3521e8ed9f
Merge in DNS/adguard-home from AGDNS-2714-tls-config to master Squashed commit of the following: commit 073e5ec367db02690e9527602a1da6bfd29321a0 Merge: 18f38c9d44d258972dAuthor: Stanislav Chzhen <s.chzhen@adguard.com> Date: Wed Apr 16 18:25:23 2025 +0300 Merge branch 'master' into AGDNS-2714-tls-config commit 18f38c9d44337752c6d0f09142658f374de0979f Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Fri Apr 11 15:02:00 2025 +0300 dnsforward: imp docs commit ed56d3c2bc239bdc9af000d847721c4c43d173a3 Merge: 3ef281ea21cc6c00e4Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Thu Apr 10 17:25:08 2025 +0300 Merge branch 'master' into AGDNS-2714-tls-config commit 3ef281ea28dc1fcab0a1291fb3221e6324077a10 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Thu Apr 10 17:24:29 2025 +0300 all: imp docs commit b75f2874a816d4814d218c3b062d532f02e26ca5 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Mon Apr 7 17:16:59 2025 +0300 dnsforward: imp code commit 8ab17b96bca957a172062faaa23b72d5c7ed4d0d Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Fri Apr 4 21:26:37 2025 +0300 all: imp code commit 1abce97b50fe0406dd1ec85b96a0f99b633325cc Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Wed Apr 2 18:22:15 2025 +0300 home: imp code commit debf710f4ebbdfe3e4d2f15b1adcf6b86f8dfc0d Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Tue Apr 1 14:52:21 2025 +0300 home: imp code commit 4aa26f15b721f2a3f32da29b3f664a02bc5a8608 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Tue Apr 1 14:16:16 2025 +0300 all: imp code commit 1a3e72f7a1276f9f797caf9b615f8a552cc9e988 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Mon Mar 31 21:22:40 2025 +0300 all: imp code commit 776ab824aef18ea27b59c02ebfc8620c715a867e Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Thu Mar 27 14:00:33 2025 +0300 home: tls config mu commit 9ebf912f530181043df5c583e82291484996429a Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Wed Mar 26 18:58:47 2025 +0300 all: tls config
234 lines
6.2 KiB
Go
234 lines
6.2 KiB
Go
package home
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"log/slog"
|
|
"net/http"
|
|
"os"
|
|
"os/exec"
|
|
"runtime"
|
|
"syscall"
|
|
"time"
|
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/updater"
|
|
"github.com/AdguardTeam/golibs/errors"
|
|
"github.com/AdguardTeam/golibs/logutil/slogutil"
|
|
"github.com/AdguardTeam/golibs/osutil"
|
|
)
|
|
|
|
// temporaryError is the interface for temporary errors from the Go standard
|
|
// library.
|
|
type temporaryError interface {
|
|
error
|
|
Temporary() (ok bool)
|
|
}
|
|
|
|
// handleVersionJSON is the handler for the POST /control/version.json HTTP API.
|
|
//
|
|
// TODO(a.garipov): Find out if this API used with a GET method by anyone.
|
|
func (web *webAPI) handleVersionJSON(w http.ResponseWriter, r *http.Request) {
|
|
resp := &versionResponse{}
|
|
if web.conf.disableUpdate {
|
|
resp.Disabled = true
|
|
aghhttp.WriteJSONResponseOK(w, r, resp)
|
|
|
|
return
|
|
}
|
|
|
|
req := &struct {
|
|
Recheck bool `json:"recheck_now"`
|
|
}{}
|
|
|
|
var err error
|
|
if r.ContentLength != 0 {
|
|
err = json.NewDecoder(r.Body).Decode(req)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "parsing request: %s", err)
|
|
|
|
return
|
|
}
|
|
}
|
|
|
|
err = web.requestVersionInfo(r.Context(), resp, req.Recheck)
|
|
if err != nil {
|
|
// Don't wrap the error, because it's informative enough as is.
|
|
aghhttp.Error(r, w, http.StatusBadGateway, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
err = resp.setAllowedToAutoUpdate(web.tlsManager)
|
|
if err != nil {
|
|
// Don't wrap the error, because it's informative enough as is.
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
aghhttp.WriteJSONResponseOK(w, r, resp)
|
|
}
|
|
|
|
// requestVersionInfo sets the VersionInfo field of resp if it can reach the
|
|
// update server.
|
|
func (web *webAPI) requestVersionInfo(
|
|
ctx context.Context,
|
|
resp *versionResponse,
|
|
recheck bool,
|
|
) (err error) {
|
|
updater := web.conf.updater
|
|
for range 3 {
|
|
resp.VersionInfo, err = updater.VersionInfo(recheck)
|
|
if err == nil {
|
|
return nil
|
|
}
|
|
|
|
var terr temporaryError
|
|
if errors.As(err, &terr) && terr.Temporary() {
|
|
// Temporary network error. This case may happen while we're
|
|
// restarting our DNS server. Log and sleep for some time.
|
|
//
|
|
// See https://github.com/AdguardTeam/AdGuardHome/issues/934.
|
|
const sleepTime = 2 * time.Second
|
|
|
|
err = fmt.Errorf("temp net error: %w; sleeping for %s and retrying", err, sleepTime)
|
|
web.logger.InfoContext(ctx, "updating version info", slogutil.KeyError, err)
|
|
|
|
time.Sleep(sleepTime)
|
|
|
|
continue
|
|
}
|
|
|
|
break
|
|
}
|
|
|
|
if err != nil {
|
|
return fmt.Errorf("getting version info: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// handleUpdate performs an update to the latest available version procedure.
|
|
func (web *webAPI) handleUpdate(w http.ResponseWriter, r *http.Request) {
|
|
updater := web.conf.updater
|
|
if updater.NewVersion() == "" {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "/update request isn't allowed now")
|
|
|
|
return
|
|
}
|
|
|
|
// Retain the current absolute path of the executable, since the updater is
|
|
// likely to change the position current one to the backup directory.
|
|
//
|
|
// See https://github.com/AdguardTeam/AdGuardHome/issues/4735.
|
|
execPath, err := os.Executable()
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "getting path: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
err = updater.Update(false)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
aghhttp.OK(w)
|
|
if f, ok := w.(http.Flusher); ok {
|
|
f.Flush()
|
|
}
|
|
|
|
// The background context is used because the underlying functions wrap it
|
|
// with timeout and shut down the server, which handles current request. It
|
|
// also should be done in a separate goroutine for the same reason.
|
|
go finishUpdate(context.Background(), web.logger, execPath, web.conf.runningAsService)
|
|
}
|
|
|
|
// versionResponse is the response for /control/version.json endpoint.
|
|
type versionResponse struct {
|
|
updater.VersionInfo
|
|
Disabled bool `json:"disabled"`
|
|
}
|
|
|
|
// setAllowedToAutoUpdate sets CanAutoUpdate to true if AdGuard Home is actually
|
|
// allowed to perform an automatic update by the OS. tlsMgr must not be nil.
|
|
func (vr *versionResponse) setAllowedToAutoUpdate(tlsMgr *tlsManager) (err error) {
|
|
if vr.CanAutoUpdate != aghalg.NBTrue {
|
|
return nil
|
|
}
|
|
|
|
canUpdate := true
|
|
if tlsConfUsesPrivilegedPorts(tlsMgr.config()) ||
|
|
config.HTTPConfig.Address.Port() < 1024 ||
|
|
config.DNS.Port < 1024 {
|
|
canUpdate, err = aghnet.CanBindPrivilegedPorts()
|
|
if err != nil {
|
|
return fmt.Errorf("checking ability to bind privileged ports: %w", err)
|
|
}
|
|
}
|
|
|
|
vr.CanAutoUpdate = aghalg.BoolToNullBool(canUpdate)
|
|
|
|
return nil
|
|
}
|
|
|
|
// tlsConfUsesPrivilegedPorts returns true if the provided TLS configuration
|
|
// indicates that privileged ports are used.
|
|
func tlsConfUsesPrivilegedPorts(c *tlsConfigSettings) (ok bool) {
|
|
return c.Enabled && (c.PortHTTPS < 1024 || c.PortDNSOverTLS < 1024 || c.PortDNSOverQUIC < 1024)
|
|
}
|
|
|
|
// finishUpdate completes an update procedure. It is intended to be used as a
|
|
// goroutine.
|
|
func finishUpdate(ctx context.Context, l *slog.Logger, execPath string, runningAsService bool) {
|
|
defer slogutil.RecoverAndExit(ctx, l, osutil.ExitCodeFailure)
|
|
|
|
l.InfoContext(ctx, "stopping all tasks")
|
|
|
|
cleanup(ctx)
|
|
cleanupAlways()
|
|
|
|
var err error
|
|
if runtime.GOOS == "windows" {
|
|
if runningAsService {
|
|
// NOTE: We can't restart the service via "kardianos/service"
|
|
// package, because it kills the process first we can't start a new
|
|
// instance, because Windows doesn't allow it.
|
|
//
|
|
// TODO(a.garipov): Recheck the claim above.
|
|
cmd := exec.Command("cmd", "/c", "net stop AdGuardHome & net start AdGuardHome")
|
|
err = cmd.Start()
|
|
if err != nil {
|
|
panic(fmt.Errorf("restarting service: %w", err))
|
|
}
|
|
|
|
os.Exit(osutil.ExitCodeSuccess)
|
|
}
|
|
|
|
cmd := exec.Command(execPath, os.Args[1:]...)
|
|
l.InfoContext(ctx, "restarting", "exec_path", execPath, "args", os.Args[1:])
|
|
cmd.Stdin = os.Stdin
|
|
cmd.Stdout = os.Stdout
|
|
cmd.Stderr = os.Stderr
|
|
err = cmd.Start()
|
|
if err != nil {
|
|
panic(fmt.Errorf("restarting: %w", err))
|
|
}
|
|
|
|
os.Exit(osutil.ExitCodeSuccess)
|
|
}
|
|
|
|
l.InfoContext(ctx, "restarting", "exec_path", execPath, "args", os.Args[1:])
|
|
err = syscall.Exec(execPath, os.Args, os.Environ())
|
|
if err != nil {
|
|
panic(fmt.Errorf("restarting: %w", err))
|
|
}
|
|
}
|