Merge pull request #26 in DNS/adguard-dns from basicauth to master
* commit 'ba56d6c01d7b241829d3115e1ce87241737cf571': Reorganize config file. Update README to explain config file settings Implement simple basic auth.
This commit is contained in:
commit
0292d2b32b
30
README.md
30
README.md
|
@ -48,7 +48,7 @@ sudo ./AdguardDNS
|
||||||
|
|
||||||
Now open the browser and point it to http://localhost:3000/ to control AdGuard DNS server.
|
Now open the browser and point it to http://localhost:3000/ to control AdGuard DNS server.
|
||||||
|
|
||||||
## Running without superuser
|
### Running without superuser
|
||||||
|
|
||||||
You can run it without superuser privileges, but you need to instruct it to use other port rather than 53. You can do that by opening `AdguardDNS.yaml` and adding this line:
|
You can run it without superuser privileges, but you need to instruct it to use other port rather than 53. You can do that by opening `AdguardDNS.yaml` and adding this line:
|
||||||
```yaml
|
```yaml
|
||||||
|
@ -58,10 +58,36 @@ coredns:
|
||||||
|
|
||||||
If the file does not exist, create it and put these two lines down.
|
If the file does not exist, create it and put these two lines down.
|
||||||
|
|
||||||
|
### Additional configuration
|
||||||
|
|
||||||
|
Open first execution, a file `AdguardDNS.yaml` will be created, with default values written in it. You can modify the file while AdGuard DNS is not running, otherwise any changes to the file will be lost because they will be overwritten by the server.
|
||||||
|
|
||||||
|
Explanation of settings:
|
||||||
|
|
||||||
|
* `bind_host` -- Web interface IP address to listen on
|
||||||
|
* `bind_port` -- Web interface IP port to listen on
|
||||||
|
* `auth_name` -- Web interface optional authorization username
|
||||||
|
* `auth_pass` -- Web interface optional authorization password
|
||||||
|
* `coredns` -- CoreDNS configuration section
|
||||||
|
* `port` -- DNS server port to listen on
|
||||||
|
* `filtering_enabled` -- Filtering of DNS requests based on filter lists
|
||||||
|
* `safebrowsing_enabled` -- Filtering of DNS requests based on safebrowsing
|
||||||
|
* `safesearch_enabled` -- Enforcing safe search when accessing search engines
|
||||||
|
* `parental_enabled` -- Filtering of DNS requests based on parental safety
|
||||||
|
* `parental_sensitivity` -- Age group for filtering based on parental safety
|
||||||
|
* `querylog_enabled` -- Query logging, also used to calculate top 50 clients, blocked domains and requested domains for stats
|
||||||
|
* `upstream_dns` -- List of upstream DNS servers
|
||||||
|
* `filters` -- List of filters, each filter has these values:
|
||||||
|
* `url` -- URL pointing to the filter contents
|
||||||
|
* `enabled` -- Enable/disable current filter
|
||||||
|
* `user_rules` -- User-defined filtering rules
|
||||||
|
|
||||||
|
Removing an entry from settings file will reset it to default value. Deleting the file will reset all settings to default values.
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
You are welcome to fork this repository, make your changes and submit a pull request — https://github.com/AdguardTeam/AdguardDNS/pulls
|
You are welcome to fork this repository, make your changes and submit a pull request — https://github.com/AdguardTeam/AdguardDNS/pulls
|
||||||
|
|
||||||
## Reporting issues
|
## Reporting issues
|
||||||
|
|
||||||
If you come across any problem, or have a suggestion, head to [this page](https://github.com/AdguardTeam/AdguardDNS/issues) and click on the New issue button.
|
If you come across any problem, or have a suggestion, head to [this page](https://github.com/AdguardTeam/AdguardDNS/issues) and click on the `New issue` button.
|
||||||
|
|
2
app.go
2
app.go
|
@ -119,7 +119,7 @@ func main() {
|
||||||
runStatsCollectors()
|
runStatsCollectors()
|
||||||
runFilterRefreshers()
|
runFilterRefreshers()
|
||||||
|
|
||||||
http.Handle("/", http.FileServer(box))
|
http.Handle("/", optionalAuthHandler(http.FileServer(box)))
|
||||||
registerControlHandlers()
|
registerControlHandlers()
|
||||||
|
|
||||||
err = startDNSServer()
|
err = startDNSServer()
|
||||||
|
|
14
config.go
14
config.go
|
@ -21,6 +21,8 @@ type configuration struct {
|
||||||
|
|
||||||
BindHost string `yaml:"bind_host"`
|
BindHost string `yaml:"bind_host"`
|
||||||
BindPort int `yaml:"bind_port"`
|
BindPort int `yaml:"bind_port"`
|
||||||
|
AuthName string `yaml:"auth_name"`
|
||||||
|
AuthPass string `yaml:"auth_pass"`
|
||||||
CoreDNS coreDNSConfig `yaml:"coredns"`
|
CoreDNS coreDNSConfig `yaml:"coredns"`
|
||||||
Filters []filter `yaml:"filters"`
|
Filters []filter `yaml:"filters"`
|
||||||
UserRules []string `yaml:"user_rules"`
|
UserRules []string `yaml:"user_rules"`
|
||||||
|
@ -36,20 +38,20 @@ type coreDNSConfig struct {
|
||||||
FilteringEnabled bool `yaml:"filtering_enabled"`
|
FilteringEnabled bool `yaml:"filtering_enabled"`
|
||||||
SafeBrowsingEnabled bool `yaml:"safebrowsing_enabled"`
|
SafeBrowsingEnabled bool `yaml:"safebrowsing_enabled"`
|
||||||
SafeSearchEnabled bool `yaml:"safesearch_enabled"`
|
SafeSearchEnabled bool `yaml:"safesearch_enabled"`
|
||||||
QueryLogEnabled bool `yaml:"querylog_enabled"`
|
|
||||||
ParentalEnabled bool `yaml:"parental_enabled"`
|
ParentalEnabled bool `yaml:"parental_enabled"`
|
||||||
ParentalSensitivity int `yaml:"parental_sensitivity"`
|
ParentalSensitivity int `yaml:"parental_sensitivity"`
|
||||||
Pprof string `yaml:"pprof"`
|
QueryLogEnabled bool `yaml:"querylog_enabled"`
|
||||||
Cache string `yaml:"cache"`
|
Pprof string `yaml:"-"`
|
||||||
Prometheus string `yaml:"prometheus"`
|
Cache string `yaml:"-"`
|
||||||
|
Prometheus string `yaml:"-"`
|
||||||
UpstreamDNS []string `yaml:"upstream_dns"`
|
UpstreamDNS []string `yaml:"upstream_dns"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type filter struct {
|
type filter struct {
|
||||||
Enabled bool `json:"enabled"`
|
|
||||||
URL string `json:"url"`
|
URL string `json:"url"`
|
||||||
RulesCount int `json:"rules_count" yaml:"-"`
|
|
||||||
Name string `json:"name" yaml:"-"`
|
Name string `json:"name" yaml:"-"`
|
||||||
|
Enabled bool `json:"enabled"`
|
||||||
|
RulesCount int `json:"rules_count" yaml:"-"`
|
||||||
contents []byte
|
contents []byte
|
||||||
LastUpdated time.Time `json:"last_updated" yaml:"-"`
|
LastUpdated time.Time `json:"last_updated" yaml:"-"`
|
||||||
}
|
}
|
||||||
|
|
58
control.go
58
control.go
|
@ -1298,33 +1298,33 @@ func handleSafeSearchStatus(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func registerControlHandlers() {
|
func registerControlHandlers() {
|
||||||
http.HandleFunc("/control/start", ensurePOST(handleStart))
|
http.HandleFunc("/control/start", optionalAuth(ensurePOST(handleStart)))
|
||||||
http.HandleFunc("/control/stop", ensurePOST(handleStop))
|
http.HandleFunc("/control/stop", optionalAuth(ensurePOST(handleStop)))
|
||||||
http.HandleFunc("/control/restart", ensurePOST(handleRestart))
|
http.HandleFunc("/control/restart", optionalAuth(ensurePOST(handleRestart)))
|
||||||
http.HandleFunc("/control/status", ensureGET(handleStatus))
|
http.HandleFunc("/control/status", optionalAuth(ensureGET(handleStatus)))
|
||||||
http.HandleFunc("/control/stats", ensureGET(handleStats))
|
http.HandleFunc("/control/stats", optionalAuth(ensureGET(handleStats)))
|
||||||
http.HandleFunc("/control/stats_history", ensureGET(handleStatsHistory))
|
http.HandleFunc("/control/stats_history", optionalAuth(ensureGET(handleStatsHistory)))
|
||||||
http.HandleFunc("/control/stats_top", ensureGET(handleStatsTop))
|
http.HandleFunc("/control/stats_top", optionalAuth(ensureGET(handleStatsTop)))
|
||||||
http.HandleFunc("/control/querylog", handleQueryLog)
|
http.HandleFunc("/control/querylog", optionalAuth(ensureGET(handleQueryLog)))
|
||||||
http.HandleFunc("/control/querylog_enable", ensurePOST(handleQueryLogEnable))
|
http.HandleFunc("/control/querylog_enable", optionalAuth(ensurePOST(handleQueryLogEnable)))
|
||||||
http.HandleFunc("/control/querylog_disable", ensurePOST(handleQueryLogDisable))
|
http.HandleFunc("/control/querylog_disable", optionalAuth(ensurePOST(handleQueryLogDisable)))
|
||||||
http.HandleFunc("/control/set_upstream_dns", ensurePOST(handleSetUpstreamDNS))
|
http.HandleFunc("/control/set_upstream_dns", optionalAuth(ensurePOST(handleSetUpstreamDNS)))
|
||||||
http.HandleFunc("/control/filtering/enable", ensurePOST(handleFilteringEnable))
|
http.HandleFunc("/control/filtering/enable", optionalAuth(ensurePOST(handleFilteringEnable)))
|
||||||
http.HandleFunc("/control/filtering/disable", ensurePOST(handleFilteringDisable))
|
http.HandleFunc("/control/filtering/disable", optionalAuth(ensurePOST(handleFilteringDisable)))
|
||||||
http.HandleFunc("/control/filtering/status", ensureGET(handleFilteringStatus))
|
http.HandleFunc("/control/filtering/status", optionalAuth(ensureGET(handleFilteringStatus)))
|
||||||
http.HandleFunc("/control/filtering/add_url", ensurePUT(handleFilteringAddURL))
|
http.HandleFunc("/control/filtering/add_url", optionalAuth(ensurePUT(handleFilteringAddURL)))
|
||||||
http.HandleFunc("/control/filtering/remove_url", ensureDELETE(handleFilteringRemoveURL))
|
http.HandleFunc("/control/filtering/remove_url", optionalAuth(ensureDELETE(handleFilteringRemoveURL)))
|
||||||
http.HandleFunc("/control/filtering/enable_url", ensurePOST(handleFilteringEnableURL))
|
http.HandleFunc("/control/filtering/enable_url", optionalAuth(ensurePOST(handleFilteringEnableURL)))
|
||||||
http.HandleFunc("/control/filtering/disable_url", ensurePOST(handleFilteringDisableURL))
|
http.HandleFunc("/control/filtering/disable_url", optionalAuth(ensurePOST(handleFilteringDisableURL)))
|
||||||
http.HandleFunc("/control/filtering/set_rules", ensurePUT(handleFilteringSetRules))
|
http.HandleFunc("/control/filtering/set_rules", optionalAuth(ensurePUT(handleFilteringSetRules)))
|
||||||
http.HandleFunc("/control/filtering/refresh", ensurePOST(handleFilteringRefresh))
|
http.HandleFunc("/control/filtering/refresh", optionalAuth(ensurePOST(handleFilteringRefresh)))
|
||||||
http.HandleFunc("/control/safebrowsing/enable", ensurePOST(handleSafeBrowsingEnable))
|
http.HandleFunc("/control/safebrowsing/enable", optionalAuth(ensurePOST(handleSafeBrowsingEnable)))
|
||||||
http.HandleFunc("/control/safebrowsing/disable", ensurePOST(handleSafeBrowsingDisable))
|
http.HandleFunc("/control/safebrowsing/disable", optionalAuth(ensurePOST(handleSafeBrowsingDisable)))
|
||||||
http.HandleFunc("/control/safebrowsing/status", ensureGET(handleSafeBrowsingStatus))
|
http.HandleFunc("/control/safebrowsing/status", optionalAuth(ensureGET(handleSafeBrowsingStatus)))
|
||||||
http.HandleFunc("/control/parental/enable", ensurePOST(handleParentalEnable))
|
http.HandleFunc("/control/parental/enable", optionalAuth(ensurePOST(handleParentalEnable)))
|
||||||
http.HandleFunc("/control/parental/disable", ensurePOST(handleParentalDisable))
|
http.HandleFunc("/control/parental/disable", optionalAuth(ensurePOST(handleParentalDisable)))
|
||||||
http.HandleFunc("/control/parental/status", ensureGET(handleParentalStatus))
|
http.HandleFunc("/control/parental/status", optionalAuth(ensureGET(handleParentalStatus)))
|
||||||
http.HandleFunc("/control/safesearch/enable", ensurePOST(handleSafeSearchEnable))
|
http.HandleFunc("/control/safesearch/enable", optionalAuth(ensurePOST(handleSafeSearchEnable)))
|
||||||
http.HandleFunc("/control/safesearch/disable", ensurePOST(handleSafeSearchDisable))
|
http.HandleFunc("/control/safesearch/disable", optionalAuth(ensurePOST(handleSafeSearchDisable)))
|
||||||
http.HandleFunc("/control/safesearch/status", ensureGET(handleSafeSearchStatus))
|
http.HandleFunc("/control/safesearch/status", optionalAuth(ensureGET(handleSafeSearchStatus)))
|
||||||
}
|
}
|
||||||
|
|
40
helpers.go
40
helpers.go
|
@ -51,6 +51,46 @@ func ensureDELETE(handler func(http.ResponseWriter, *http.Request)) func(http.Re
|
||||||
return ensure("DELETE", handler)
|
return ensure("DELETE", handler)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func optionalAuth(handler func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) {
|
||||||
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if config.AuthName == "" || config.AuthPass == "" {
|
||||||
|
handler(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
user, pass, ok := r.BasicAuth()
|
||||||
|
if !ok || user != config.AuthName || pass != config.AuthPass {
|
||||||
|
w.Header().Set("WWW-Authenticate", `Basic realm="dnsfilter"`)
|
||||||
|
w.WriteHeader(http.StatusUnauthorized)
|
||||||
|
w.Write([]byte("Unauthorised.\n"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
handler(w, r)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type authHandler struct {
|
||||||
|
handler http.Handler
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if config.AuthName == "" || config.AuthPass == "" {
|
||||||
|
a.handler.ServeHTTP(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
user, pass, ok := r.BasicAuth()
|
||||||
|
if !ok || user != config.AuthName || pass != config.AuthPass {
|
||||||
|
w.Header().Set("WWW-Authenticate", `Basic realm="dnsfilter"`)
|
||||||
|
w.WriteHeader(http.StatusUnauthorized)
|
||||||
|
w.Write([]byte("Unauthorised.\n"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
a.handler.ServeHTTP(w, r)
|
||||||
|
}
|
||||||
|
|
||||||
|
func optionalAuthHandler(handler http.Handler) http.Handler {
|
||||||
|
return &authHandler{handler}
|
||||||
|
}
|
||||||
|
|
||||||
// --------------------------
|
// --------------------------
|
||||||
// helper functions for stats
|
// helper functions for stats
|
||||||
// --------------------------
|
// --------------------------
|
||||||
|
|
Loading…
Reference in New Issue