github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add export and import for profiles

Browse Source
This commit is contained in:
Daniel
2023-11-15 15:12:00 +01:00
parent beed574fa3
commit 602db080c5
13 changed files with 668 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

435
sync/profile.go
View File

@@ -1,45 +1,440 @@
package sync
import (
"encoding/json"
"errors"
"fmt"
"net/http"
"strings"
"time"
"github.com/safing/portbase/api"
"github.com/safing/portbase/config"
"github.com/safing/portbase/log"
"github.com/safing/portmaster/profile"
)
// ProfileExport holds an export of a profile.
type ProfileExport struct { //nolint:maligned
Type Type
Type Type `json:"type"`
// Identification (sync or import as new only)
ID string
Source string
// Identification
ID string `json:"id,omitempty"`
Source profile.ProfileSource `json:"source,omitempty"`
// Human Metadata
Name string
Description string
Homepage string
Icons []profile.Icon
PresentationPath string
UsePresentationPath bool
Name string `json:"name"`
Description string `json:"description,omitempty"`
Homepage string `json:"homepage,omitempty"`
Icons []ProfileIcon `json:"icons,omitempty"`
PresentationPath string `json:"presPath,omitempty"`
UsePresentationPath bool `json:"usePresPath,omitempty"`
// Process matching
Fingerprints []profile.Fingerprint
Fingerprints []ProfileFingerprint `json:"fingerprints"`
// Settings
Config map[string]any
Config map[string]any `json:"config,omitempty"`
// Metadata (sync only)
LastEdited time.Time
Created time.Time
Internal bool
// Metadata
LastEdited *time.Time `json:"lastEdited,omitempty"`
Created *time.Time `json:"created,omitempty"`
Internal bool `json:"internal,omitempty"`
}
// ProfileIcon represents a profile icon.
type ProfileIcon struct {
Type profile.IconType `json:"type"`
Value string `json:"value"`
}
// ProfileIcon represents a profile fingerprint.
type ProfileFingerprint struct {
Type string `json:"type"`
Key string `json:"key,omitempty"`
Operation string `json:"operation"`
Value string `json:"value"`
MergedFrom string `json:"mergedFrom,omitempty"`
}
// ProfileExportRequest is a request for a profile export.
type ProfileExportRequest struct {
ID string `json:"id"`
}
// ProfileImportRequest is a request to import Profile.
type ProfileImportRequest struct {
ImportRequest
ImportRequest `json:",inline"`
// Reset all settings and fingerprints of target before import.
Reset bool
// AllowUnknown allows the import of unknown settings.
// Otherwise, attempting to import an unknown setting will result in an error.
AllowUnknown bool `json:"allowUnknown"`
Export *ProfileExport
// AllowReplace allows the import to replace other existing profiles.
AllowReplace bool `json:"allowReplaceProfiles"`
Export *ProfileExport `json:"export"`
}
// ProfileImportResult is returned by successful import operations.
type ProfileImportResult struct {
ImportResult `json:",inline"`
ReplacesProfiles []string `json:"replacesProfiles"`
}
func registerProfileAPI() error {
if err := api.RegisterEndpoint(api.Endpoint{
Name: "Export App Profile",
Description: "Exports app fingerprints, settings and metadata in a share-able format.",
Path: "sync/profile/export",
Read: api.PermitAdmin,
Write: api.PermitAdmin,
Parameters: []api.Parameter{{
Method: http.MethodGet,
Field: "id",
Description: "Specify scoped profile ID to export.",
}},
BelongsTo: module,
DataFunc: handleExportProfile,
}); err != nil {
return err
}
if err := api.RegisterEndpoint(api.Endpoint{
Name: "Import App Profile",
Description: "Imports full app profiles, including fingerprints, setting and metadata from the share-able format.",
Path: "sync/profile/import",
Read: api.PermitAdmin,
Write: api.PermitAdmin,
Parameters: []api.Parameter{
{
Method: http.MethodPost,
Field: "allowReplace",
Description: "Allow replacing existing profiles.",
}, {
Method: http.MethodPost,
Field: "validate",
Description: "Validate only.",
}, {
Method: http.MethodPost,
Field: "reset",
Description: "Replace all existing settings.",
}, {
Method: http.MethodPost,
Field: "allowUnknown",
Description: "Allow importing of unknown values.",
}},
BelongsTo: module,
StructFunc: handleImportProfile,
}); err != nil {
return err
}
return nil
}
func handleExportProfile(ar *api.Request) (data []byte, err error) {
var request *ProfileExportRequest
// Get parameters.
q := ar.URL.Query()
if len(q) > 0 {
request = &ProfileExportRequest{
ID: q.Get("id"),
}
} else {
request = &ProfileExportRequest{}
if err := json.Unmarshal(ar.InputData, request); err != nil {
return nil, fmt.Errorf("%w: failed to parse export request: %w", ErrExportFailed, err)
}
}
// Check parameters.
if request.ID == "" {
return nil, errors.New("missing parameters")
}
// Export.
export, err := ExportProfile(request.ID)
if err != nil {
return nil, err
}
return serializeExport(export, ar)
}
func handleImportProfile(ar *api.Request) (any, error) {
var request *ProfileImportRequest
// Get parameters.
q := ar.URL.Query()
if len(q) > 0 {
request = &ProfileImportRequest{
ImportRequest: ImportRequest{
ValidateOnly: q.Has("validate"),
RawExport: string(ar.InputData),
RawMime: ar.Header.Get("Content-Type"),
},
AllowUnknown: q.Has("allowUnknown"),
AllowReplace: q.Has("allowReplace"),
}
} else {
request = &ProfileImportRequest{}
if err := json.Unmarshal(ar.InputData, request); err != nil {
return nil, fmt.Errorf("%w: failed to parse import request: %w", ErrInvalidImportRequest, err)
}
}
// Check if we need to parse the export.
switch {
case request.Export != nil && request.RawExport != "":
return nil, fmt.Errorf("%w: both Export and RawExport are defined", ErrInvalidImportRequest)
case request.RawExport != "":
// Parse export.
export := &ProfileExport{}
if err := parseExport(&request.ImportRequest, export); err != nil {
return nil, err
}
request.Export = export
case request.Export != nil:
// Export is aleady parsed.
default:
return nil, ErrInvalidImportRequest
}
// Import.
return ImportProfile(request, profile.SourceLocal)
}
// ExportProfile exports a profile.
func ExportProfile(scopedID string) (*ProfileExport, error) {
// Get Profile.
r, err := db.Get(profile.ProfilesDBPath + scopedID)
if err != nil {
return nil, fmt.Errorf("%w: failed to find profile: %w", ErrTargetNotFound, err)
}
p, err := profile.EnsureProfile(r)
if err != nil {
return nil, fmt.Errorf("%w: failed to load profile: %w", ErrExportFailed, err)
}
// Copy exportable profile data.
export := &ProfileExport{
Type: TypeProfile,
// Identification
ID: p.ID,
Source: p.Source,
// Human Metadata
Name: p.Name,
Description: p.Description,
Homepage: p.Homepage,
Icons: convertIconsToExport(p.Icons),
PresentationPath: p.PresentationPath,
UsePresentationPath: p.UsePresentationPath,
// Process matching
Fingerprints: convertFingerprintsToExport(p.Fingerprints),
// Settings
Config: p.Config,
// Metadata
Internal: p.Internal,
}
// Add optional timestamps.
if p.LastEdited > 0 {
lastEdited := time.Unix(p.LastEdited, 0)
export.LastEdited = &lastEdited
}
if p.Created > 0 {
created := time.Unix(p.Created, 0)
export.Created = &created
}
return export, nil
}
// ImportProfile imports a profile.
func ImportProfile(r *ProfileImportRequest, requiredProfileSource profile.ProfileSource) (*ProfileImportResult, error) {
// Check import.
if r.Export.Type != TypeProfile {
return nil, ErrMismatch
}
// Check Source.
if r.Export.Source != "" && r.Export.Source != requiredProfileSource {
return nil, ErrMismatch
}
// Check ID.
fingerprints := convertFingerprintsToInternal(r.Export.Fingerprints)
profileID := profile.DeriveProfileID(fingerprints)
if r.Export.ID != "" && r.Export.ID != profileID {
return nil, ErrMismatch
} else {
r.Export.ID = profileID
}
// Check Fingerprints.
_, err := profile.ParseFingerprints(fingerprints, "")
if err != nil {
return nil, fmt.Errorf("%w: the export contains invalid fingerprints: %w", ErrInvalidProfileData, err)
}
// Flatten config.
settings := config.Flatten(r.Export.Config)
// Check settings.
settingsResult, globalOnlySettingFound, err := checkSettings(settings)
if err != nil {
return nil, err
}
if settingsResult.ContainsUnknown && !r.AllowUnknown && !r.ValidateOnly {
return nil, fmt.Errorf("%w: the export contains unknown settings", ErrInvalidImportRequest)
}
// Check if a setting is settable per app.
if globalOnlySettingFound {
return nil, fmt.Errorf("%w: export contains settings that cannot be set per app", ErrNotSettablePerApp)
}
// Create result based on settings result.
result := &ProfileImportResult{
ImportResult: *settingsResult,
}
// Check if the profile already exists.
exists, err := db.Exists(profile.MakeProfileKey(r.Export.Source, r.Export.ID))
if err != nil {
return nil, fmt.Errorf("internal import error: %w", err)
}
if exists {
result.ReplacesExisting = true
}
// Check if import will delete any profiles.
requiredSourcePrefix := string(r.Export.Source) + "/"
result.ReplacesProfiles = make([]string, 0, len(r.Export.Fingerprints))
for _, fp := range r.Export.Fingerprints {
if fp.MergedFrom != "" {
if !strings.HasPrefix(fp.MergedFrom, requiredSourcePrefix) {
return nil, fmt.Errorf("%w: exported profile was merged from different profile source", ErrInvalidImportRequest)
}
exists, err := db.Exists(profile.ProfilesDBPath + fp.MergedFrom)
if err != nil {
return nil, fmt.Errorf("internal import error: %w", err)
}
if exists {
result.ReplacesProfiles = append(result.ReplacesProfiles, fp.MergedFrom)
}
}
}
// Stop here if we are only validating.
if r.ValidateOnly {
return result, nil
}
if result.ReplacesExisting && !r.AllowReplace {
return nil, fmt.Errorf("%w: import would replace existing profile", ErrImportFailed)
}
// Create profile from export.
// Note: Don't use profile.New(), as this will not trigger a profile refresh if active.
in := r.Export
p := &profile.Profile{
// Identification
ID: in.ID,
Source: requiredProfileSource,
// Human Metadata
Name: in.Name,
Description: in.Description,
Homepage: in.Homepage,
Icons: convertIconsToInternal(in.Icons),
PresentationPath: in.PresentationPath,
UsePresentationPath: in.UsePresentationPath,
// Process matching
Fingerprints: fingerprints,
// Settings
Config: in.Config,
// Metadata
Internal: in.Internal,
}
// Add optional timestamps.
if in.LastEdited != nil {
p.LastEdited = in.LastEdited.Unix()
}
if in.Created != nil {
p.Created = in.Created.Unix()
}
// Save profile to db.
p.SetKey(profile.MakeProfileKey(p.Source, p.ID))
err = p.Save()
if err != nil {
return nil, fmt.Errorf("%w: failed to save profile: %w", ErrImportFailed, err)
}
// Delete profiles that were merged into the imported profile.
for _, profileID := range result.ReplacesProfiles {
err := db.Delete(profile.ProfilesDBPath + profileID)
if err != nil {
log.Errorf("sync: failed to delete merged profile %s on import: %s", profileID, err)
}
}
return result, nil
}
func convertIconsToExport(icons []profile.Icon) []ProfileIcon {
converted := make([]ProfileIcon, 0, len(icons))
for _, icon := range icons {
converted = append(converted, ProfileIcon{
Type: icon.Type,
Value: icon.Value,
})
}
return converted
}
func convertIconsToInternal(icons []ProfileIcon) []profile.Icon {
converted := make([]profile.Icon, 0, len(icons))
for _, icon := range icons {
converted = append(converted, profile.Icon{
Type: icon.Type,
Value: icon.Value,
})
}
return converted
}
func convertFingerprintsToExport(fingerprints []profile.Fingerprint) []ProfileFingerprint {
converted := make([]ProfileFingerprint, 0, len(fingerprints))
for _, fp := range fingerprints {
converted = append(converted, ProfileFingerprint{
Type: fp.Type,
Key: fp.Key,
Operation: fp.Operation,
Value: fp.Value,
MergedFrom: fp.MergedFrom,
})
}
return converted
}
func convertFingerprintsToInternal(fingerprints []ProfileFingerprint) []profile.Fingerprint {
converted := make([]profile.Fingerprint, 0, len(fingerprints))
for _, fp := range fingerprints {
converted = append(converted, profile.Fingerprint{
Type: fp.Type,
Key: fp.Key,
Operation: fp.Operation,
Value: fp.Value,
MergedFrom: fp.MergedFrom,
})
}
return converted
}