dnsfilter -- Get rid of accessors.
This commit is contained in:
parent
87c54ebd4c
commit
ce615e1855
|
@ -88,7 +88,7 @@ func setupPlugin(c *caddy.Controller) (*plug, error) {
|
||||||
switch blockValue {
|
switch blockValue {
|
||||||
case "safebrowsing":
|
case "safebrowsing":
|
||||||
log.Println("Browsing security service is enabled")
|
log.Println("Browsing security service is enabled")
|
||||||
p.d.EnableSafeBrowsing()
|
p.d.SafeBrowsingEnabled = true
|
||||||
if c.NextArg() {
|
if c.NextArg() {
|
||||||
if len(c.Val()) == 0 {
|
if len(c.Val()) == 0 {
|
||||||
return nil, c.ArgErr()
|
return nil, c.ArgErr()
|
||||||
|
@ -97,7 +97,7 @@ func setupPlugin(c *caddy.Controller) (*plug, error) {
|
||||||
}
|
}
|
||||||
case "safesearch":
|
case "safesearch":
|
||||||
log.Println("Safe search is enabled")
|
log.Println("Safe search is enabled")
|
||||||
p.d.EnableSafeSearch()
|
p.d.SafeSearchEnabled = true
|
||||||
case "parental":
|
case "parental":
|
||||||
if !c.NextArg() {
|
if !c.NextArg() {
|
||||||
return nil, c.ArgErr()
|
return nil, c.ArgErr()
|
||||||
|
@ -108,10 +108,11 @@ func setupPlugin(c *caddy.Controller) (*plug, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Println("Parental control is enabled")
|
log.Println("Parental control is enabled")
|
||||||
err = p.d.EnableParental(sensitivity)
|
if !dnsfilter.IsParentalSensitivityValid(sensitivity) {
|
||||||
if err != nil {
|
return nil, dnsfilter.ErrInvalidParental
|
||||||
return nil, c.ArgErr()
|
|
||||||
}
|
}
|
||||||
|
p.d.ParentalEnabled = true
|
||||||
|
p.d.ParentalSensitivity = sensitivity
|
||||||
if c.NextArg() {
|
if c.NextArg() {
|
||||||
if len(c.Val()) == 0 {
|
if len(c.Val()) == 0 {
|
||||||
return nil, c.ArgErr()
|
return nil, c.ArgErr()
|
||||||
|
|
|
@ -46,13 +46,17 @@ const shortcutLength = 6 // used for rule search optimization, 6 hits the sweet
|
||||||
const enableFastLookup = true // flag for debugging, must be true in production for faster performance
|
const enableFastLookup = true // flag for debugging, must be true in production for faster performance
|
||||||
const enableDelayedCompilation = true // flag for debugging, must be true in production for faster performance
|
const enableDelayedCompilation = true // flag for debugging, must be true in production for faster performance
|
||||||
|
|
||||||
type config struct {
|
// Config allows you to configure DNS filtering with New() or just change variables directly.
|
||||||
parentalServer string
|
type Config struct {
|
||||||
parentalSensitivity int // must be either 3, 10, 13 or 17
|
ParentalSensitivity int `yaml:"parental_sensitivity"` // must be either 3, 10, 13 or 17
|
||||||
parentalEnabled bool
|
ParentalEnabled bool `yaml:"parental_enabled"`
|
||||||
safeSearchEnabled bool
|
SafeSearchEnabled bool `yaml:"safesearch_enabled"`
|
||||||
safeBrowsingEnabled bool
|
SafeBrowsingEnabled bool `yaml:"safebrowsing_enabled"`
|
||||||
safeBrowsingServer string
|
}
|
||||||
|
|
||||||
|
type privateConfig struct {
|
||||||
|
parentalServer string // access via methods
|
||||||
|
safeBrowsingServer string // access via methods
|
||||||
}
|
}
|
||||||
|
|
||||||
type rule struct {
|
type rule struct {
|
||||||
|
@ -110,7 +114,8 @@ type Dnsfilter struct {
|
||||||
client http.Client // handle for http client -- single instance as recommended by docs
|
client http.Client // handle for http client -- single instance as recommended by docs
|
||||||
transport *http.Transport // handle for http transport used by http client
|
transport *http.Transport // handle for http transport used by http client
|
||||||
|
|
||||||
config config
|
Config // for direct access by library users, even a = assignment
|
||||||
|
privateConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
type Filter struct {
|
type Filter struct {
|
||||||
|
@ -176,7 +181,7 @@ func (d *Dnsfilter) CheckHost(host string) (Result, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// check safebrowsing if no match
|
// check safebrowsing if no match
|
||||||
if d.config.safeBrowsingEnabled {
|
if d.SafeBrowsingEnabled {
|
||||||
result, err = d.checkSafeBrowsing(host)
|
result, err = d.checkSafeBrowsing(host)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// failed to do HTTP lookup -- treat it as if we got empty response, but don't save cache
|
// failed to do HTTP lookup -- treat it as if we got empty response, but don't save cache
|
||||||
|
@ -189,7 +194,7 @@ func (d *Dnsfilter) CheckHost(host string) (Result, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// check parental if no match
|
// check parental if no match
|
||||||
if d.config.parentalEnabled {
|
if d.ParentalEnabled {
|
||||||
result, err = d.checkParental(host)
|
result, err = d.checkParental(host)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// failed to do HTTP lookup -- treat it as if we got empty response, but don't save cache
|
// failed to do HTTP lookup -- treat it as if we got empty response, but don't save cache
|
||||||
|
@ -574,11 +579,11 @@ func hostnameToHashParam(host string, addslash bool) (string, map[string]bool) {
|
||||||
|
|
||||||
func (d *Dnsfilter) checkSafeBrowsing(host string) (Result, error) {
|
func (d *Dnsfilter) checkSafeBrowsing(host string) (Result, error) {
|
||||||
// prevent recursion -- checking the host of safebrowsing server makes no sense
|
// prevent recursion -- checking the host of safebrowsing server makes no sense
|
||||||
if host == d.config.safeBrowsingServer {
|
if host == d.safeBrowsingServer {
|
||||||
return Result{}, nil
|
return Result{}, nil
|
||||||
}
|
}
|
||||||
format := func(hashparam string) string {
|
format := func(hashparam string) string {
|
||||||
url := fmt.Sprintf(defaultSafebrowsingURL, d.config.safeBrowsingServer, hashparam)
|
url := fmt.Sprintf(defaultSafebrowsingURL, d.safeBrowsingServer, hashparam)
|
||||||
return url
|
return url
|
||||||
}
|
}
|
||||||
handleBody := func(body []byte, hashes map[string]bool) (Result, error) {
|
handleBody := func(body []byte, hashes map[string]bool) (Result, error) {
|
||||||
|
@ -615,11 +620,11 @@ func (d *Dnsfilter) checkSafeBrowsing(host string) (Result, error) {
|
||||||
|
|
||||||
func (d *Dnsfilter) checkParental(host string) (Result, error) {
|
func (d *Dnsfilter) checkParental(host string) (Result, error) {
|
||||||
// prevent recursion -- checking the host of parental safety server makes no sense
|
// prevent recursion -- checking the host of parental safety server makes no sense
|
||||||
if host == d.config.parentalServer {
|
if host == d.parentalServer {
|
||||||
return Result{}, nil
|
return Result{}, nil
|
||||||
}
|
}
|
||||||
format := func(hashparam string) string {
|
format := func(hashparam string) string {
|
||||||
url := fmt.Sprintf(defaultParentalURL, d.config.parentalServer, hashparam, d.config.parentalSensitivity)
|
url := fmt.Sprintf(defaultParentalURL, d.parentalServer, hashparam, d.ParentalSensitivity)
|
||||||
return url
|
return url
|
||||||
}
|
}
|
||||||
handleBody := func(body []byte, hashes map[string]bool) (Result, error) {
|
handleBody := func(body []byte, hashes map[string]bool) (Result, error) {
|
||||||
|
@ -872,8 +877,8 @@ func New() *Dnsfilter {
|
||||||
Transport: d.transport,
|
Transport: d.transport,
|
||||||
Timeout: defaultHTTPTimeout,
|
Timeout: defaultHTTPTimeout,
|
||||||
}
|
}
|
||||||
d.config.safeBrowsingServer = defaultSafebrowsingServer
|
d.safeBrowsingServer = defaultSafebrowsingServer
|
||||||
d.config.parentalServer = defaultParentalServer
|
d.parentalServer = defaultParentalServer
|
||||||
|
|
||||||
return d
|
return d
|
||||||
}
|
}
|
||||||
|
@ -890,35 +895,21 @@ func (d *Dnsfilter) Destroy() {
|
||||||
// config manipulation helpers
|
// config manipulation helpers
|
||||||
//
|
//
|
||||||
|
|
||||||
// EnableSafeBrowsing turns on checking hostnames in malware/phishing database
|
// IsParentalSensitivityValid checks if sensitivity is valid value
|
||||||
func (d *Dnsfilter) EnableSafeBrowsing() {
|
func IsParentalSensitivityValid(sensitivity int) bool {
|
||||||
d.config.safeBrowsingEnabled = true
|
|
||||||
}
|
|
||||||
|
|
||||||
// EnableParental turns on checking hostnames for containing adult content
|
|
||||||
func (d *Dnsfilter) EnableParental(sensitivity int) error {
|
|
||||||
switch sensitivity {
|
switch sensitivity {
|
||||||
case 3, 10, 13, 17:
|
case 3, 10, 13, 17:
|
||||||
d.config.parentalSensitivity = sensitivity
|
return true
|
||||||
d.config.parentalEnabled = true
|
|
||||||
return nil
|
|
||||||
default:
|
|
||||||
return ErrInvalidParental
|
|
||||||
}
|
}
|
||||||
}
|
return false
|
||||||
|
|
||||||
// EnableSafeSearch turns on enforcing safesearch in search engines
|
|
||||||
// only used in coredns plugin and requires caller to use SafeSearchDomain()
|
|
||||||
func (d *Dnsfilter) EnableSafeSearch() {
|
|
||||||
d.config.safeSearchEnabled = true
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetSafeBrowsingServer lets you optionally change hostname of safesearch lookup
|
// SetSafeBrowsingServer lets you optionally change hostname of safesearch lookup
|
||||||
func (d *Dnsfilter) SetSafeBrowsingServer(host string) {
|
func (d *Dnsfilter) SetSafeBrowsingServer(host string) {
|
||||||
if len(host) == 0 {
|
if len(host) == 0 {
|
||||||
d.config.safeBrowsingServer = defaultSafebrowsingServer
|
d.safeBrowsingServer = defaultSafebrowsingServer
|
||||||
} else {
|
} else {
|
||||||
d.config.safeBrowsingServer = host
|
d.safeBrowsingServer = host
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -934,7 +925,7 @@ func (d *Dnsfilter) ResetHTTPTimeout() {
|
||||||
|
|
||||||
// SafeSearchDomain returns replacement address for search engine
|
// SafeSearchDomain returns replacement address for search engine
|
||||||
func (d *Dnsfilter) SafeSearchDomain(host string) (string, bool) {
|
func (d *Dnsfilter) SafeSearchDomain(host string) (string, bool) {
|
||||||
if d.config.safeSearchEnabled {
|
if d.SafeSearchEnabled {
|
||||||
val, ok := safeSearchDomains[host]
|
val, ok := safeSearchDomains[host]
|
||||||
return val, ok
|
return val, ok
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue