47c9c946a3
Merge in DNS/adguard-home from 4871-imp-filtering to master
Closes #4871.
Squashed commit of the following:
commit 618e7c558447703c114332708c94ef1b34362cf9
Merge: 41ff8ab7 11e4f091
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Thu Sep 22 19:27:08 2022 +0300
Merge branch 'master' into 4871-imp-filtering
commit 41ff8ab755a87170e7334dedcae00f01dcca238a
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Thu Sep 22 19:26:11 2022 +0300
filtering: imp code, log
commit e4ae1d1788406ffd7ef0fcc6df896a22b0c2db37
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Thu Sep 22 14:11:07 2022 +0300
filtering: move handlers into single func
commit f7a340b4c10980f512ae935a156f02b0133a1627
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Wed Sep 21 19:21:09 2022 +0300
all: imp code
commit e064bf4d3de0283e4bda2aaf5b9822bb8a08f4a6
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Tue Sep 20 20:12:16 2022 +0300
all: imp name
commit e7eda3905762f0821e1be1ac3cf77e0ecbedeff4
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Tue Sep 20 17:51:23 2022 +0300
all: finally get rid of filtering
commit 188550d873e625cc2951583bb3a2eaad036745f5
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Tue Sep 20 17:36:03 2022 +0300
filtering: merge refresh
commit e54ed9c7952b17e66b790c835269b28fbc26f9ca
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Tue Sep 20 17:16:23 2022 +0300
filtering: merge filters
commit 32da31b754a319487d5f9d5e81e607d349b90180
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Tue Sep 20 14:48:13 2022 +0300
filtering: imp docs
commit 43b0cafa7a27bb9b620c2ba50ccdddcf32cfcecc
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Tue Sep 20 14:38:04 2022 +0300
all: imp code
commit 253a2ea6c92815d364546e34d631e406dd604644
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Mon Sep 19 20:43:15 2022 +0300
filtering: rm important flag
commit 1b87f08f946389d410f13412c7e486290d5e752d
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Mon Sep 19 17:05:40 2022 +0300
all: move filtering to the package
commit daa13499f1dd4fe475c4b75769e34f1eb0915bdf
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Mon Sep 19 15:13:55 2022 +0300
all: finish merging
commit d6db75eb2e1f23528e9200ea51507eb793eefa3c
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Fri Sep 16 18:18:14 2022 +0300
all: continue merging
commit 45b4c484deb7198a469aa18d719bb9dbe81e5d22
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date: Wed Sep 14 15:44:22 2022 +0300
all: merge filtering types
517 lines
13 KiB
Go
517 lines
13 KiB
Go
package filtering
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
|
"github.com/AdguardTeam/golibs/errors"
|
|
"github.com/AdguardTeam/golibs/log"
|
|
"github.com/miekg/dns"
|
|
)
|
|
|
|
// validateFilterURL validates the filter list URL or file name.
|
|
func validateFilterURL(urlStr string) (err error) {
|
|
if filepath.IsAbs(urlStr) {
|
|
_, err = os.Stat(urlStr)
|
|
if err != nil {
|
|
return fmt.Errorf("checking filter file: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
url, err := url.ParseRequestURI(urlStr)
|
|
if err != nil {
|
|
return fmt.Errorf("checking filter url: %w", err)
|
|
}
|
|
|
|
if s := url.Scheme; s != aghhttp.SchemeHTTP && s != aghhttp.SchemeHTTPS {
|
|
return fmt.Errorf("checking filter url: invalid scheme %q", s)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
type filterAddJSON struct {
|
|
Name string `json:"name"`
|
|
URL string `json:"url"`
|
|
Whitelist bool `json:"whitelist"`
|
|
}
|
|
|
|
func (d *DNSFilter) handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
|
|
fj := filterAddJSON{}
|
|
err := json.NewDecoder(r.Body).Decode(&fj)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "Failed to parse request body json: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
err = validateFilterURL(fj.URL)
|
|
if err != nil {
|
|
err = fmt.Errorf("invalid url: %s", err)
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
|
|
|
|
return
|
|
}
|
|
|
|
// Check for duplicates
|
|
if d.filterExists(fj.URL) {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "Filter URL already added -- %s", fj.URL)
|
|
|
|
return
|
|
}
|
|
|
|
// Set necessary properties
|
|
filt := FilterYAML{
|
|
Enabled: true,
|
|
URL: fj.URL,
|
|
Name: fj.Name,
|
|
white: fj.Whitelist,
|
|
}
|
|
filt.ID = assignUniqueFilterID()
|
|
|
|
// Download the filter contents
|
|
ok, err := d.update(&filt)
|
|
if err != nil {
|
|
aghhttp.Error(
|
|
r,
|
|
w,
|
|
http.StatusBadRequest,
|
|
"Couldn't fetch filter from url %s: %s",
|
|
filt.URL,
|
|
err,
|
|
)
|
|
|
|
return
|
|
}
|
|
|
|
if !ok {
|
|
aghhttp.Error(
|
|
r,
|
|
w,
|
|
http.StatusBadRequest,
|
|
"Filter at the url %s is invalid (maybe it points to blank page?)",
|
|
filt.URL,
|
|
)
|
|
|
|
return
|
|
}
|
|
|
|
// URL is assumed valid so append it to filters, update config, write new
|
|
// file and reload it to engines.
|
|
if !d.filterAdd(filt) {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "Filter URL already added -- %s", filt.URL)
|
|
|
|
return
|
|
}
|
|
|
|
d.ConfigModified()
|
|
d.EnableFilters(true)
|
|
|
|
_, err = fmt.Fprintf(w, "OK %d rules\n", filt.RulesCount)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "Couldn't write body: %s", err)
|
|
}
|
|
}
|
|
|
|
func (d *DNSFilter) handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
|
|
type request struct {
|
|
URL string `json:"url"`
|
|
Whitelist bool `json:"whitelist"`
|
|
}
|
|
|
|
req := request{}
|
|
err := json.NewDecoder(r.Body).Decode(&req)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "failed to parse request body json: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
d.filtersMu.Lock()
|
|
filters := &d.Filters
|
|
if req.Whitelist {
|
|
filters = &d.WhitelistFilters
|
|
}
|
|
|
|
var deleted FilterYAML
|
|
var newFilters []FilterYAML
|
|
for _, flt := range *filters {
|
|
if flt.URL != req.URL {
|
|
newFilters = append(newFilters, flt)
|
|
|
|
continue
|
|
}
|
|
|
|
deleted = flt
|
|
path := flt.Path(d.DataDir)
|
|
err = os.Rename(path, path+".old")
|
|
if err != nil {
|
|
log.Error("deleting filter %q: %s", path, err)
|
|
}
|
|
}
|
|
|
|
*filters = newFilters
|
|
d.filtersMu.Unlock()
|
|
|
|
d.ConfigModified()
|
|
d.EnableFilters(true)
|
|
|
|
// NOTE: The old files "filter.txt.old" aren't deleted. It's not really
|
|
// necessary, but will require the additional complicated code to run
|
|
// after enableFilters is done.
|
|
//
|
|
// TODO(a.garipov): Make sure the above comment is true.
|
|
|
|
_, err = fmt.Fprintf(w, "OK %d rules\n", deleted.RulesCount)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "couldn't write body: %s", err)
|
|
}
|
|
}
|
|
|
|
type filterURLReqData struct {
|
|
Name string `json:"name"`
|
|
URL string `json:"url"`
|
|
Enabled bool `json:"enabled"`
|
|
}
|
|
|
|
type filterURLReq struct {
|
|
Data *filterURLReqData `json:"data"`
|
|
URL string `json:"url"`
|
|
Whitelist bool `json:"whitelist"`
|
|
}
|
|
|
|
func (d *DNSFilter) handleFilteringSetURL(w http.ResponseWriter, r *http.Request) {
|
|
fj := filterURLReq{}
|
|
err := json.NewDecoder(r.Body).Decode(&fj)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "decoding request: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
if fj.Data == nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "%s", errors.Error("data is absent"))
|
|
|
|
return
|
|
}
|
|
|
|
err = validateFilterURL(fj.Data.URL)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "invalid url: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
filt := FilterYAML{
|
|
Enabled: fj.Data.Enabled,
|
|
Name: fj.Data.Name,
|
|
URL: fj.Data.URL,
|
|
}
|
|
status := d.filterSetProperties(fj.URL, filt, fj.Whitelist)
|
|
if (status & statusFound) == 0 {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "URL doesn't exist")
|
|
|
|
return
|
|
}
|
|
if (status & statusURLExists) != 0 {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "URL already exists")
|
|
|
|
return
|
|
}
|
|
|
|
d.ConfigModified()
|
|
|
|
restart := (status & statusEnabledChanged) != 0
|
|
if (status&statusUpdateRequired) != 0 && fj.Data.Enabled {
|
|
// download new filter and apply its rules.
|
|
nUpdated := d.refreshFilters(!fj.Whitelist, fj.Whitelist, false)
|
|
// if at least 1 filter has been updated, refreshFilters() restarts the filtering automatically
|
|
// if not - we restart the filtering ourselves
|
|
restart = false
|
|
if nUpdated == 0 {
|
|
restart = true
|
|
}
|
|
}
|
|
|
|
if restart {
|
|
d.EnableFilters(true)
|
|
}
|
|
}
|
|
|
|
func (d *DNSFilter) handleFilteringSetRules(w http.ResponseWriter, r *http.Request) {
|
|
// This use of ReadAll is safe, because request's body is now limited.
|
|
body, err := io.ReadAll(r.Body)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "Failed to read request body: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
d.UserRules = strings.Split(string(body), "\n")
|
|
d.ConfigModified()
|
|
d.EnableFilters(true)
|
|
}
|
|
|
|
func (d *DNSFilter) handleFilteringRefresh(w http.ResponseWriter, r *http.Request) {
|
|
type Req struct {
|
|
White bool `json:"whitelist"`
|
|
}
|
|
type Resp struct {
|
|
Updated int `json:"updated"`
|
|
}
|
|
resp := Resp{}
|
|
var err error
|
|
|
|
req := Req{}
|
|
err = json.NewDecoder(r.Body).Decode(&req)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "json decode: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
var ok bool
|
|
resp.Updated, _, ok = d.tryRefreshFilters(!req.White, req.White, true)
|
|
if !ok {
|
|
aghhttp.Error(
|
|
r,
|
|
w,
|
|
http.StatusInternalServerError,
|
|
"filters update procedure is already running",
|
|
)
|
|
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
err = json.NewEncoder(w).Encode(resp)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "json encode: %s", err)
|
|
|
|
return
|
|
}
|
|
}
|
|
|
|
type filterJSON struct {
|
|
URL string `json:"url"`
|
|
Name string `json:"name"`
|
|
LastUpdated string `json:"last_updated,omitempty"`
|
|
ID int64 `json:"id"`
|
|
RulesCount uint32 `json:"rules_count"`
|
|
Enabled bool `json:"enabled"`
|
|
}
|
|
|
|
type filteringConfig struct {
|
|
Filters []filterJSON `json:"filters"`
|
|
WhitelistFilters []filterJSON `json:"whitelist_filters"`
|
|
UserRules []string `json:"user_rules"`
|
|
Interval uint32 `json:"interval"` // in hours
|
|
Enabled bool `json:"enabled"`
|
|
}
|
|
|
|
func filterToJSON(f FilterYAML) filterJSON {
|
|
fj := filterJSON{
|
|
ID: f.ID,
|
|
Enabled: f.Enabled,
|
|
URL: f.URL,
|
|
Name: f.Name,
|
|
RulesCount: uint32(f.RulesCount),
|
|
}
|
|
|
|
if !f.LastUpdated.IsZero() {
|
|
fj.LastUpdated = f.LastUpdated.Format(time.RFC3339)
|
|
}
|
|
|
|
return fj
|
|
}
|
|
|
|
// Get filtering configuration
|
|
func (d *DNSFilter) handleFilteringStatus(w http.ResponseWriter, r *http.Request) {
|
|
resp := filteringConfig{}
|
|
d.filtersMu.RLock()
|
|
resp.Enabled = d.FilteringEnabled
|
|
resp.Interval = d.FiltersUpdateIntervalHours
|
|
for _, f := range d.Filters {
|
|
fj := filterToJSON(f)
|
|
resp.Filters = append(resp.Filters, fj)
|
|
}
|
|
for _, f := range d.WhitelistFilters {
|
|
fj := filterToJSON(f)
|
|
resp.WhitelistFilters = append(resp.WhitelistFilters, fj)
|
|
}
|
|
resp.UserRules = d.UserRules
|
|
d.filtersMu.RUnlock()
|
|
|
|
jsonVal, err := json.Marshal(resp)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "json encode: %s", err)
|
|
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
_, err = w.Write(jsonVal)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "http write: %s", err)
|
|
}
|
|
}
|
|
|
|
// Set filtering configuration
|
|
func (d *DNSFilter) handleFilteringConfig(w http.ResponseWriter, r *http.Request) {
|
|
req := filteringConfig{}
|
|
err := json.NewDecoder(r.Body).Decode(&req)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "json decode: %s", err)
|
|
|
|
return
|
|
}
|
|
|
|
if !ValidateUpdateIvl(req.Interval) {
|
|
aghhttp.Error(r, w, http.StatusBadRequest, "Unsupported interval")
|
|
|
|
return
|
|
}
|
|
|
|
func() {
|
|
d.filtersMu.Lock()
|
|
defer d.filtersMu.Unlock()
|
|
|
|
d.FilteringEnabled = req.Enabled
|
|
d.FiltersUpdateIntervalHours = req.Interval
|
|
}()
|
|
|
|
d.ConfigModified()
|
|
d.EnableFilters(true)
|
|
}
|
|
|
|
type checkHostRespRule struct {
|
|
Text string `json:"text"`
|
|
FilterListID int64 `json:"filter_list_id"`
|
|
}
|
|
|
|
type checkHostResp struct {
|
|
Reason string `json:"reason"`
|
|
|
|
// Rule is the text of the matched rule.
|
|
//
|
|
// Deprecated: Use Rules[*].Text.
|
|
Rule string `json:"rule"`
|
|
|
|
Rules []*checkHostRespRule `json:"rules"`
|
|
|
|
// for FilteredBlockedService:
|
|
SvcName string `json:"service_name"`
|
|
|
|
// for Rewrite:
|
|
CanonName string `json:"cname"` // CNAME value
|
|
IPList []net.IP `json:"ip_addrs"` // list of IP addresses
|
|
|
|
// FilterID is the ID of the rule's filter list.
|
|
//
|
|
// Deprecated: Use Rules[*].FilterListID.
|
|
FilterID int64 `json:"filter_id"`
|
|
}
|
|
|
|
func (d *DNSFilter) handleCheckHost(w http.ResponseWriter, r *http.Request) {
|
|
host := r.URL.Query().Get("name")
|
|
|
|
setts := d.GetConfig()
|
|
setts.FilteringEnabled = true
|
|
setts.ProtectionEnabled = true
|
|
|
|
d.ApplyBlockedServices(&setts, nil)
|
|
result, err := d.CheckHost(host, dns.TypeA, &setts)
|
|
if err != nil {
|
|
aghhttp.Error(
|
|
r,
|
|
w,
|
|
http.StatusInternalServerError,
|
|
"couldn't apply filtering: %s: %s",
|
|
host,
|
|
err,
|
|
)
|
|
|
|
return
|
|
}
|
|
|
|
rulesLen := len(result.Rules)
|
|
resp := checkHostResp{
|
|
Reason: result.Reason.String(),
|
|
SvcName: result.ServiceName,
|
|
CanonName: result.CanonName,
|
|
IPList: result.IPList,
|
|
Rules: make([]*checkHostRespRule, len(result.Rules)),
|
|
}
|
|
|
|
if rulesLen > 0 {
|
|
resp.FilterID = result.Rules[0].FilterListID
|
|
resp.Rule = result.Rules[0].Text
|
|
}
|
|
|
|
for i, r := range result.Rules {
|
|
resp.Rules[i] = &checkHostRespRule{
|
|
FilterListID: r.FilterListID,
|
|
Text: r.Text,
|
|
}
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
err = json.NewEncoder(w).Encode(resp)
|
|
if err != nil {
|
|
aghhttp.Error(r, w, http.StatusInternalServerError, "encoding response: %s", err)
|
|
}
|
|
}
|
|
|
|
// RegisterFilteringHandlers - register handlers
|
|
func (d *DNSFilter) RegisterFilteringHandlers() {
|
|
registerHTTP := d.HTTPRegister
|
|
if registerHTTP == nil {
|
|
return
|
|
}
|
|
|
|
registerHTTP(http.MethodPost, "/control/safebrowsing/enable", d.handleSafeBrowsingEnable)
|
|
registerHTTP(http.MethodPost, "/control/safebrowsing/disable", d.handleSafeBrowsingDisable)
|
|
registerHTTP(http.MethodGet, "/control/safebrowsing/status", d.handleSafeBrowsingStatus)
|
|
|
|
registerHTTP(http.MethodPost, "/control/parental/enable", d.handleParentalEnable)
|
|
registerHTTP(http.MethodPost, "/control/parental/disable", d.handleParentalDisable)
|
|
registerHTTP(http.MethodGet, "/control/parental/status", d.handleParentalStatus)
|
|
|
|
registerHTTP(http.MethodPost, "/control/safesearch/enable", d.handleSafeSearchEnable)
|
|
registerHTTP(http.MethodPost, "/control/safesearch/disable", d.handleSafeSearchDisable)
|
|
registerHTTP(http.MethodGet, "/control/safesearch/status", d.handleSafeSearchStatus)
|
|
|
|
registerHTTP(http.MethodGet, "/control/rewrite/list", d.handleRewriteList)
|
|
registerHTTP(http.MethodPost, "/control/rewrite/add", d.handleRewriteAdd)
|
|
registerHTTP(http.MethodPost, "/control/rewrite/delete", d.handleRewriteDelete)
|
|
|
|
registerHTTP(http.MethodGet, "/control/blocked_services/services", d.handleBlockedServicesAvailableServices)
|
|
registerHTTP(http.MethodGet, "/control/blocked_services/list", d.handleBlockedServicesList)
|
|
registerHTTP(http.MethodPost, "/control/blocked_services/set", d.handleBlockedServicesSet)
|
|
|
|
registerHTTP(http.MethodGet, "/control/filtering/status", d.handleFilteringStatus)
|
|
registerHTTP(http.MethodPost, "/control/filtering/config", d.handleFilteringConfig)
|
|
registerHTTP(http.MethodPost, "/control/filtering/add_url", d.handleFilteringAddURL)
|
|
registerHTTP(http.MethodPost, "/control/filtering/remove_url", d.handleFilteringRemoveURL)
|
|
registerHTTP(http.MethodPost, "/control/filtering/set_url", d.handleFilteringSetURL)
|
|
registerHTTP(http.MethodPost, "/control/filtering/refresh", d.handleFilteringRefresh)
|
|
registerHTTP(http.MethodPost, "/control/filtering/set_rules", d.handleFilteringSetRules)
|
|
registerHTTP(http.MethodGet, "/control/filtering/check_host", d.handleCheckHost)
|
|
}
|
|
|
|
// ValidateUpdateIvl returns false if i is not a valid filters update interval.
|
|
func ValidateUpdateIvl(i uint32) bool {
|
|
return i == 0 || i == 1 || i == 12 || i == 1*24 || i == 3*24 || i == 7*24
|
|
}
|