From 5209a090c448fe95c0d3bef78c4cd82518f4c98a Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Fri, 24 Apr 2020 10:55:49 +0200
Subject: [PATCH] Update config options, add options to turn off system
 notifications

---
 core/config.go     | 17 +++++++++++++++++
 firewall/config.go | 45 ++++++++++++++++++++++++++++++++++-----------
 firewall/prompt.go |  6 +++---
 process/config.go  |  1 +
 profile/config.go  |  4 ++--
 updates/config.go  |  6 ++++++
 6 files changed, 63 insertions(+), 16 deletions(-)

diff --git a/core/config.go b/core/config.go
index 0ee6921f..0383d68f 100644
--- a/core/config.go
+++ b/core/config.go
@@ -11,6 +11,8 @@ import (
 var (
 	CfgDevModeKey  = "core/devMode"
 	defaultDevMode bool
+
+	CfgUseSystemNotificationsKey = "core/useSystemNotifications"
 )
 
 func init() {
@@ -28,6 +30,7 @@ func registerConfig() error {
 		Name:           "Development Mode",
 		Key:            CfgDevModeKey,
 		Description:    "In Development Mode security restrictions are lifted/softened to enable easier access to Portmaster for debugging and testing purposes.",
+		Order:          127,
 		OptType:        config.OptTypeBool,
 		ExpertiseLevel: config.ExpertiseLevelDeveloper,
 		ReleaseLevel:   config.ReleaseLevelStable,
@@ -37,5 +40,19 @@ func registerConfig() error {
 		return err
 	}
 
+	err = config.Register(&config.Option{
+		Name:           "Use System Notifications",
+		Key:            CfgUseSystemNotificationsKey,
+		Description:    "Send notifications to your operating system's notification system. When this setting is turned off, notifications will only be visible in the Portmaster App. This affects both alerts from the Portmaster and questions from the Privacy Filter.",
+		Order:          32,
+		OptType:        config.OptTypeBool,
+		ExpertiseLevel: config.ExpertiseLevelUser,
+		ReleaseLevel:   config.ReleaseLevelStable,
+		DefaultValue:   true, // TODO: turn off by default on unsupported systems
+	})
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
diff --git a/firewall/config.go b/firewall/config.go
index 53d607e5..2a9308b3 100644
--- a/firewall/config.go
+++ b/firewall/config.go
@@ -1,16 +1,23 @@
 package firewall
 
 import (
+	"github.com/safing/portbase/api"
 	"github.com/safing/portbase/config"
+	"github.com/safing/portmaster/core"
 )
 
 // Configuration Keys
 var (
 	CfgOptionEnableFilterKey = "filter/enable"
 
-	CfgOptionPromptTimeoutKey   = "filter/promptTimeout"
-	CfgOptionPromptTimeoutOrder = 2
-	promptTimeout               config.IntOption
+	CfgOptionAskWithSystemNotificationsKey   = "filter/askWithSystemNotifications"
+	CfgOptionAskWithSystemNotificationsOrder = 2
+	askWithSystemNotifications               config.BoolOption
+	useSystemNotifications                   config.BoolOption
+
+	CfgOptionAskTimeoutKey   = "filter/askTimeout"
+	CfgOptionAskTimeoutOrder = 3
+	askTimeout               config.IntOption
 
 	CfgOptionPermanentVerdictsKey   = "filter/permanentVerdicts"
 	CfgOptionPermanentVerdictsOrder = 128
@@ -37,22 +44,38 @@ func registerConfig() error {
 	permanentVerdicts = config.Concurrent.GetAsBool(CfgOptionPermanentVerdictsKey, true)
 
 	err = config.Register(&config.Option{
-		Name:           "Timeout for prompt notifications",
-		Key:            CfgOptionPromptTimeoutKey,
-		Description:    "Amount of time how long Portmaster will wait for a response when prompting about a connection via a notification. In seconds.",
-		Order:          CfgOptionPromptTimeoutOrder,
+		Name:           "Ask with System Notifications",
+		Key:            CfgOptionAskWithSystemNotificationsKey,
+		Description:    `Ask about connections using your operating system's notification system. For this to be enabled, the setting "Use System Notifications" must enabled too. This only affects questions from the Privacy Filter, and does not affect alerts from the Portmaster.`,
+		Order:          CfgOptionAskWithSystemNotificationsOrder,
+		OptType:        config.OptTypeBool,
+		ExpertiseLevel: config.ExpertiseLevelUser,
+		ReleaseLevel:   config.ReleaseLevelStable,
+		DefaultValue:   true,
+	})
+	if err != nil {
+		return err
+	}
+	askWithSystemNotifications = config.Concurrent.GetAsBool(CfgOptionAskWithSystemNotificationsKey, true)
+	useSystemNotifications = config.Concurrent.GetAsBool(core.CfgUseSystemNotificationsKey, true)
+
+	err = config.Register(&config.Option{
+		Name:           "Timeout for Ask Notifications",
+		Key:            CfgOptionAskTimeoutKey,
+		Description:    "Amount of time (in seconds) how long the Portmaster will wait for a response when prompting about a connection via a notification. Please note that system notifications might not respect this or have it's own limits.",
+		Order:          CfgOptionAskTimeoutOrder,
 		OptType:        config.OptTypeInt,
 		ExpertiseLevel: config.ExpertiseLevelUser,
-		ReleaseLevel:   config.ReleaseLevelBeta,
+		ReleaseLevel:   config.ReleaseLevelStable,
 		DefaultValue:   60,
 	})
 	if err != nil {
 		return err
 	}
-	promptTimeout = config.Concurrent.GetAsInt(CfgOptionPromptTimeoutKey, 60)
+	askTimeout = config.Concurrent.GetAsInt(CfgOptionAskTimeoutKey, 60)
 
-	devMode = config.Concurrent.GetAsBool("core/devMode", false)
-	apiListenAddress = config.GetAsString("api/listenAddress", "")
+	devMode = config.Concurrent.GetAsBool(core.CfgDevModeKey, false)
+	apiListenAddress = config.GetAsString(api.CfgDefaultListenAddressKey, "")
 
 	return nil
 }
diff --git a/firewall/prompt.go b/firewall/prompt.go
index 210b63a9..bc4f7109 100644
--- a/firewall/prompt.go
+++ b/firewall/prompt.go
@@ -26,16 +26,16 @@ const (
 )
 
 func prompt(conn *network.Connection, pkt packet.Packet) { //nolint:gocognit // TODO
-	nTTL := time.Duration(promptTimeout()) * time.Second
+	nTTL := time.Duration(askTimeout()) * time.Second
 
 	// first check if there is an existing notification for this.
 	// build notification ID
 	var nID string
 	switch {
 	case conn.Inbound, conn.Entity.Domain == "": // connection to/from IP
-		nID = fmt.Sprintf("firewall-prompt-%d-%s-%s", conn.Process().Pid, conn.Scope, pkt.Info().RemoteIP())
+		nID = fmt.Sprintf("filter:prompt-%d-%s-%s", conn.Process().Pid, conn.Scope, pkt.Info().RemoteIP())
 	default: // connection to domain
-		nID = fmt.Sprintf("firewall-prompt-%d-%s", conn.Process().Pid, conn.Scope)
+		nID = fmt.Sprintf("filter:prompt-%d-%s", conn.Process().Pid, conn.Scope)
 	}
 	n := notifications.Get(nID)
 	saveResponse := true
diff --git a/process/config.go b/process/config.go
index 9329eddb..a4d8c205 100644
--- a/process/config.go
+++ b/process/config.go
@@ -17,6 +17,7 @@ func registerConfiguration() error {
 		Name:           "Enable Process Detection",
 		Key:            CfgOptionEnableProcessDetectionKey,
 		Description:    "This option enables the attribution of network traffic to processes. This should be always enabled, and effectively disables app profiles if disabled.",
+		Order:          144,
 		OptType:        config.OptTypeBool,
 		ExpertiseLevel: config.ExpertiseLevelDeveloper,
 		DefaultValue:   true,
diff --git a/profile/config.go b/profile/config.go
index 9f0e3ad3..aaf11b2c 100644
--- a/profile/config.go
+++ b/profile/config.go
@@ -300,7 +300,7 @@ Examples:
 	err = config.Register(&config.Option{
 		Name:            "Block Peer to Peer Connections",
 		Key:             CfgOptionBlockP2PKey,
-		Description:     "Block peer to peer connections. These are connections that are established directly to an IP address on the Internet without resolving a domain name via DNS first.",
+		Description:     "These are connections that are established directly to an IP address on the Internet without resolving a domain name via DNS first.",
 		Order:           cfgOptionBlockP2POrder,
 		OptType:         config.OptTypeInt,
 		ExternalOptType: "security level",
@@ -317,7 +317,7 @@ Examples:
 	err = config.Register(&config.Option{
 		Name:            "Block Inbound Connections",
 		Key:             CfgOptionBlockInboundKey,
-		Description:     "Block inbound connections to your device. This will usually only be the case if you are running a network service or are using peer to peer software.",
+		Description:     "Connections initiated towards your device. This will usually only be the case if you are running a network service or are using peer to peer software.",
 		Order:           cfgOptionBlockInboundOrder,
 		OptType:         config.OptTypeInt,
 		ExternalOptType: "security level",
diff --git a/updates/config.go b/updates/config.go
index 59955549..86d78a2f 100644
--- a/updates/config.go
+++ b/updates/config.go
@@ -8,6 +8,10 @@ import (
 	"github.com/safing/portbase/log"
 )
 
+const (
+	cfgDevModeKey = "core/devMode"
+)
+
 var (
 	releaseChannel config.StringOption
 	devMode        config.BoolOption
@@ -23,6 +27,7 @@ func registerConfig() error {
 		Name:            "Release Channel",
 		Key:             releaseChannelKey,
 		Description:     "The Release Channel changes which updates are applied. When using beta, you will receive new features earlier and Portmaster will update more frequently. Some beta or experimental features are also available in the stable release channel.",
+		Order:           1,
 		OptType:         config.OptTypeString,
 		ExpertiseLevel:  config.ExpertiseLevelExpert,
 		ReleaseLevel:    config.ReleaseLevelBeta,
@@ -39,6 +44,7 @@ func registerConfig() error {
 		Name:            "Disable Updates",
 		Key:             disableUpdatesKey,
 		Description:     "Disable automatic updates.",
+		Order:           64,
 		OptType:         config.OptTypeBool,
 		ExpertiseLevel:  config.ExpertiseLevelExpert,
 		ReleaseLevel:    config.ReleaseLevelStable,