Merge pull request #26 in DNS/adguard-dns from basicauth to master

* commit 'ba56d6c01d7b241829d3115e1ce87241737cf571':
  Reorganize config file.
  Update README to explain config file settings
  Implement simple basic auth.
This commit is contained in:
Eugene Bujak 2018-09-19 15:54:49 +03:00
commit 0292d2b32b
5 changed files with 106 additions and 38 deletions

View File

@ -48,7 +48,7 @@ sudo ./AdguardDNS
Now open the browser and point it to http://localhost:3000/ to control AdGuard DNS server.
## Running without superuser
### Running without superuser
You can run it without superuser privileges, but you need to instruct it to use other port rather than 53. You can do that by opening `AdguardDNS.yaml` and adding this line:
```yaml
@ -58,10 +58,36 @@ coredns:
If the file does not exist, create it and put these two lines down.
### Additional configuration
Open first execution, a file `AdguardDNS.yaml` will be created, with default values written in it. You can modify the file while AdGuard DNS is not running, otherwise any changes to the file will be lost because they will be overwritten by the server.
Explanation of settings:
* `bind_host` -- Web interface IP address to listen on
* `bind_port` -- Web interface IP port to listen on
* `auth_name` -- Web interface optional authorization username
* `auth_pass` -- Web interface optional authorization password
* `coredns` -- CoreDNS configuration section
* `port` -- DNS server port to listen on
* `filtering_enabled` -- Filtering of DNS requests based on filter lists
* `safebrowsing_enabled` -- Filtering of DNS requests based on safebrowsing
* `safesearch_enabled` -- Enforcing safe search when accessing search engines
* `parental_enabled` -- Filtering of DNS requests based on parental safety
* `parental_sensitivity` -- Age group for filtering based on parental safety
* `querylog_enabled` -- Query logging, also used to calculate top 50 clients, blocked domains and requested domains for stats
* `upstream_dns` -- List of upstream DNS servers
* `filters` -- List of filters, each filter has these values:
* `url` -- URL pointing to the filter contents
* `enabled` -- Enable/disable current filter
* `user_rules` -- User-defined filtering rules
Removing an entry from settings file will reset it to default value. Deleting the file will reset all settings to default values.
## Contributing
You are welcome to fork this repository, make your changes and submit a pull request — https://github.com/AdguardTeam/AdguardDNS/pulls
## Reporting issues
If you come across any problem, or have a suggestion, head to [this page](https://github.com/AdguardTeam/AdguardDNS/issues) and click on the New issue button.
If you come across any problem, or have a suggestion, head to [this page](https://github.com/AdguardTeam/AdguardDNS/issues) and click on the `New issue` button.

2
app.go
View File

@ -119,7 +119,7 @@ func main() {
runStatsCollectors()
runFilterRefreshers()
http.Handle("/", http.FileServer(box))
http.Handle("/", optionalAuthHandler(http.FileServer(box)))
registerControlHandlers()
err = startDNSServer()

View File

@ -21,6 +21,8 @@ type configuration struct {
BindHost string `yaml:"bind_host"`
BindPort int `yaml:"bind_port"`
AuthName string `yaml:"auth_name"`
AuthPass string `yaml:"auth_pass"`
CoreDNS coreDNSConfig `yaml:"coredns"`
Filters []filter `yaml:"filters"`
UserRules []string `yaml:"user_rules"`
@ -36,20 +38,20 @@ type coreDNSConfig struct {
FilteringEnabled bool `yaml:"filtering_enabled"`
SafeBrowsingEnabled bool `yaml:"safebrowsing_enabled"`
SafeSearchEnabled bool `yaml:"safesearch_enabled"`
QueryLogEnabled bool `yaml:"querylog_enabled"`
ParentalEnabled bool `yaml:"parental_enabled"`
ParentalSensitivity int `yaml:"parental_sensitivity"`
Pprof string `yaml:"pprof"`
Cache string `yaml:"cache"`
Prometheus string `yaml:"prometheus"`
QueryLogEnabled bool `yaml:"querylog_enabled"`
Pprof string `yaml:"-"`
Cache string `yaml:"-"`
Prometheus string `yaml:"-"`
UpstreamDNS []string `yaml:"upstream_dns"`
}
type filter struct {
Enabled bool `json:"enabled"`
URL string `json:"url"`
RulesCount int `json:"rules_count" yaml:"-"`
Name string `json:"name" yaml:"-"`
Enabled bool `json:"enabled"`
RulesCount int `json:"rules_count" yaml:"-"`
contents []byte
LastUpdated time.Time `json:"last_updated" yaml:"-"`
}

View File

@ -1298,33 +1298,33 @@ func handleSafeSearchStatus(w http.ResponseWriter, r *http.Request) {
}
func registerControlHandlers() {
http.HandleFunc("/control/start", ensurePOST(handleStart))
http.HandleFunc("/control/stop", ensurePOST(handleStop))
http.HandleFunc("/control/restart", ensurePOST(handleRestart))
http.HandleFunc("/control/status", ensureGET(handleStatus))
http.HandleFunc("/control/stats", ensureGET(handleStats))
http.HandleFunc("/control/stats_history", ensureGET(handleStatsHistory))
http.HandleFunc("/control/stats_top", ensureGET(handleStatsTop))
http.HandleFunc("/control/querylog", handleQueryLog)
http.HandleFunc("/control/querylog_enable", ensurePOST(handleQueryLogEnable))
http.HandleFunc("/control/querylog_disable", ensurePOST(handleQueryLogDisable))
http.HandleFunc("/control/set_upstream_dns", ensurePOST(handleSetUpstreamDNS))
http.HandleFunc("/control/filtering/enable", ensurePOST(handleFilteringEnable))
http.HandleFunc("/control/filtering/disable", ensurePOST(handleFilteringDisable))
http.HandleFunc("/control/filtering/status", ensureGET(handleFilteringStatus))
http.HandleFunc("/control/filtering/add_url", ensurePUT(handleFilteringAddURL))
http.HandleFunc("/control/filtering/remove_url", ensureDELETE(handleFilteringRemoveURL))
http.HandleFunc("/control/filtering/enable_url", ensurePOST(handleFilteringEnableURL))
http.HandleFunc("/control/filtering/disable_url", ensurePOST(handleFilteringDisableURL))
http.HandleFunc("/control/filtering/set_rules", ensurePUT(handleFilteringSetRules))
http.HandleFunc("/control/filtering/refresh", ensurePOST(handleFilteringRefresh))
http.HandleFunc("/control/safebrowsing/enable", ensurePOST(handleSafeBrowsingEnable))
http.HandleFunc("/control/safebrowsing/disable", ensurePOST(handleSafeBrowsingDisable))
http.HandleFunc("/control/safebrowsing/status", ensureGET(handleSafeBrowsingStatus))
http.HandleFunc("/control/parental/enable", ensurePOST(handleParentalEnable))
http.HandleFunc("/control/parental/disable", ensurePOST(handleParentalDisable))
http.HandleFunc("/control/parental/status", ensureGET(handleParentalStatus))
http.HandleFunc("/control/safesearch/enable", ensurePOST(handleSafeSearchEnable))
http.HandleFunc("/control/safesearch/disable", ensurePOST(handleSafeSearchDisable))
http.HandleFunc("/control/safesearch/status", ensureGET(handleSafeSearchStatus))
http.HandleFunc("/control/start", optionalAuth(ensurePOST(handleStart)))
http.HandleFunc("/control/stop", optionalAuth(ensurePOST(handleStop)))
http.HandleFunc("/control/restart", optionalAuth(ensurePOST(handleRestart)))
http.HandleFunc("/control/status", optionalAuth(ensureGET(handleStatus)))
http.HandleFunc("/control/stats", optionalAuth(ensureGET(handleStats)))
http.HandleFunc("/control/stats_history", optionalAuth(ensureGET(handleStatsHistory)))
http.HandleFunc("/control/stats_top", optionalAuth(ensureGET(handleStatsTop)))
http.HandleFunc("/control/querylog", optionalAuth(ensureGET(handleQueryLog)))
http.HandleFunc("/control/querylog_enable", optionalAuth(ensurePOST(handleQueryLogEnable)))
http.HandleFunc("/control/querylog_disable", optionalAuth(ensurePOST(handleQueryLogDisable)))
http.HandleFunc("/control/set_upstream_dns", optionalAuth(ensurePOST(handleSetUpstreamDNS)))
http.HandleFunc("/control/filtering/enable", optionalAuth(ensurePOST(handleFilteringEnable)))
http.HandleFunc("/control/filtering/disable", optionalAuth(ensurePOST(handleFilteringDisable)))
http.HandleFunc("/control/filtering/status", optionalAuth(ensureGET(handleFilteringStatus)))
http.HandleFunc("/control/filtering/add_url", optionalAuth(ensurePUT(handleFilteringAddURL)))
http.HandleFunc("/control/filtering/remove_url", optionalAuth(ensureDELETE(handleFilteringRemoveURL)))
http.HandleFunc("/control/filtering/enable_url", optionalAuth(ensurePOST(handleFilteringEnableURL)))
http.HandleFunc("/control/filtering/disable_url", optionalAuth(ensurePOST(handleFilteringDisableURL)))
http.HandleFunc("/control/filtering/set_rules", optionalAuth(ensurePUT(handleFilteringSetRules)))
http.HandleFunc("/control/filtering/refresh", optionalAuth(ensurePOST(handleFilteringRefresh)))
http.HandleFunc("/control/safebrowsing/enable", optionalAuth(ensurePOST(handleSafeBrowsingEnable)))
http.HandleFunc("/control/safebrowsing/disable", optionalAuth(ensurePOST(handleSafeBrowsingDisable)))
http.HandleFunc("/control/safebrowsing/status", optionalAuth(ensureGET(handleSafeBrowsingStatus)))
http.HandleFunc("/control/parental/enable", optionalAuth(ensurePOST(handleParentalEnable)))
http.HandleFunc("/control/parental/disable", optionalAuth(ensurePOST(handleParentalDisable)))
http.HandleFunc("/control/parental/status", optionalAuth(ensureGET(handleParentalStatus)))
http.HandleFunc("/control/safesearch/enable", optionalAuth(ensurePOST(handleSafeSearchEnable)))
http.HandleFunc("/control/safesearch/disable", optionalAuth(ensurePOST(handleSafeSearchDisable)))
http.HandleFunc("/control/safesearch/status", optionalAuth(ensureGET(handleSafeSearchStatus)))
}

View File

@ -51,6 +51,46 @@ func ensureDELETE(handler func(http.ResponseWriter, *http.Request)) func(http.Re
return ensure("DELETE", handler)
}
func optionalAuth(handler func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
if config.AuthName == "" || config.AuthPass == "" {
handler(w, r)
return
}
user, pass, ok := r.BasicAuth()
if !ok || user != config.AuthName || pass != config.AuthPass {
w.Header().Set("WWW-Authenticate", `Basic realm="dnsfilter"`)
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte("Unauthorised.\n"))
return
}
handler(w, r)
}
}
type authHandler struct {
handler http.Handler
}
func (a *authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if config.AuthName == "" || config.AuthPass == "" {
a.handler.ServeHTTP(w, r)
return
}
user, pass, ok := r.BasicAuth()
if !ok || user != config.AuthName || pass != config.AuthPass {
w.Header().Set("WWW-Authenticate", `Basic realm="dnsfilter"`)
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte("Unauthorised.\n"))
return
}
a.handler.ServeHTTP(w, r)
}
func optionalAuthHandler(handler http.Handler) http.Handler {
return &authHandler{handler}
}
// --------------------------
// helper functions for stats
// --------------------------