0xERR0R · ThinkChaos · Sep 4, 2024 · Apr 3, 2024 · Mar 29, 2024 · Mar 29, 2024
diff --git a/config/config.go b/config/config.go
@@ -171,6 +171,13 @@ func (l *ListenConfig) UnmarshalText(data []byte) error {
 
 	*l = strings.Split(addresses, ",")
 
+	// Prefix all ports with :
+	for i, addr := range *l {
+		if !strings.ContainsRune(addr, ':') {
+			(*l)[i] = ":" + addr
+		}
+	}
+
 	return nil
 }
 

diff --git a/config/config_test.go b/config/config_test.go
@@ -462,7 +462,7 @@ bootstrapDns:
 				err := l.UnmarshalText([]byte("55,:56"))
 				Expect(err).Should(Succeed())
 				Expect(*l).Should(HaveLen(2))
-				Expect(*l).Should(ContainElements("55", ":56"))
+				Expect(*l).Should(ContainElements(":55", ":56"))
 			})
 		})
 	})
@@ -958,7 +958,7 @@ bootstrapDns:
 })
 
 func defaultTestFileConfig(config *Config) {
-	Expect(config.Ports.DNS).Should(Equal(ListenConfig{"55553", ":55554", "[::1]:55555"}))
+	Expect(config.Ports.DNS).Should(Equal(ListenConfig{":55553", ":55554", "[::1]:55555"}))
 	Expect(config.Upstreams.Init.Strategy).Should(Equal(InitStrategyFailOnError))
 	Expect(config.Upstreams.UserAgent).Should(Equal("testBlocky"))
 	Expect(config.Upstreams.Groups["default"]).Should(HaveLen(3))

diff --git a/helpertest/helper.go b/helpertest/helper.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"net"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -31,20 +32,27 @@ const (
 	DS    = dns.Type(dns.TypeDS)
 )
 
-// GetIntPort returns an port for the current testing
+// GetIntPort returns a port for the current testing
 // process by adding the current ginkgo parallel process to
-// the base port and returning it as int
+// the base port and returning it as int.
 func GetIntPort(port int) int {
 	return port + ginkgo.GinkgoParallelProcess()
 }
 
-// GetStringPort returns an port for the current testing
+// GetStringPort returns a port for the current testing
 // process by adding the current ginkgo parallel process to
-// the base port and returning it as string
+// the base port and returning it as string.
 func GetStringPort(port int) string {
 	return fmt.Sprintf("%d", GetIntPort(port))
 }
 
+// GetHostPort returns a host:port string for the current testing
+// process by adding the current ginkgo parallel process to
+// the base port and returning it as string.
+func GetHostPort(host string, port int) string {
+	return net.JoinHostPort(host, GetStringPort(port))
+}
+
 // TempFile creates temp file with passed data
 func TempFile(data string) *os.File {
 	f, err := os.CreateTemp("", "prefix")

diff --git a/querylog/database_writer.go b/querylog/database_writer.go
@@ -176,7 +176,7 @@ func (d *DatabaseWriter) Write(entry *LogEntry) {
 		EffectiveTLDP: eTLD,
 		Answer:        entry.Answer,
 		ResponseCode:  entry.ResponseCode,
-		Hostname:      util.HostnameString(),
+		Hostname:      entry.BlockyInstance,
 	}
 
 	d.lock.Lock()

diff --git a/querylog/file_writer.go b/querylog/file_writer.go
@@ -115,7 +115,7 @@ func createQueryLogRow(logEntry *LogEntry) []string {
 		logEntry.ResponseCode,
 		logEntry.ResponseType,
 		logEntry.QuestionType,
-		util.HostnameString(),
+		logEntry.BlockyInstance,
 	}
 }
 

diff --git a/querylog/logger_writer.go b/querylog/logger_writer.go
@@ -5,7 +5,6 @@ import (
 	"strings"
 
 	"github.com/0xERR0R/blocky/log"
-	"github.com/0xERR0R/blocky/util"
 	"github.com/sirupsen/logrus"
 )
 
@@ -40,7 +39,7 @@ func LogEntryFields(entry *LogEntry) logrus.Fields {
 		"question_type":   entry.QuestionType,
 		"answer":          entry.Answer,
 		"duration_ms":     entry.DurationMs,
-		"hostname":        util.HostnameString(),
+		"instance":        entry.BlockyInstance,
 	})
 }
 

diff --git a/querylog/logger_writer_test.go b/querylog/logger_writer_test.go
@@ -51,7 +51,6 @@ var _ = Describe("LoggerWriter", func() {
 			Expect(fields).Should(HaveKeyWithValue("duration_ms", entry.DurationMs))
 			Expect(fields).Should(HaveKeyWithValue("question_type", entry.QuestionType))
 			Expect(fields).Should(HaveKeyWithValue("response_code", entry.ResponseCode))
-			Expect(fields).Should(HaveKey("hostname"))
 
 			Expect(fields).ShouldNot(HaveKey("client_names"))
 			Expect(fields).ShouldNot(HaveKey("question_name"))

diff --git a/querylog/writer.go b/querylog/writer.go
@@ -15,6 +15,7 @@ type LogEntry struct {
 	QuestionType   string
 	QuestionName   string
 	Answer         string
+	BlockyInstance string
 }
 
 type Writer interface {

diff --git a/resolver/query_logging_resolver.go b/resolver/query_logging_resolver.go
@@ -2,6 +2,10 @@ package resolver
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"os"
+	"strings"
 	"time"
 
 	"github.com/0xERR0R/blocky/config"
@@ -25,8 +29,9 @@ type QueryLoggingResolver struct {
 	NextResolver
 	typed
 
-	logChan chan *querylog.LogEntry
-	writer  querylog.Writer
+	logChan    chan *querylog.LogEntry
+	writer     querylog.Writer
+	instanceID string
 }
 
 func GetQueryLoggingWriter(ctx context.Context, cfg config.QueryLog) (querylog.Writer, error) {
@@ -58,7 +63,7 @@ func GetQueryLoggingWriter(ctx context.Context, cfg config.QueryLog) (querylog.W
 }
 
 // NewQueryLoggingResolver returns a new resolver instance
-func NewQueryLoggingResolver(ctx context.Context, cfg config.QueryLog) *QueryLoggingResolver {
+func NewQueryLoggingResolver(ctx context.Context, cfg config.QueryLog) (*QueryLoggingResolver, error) {
 	logger := log.PrefixedLog(queryLoggingResolverType)
 
 	var writer querylog.Writer
@@ -86,14 +91,20 @@ func NewQueryLoggingResolver(ctx context.Context, cfg config.QueryLog) *QueryLog
 		cfg.Type = config.QueryLogTypeConsole
 	}
 
+	instanceID, err := readInstanceID("/etc/hostname")
+	if err != nil {
+		return nil, err
+	}
+
 	logChan := make(chan *querylog.LogEntry, logChanCap)
 
 	resolver := QueryLoggingResolver{
 		configurable: withConfig(&cfg),
 		typed:        withType(queryLoggingResolverType),
 
-		logChan: logChan,
-		writer:  writer,
+		logChan:    logChan,
+		writer:     writer,
+		instanceID: instanceID,
 	}
 
 	go resolver.writeLog(ctx)
@@ -103,7 +114,7 @@ func NewQueryLoggingResolver(ctx context.Context, cfg config.QueryLog) *QueryLog
 		go resolver.periodicCleanUp(ctx)
 	}
 
-	return &resolver
+	return &resolver, nil
 }
 
 // triggers periodically cleanup of old log files
@@ -170,9 +181,10 @@ func (r *QueryLoggingResolver) createLogEntry(request *model.Request, response *
 	start time.Time, durationMs int64,
 ) *querylog.LogEntry {
 	entry := querylog.LogEntry{
-		Start:       start,
-		ClientIP:    "0.0.0.0",
-		ClientNames: []string{"none"},
+		Start:          start,
+		ClientIP:       "0.0.0.0",
+		ClientNames:    []string{"none"},
+		BlockyInstance: r.instanceID,
 	}
 
 	for _, f := range r.cfg.Fields {
@@ -227,3 +239,19 @@ func (r *QueryLoggingResolver) writeLog(ctx context.Context) {
 		}
 	}
 }
+
+func readInstanceID(file string) (string, error) {
+	// Prefer /etc/hostname over os.Hostname to allow easy differentiation in a Docker Swarm
+	// See details in https://github.com/0xERR0R/blocky/pull/756
+	hn, fErr := os.ReadFile(file)
+	if fErr == nil {
+		return strings.TrimSpace(string(hn)), nil
+	}
+
+	hostname, osErr := os.Hostname()
+	if osErr == nil {
+		return hostname, nil
+	}
+
+	return "", fmt.Errorf("cannot determine instance ID: %w", errors.Join(fErr, osErr))
+}
diff --git a/resolver/query_logging_resolver_test.go b/resolver/query_logging_resolver_test.go
@@ -42,6 +42,7 @@ var _ = Describe("QueryLoggingResolver", func() {
 	var (
 		sut        *QueryLoggingResolver
 		sutConfig  config.QueryLog
+		err        error
 		m          *mockResolver
 		tmpDir     *TmpFolder
 		mockRType  ResponseType
@@ -61,8 +62,6 @@ var _ = Describe("QueryLoggingResolver", func() {
 		ctx, cancelFn = context.WithCancel(context.Background())
 		DeferCleanup(cancelFn)
 
-		var err error
-
 		sutConfig, err = config.WithDefaults[config.QueryLog]()
 		Expect(err).Should(Succeed())
 
@@ -76,7 +75,8 @@ var _ = Describe("QueryLoggingResolver", func() {
 			sutConfig.SetDefaults() // not called when using a struct literal
 		}
 
-		sut = NewQueryLoggingResolver(ctx, sutConfig)
+		sut, err = NewQueryLoggingResolver(ctx, sutConfig)
+		Expect(err).Should(Succeed())
 
 		m = &mockResolver{
 			ResolveFn: func(context.Context, *Request) (*Response, error) {
@@ -441,6 +441,22 @@ var _ = Describe("QueryLoggingResolver", func() {
 			})
 		})
 	})
+
+	Describe("Hostname function tests", func() {
+		It("should use the given file if it exists", func() {
+			expected := "TestName"
+			tmpFile := NewTmpFolder("hostname").CreateStringFile("filetest1", expected+" \n")
+
+			Expect(readInstanceID(tmpFile.Path)).Should(Equal(expected))
+		})
+
+		It("should fallback to os.Hostname", func() {
+			expected, err := os.Hostname()
+			Expect(err).Should(Succeed())
+
+			Expect(readInstanceID("/var/empty/nonexistent")).Should(Equal(expected))
+		})
+	})
 })
 
 func readCsv(file string) ([][]string, error) {

diff --git a/server/http.go b/server/http.go
@@ -0,0 +1,96 @@
+package server
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/cors"
+)
+
+type httpServer struct {
+	inner http.Server
+
+	name string
+}
+
+func newHTTPServer(name string, handler http.Handler) *httpServer {
+	const (
+		readHeaderTimeout = 20 * time.Second
+		readTimeout       = 20 * time.Second
+		writeTimeout      = 20 * time.Second
+	)
+
+	return &httpServer{
+		inner: http.Server{
+			ReadTimeout:       readTimeout,
+			ReadHeaderTimeout: readHeaderTimeout,
+			WriteTimeout:      writeTimeout,
+
+			Handler: withCommonMiddleware(handler),
+		},
+
+		name: name,
+	}
+}
+
+func (s *httpServer) String() string {
+	return s.name
+}
+
+func (s *httpServer) Serve(ctx context.Context, l net.Listener) error {
+	go func() {
+		<-ctx.Done()
+
+		s.inner.Close()
+	}()
+
+	return s.inner.Serve(l)
+}
+
+func withCommonMiddleware(inner http.Handler) *chi.Mux {
+	// Middleware must be defined before routes, so
+	// create a new router and mount the inner handler
+	mux := chi.NewMux()
+
+	mux.Use(
+		secureHeadersMiddleware,
+		newCORSMiddleware(),
+	)
+
+	mux.Mount("/", inner)
+
+	return mux
+}
+
+type httpMiddleware = func(http.Handler) http.Handler
+
+func secureHeadersMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.TLS != nil {
+			w.Header().Set("strict-transport-security", "max-age=63072000")
+			w.Header().Set("x-frame-options", "DENY")
+			w.Header().Set("x-content-type-options", "nosniff")
+			w.Header().Set("x-xss-protection", "1; mode=block")
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
+
+func newCORSMiddleware() httpMiddleware {
+	const corsMaxAge = 5 * time.Minute
+
+	options := cors.Options{
+		AllowCredentials: true,
+		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
+		AllowedMethods:   []string{"GET", "POST"},
+		AllowedOrigins:   []string{"*"},
+		ExposedHeaders:   []string{"Link"},
+		MaxAge:           int(corsMaxAge.Seconds()),
+	}
+
+	return cors.New(options).Handler
+}