badguardhome/openapi/CHANGELOG.md
Dmitry Seregin 8454e65cd9 Pull request #1269: tls: hide saved private key
Merge in DNS/adguard-home from 1898-hide-private-key to master

Squashed commit of the following:

commit 542569bbc098541f8e191cc5c1e5509a65fe2c5f
Merge: a07d715f 756c7064
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Fri Aug 27 13:29:15 2021 +0300

    Merge branch 'master' into 1898-hide-private-key

commit a07d715f0f0932fdad4ec3f1e1a265b43809e21b
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Thu Aug 26 19:45:39 2021 +0300

    fix bug

commit 9f2b70719a24aab827c2dc300fc94bf2202527a7
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Thu Aug 26 19:07:17 2021 +0300

    fixes

commit e79f0e620844531a737fff5a88f5c2cffc403f51
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Thu Aug 26 18:35:32 2021 +0300

    more documentation to god of documentation

commit 47790964ed05f50c075f6b6497b1517b0d974bea
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Thu Aug 26 18:23:08 2021 +0300

    changed var named && fixed description

commit d35de5a34eafb3ffbd1148982dd31735a2000377
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Thu Aug 26 18:11:13 2021 +0300

    revert locales

commit 514ab1a5d90039bf9aad1389dd0ed966fd1a7e65
Merge: 5d9b992a 16092e8b
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Thu Aug 26 14:41:27 2021 +0300

    Merge branch 'master' into 1898-hide-private-key

commit 5d9b992a236dec276a46a035509da6938a7da7bf
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Thu Aug 26 14:41:13 2021 +0300

    here we go again

commit 2e7b30df5f19953f4e055394083be62b23028ad6
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Fri Aug 20 17:11:49 2021 +0300

    update deps

commit 5e58c3e22a77c42f321deb9707f34f031b345d75
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Fri Aug 20 17:10:19 2021 +0300

    small fix

commit c2096377de0a8ecf4f36567322ad9171c5fb5ab2
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Fri Aug 20 17:07:45 2021 +0300

    fixes && updated translations

commit ada2d4784e6288b1740b8564b6ffc1ef8f0dcf68
Merge: dc5ce072 550b1798
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Fri Aug 20 13:17:34 2021 +0300

    Merge branch 'master' into 1898-hide-private-key

commit dc5ce0721b5c095ed79f2a302ad90d9616785f93
Author: Dmitriy Seregin <d.seregin@adguard.com>
Date:   Fri Aug 13 20:12:18 2021 +0300

    tls: hide saved private key

    If private key saved as a string, then hide it from the answer to UI
2021-08-27 13:42:31 +03:00

13 KiB

AdGuard Home API Change Log

v0.107: API changes

The new field "private_key_saved" in TlsConfig

  • The new field "private_key_saved" in POST /control/tls/configure, POST /control/tls/validate and GET /control/tls/status is true if the private key was previously saved as a string and now the private key omitted from communication between server and client due to security issues.

The new field "cache_optimistic" in DNS configuration

  • The new optional field "cache_optimistic" in POST /control/dns_config method makes AdGuard Home use or not use the optimistic cache mechanism.

  • The new field "cache_optimistic" in GET /control/dns_info method is true if AdGuard Home uses the optimistic cache mechanism.

New possible value of "interval" field in QueryLogConfig

  • The value of "interval" field in POST /control/querylog_config and GET /control/querylog_info methods could now take the value of 0.25. It's equal to 6 hours.

  • All the possible values of "interval" field are enumerated.

  • The type of "interval" field is now number instead of integer.

Client IDs in Access Settings

  • The POST /control/access/set HTTP API now accepts client IDs in "allowed_clients" and "disallowed_clients" fields.

The new field "unicode_name" in DNSQuestion

  • The new optional field "unicode_name" is the Unicode representation of question's domain name. It is only presented if the original question's domain name is an IDN.

Documentation fix of DNSQuestion

  • Previously incorrectly named field "host" in DNSQuestion is now named "name".

Disabling Statistics

  • The POST /control/stats_config HTTP API allows disabling statistics by setting "interval" to 0.

POST /control/dhcp/reset_leases

  • The new POST /control/dhcp/reset_leases HTTP API allows removing all leases from the DHCP server's database without erasing its configuration.

The parameter "host" in GET /apple/*.mobileconfig is now required.

  • The parameter "host" in GET requests for /apple/doh.mobileconfig and /apple/doh.mobileconfig is now required to prevent unexpected server name's value.

The new field "default_local_ptr_upstreams" in GET /control/dns_info

  • The new optional field "default_local_ptr_upstreams" is the list of IP addresses AdGuard Home would use by default to resolve PTR request for addresses from locally-served networks.

The field "use_private_ptr_resolvers" in DNS configuration

  • The new optional field "use_private_ptr_resolvers" of "DNSConfig" specifies if the DNS server should use "local_ptr_upstreams" at all.

v0.106: API changes

The field "supported_tags" in GET /control/clients

  • Previously undocumented field "supported_tags" in the response is now documented.

The field "whois_info" in GET /control/clients

  • Objects in the "auto_clients" array now have the "whois_info" field.

New response code in POST /control/login

  • 429 is returned when user is out of login attempts. It adds the Retry-After header with the number of seconds of block left in it.

New "private_upstream" field in POST /test_upstream_dns

  • The new optional field "private_upstream" of UpstreamConfig contains the upstream servers for resolving locally-served ip addresses to be checked.

New fields "resolve_clients" and "local_ptr_upstreams" in DNS configuration

  • The new optional field "resolve_clients" of DNSConfig is used to turn resolving clients' addresses on and off.

  • The new optional field "local_ptr_upstreams" of "DNSConfig" contains the upstream servers for resolving addresses from locally-served networks. The empty "local_ptr_resolvers" states that AGH should use resolvers provided by the operating system.

New "client_info" field in GET /querylog response

  • The new optional field "client_info" of QueryLogItem objects contains a more full information about the client.

v0.105: API changes

New "client_id" field in GET /querylog response

  • The new field "client_id" of QueryLogItem objects is the ID sent by the client for encrypted requests, if there was any. See the "Identifying clients" section of our wiki.

New "dnscrypt" "client_proto" value in GET /querylog response

  • The field "client_proto" can now have the value "dnscrypt" when the request was sent over a DNSCrypt connection.

New "reason" in GET /filtering/check_host and GET /querylog

  • The new RewriteRule reason is added to GET /filtering/check_host and GET /querylog.

  • Also, the reason which was incorrectly documented as "ReasonRewrite" is now correctly documented as "Rewrite", and the previously undocumented "RewriteEtcHosts" is now documented as well.

Multiple matched rules in GET /filtering/check_host and GET /querylog

  • The properties rule and filter_id are now deprecated. API users should inspect the newly-added rules object array instead. For most rules, it's either empty or contains one object, which contains the same things as the old two properties did, but under more correct names:

    {
      // …
    
      // Deprecated.
      "rule": "||example.com^",
      // Deprecated.
      "filter_id": 42,
      // Newly-added.
      "rules": [{
        "text": "||example.com^",
        "filter_list_id": 42
      }]
    }
    

    For $dnsrewrite rules, they contain all rules that contributed to the result. For example, if you have the following filtering rules:

    ||example.com^$dnsrewrite=127.0.0.1
    ||example.com^$dnsrewrite=127.0.0.2
    

    The "rules" will be something like:

    {
      // …
    
      "rules": [{
        "text": "||example.com^$dnsrewrite=127.0.0.1",
        "filter_list_id": 0
      }, {
        "text": "||example.com^$dnsrewrite=127.0.0.2",
        "filter_list_id": 0
      }]
    }
    

    The old fields will be removed in v0.106.0.

As well as other documentation fixes.

v0.103: API changes

API: replace settings in GET /control/dns_info & POST /control/dns_config

  • added "upstream_mode"

      "upstream_mode": "" | "parallel" | "fastest_addr"
    
  • removed "fastest_addr", "parallel_requests"

API: Get querylog: GET /control/querylog

  • Added optional "offset" and "limit" parameters

We are still using "older_than" approach in AdGuard Home UI, but we realize that it's easier to use offset/limit so here is this option now.

v0.102: API changes

API: Get general status: GET /control/status

  • Removed "upstream_dns", "bootstrap_dns", "all_servers" parameters

API: Get DNS general settings: GET /control/dns_info

  • Added "parallel_requests", "upstream_dns", "bootstrap_dns" parameters

Request:

GET /control/dns_info

Response:

200 OK

{
	"upstream_dns": ["tls://...", ...],
	"bootstrap_dns": ["1.2.3.4", ...],

	"protection_enabled": true | false,
	"ratelimit": 1234,
	"blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
	"blocking_ipv4": "1.2.3.4",
	"blocking_ipv6": "1:2:3::4",
	"edns_cs_enabled": true | false,
	"dnssec_enabled": true | false
	"disable_ipv6": true | false,
	"fastest_addr": true | false, // use Fastest Address algorithm
	"parallel_requests": true | false, // send DNS requests to all upstream servers at once
}

API: Set DNS general settings: POST /control/dns_config

  • Added "parallel_requests", "upstream_dns", "bootstrap_dns" parameters
  • removed /control/set_upstreams_config method

Request:

POST /control/dns_config

{
	"upstream_dns": ["tls://...", ...],
	"bootstrap_dns": ["1.2.3.4", ...],

	"protection_enabled": true | false,
	"ratelimit": 1234,
	"blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
	"blocking_ipv4": "1.2.3.4",
	"blocking_ipv6": "1:2:3::4",
	"edns_cs_enabled": true | false,
	"dnssec_enabled": true | false
	"disable_ipv6": true | false,
	"fastest_addr": true | false, // use Fastest Address algorithm
	"parallel_requests": true | false, // send DNS requests to all upstream servers at once
}

Response:

200 OK

v0.101: API changes

API: Refresh filters: POST /control/filtering/refresh

  • Added "whitelist" boolean parameter
  • Response is in JSON format

Request:

POST /control/filtering/refresh

{
	"whitelist": true
}

Response:

200 OK

{
	"updated": 123 // number of filters updated
}

v0.100: API changes

API: Get list of clients: GET /control/clients

  • "ip" and "mac" fields are removed
  • "ids" and "ip_addrs" fields are added

Response:

200 OK

{
clients: [
	{
		name: "client1"
		ids: ["...", ...] // IP or MAC
		ip_addrs: ["...", ...] // all IP addresses (set by user and resolved by MAC)
		use_global_settings: true
		filtering_enabled: false
		parental_enabled: false
		safebrowsing_enabled: false
		safesearch_enabled: false
		use_global_blocked_services: true
		blocked_services: [ "name1", ... ]
		whois_info: {
			key: "value"
			...
		}
	}
]
auto_clients: [
	{
		name: "host"
		ip: "..."
		source: "etc/hosts" || "rDNS"
		whois_info: {
			key: "value"
			...
		}
	}
]
}

API: Add client: POST /control/clients/add

  • "ip" and "mac" fields are removed
  • "ids" field is added

Request:

POST /control/clients/add

{
	name: "client1"
	ids: ["...", ...] // IP or MAC
	use_global_settings: true
	filtering_enabled: false
	parental_enabled: false
	safebrowsing_enabled: false
	safesearch_enabled: false
	use_global_blocked_services: true
	blocked_services: [ "name1", ... ]
}

API: Update client: POST /control/clients/update

  • "ip" and "mac" fields are removed
  • "ids" field is added

Request:

POST /control/clients/update

{
	name: "client1"
	data: {
		name: "client1"
		ids: ["...", ...] // IP or MAC
		use_global_settings: true
		filtering_enabled: false
		parental_enabled: false
		safebrowsing_enabled: false
		safesearch_enabled: false
		use_global_blocked_services: true
		blocked_services: [ "name1", ... ]
	}
}

v0.99.3: API changes

API: Get query log: GET /control/querylog

The response data is now a JSON object, not an array.

Response:

200 OK

{
"oldest":"2006-01-02T15:04:05.999999999Z07:00"
"data":[
{
	"answer":[
		{
		"ttl":10,
		"type":"AAAA",
		"value":"::"
		}
		...
	],
	"client":"127.0.0.1",
	"elapsedMs":"0.098403",
	"filterId":1,
	"question":{
		"class":"IN",
		"host":"doubleclick.net",
		"type":"AAAA"
	},
	"reason":"FilteredBlackList",
	"rule":"||doubleclick.net^",
	"status":"NOERROR",
	"time":"2006-01-02T15:04:05.999999999Z07:00"
}
...
]
}

v0.99.1: API changes

API: Get current user info: GET /control/profile

Request:

GET /control/profile

Response:

200 OK

{
"name":"..."
}

Set DNS general settings: POST /control/dns_config

Replaces these API methods:

POST /control/enable_protection
POST /control/disable_protection

Request:

POST /control/dns_config

{
	"protection_enabled": true | false,
	"ratelimit": 1234,
	"blocking_mode": "nxdomain" | "null_ip" | "custom_ip",
	"blocking_ipv4": "1.2.3.4",
	"blocking_ipv6": "1:2:3::4",
}

Response:

200 OK

v0.99: incompatible API changes

  • A note about web user authentication
  • Set filtering parameters: POST /control/filtering/config
  • Set filter parameters: POST /control/filtering/set_url
  • Set querylog parameters: POST /control/querylog_config
  • Get statistics data: GET /control/stats

A note about web user authentication

If AdGuard Home's web user is password-protected, a web client must use authentication mechanism when sending requests to server. Basic access authentication is the most simple method - a client must pass Authorization HTTP header along with all requests:

Authorization: Basic BASE64_DATA

where BASE64_DATA is base64-encoded data for username:password string.

Set filtering parameters: POST /control/filtering/config

Replaces these API methods:

POST /control/filtering/enable
POST /control/filtering/disable

Request:

POST /control/filtering_config

{
	"enabled": true | false
	"interval": 0 | 1 | 12 | 1*24 | 3*24 | 7*24
}

Response:

200 OK

Set filter parameters: POST /control/filtering/set_url

Replaces these API methods:

POST /control/filtering/enable_url
POST /control/filtering/disable_url

Request:

POST /control/filtering/set_url

{
	"url": "..."
	"enabled": true | false
}

Response:

200 OK

Set querylog parameters: POST /control/querylog_config

Replaces these API methods:

POST /querylog_enable
POST /querylog_disable

Request:

POST /control/querylog_config

{
	"enabled": true | false
	"interval": 1 | 7 | 30 | 90
}

Response:

200 OK

Get statistics data: GET /control/stats

Replaces these API methods:

GET /control/stats_top
GET /control/stats_history

Request:

GET /control/stats

Response:

200 OK

{
	time_units: hours | days

	// total counters:
	num_dns_queries: 123
	num_blocked_filtering: 123
	num_replaced_safebrowsing: 123
	num_replaced_safesearch: 123
	num_replaced_parental: 123
	avg_processing_time: 123.123

	// per time unit counters
	dns_queries: [123, ...]
	blocked_filtering: [123, ...]
	replaced_parental: [123, ...]
	replaced_safebrowsing: [123, ...]

	top_queried_domains: [
		{host: 123},
		...
	]
	top_blocked_domains: [
		{host: 123},
		...
	]
	top_clients: [
		{IP: 123},
		...
	]
}