From f990543f8c9ed4c21c26c7dd557974a9f5190695 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Sat, 30 May 2020 11:41:26 +0000 Subject: [PATCH] luci-app-https-dns-proxy: decrease reliance on shell commands; proper acl.d file; add cloudflare family/protect Signed-off-by: Stan Grishin --- .../luci-app-https-dns-proxy/Makefile | 2 +- .../providers/com.cloudflare-dns.family.lua | 8 +++ .../providers/com.cloudflare-dns.lua | 4 +- .../providers/com.cloudflare-dns.security.lua | 8 +++ .../luasrc/model/cbi/https-dns-proxy.lua | 26 +++++++--- .../po/templates/https-dns-proxy.pot | 52 +++++++++++++++++++ .../rpcd/acl.d/luci-app-https-dns-proxy.json | 32 ++++++++++++ 7 files changed, 124 insertions(+), 8 deletions(-) create mode 100644 applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.family.lua create mode 100644 applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.security.lua create mode 100644 applications/luci-app-https-dns-proxy/root/usr/share/rpcd/acl.d/luci-app-https-dns-proxy.json diff --git a/applications/luci-app-https-dns-proxy/Makefile b/applications/luci-app-https-dns-proxy/Makefile index 6a1ac29841..e04e73208f 100644 --- a/applications/luci-app-https-dns-proxy/Makefile +++ b/applications/luci-app-https-dns-proxy/Makefile @@ -10,7 +10,7 @@ LUCI_TITLE:=DNS Over HTTPS Proxy Web UI LUCI_DESCRIPTION:=Provides Web UI for DNS Over HTTPS Proxy LUCI_DEPENDS:=+luci-compat +luci-mod-admin-full +https-dns-proxy LUCI_PKGARCH:=all -PKG_RELEASE:=6 +PKG_RELEASE:=8 include ../../luci.mk diff --git a/applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.family.lua b/applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.family.lua new file mode 100644 index 0000000000..8bad0a0773 --- /dev/null +++ b/applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.family.lua @@ -0,0 +1,8 @@ +return { + name = "Cloudflare-Family", + label = _("Cloudflare (Family Protection)"), + resolver_url = "https://family.cloudflare-dns.com/dns-query", + bootstrap_dns = "1.1.1.3,1.0.0.3,2606:4700:4700::1113,2606:4700:4700::1003", + help_link = "https://one.one.one.one/family/", + help_link_text = "Cloudflare" +} diff --git a/applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.lua b/applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.lua index e8673d5d58..7e30c125c8 100644 --- a/applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.lua +++ b/applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.lua @@ -2,5 +2,7 @@ return { name = "Cloudflare", label = _("Cloudflare"), resolver_url = "https://cloudflare-dns.com/dns-query", - bootstrap_dns = "1.1.1.1,1.0.0.1" + bootstrap_dns = "1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001", + help_link = "https://one.one.one.one/family/", + help_link_text = "Cloudflare" } diff --git a/applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.security.lua b/applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.security.lua new file mode 100644 index 0000000000..a862f438bb --- /dev/null +++ b/applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.security.lua @@ -0,0 +1,8 @@ +return { + name = "Cloudflare-Security", + label = _("Cloudflare (Security Protection)"), + resolver_url = "https://security.cloudflare-dns.com/dns-query", + bootstrap_dns = "1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001", + help_link = "https://one.one.one.one/family/", + help_link_text = "Cloudflare" +} diff --git a/applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua b/applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua index c57de38724..a1da93b2f2 100644 --- a/applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua +++ b/applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua @@ -9,7 +9,21 @@ local packageName = "https-dns-proxy" local providers_dir = "/usr/lib/lua/luci/" .. packageName .. "/providers/" local helperText = "" -function create_helper_text() +function getPackageVersion() + local opkgFile = "/usr/lib/opkg/status" + local line + local flag = false + for line in io.lines(opkgFile) do + if flag then + return line:match('[%d%.$-]+') or "" + elseif line:find("Package: " .. packageName:gsub("%-", "%%%-")) then + flag = true + end + end + return "" +end + +function createHelperText() local initText = "
" .. translate("For more information on different options check") .. " " for filename in fs.dir(providers_dir) do local p_func = loadfile(providers_dir .. filename) @@ -25,7 +39,7 @@ function create_helper_text() else helperText = helperText .. ", " end - helperText = helperText .. [[]] .. domain .. [[]] + helperText = helperText .. [[]] .. domain .. [[]] end end end @@ -35,7 +49,7 @@ function create_helper_text() end end -function get_provider_name(value) +function getProviderName(value) for filename in fs.dir(providers_dir) do local p_func = loadfile(providers_dir .. filename) setfenv(p_func, { _ = i18n.translate }) @@ -51,7 +65,7 @@ end local packageStatus, packageStatusCode local ubusStatus = util.ubus("service", "list", { name = packageName }) -local packageVersion = tostring(util.trim(sys.exec("opkg list-installed " .. packageName .. " | awk '{print $3}'"))) or "" +local packageVersion = getPackageVersion() if packageVersion == "" then packageStatusCode = -1 @@ -81,7 +95,7 @@ else end la = la or "127.0.0.1" lp = lp or n + 5053 - packageStatus = packageStatus .. translatef("Running: %s DoH at %s:%s", get_provider_name(url), la, lp) .. "\n" + packageStatus = packageStatus .. translatef("Running: %s DoH at %s:%s", getProviderName(url), la, lp) .. "\n" else break end @@ -108,7 +122,7 @@ else buttons.template = packageName .. "/buttons" end -create_helper_text() +createHelperText() s3 = m:section(TypedSection, "https-dns-proxy", translate("Instances"), translatef("When you add/remove any instances below, they will be used to override the 'DNS forwardings' section of %sDHCP and DNS%s.", "", "") .. helperText) s3.template = "cbi/tblsection" diff --git a/applications/luci-app-https-dns-proxy/po/templates/https-dns-proxy.pot b/applications/luci-app-https-dns-proxy/po/templates/https-dns-proxy.pot index 411739ba32..a9694e5913 100644 --- a/applications/luci-app-https-dns-proxy/po/templates/https-dns-proxy.pot +++ b/applications/luci-app-https-dns-proxy/po/templates/https-dns-proxy.pot @@ -1,136 +1,188 @@ msgid "" msgstr "Content-Type: text/plain; charset=UTF-8" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:72 msgid "%s is not installed or not found" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.adguard.dns-family.lua:3 msgid "AdGuard (Family Protection)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.adguard.dns.lua:3 msgid "AdGuard (Standard)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/ca.cira.canadianshield.family.lua:3 msgid "CIRA Canadian Shield (Family)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/ca.cira.canadianshield.private.lua:3 msgid "CIRA Canadian Shield (Private)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/ca.cira.canadianshield.protected.lua:3 msgid "CIRA Canadian Shield (Protected)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/org.cleanbrowsing.doh-adult.lua:3 msgid "CleanBrowsing (Adult Filter)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/org.cleanbrowsing.doh-family.lua:3 msgid "CleanBrowsing (Family Filter)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/org.cleanbrowsing.doh-security.lua:3 msgid "CleanBrowsing (Security Filter)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.lua:3 msgid "Cloudflare" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.family.lua:3 +msgid "Cloudflare (Family Protection)" +msgstr "" + +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.security.lua:3 +msgid "Cloudflare (Security Protection)" +msgstr "" + +#: applications/luci-app-https-dns-proxy/luasrc/controller/https-dns-proxy.lua:4 msgid "DNS HTTPS Proxy" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:106 msgid "DNS HTTPS Proxy Settings" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers.disabled/sb.dns.lua:3 msgid "DNS.SB" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers.disabled/ch.digitale-gesellschaft.dns.lua:3 msgid "Digitale Gesellschaft" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/buttons.htm:57 msgid "Disable" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:177 msgid "EDNS client subnet" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/buttons.htm:54 msgid "Enable" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:27 msgid "For more information on different options check" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/google.dns.lua:3 msgid "Google" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:126 msgid "Instances" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/gr.libredns.doh.lua:3 msgid "LibreDNS" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/gr.libredns.doh-ads.lua:3 msgid "LibreDNS (No Ads)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:160 msgid "Listen address" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:173 msgid "Listen port" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/js.htm:52 msgid "Loading" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/cz.nic.odvr.lua:3 msgid "ODVR (nic.cz)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:180 msgid "Proxy server" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns.lua:3 msgid "Quad 9 (Recommended)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns11.lua:3 msgid "Quad 9 (Secured with ECS Support)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns9.lua:3 msgid "Quad 9 (Secured)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns10.lua:3 msgid "Quad 9 (Unsecured)" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/buttons.htm:44 msgid "Reload" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:133 msgid "Resolver" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:98 msgid "Running: %s DoH at %s:%s" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:110 msgid "Service Status" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:108 msgid "Service Status [%s %s]" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/buttons.htm:41 msgid "Start" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/buttons.htm:47 msgid "Stop" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:76 msgid "Stopped" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:63 msgid "Unknown Provider" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:127 msgid "" "When you add/remove any instances below, they will be used to override the " "'DNS forwardings' section of %sDHCP and DNS%s." msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:48 msgid "and" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua:78 msgid "disabled" msgstr "" +#: applications/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers.disabled/cn.rubyfish.dns.lua:3 msgid "rubyfish.cn" msgstr "" diff --git a/applications/luci-app-https-dns-proxy/root/usr/share/rpcd/acl.d/luci-app-https-dns-proxy.json b/applications/luci-app-https-dns-proxy/root/usr/share/rpcd/acl.d/luci-app-https-dns-proxy.json new file mode 100644 index 0000000000..bcd4c5fd7d --- /dev/null +++ b/applications/luci-app-https-dns-proxy/root/usr/share/rpcd/acl.d/luci-app-https-dns-proxy.json @@ -0,0 +1,32 @@ +{ + "luci-app-https-dns-proxy": { + "description": "Grant UCI and file access for luci-app-https-dns-proxy", + "read": { + "cgi-io": [ + "exec" + ], + "file": { + "/usr/lib/opkg/status": [ + "read" + ], + "/usr/lib/lua/luci/https-dns-proxy/providers/*": [ + "read" + ], + "/etc/init.d/dnsmasq *": [ + "exec" + ], + "/etc/init.d/https-dns-proxy *": [ + "exec" + ] + }, + "uci": [ + "https-dns-proxy" + ] + }, + "write": { + "uci": [ + "https-dns-proxy" + ] + } + } +} -- 2.30.2