@ -2692,6 +2687,15 @@
          'description': 'The error message, an opaque string.'
          'type': 'string'
      'type': 'object'
+    'LanguageSettings':
+      'description': 'Language settings object.'
+      'properties':
+        'language':
+          'description': 'The current language or the language to set.'
+          'type': 'string'
+      'required':
+      - 'language'
+      'type': 'object'
  'securitySchemes':
    'basicAuth':
      'type': 'http'