Added docker conditional compilation

- Moved docker UX optimization into module
- Added conditional compilation for Windows build
- Added Permission Policy header editor
- Fixed docker container list ui error message bug
This commit is contained in:
Toby Chui 2024-06-17 00:24:24 +08:00
parent dfb81513b1
commit 03974163d4
13 changed files with 334 additions and 120 deletions

View File

@ -215,8 +215,8 @@ func initAPIs() {
}
//Docker UX Optimizations
authRouter.HandleFunc("/api/docker/available", HandleDockerAvailable)
authRouter.HandleFunc("/api/docker/containers", HandleDockerContainersList)
authRouter.HandleFunc("/api/docker/available", DockerUXOptimizer.HandleDockerAvailable)
authRouter.HandleFunc("/api/docker/containers", DockerUXOptimizer.HandleDockerContainersList)
//Others
http.HandleFunc("/api/info/x", HandleZoraxyInfo)

View File

@ -1,84 +0,0 @@
package main
import (
"bufio"
"context"
"encoding/json"
"net/http"
"os"
"os/exec"
"strings"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/client"
"imuslab.com/zoraxy/mod/utils"
)
// IsDockerized checks if the program is running in a Docker container.
func IsDockerized() bool {
// Check for the /proc/1/cgroup file
file, err := os.Open("/proc/1/cgroup")
if err != nil {
return false
}
defer file.Close()
scanner := bufio.NewScanner(file)
for scanner.Scan() {
if strings.Contains(scanner.Text(), "docker") {
return true
}
}
return false
}
// IsDockerInstalled checks if Docker is installed on the host.
func IsDockerInstalled() bool {
_, err := exec.LookPath("docker")
return err == nil
}
// HandleDockerAvaible check if teh docker related functions should be avaible in front-end
func HandleDockerAvailable(w http.ResponseWriter, r *http.Request) {
dockerAvailable := IsDockerized()
js, _ := json.Marshal(dockerAvailable)
utils.SendJSONResponse(w, string(js))
}
// handleDockerContainersList return the current list of docker containers
// currently listening to the same bridge network interface. See PR #202 for details.
func HandleDockerContainersList(w http.ResponseWriter, r *http.Request) {
apiClient, err := client.NewClientWithOpts(client.WithVersion("1.43"))
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
defer apiClient.Close()
containers, err := apiClient.ContainerList(context.Background(), container.ListOptions{All: true})
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
networks, err := apiClient.NetworkList(context.Background(), types.NetworkListOptions{})
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
result := map[string]interface{}{
"network": networks,
"containers": containers,
}
js, err := json.Marshal(result)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
utils.SendJSONResponse(w, string(js))
}

View File

@ -16,6 +16,7 @@ import (
"imuslab.com/zoraxy/mod/acme"
"imuslab.com/zoraxy/mod/auth"
"imuslab.com/zoraxy/mod/database"
"imuslab.com/zoraxy/mod/dockerux"
"imuslab.com/zoraxy/mod/dynamicproxy/redirection"
"imuslab.com/zoraxy/mod/email"
"imuslab.com/zoraxy/mod/forwardproxy"
@ -44,6 +45,7 @@ var allowMdnsScanning = flag.Bool("mdns", true, "Enable mDNS scanner and transpo
var mdnsName = flag.String("mdnsname", "", "mDNS name, leave empty to use default (zoraxy_{node-uuid}.local)")
var ztAuthToken = flag.String("ztauth", "", "ZeroTier authtoken for the local node")
var ztAPIPort = flag.Int("ztport", 9993, "ZeroTier controller API port")
var runningInDocker = flag.Bool("docker", false, "Run Zoraxy in docker compatibility mode")
var acmeAutoRenewInterval = flag.Int("autorenew", 86400, "ACME auto TLS/SSL certificate renew check interval (seconds)")
var enableHighSpeedGeoIPLookup = flag.Bool("fastgeoip", false, "Enable high speed geoip lookup, require 1GB extra memory (Not recommend for low end devices)")
var staticWebServerRoot = flag.String("webroot", "./www", "Static web server root folder. Only allow chnage in start paramters")
@ -86,9 +88,10 @@ var (
forwardProxy *forwardproxy.Handler //HTTP Forward proxy, basically VPN for web browser
//Helper modules
EmailSender *email.Sender //Email sender that handle email sending
AnalyticLoader *analytic.DataLoader //Data loader for Zoraxy Analytic
SystemWideLogger *logger.Logger //Logger for Zoraxy
EmailSender *email.Sender //Email sender that handle email sending
AnalyticLoader *analytic.DataLoader //Data loader for Zoraxy Analytic
DockerUXOptimizer *dockerux.UXOptimizer //Docker user experience optimizer, community contribution only
SystemWideLogger *logger.Logger //Logger for Zoraxy
)
// Kill signal handler. Do something before the system the core terminate.

View File

@ -0,0 +1,60 @@
//go:build !windows
// +build !windows
package dockerux
/* Windows docker optimizer*/
import (
"context"
"encoding/json"
"net/http"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/client"
"imuslab.com/zoraxy/mod/utils"
)
// Windows build not support docker
func (d *UXOptimizer) HandleDockerAvailable(w http.ResponseWriter, r *http.Request) {
js, _ := json.Marshal(d.RunninInDocker)
utils.SendJSONResponse(w, string(js))
}
func (d *UXOptimizer) HandleDockerContainersList(w http.ResponseWriter, r *http.Request) {
apiClient, err := client.NewClientWithOpts(client.WithVersion("1.43"))
if err != nil {
d.SystemWideLogger.PrintAndLog("Docker", "Unable to create new docker client", err)
utils.SendErrorResponse(w, "Docker client initiation failed")
return
}
defer apiClient.Close()
containers, err := apiClient.ContainerList(context.Background(), container.ListOptions{All: true})
if err != nil {
d.SystemWideLogger.PrintAndLog("Docker", "List docker container failed", err)
utils.SendErrorResponse(w, "List docker container failed")
return
}
networks, err := apiClient.NetworkList(context.Background(), types.NetworkListOptions{})
if err != nil {
d.SystemWideLogger.PrintAndLog("Docker", "List docker network failed", err)
utils.SendErrorResponse(w, "List docker network failed")
return
}
result := map[string]interface{}{
"network": networks,
"containers": containers,
}
js, err := json.Marshal(result)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
utils.SendJSONResponse(w, string(js))
}

View File

@ -0,0 +1,32 @@
//go:build windows
// +build windows
package dockerux
/*
Windows docker UX optimizer dummy
This is a dummy module for Windows as docker features
is useless on Windows and create a larger binary size
docker on Windows build are trimmed to reduce binary size
and make it compatibile with Windows 7
*/
import (
"encoding/json"
"net/http"
"imuslab.com/zoraxy/mod/utils"
)
// Windows build not support docker
func (d *UXOptimizer) HandleDockerAvailable(w http.ResponseWriter, r *http.Request) {
js, _ := json.Marshal(d.RunninInDocker)
utils.SendJSONResponse(w, string(js))
}
func (d *UXOptimizer) HandleDockerContainersList(w http.ResponseWriter, r *http.Request) {
utils.SendErrorResponse(w, "Platform not supported")
}

View File

@ -0,0 +1,24 @@
package dockerux
import "imuslab.com/zoraxy/mod/info/logger"
/*
Docker Optimizer
This script add support for optimizing docker user experience
Note that this module are community contribute only. For bug
report, please directly tag the Pull Request author.
*/
type UXOptimizer struct {
RunninInDocker bool
SystemWideLogger *logger.Logger
}
//Create a new docker optimizer
func NewDockerOptimizer(IsRunningInDocker bool, logger *logger.Logger) *UXOptimizer {
return &UXOptimizer{
RunninInDocker: IsRunningInDocker,
SystemWideLogger: logger,
}
}

View File

@ -1,6 +1,10 @@
package dynamicproxy
import "strconv"
import (
"strconv"
"imuslab.com/zoraxy/mod/dynamicproxy/permissionpolicy"
)
/*
CustomHeader.go
@ -9,9 +13,9 @@ import "strconv"
into the dpcore routing logic
*/
//SplitInboundOutboundHeaders split user defined headers into upstream and downstream headers
//return upstream header and downstream header key-value pairs
//if the header is expected to be deleted, the value will be set to empty string
// SplitInboundOutboundHeaders split user defined headers into upstream and downstream headers
// return upstream header and downstream header key-value pairs
// if the header is expected to be deleted, the value will be set to empty string
func (ept *ProxyEndpoint) SplitInboundOutboundHeaders() ([][]string, [][]string) {
if len(ept.UserDefinedHeaders) == 0 {
//Early return if there are no defined headers
@ -52,8 +56,17 @@ func (ept *ProxyEndpoint) SplitInboundOutboundHeaders() ([][]string, [][]string)
}
//Check if the endpoint require Permission Policy
if ept.EnablePermissionPolicyHeader && ept.PermissionPolicy != nil {
downstreamHeaders[downstreamHeaderCounter] = ept.PermissionPolicy.ToKeyValueHeader()
if ept.EnablePermissionPolicyHeader {
var usingPermissionPolicy *permissionpolicy.PermissionsPolicy
if ept.PermissionPolicy != nil {
//Custom permission policy
usingPermissionPolicy = ept.PermissionPolicy
} else {
//Permission policy is enabled but not customized. Use default
usingPermissionPolicy = permissionpolicy.GetDefaultPermissionPolicy()
}
downstreamHeaders[downstreamHeaderCounter] = usingPermissionPolicy.ToKeyValueHeader()
downstreamHeaderCounter++
}

View File

@ -1314,7 +1314,40 @@ func HandlePermissionPolicy(w http.ResponseWriter, r *http.Request) {
utils.SendJSONResponse(w, string(js))
return
} else if r.Method == http.MethodPost {
//Update the enable state of permission policy
enableState, err := utils.PostBool(r, "enable")
if err != nil {
utils.SendErrorResponse(w, "invalid enable state given")
return
}
targetProxyEndpoint.EnablePermissionPolicyHeader = enableState
SaveReverseProxyConfig(targetProxyEndpoint)
targetProxyEndpoint.UpdateToRuntime()
utils.SendOK(w)
return
} else if r.Method == http.MethodPut {
//Store the new permission policy
newPermissionPolicyJSONString, err := utils.PostPara(r, "pp")
if err != nil {
utils.SendErrorResponse(w, "missing pp (permission policy) paramter")
return
}
//Parse the permission policy from JSON string
newPermissionPolicy := permissionpolicy.GetDefaultPermissionPolicy()
err = json.Unmarshal([]byte(newPermissionPolicyJSONString), &newPermissionPolicy)
if err != nil {
utils.SendErrorResponse(w, "permission policy parse error: "+err.Error())
return
}
//Save it to file
targetProxyEndpoint.PermissionPolicy = newPermissionPolicy
SaveReverseProxyConfig(targetProxyEndpoint)
targetProxyEndpoint.UpdateToRuntime()
utils.SendOK(w)
return
}
http.Error(w, "405 - Method not allowed", http.StatusMethodNotAllowed)

View File

@ -4,6 +4,7 @@ import (
"log"
"net/http"
"os"
"runtime"
"strconv"
"strings"
"time"
@ -12,6 +13,7 @@ import (
"imuslab.com/zoraxy/mod/acme"
"imuslab.com/zoraxy/mod/auth"
"imuslab.com/zoraxy/mod/database"
"imuslab.com/zoraxy/mod/dockerux"
"imuslab.com/zoraxy/mod/dynamicproxy/redirection"
"imuslab.com/zoraxy/mod/forwardproxy"
"imuslab.com/zoraxy/mod/ganserv"
@ -269,6 +271,12 @@ func startupSequence() {
log.Fatal(err)
}
/* Docker UX Optimizer */
if runtime.GOOS == "windows" && *runningInDocker {
SystemWideLogger.PrintAndLog("WARNING", "Invalid start flag combination: docker=true && runtime.GOOS == windows. Running in docker UX development mode.", nil)
}
DockerUXOptimizer = dockerux.NewDockerOptimizer(*runningInDocker, SystemWideLogger)
}
// This sequence start after everything is initialized

View File

@ -26,13 +26,11 @@
</div>
<div class="field">
<label>Target IP Address or Domain Name with port</label>
<input type="text" id="proxyDomain" onchange="autoCheckTls(this.value);">
<small>E.g. 192.168.0.101:8000 or example.com</small>
</div>
<div class="field" class="dockerOptimizations" style="display:none;">
<button class="ui basic button" onclick="openDockerContainersList();"><i class="blue docker icon"></i> Pick from Docker Containers</button>
<div class="field dockerOptimizations" style="display:none;">
<button style="margin-top: -2em;" class="ui basic small button" onclick="openDockerContainersList();"><i class="blue docker icon"></i> Pick from Docker Containers</button>
</div>
<div class="field">
<div class="ui checkbox">
@ -433,13 +431,16 @@
}
/* Docker Optimizations */
$("/api/docker/available", function(dockerAvailable){
if (dockerAvailable){
$(".dockerOptimizations").show();
}else{
$(".dockerOptimizations").hide();
}
})
function initDockerUXOptimizations(){
$.get("/api/docker/available", function(dockerAvailable){
if (dockerAvailable){
$(".dockerOptimizations").show();
}else{
$(".dockerOptimizations").hide();
}
});
}
initDockerUXOptimizations();
function openDockerContainersList(){
showSideWrapper('snippet/dockerContainersList.html');

View File

@ -114,7 +114,7 @@
min-height:40px;
}
}
</style>
</head>
<body>

View File

@ -16,6 +16,10 @@
pointer-events: none;
user-select: none;
}
#permissionPolicyEditor .experimental{
background-color: rgb(241, 241, 241);
}
</style>
</head>
<body>
@ -105,16 +109,14 @@
</tr></thead>
<tbody id="permissionPolicyEditTable">
<tr>
<td>James</td>
<td>24</td>
<td>Engineer</td>
<td>Engineer</td>
<td colspan="4"><i class="ui loading spinner icon"></i> Generating</td>
</tr>
</tbody>
</table>
</div>
<br>
<button class="ui basic button"><i class="green save icon"></i> Save</button>
<small><i class="ui yellow exclamation triangle icon"></i> Grey out fields are non-standard permission policies</small>
<br><br>
<button class="ui basic button" onclick="savePermissionPolicy();"><i class="green save icon"></i> Save</button>
</div>
<div class="field" >
@ -126,6 +128,7 @@
<script>
$('.menu .item').tab();
let permissionPolicyKeys = [];
let editingEndpoint = {};
if (window.location.hash.length > 1){
@ -331,6 +334,33 @@
}
initHSTSState();
//Return true if this is an proposed permission policy feature
function isExperimentalFeature(header) {
// List of experimental features
const experimentalFeatures = [
"clipboard-read",
"clipboard-write",
"gamepad",
"speaker-selection",
"conversion-measurement",
"focus-without-user-activation",
"hid",
"idle-detection",
"interest-cohort",
"serial",
"sync-script",
"trust-token-redemption",
"unload",
"window-placement",
"vertical-scroll"
];
header = header.replaceAll("_","-");
// Check if the header is in the list of experimental features
return experimentalFeatures.includes(header);
}
/* List permission policy header from server */
function initPermissionPolicy(){
$.get("/api/proxy/header/handlePermissionPolicy?domain=" + editingEndpoint.ep, function(data){
@ -340,7 +370,7 @@
return;
}
//Set checkbox state
//Set checkbox initial state
if (data.PPEnabled){
$("#enablePP").parent().checkbox("set checked");
$("#permissionPolicyEditor").removeClass("disabled");
@ -349,6 +379,33 @@
$("#permissionPolicyEditor").addClass("disabled");
}
//Bind toggle change events
$("#enablePP").on("change", function(evt){
//Set checkbox state
let ppEnabled = $("#enablePP")[0].checked;
if (ppEnabled){
$("#permissionPolicyEditor").removeClass("disabled");
}else{
$("#permissionPolicyEditor").addClass("disabled");
}
$.ajax({
url: "/api/proxy/header/handlePermissionPolicy",
method: "POST",
data: {
enable: ppEnabled,
domain: editingEndpoint.ep
},
success: function(data){
if (data.error != undefined){
parent.msgbox(data.error, false);
}else{
parent.msgbox(`Permission Policy ${ppEnabled?"Enabled":"Disabled"}`)
}
}
})
});
//Render the table to list
$("#permissionPolicyEditTable").html("");
for (const [key, value] of Object.entries(data.CurrentPolicy)) {
@ -363,9 +420,12 @@
if (value.length == 0){
enabled = ""
allowall = "checked"; //default state
}
$("#permissionPolicyEditTable").append(`<tr>
<td>${key}</td>
let isExperimental = isExperimentalFeature(key);
$("#permissionPolicyEditTable").append(`<tr class="${isExperimental?"experimental":""}">
<td>${key.replaceAll("_","-")}</td>
<td>
<div class="ui checkbox">
<input class="enabled" type="checkbox" name="${key}" ${enabled}>
@ -373,22 +433,84 @@
</div>
</td>
<td>
<div class="ui radio checkbox">
<input type="radio" value="all" name="${key}-target" ${allowall}>
<div class="ui radio checkbox targetinput ${!enabled?"disabled":""}">
<input type="radio" value="all" name="${key}-target" ${allowall} ${!enabled?"disabled=\"\"":""}>
<label></label>
</div>
</td>
<td>
<div class="ui radio checkbox">
<input type="radio" value="self" name="${key}-target" ${allowself}>
<div class="ui radio checkbox targetinput ${!enabled?"disabled":""}">
<input type="radio" value="self" name="${key}-target" ${allowself} ${!enabled?"disabled=\"\"":""}>
<label></label>
</div>
</td>
</tr>`);
permissionPolicyKeys.push(key);
}
$("#permissionPolicyEditTable .enabled").on("change", function(){
console.log($(this)[0].checked);
let fieldGroup = $(this).parent().parent().parent();
if ($(this)[0].checked){
fieldGroup.find(".targetinput").removeClass("disabled");
fieldGroup.find("input[type=radio]").prop('disabled', false);
}else{
fieldGroup.find(".targetinput").addClass("disabled");
fieldGroup.find("input[type=radio]").prop('disabled', true);
}
})
});
}
initPermissionPolicy();
//Generate the permission policy object for sending to backend
function generatePermissionPolicyObject(){
function getStructuredFieldValueFromDOM(fieldKey){
var policyTarget = $(`#permissionPolicyEditTable input[name="${fieldKey}-target"]:checked`).val();
var isPolicyEnabled = $(`#permissionPolicyEditTable input[name="${fieldKey}"]`).is(':checked');
if (!isPolicyEnabled){
return [];
}
if (policyTarget == "all"){
//Rewrite all to correct syntax
policyTarget = "*";
}
return [policyTarget];
}
let newPermissionPolicyKeyValuePair = {};
permissionPolicyKeys.forEach(policyKey => {
newPermissionPolicyKeyValuePair[policyKey] = getStructuredFieldValueFromDOM(policyKey);
});
console.log(newPermissionPolicyKeyValuePair);
return newPermissionPolicyKeyValuePair;
}
//Handle saving of permission policy
function savePermissionPolicy(){
let permissionPolicy = generatePermissionPolicyObject();
let domain = editingEndpoint.ep;
$.ajax({
url: "/api/proxy/header/handlePermissionPolicy",
method: "PUT",
data: {
"domain": domain,
"pp": JSON.stringify(permissionPolicy),
},
success: function(data){
if (data.error != undefined){
parent.msgbox(data.error, false);
}else{
parent.msgbox("Permission Policy Updated");
}
}
})
}
</script>
</body>
</html>

View File

@ -118,9 +118,11 @@
`Error loading data: ${dockerData.error || hostData.error}`,
false
);
$("#containersList").html(`<div class="ui basic segment"><i class="ui red times icon"></i> ${dockerData.error || hostData.error}</div>`);
}
})
.catch((error) => {
console.log(error.responseText);
parent.msgbox("Error loading data: " + error.message, false);
});
}