Merge branch 'master' into 5567-extract-subnet-arpa

CHANGELOG.md

@@ -23,11 +23,48 @@ See also the [v0.107.27 GitHub milestone][ms-v0.107.27].
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
 
+### Added
+
+- The ability to manage safesearch for each service by using the new
+  `safe_search` field ([#1163]).
+
+### Changed
+
+#### Configuration Changes
+
+In this release, the schema version has changed from 17 to 19.
+
+- The `dns.safesearch_enabled` field has been replaced with `safe_search`
+  object containing per-service settings.
+- The `clients.persistent.safesearch_enabled` field has been replaced with
+  `safe_search` object containing per-service settings.
+
+  ```yaml
+    # BEFORE:
+    'safesearch_enabled': true
+
+    # AFTER:
+    'safe_search':
+      'enabled': true
+      'bing': true
+      'duckduckgo': true
+      'google': true
+      'pixabay': true
+      'yandex': true
+      'youtube': true
+  ```
+
+  To rollback this change, move the value of `dns.safe_search.enabled` into the
+  `dns.safesearch_enabled`, then remove `dns.safe_search` field.  Do the same
+  client's specific `clients.persistent.safesearch` and then change the
+  `schema_version` back to `17`.
+
 ### Fixed
 
 - Panic caused by empty top-level domain name label in `/etc/hosts` files
   ([#5584]).
 
+[#1163]: https://github.com/AdguardTeam/AdGuardHome/issues/1163
 [#5584]: https://github.com/AdguardTeam/AdGuardHome/issues/5584
 
 <!--

internal/dnsforward/dnsforward_test.go

@@ -23,6 +23,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
+	"github.com/AdguardTeam/AdGuardHome/internal/filtering/safesearch"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/netutil"
@@ -412,7 +413,7 @@ func TestServerRace(t *testing.T) {
 	filterConf := &filtering.Config{
 		SafeBrowsingEnabled:   true,
 		SafeBrowsingCacheSize: 1000,
-		SafeSearchEnabled:     true,
+		SafeSearchConf:        filtering.SafeSearchConfig{Enabled: true},
 		SafeSearchCacheSize:   1000,
 		ParentalCacheSize:     1000,
 		CacheTime:             30,
@@ -440,12 +441,26 @@ func TestServerRace(t *testing.T) {
 
 func TestSafeSearch(t *testing.T) {
 	resolver := &aghtest.TestResolver{}
+	safeSearchConf := filtering.SafeSearchConfig{
+		Enabled:        true,
+		Google:         true,
+		Yandex:         true,
+		CustomResolver: resolver,
+	}
+
 	filterConf := &filtering.Config{
-		SafeSearchEnabled:   true,
+		SafeSearchConf:      safeSearchConf,
 		SafeSearchCacheSize: 1000,
 		CacheTime:           30,
-		CustomResolver:      resolver,
 	}
+	safeSearch, err := safesearch.NewDefaultSafeSearch(
+		safeSearchConf,
+		filterConf.SafeSearchCacheSize,
+		time.Minute*time.Duration(filterConf.CacheTime),
+	)
+	require.NoError(t, err)
+
+	filterConf.SafeSearch = safeSearch
 	forwardConf := ServerConfig{
 		UDPListenAddrs: []*net.UDPAddr{{}},
 		TCPListenAddrs: []*net.TCPAddr{{}},
@@ -498,7 +513,8 @@ func TestSafeSearch(t *testing.T) {
 		t.Run(tc.host, func(t *testing.T) {
 			req := createTestMessage(tc.host)
 
-			reply, _, err := client.Exchange(req, addr)
+			var reply *dns.Msg
+			reply, _, err = client.Exchange(req, addr)
 			require.NoErrorf(t, err, "couldn't talk to server %s: %s", addr, err)
 			assertResponse(t, reply, tc.want)
 		})

internal/dnsforward/http_test.go

@@ -57,7 +57,7 @@ func TestDNSForwardHTTP_handleGetConfig(t *testing.T) {
 	filterConf := &filtering.Config{
 		SafeBrowsingEnabled:   true,
 		SafeBrowsingCacheSize: 1000,
-		SafeSearchEnabled:     true,
+		SafeSearchConf:        filtering.SafeSearchConfig{Enabled: true},
 		SafeSearchCacheSize:   1000,
 		ParentalCacheSize:     1000,
 		CacheTime:             30,
@@ -133,7 +133,7 @@ func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {
 	filterConf := &filtering.Config{
 		SafeBrowsingEnabled:   true,
 		SafeBrowsingCacheSize: 1000,
-		SafeSearchEnabled:     true,
+		SafeSearchConf:        filtering.SafeSearchConfig{Enabled: true},
 		SafeSearchCacheSize:   1000,
 		ParentalCacheSize:     1000,
 		CacheTime:             30,

internal/filtering/filtering.go

@@ -63,6 +63,9 @@ type Settings struct {
 	SafeSearchEnabled   bool
 	SafeBrowsingEnabled bool
 	ParentalEnabled     bool
+
+	// ClientSafeSearch is a client configured safe search.
+	ClientSafeSearch SafeSearch
 }
 
 // Resolver is the interface for net.Resolver to simplify testing.
@@ -83,13 +86,16 @@ type Config struct {
 	FiltersUpdateIntervalHours uint32 `yaml:"filters_update_interval"` // time period to update filters (in hours)
 
 	ParentalEnabled     bool `yaml:"parental_enabled"`
-	SafeSearchEnabled   bool `yaml:"safesearch_enabled"`
 	SafeBrowsingEnabled bool `yaml:"safebrowsing_enabled"`
 
 	SafeBrowsingCacheSize uint `yaml:"safebrowsing_cache_size"` // (in bytes)
 	SafeSearchCacheSize   uint `yaml:"safesearch_cache_size"`   // (in bytes)
 	ParentalCacheSize     uint `yaml:"parental_cache_size"`     // (in bytes)
-	CacheTime             uint `yaml:"cache_time"`              // Element's TTL (in minutes)
+	// TODO(a.garipov): Use timeutil.Duration
+	CacheTime uint `yaml:"cache_time"` // Element's TTL (in minutes)
+
+	SafeSearchConf SafeSearchConfig `yaml:"safe_search"`
+	SafeSearch     SafeSearch       `yaml:"-"`
 
 	Rewrites []*LegacyRewrite `yaml:"rewrites"`
 
@@ -107,9 +113,6 @@ type Config struct {
 	// Register an HTTP handler
 	HTTPRegister aghhttp.RegisterFunc `yaml:"-"`
 
-	// CustomResolver is the resolver used by DNSFilter.
-	CustomResolver Resolver `yaml:"-"`
-
 	// HTTPClient is the client to use for updating the remote filters.
 	HTTPClient *http.Client `yaml:"-"`
 
@@ -172,7 +175,6 @@ type DNSFilter struct {
 
 	safebrowsingCache cache.Cache
 	parentalCache     cache.Cache
-	safeSearchCache   cache.Cache
 
 	Config // for direct access by library users, even a = assignment
 	// confLock protects Config.
@@ -182,11 +184,6 @@ type DNSFilter struct {
 	filtersInitializerChan chan filtersInitializerParams
 	filtersInitializerLock sync.Mutex
 
-	// resolver only looks up the IP address of the host while safe search.
-	//
-	// TODO(e.burkov): Use upstream that configured in dnsforward instead.
-	resolver Resolver
-
 	refreshLock *sync.Mutex
 
 	// filterTitleRegexp is the regular expression to retrieve a name of a
@@ -195,6 +192,7 @@ type DNSFilter struct {
 	// TODO(e.burkov):  Don't use regexp for such a simple text processing task.
 	filterTitleRegexp *regexp.Regexp
 
+	safeSearch   SafeSearch
 	hostCheckers []hostChecker
 }
 
@@ -298,7 +296,7 @@ func (d *DNSFilter) GetConfig() (s Settings) {
 
 	return Settings{
 		FilteringEnabled:    atomic.LoadUint32(&d.Config.enabled) != 0,
-		SafeSearchEnabled:   d.Config.SafeSearchEnabled,
+		SafeSearchEnabled:   d.Config.SafeSearchConf.Enabled,
 		SafeBrowsingEnabled: d.Config.SafeBrowsingEnabled,
 		ParentalEnabled:     d.Config.ParentalEnabled,
 	}
@@ -942,7 +940,6 @@ func InitModule() {
 // be non-nil.
 func New(c *Config, blockFilters []Filter) (d *DNSFilter, err error) {
 	d = &DNSFilter{
-		resolver:          net.DefaultResolver,
 		refreshLock:       &sync.Mutex{},
 		filterTitleRegexp: regexp.MustCompile(`^! Title: +(.*)$`),
 	}
@@ -951,18 +948,12 @@ func New(c *Config, blockFilters []Filter) (d *DNSFilter, err error) {
 		EnableLRU: true,
 		MaxSize:   c.SafeBrowsingCacheSize,
 	})
-	d.safeSearchCache = cache.New(cache.Config{
-		EnableLRU: true,
-		MaxSize:   c.SafeSearchCacheSize,
-	})
 	d.parentalCache = cache.New(cache.Config{
 		EnableLRU: true,
 		MaxSize:   c.ParentalCacheSize,
 	})
 
-	if r := c.CustomResolver; r != nil {
-		d.resolver = r
-	}
+	d.safeSearch = c.SafeSearch
 
 	d.hostCheckers = []hostChecker{{
 		check: d.matchSysHosts,