Restructure modules (#1572)

* Move portbase into monorepo * Add new simple module mgr * [WIP] Switch to new simple module mgr * Add StateMgr and more worker variants * [WIP] Switch more modules * [WIP] Switch more modules * [WIP] swtich more modules * [WIP] switch all SPN modules * [WIP] switch all service modules * [WIP] Convert all workers to the new module system * [WIP] add new task system to module manager * [WIP] Add second take for scheduling workers * [WIP] Add FIXME for bugs in new scheduler * [WIP] Add minor improvements to scheduler * [WIP] Add new worker scheduler * [WIP] Fix more bug related to new module system * [WIP] Fix start handing of the new module system * [WIP] Improve startup process * [WIP] Fix minor issues * [WIP] Fix missing subsystem in settings * [WIP] Initialize managers in constructor * [WIP] Move module event initialization to constrictors * [WIP] Fix setting for enabling and disabling the SPN module * [WIP] Move API registeration into module construction * [WIP] Update states mgr for all modules * [WIP] Add CmdLine operation support * Add state helper methods to module group and instance * Add notification and module status handling to status package * Fix starting issues * Remove pilot widget and update security lock to new status data * Remove debug logs * Improve http server shutdown * Add workaround for cleanly shutting down firewall+netquery * Improve logging * Add syncing states with notifications for new module system * Improve starting, stopping, shutdown; resolve FIXMEs/TODOs * [WIP] Fix most unit tests * Review new module system and fix minor issues * Push shutdown and restart events again via API * Set sleep mode via interface * Update example/template module * [WIP] Fix spn/cabin unit test * Remove deprecated UI elements * Make log output more similar for the logging transition phase * Switch spn hub and observer cmds to new module system * Fix log sources * Make worker mgr less error prone * Fix tests and minor issues * Fix observation hub * Improve shutdown and restart handling * Split up big connection.go source file * Move varint and dsd packages to structures repo * Improve expansion test * Fix linter warnings * Fix interception module on windows * Fix linter errors --------- Co-authored-by: Vladimir Stoilov <vladimir@safing.io>
2024-08-09 17:15:48 +02:00
parent 10a77498f4
commit 80664d1a27
647 changed files with 37690 additions and 3366 deletions
--- a/base/api/endpoints_meta.go
+++ b/base/api/endpoints_meta.go
@@ -0,0 +1,140 @@
+package api
+
+import (
+	"encoding/json"
+	"errors"
+	"net/http"
+)
+
+func registerMetaEndpoints() error {
+	if err := RegisterEndpoint(Endpoint{
+		Path:        "endpoints",
+		Read:        PermitAnyone,
+		MimeType:    MimeTypeJSON,
+		DataFunc:    listEndpoints,
+		Name:        "Export API Endpoints",
+		Description: "Returns a list of all registered endpoints and their metadata.",
+	}); err != nil {
+		return err
+	}
+
+	if err := RegisterEndpoint(Endpoint{
+		Path:        "auth/permissions",
+		Read:        Dynamic,
+		StructFunc:  permissions,
+		Name:        "View Current Permissions",
+		Description: "Returns the current permissions assigned to the request.",
+	}); err != nil {
+		return err
+	}
+
+	if err := RegisterEndpoint(Endpoint{
+		Path:        "auth/bearer",
+		Read:        Dynamic,
+		HandlerFunc: authBearer,
+		Name:        "Request HTTP Bearer Auth",
+		Description: "Returns an HTTP Bearer Auth request, if not authenticated.",
+	}); err != nil {
+		return err
+	}
+
+	if err := RegisterEndpoint(Endpoint{
+		Path:        "auth/basic",
+		Read:        Dynamic,
+		HandlerFunc: authBasic,
+		Name:        "Request HTTP Basic Auth",
+		Description: "Returns an HTTP Basic Auth request, if not authenticated.",
+	}); err != nil {
+		return err
+	}
+
+	if err := RegisterEndpoint(Endpoint{
+		Path:        "auth/reset",
+		Read:        PermitAnyone,
+		HandlerFunc: authReset,
+		Name:        "Reset Authenticated Session",
+		Description: "Resets authentication status internally and in the browser.",
+	}); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func listEndpoints(ar *Request) (data []byte, err error) {
+	data, err = json.Marshal(ExportEndpoints())
+	return
+}
+
+func permissions(ar *Request) (i interface{}, err error) {
+	if ar.AuthToken == nil {
+		return nil, errors.New("authentication token missing")
+	}
+
+	return struct {
+		Read      Permission
+		Write     Permission
+		ReadRole  string
+		WriteRole string
+	}{
+		Read:      ar.AuthToken.Read,
+		Write:     ar.AuthToken.Write,
+		ReadRole:  ar.AuthToken.Read.Role(),
+		WriteRole: ar.AuthToken.Write.Role(),
+	}, nil
+}
+
+func authBearer(w http.ResponseWriter, r *http.Request) {
+	// Check if authenticated by checking read permission.
+	ar := GetAPIRequest(r)
+	if ar.AuthToken.Read != PermitAnyone {
+		TextResponse(w, r, "Authenticated.")
+		return
+	}
+
+	// Respond with desired authentication header.
+	w.Header().Set(
+		"WWW-Authenticate",
+		`Bearer realm="Portmaster API" domain="/"`,
+	)
+	http.Error(w, "Authorization required.", http.StatusUnauthorized)
+}
+
+func authBasic(w http.ResponseWriter, r *http.Request) {
+	// Check if authenticated by checking read permission.
+	ar := GetAPIRequest(r)
+	if ar.AuthToken.Read != PermitAnyone {
+		TextResponse(w, r, "Authenticated.")
+		return
+	}
+
+	// Respond with desired authentication header.
+	w.Header().Set(
+		"WWW-Authenticate",
+		`Basic realm="Portmaster API" domain="/"`,
+	)
+	http.Error(w, "Authorization required.", http.StatusUnauthorized)
+}
+
+func authReset(w http.ResponseWriter, r *http.Request) {
+	// Get session cookie from request and delete session if exists.
+	c, err := r.Cookie(sessionCookieName)
+	if err == nil {
+		deleteSession(c.Value)
+	}
+
+	// Delete session and cookie.
+	http.SetCookie(w, &http.Cookie{
+		Name:   sessionCookieName,
+		MaxAge: -1, // MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
+	})
+
+	// Request client to also reset all data.
+	w.Header().Set("Clear-Site-Data", "*")
+
+	// Set HTTP Auth Realm without requesting authorization.
+	w.Header().Set("WWW-Authenticate", `None realm="Portmaster API"`)
+
+	// Reply with 401 Unauthorized in order to clear HTTP Basic Auth data.
+	http.Error(w, "Session deleted.", http.StatusUnauthorized)
+}