all: add permcheck, client fix; imp chlog

2024-10-02 18:24:07 +03:00
parent 8cb5781770
commit e8fd4b1872
40 changed files with 885 additions and 91 deletions
--- a/internal/home/auth.go
+++ b/internal/home/auth.go
@@ -9,6 +9,7 @@ import (
 	"sync"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
@@ -89,7 +90,7 @@ func InitAuth(
 		trustedProxies: trustedProxies,
 	}
 	var err error
-	a.db, err = bbolt.Open(dbFilename, 0o644, nil)
+	a.db, err = bbolt.Open(dbFilename, aghos.DefaultPermFile, nil)
 	if err != nil {
 		log.Error("auth: open DB: %s: %s", dbFilename, err)
 		if err.Error() == "invalid argument" {
--- a/internal/home/clients.go
+++ b/internal/home/clients.go
@@ -72,10 +72,13 @@ func (clients *clientsContainer) Init(
 		return errors.Error("clients container already initialized")
 	}

+	clients.safeSearchCacheSize = filteringConf.SafeSearchCacheSize
+	clients.safeSearchCacheTTL = time.Minute * time.Duration(filteringConf.CacheTime)
+
 	confClients := make([]*client.Persistent, 0, len(objects))
 	for i, o := range objects {
 		var p *client.Persistent
-		p, err = o.toPersistent(filteringConf)
+		p, err = o.toPersistent(clients.safeSearchCacheSize, clients.safeSearchCacheTTL)
 		if err != nil {
 			return fmt.Errorf("init persistent client at index %d: %w", i, err)
 		}
@@ -165,7 +168,8 @@ type clientObject struct {

 // toPersistent returns an initialized persistent client if there are no errors.
 func (o *clientObject) toPersistent(
-	filteringConf *filtering.Config,
+	safeSearchCacheSize uint,
+	safeSearchCacheTTL time.Duration,
 ) (cli *client.Persistent, err error) {
 	cli = &client.Persistent{
 		Name: o.Name,
@@ -201,8 +205,8 @@ func (o *clientObject) toPersistent(
 	if o.SafeSearchConf.Enabled {
 		err = cli.SetSafeSearch(
 			o.SafeSearchConf,
-			filteringConf.SafeSearchCacheSize,
-			time.Minute*time.Duration(filteringConf.CacheTime),
+			safeSearchCacheSize,
+			safeSearchCacheTTL,
 		)
 		if err != nil {
 			return nil, fmt.Errorf("init safesearch %q: %w", cli.Name, err)
--- a/internal/home/config.go
+++ b/internal/home/config.go
@@ -9,6 +9,7 @@ import (
 	"sync"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
+	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/AdGuardHome/internal/configmigrate"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
@@ -26,9 +27,15 @@ import (
 	yaml "gopkg.in/yaml.v3"
 )

-// dataDir is the name of a directory under the working one to store some
-// persistent data.
-const dataDir = "data"
+const (
+	// dataDir is the name of a directory under the working one to store some
+	// persistent data.
+	dataDir = "data"
+
+	// userFilterDataDir is the name of the directory used to store users'
+	// FS-based rule lists.
+	userFilterDataDir = "userfilters"
+)

 // logSettings are the logging settings part of the configuration file.
 type logSettings struct {
@@ -520,6 +527,7 @@ func parseConfig() (err error) {

 	migrator := configmigrate.New(&configmigrate.Config{
 		WorkingDir: Context.workDir,
+		DataDir:    Context.getDataDir(),
 	})

 	var upgraded bool
@@ -534,7 +542,7 @@ func parseConfig() (err error) {
 		confPath := configFilePath()
 		log.Debug("writing config file %q after config upgrade", confPath)

-		err = maybe.WriteFile(confPath, config.fileData, 0o644)
+		err = maybe.WriteFile(confPath, config.fileData, aghos.DefaultPermFile)
 		if err != nil {
 			return fmt.Errorf("writing new config: %w", err)
 		}
@@ -700,7 +708,7 @@ func (c *configuration) write() (err error) {
 		return fmt.Errorf("generating config file: %w", err)
 	}

-	err = maybe.WriteFile(confPath, buf.Bytes(), 0o644)
+	err = maybe.WriteFile(confPath, buf.Bytes(), aghos.DefaultPermFile)
 	if err != nil {
 		return fmt.Errorf("writing config file: %w", err)
 	}
--- a/internal/home/controlinstall.go
+++ b/internal/home/controlinstall.go
@@ -270,9 +270,9 @@ DNSStubListener=no
 const resolvConfPath = "/etc/resolv.conf"

 // Deactivate DNSStubListener
-func disableDNSStubListener() error {
+func disableDNSStubListener() (err error) {
 	dir := filepath.Dir(resolvedConfPath)
-	err := os.MkdirAll(dir, 0o755)
+	err = os.MkdirAll(dir, 0o755)
 	if err != nil {
 		return fmt.Errorf("os.MkdirAll: %s: %w", dir, err)
 	}
@@ -413,9 +413,12 @@ func (web *webAPI) handleInstallConfigure(w http.ResponseWriter, r *http.Request
 	copyInstallSettings(curConfig, config)

 	Context.firstRun = false
-	config.HTTPConfig.Address = netip.AddrPortFrom(req.Web.IP, req.Web.Port)
 	config.DNS.BindHosts = []netip.Addr{req.DNS.IP}
 	config.DNS.Port = req.DNS.Port
+	config.Filtering.SafeFSPatterns = []string{
+		filepath.Join(Context.workDir, userFilterDataDir, "*"),
+	}
+	config.HTTPConfig.Address = netip.AddrPortFrom(req.Web.IP, req.Web.Port)

 	u := &webUser{
 		Name: req.Username,
--- a/internal/home/dns.go
+++ b/internal/home/dns.go
@@ -47,14 +47,9 @@ func onConfigModified() {
 // initDNS updates all the fields of the [Context] needed to initialize the DNS
 // server and initializes it at last.  It also must not be called unless
 // [config] and [Context] are initialized.  l must not be nil.
-func initDNS(l *slog.Logger) (err error) {
+func initDNS(l *slog.Logger, statsDir, querylogDir string) (err error) {
 	anonymizer := config.anonymizer()

-	statsDir, querylogDir, err := checkStatsAndQuerylogDirs(&Context, config)
-	if err != nil {
-		return err
-	}
-
 	statsConf := stats.Config{
 		Logger:            l.With(slogutil.KeyPrefix, "stats"),
 		Filename:          filepath.Join(statsDir, "stats.db"),
--- a/internal/home/home.go
+++ b/internal/home/home.go
@@ -31,6 +31,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering/hashprefix"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering/safesearch"
+	"github.com/AdguardTeam/AdGuardHome/internal/permcheck"
 	"github.com/AdguardTeam/AdGuardHome/internal/querylog"
 	"github.com/AdguardTeam/AdGuardHome/internal/stats"
 	"github.com/AdguardTeam/AdGuardHome/internal/updater"
@@ -630,9 +631,9 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
 		}
 	}

-	dir := Context.getDataDir()
-	err = os.MkdirAll(dir, 0o755)
-	fatalOnError(errors.Annotate(err, "creating DNS data dir at %s: %w", dir))
+	dataDir := Context.getDataDir()
+	err = os.MkdirAll(dataDir, aghos.DefaultPermDir)
+	fatalOnError(errors.Annotate(err, "creating DNS data dir at %s: %w", dataDir))

 	GLMode = opts.glinetMode

@@ -649,8 +650,11 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
 	Context.web, err = initWeb(opts, clientBuildFS, upd, slogLogger)
 	fatalOnError(err)

+	statsDir, querylogDir, err := checkStatsAndQuerylogDirs(&Context, config)
+	fatalOnError(err)
+
 	if !Context.firstRun {
-		err = initDNS(slogLogger)
+		err = initDNS(slogLogger, statsDir, querylogDir)
 		fatalOnError(err)

 		Context.tls.start()
@@ -671,6 +675,12 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
 		}
 	}

+	if permcheck.NeedsMigration(confPath) {
+		permcheck.Migrate(Context.workDir, dataDir, statsDir, querylogDir, confPath)
+	}
+
+	permcheck.Check(Context.workDir, dataDir, statsDir, querylogDir, confPath)
+
 	Context.web.start()

 	// Wait for other goroutines to complete their job.
@@ -714,7 +724,12 @@ func (c *configuration) anonymizer() (ipmut *aghnet.IPMut) {
 // startMods initializes and starts the DNS server after installation.  l must
 // not be nil.
 func startMods(l *slog.Logger) (err error) {
-	err = initDNS(l)
+	statsDir, querylogDir, err := checkStatsAndQuerylogDirs(&Context, config)
+	if err != nil {
+		return err
+	}
+
+	err = initDNS(l, statsDir, querylogDir)
 	if err != nil {
 		return err
 	}