parental-control: add procd one shot script

2025-12-28 23:29:17 +08:00 · 2025-02-07 18:54:54 +05:30
4 changed files with 358 additions and 4 deletions
--- a/parental-control/Makefile
+++ b/parental-control/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=parental-control
-PKG_VERSION:=1.0.4
+PKG_VERSION:=1.1.0

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git
-PKG_SOURCE_VERSION:=eea7793e26b52f45f4e47e849894ac3f8cdc3747
+PKG_SOURCE_VERSION:=92006ee45e164b5b1dd75a8047988a277b47bf19
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
--- a/parental-control/files/etc/config/parentalcontrol
+++ b/parental-control/files/etc/config/parentalcontrol
@@ -1,3 +1,93 @@
 config globals 'globals'
-	option enable '0'
-	option loglevel '3'
+    option enable '0'
+    option loglevel '3'
+
+config urlbundle 'urlbundle_1'
+    option enable '0'
+    option name 'Abuse'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt'
+
+config urlbundle 'urlbundle_2'
+    option enable '0'
+    option name 'Ads'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt'
+
+config urlbundle 'urlbundle_3'
+    option enable '0'
+    option name 'Crypto'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt'
+
+config urlbundle 'urlbundle_4'
+    option enable '1'
+    option name 'Drugs'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt'
+
+config urlbundle 'urlbundle_5'
+    option enable '0'
+    option name 'Everything else'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt'
+
+config urlbundle 'urlbundle_6'
+    option enable '1'
+    option name 'Facebook/Instagram'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt'
+
+config urlbundle 'urlbundle_7'
+    option enable '1'
+    option name 'Fraud'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt'
+
+config urlbundle 'urlbundle_8'
+    option enable '1'
+    option name 'Gambling'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt'
+
+config urlbundle 'urlbundle_9'
+    option enable '0'
+    option name 'Malware'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt'
+
+config urlbundle 'urlbundle_10'
+    option enable '1'
+    option name 'Phishing'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt'
+
+config urlbundle 'urlbundle_11'
+    option enable '1'
+    option name 'Piracy'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt'
+
+config urlbundle 'urlbundle_12'
+    option enable '0'
+    option name 'Porn'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt'
+
+config urlbundle 'urlbundle_13'
+    option enable '1'
+    option name 'Ransomware'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt'
+
+config urlbundle 'urlbundle_14'
+    option enable '0'
+    option name 'Redirect'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt'
+
+config urlbundle 'urlbundle_15'
+    option enable '1'
+    option name 'Scam'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt'
+
+config urlbundle 'urlbundle_16'
+    option enable '0'
+    option name 'TikTok'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt'
+
+config urlbundle 'urlbundle_17'
+    option enable '0'
+    option name 'Torrent'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt'
+
+config urlbundle 'urlbundle_18'
+    option enable '0'
+    option name 'Tracking'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt'
--- a/parental-control/files/etc/init.d/parentalcontrol
+++ b/parental-control/files/etc/init.d/parentalcontrol
@@ -5,6 +5,7 @@ STOP=10

 USE_PROCD=1
 PROG=/usr/sbin/urlfilter
+PROG_SCRIPT=/lib/parentalcontrol/sync_bundles.sh

 . /lib/parentalcontrol/parentalcontrol.sh

@@ -58,8 +59,25 @@ start_service() {
 	# add firewall rules
 	configure_fw_rules

+<<<<<<< Updated upstream
 	procd_open_instance parentalcontrol_dm
 	procd_set_param command ${PROG}
+=======
+	# if the router is, for example, upgraded and then it boots up
+	# then /tmp/dhcp.leases will be empty until clients try to get a lease,
+	# in that case, hostnames will not be processed by the daemon,
+	# for this we copy /tmp/dhcp.leases to /etc/parentalcontrol/dhcp.leases
+	# which will be persistent acrros reboots and upgrade where settings are kept
+	# and will be used as a backup in case /tmp/dhcp.leases is empty
+	copy_dhcp_leases
+
+	procd_open_instance "parentalcontrol_bundle_script"
+	procd_set_param command nice -n 10 "${PROG_SCRIPT}"  # Lower priority
+	procd_close_instance
+
+	procd_open_instance "parentalcontrol_dm"
+	procd_set_param command nice -n 10 "${PROG}"  # Lower priority
+>>>>>>> Stashed changes
 	procd_append_param command -l ${loglevel}
 	procd_set_param respawn
 	procd_close_instance
--- a/parental-control/files/lib/parentalcontrol/sync_bundles.sh
+++ b/parental-control/files/lib/parentalcontrol/sync_bundles.sh
@@ -0,0 +1,246 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+# this script handles syncing bundles
+# if its a remote file, then it would be downloaded and placed in bundle_dir
+bundle_dir="/tmp/parentalcontrol/urlbundles"
+stringstore_dir="/etc/parentalcontrol/stringstore"
+bundle_sizes="/tmp/parentalcontrol/bundle_sizes"
+
+# Ensure required directories and files exist
+initialize_environment() {
+	mkdir -p "$bundle_dir"
+	[ ! -f "$bundle_sizes" ] && touch "$bundle_sizes"
+}
+
+# Function to sanitize URLs to avoid code injection and ensure safety
+sanitize_url() {
+	local raw_url="$1"
+	echo "$raw_url" | sed 's/[^a-zA-Z0-9_.:/?-]//g'
+}
+
+update_bundle_file_from_url() {
+	local download_url="$1"
+	local bundle_file_name="$2"
+	local bundle_file_size="$3"
+	local bundle_name="$4"
+	local file_name="$5"
+	local available_memory
+
+	available_memory=$(df "$bundle_dir" | tail -n 1 | awk '{print $(NF-2)}') # Available memory in 1K blocks
+	local needed_blocks=$((bundle_file_size / 1024)) # Convert bundle_file_size to 1K blocks
+	local max_size=$((10 * 1024 * 1024)) # 10MB in bytes
+
+	if [ "$available_memory" -le "$needed_blocks" ]; then
+		logger -p info "Error: Not enough disk space for bundle: ${bundle_name}"
+		return 1
+	fi
+
+	if [ "$bundle_file_size" -gt "$max_size" ]; then
+		logger -p info "update_bundle_file_from_url: Error: File size for ${bundle_name} exceeds 10MB"
+		return 1
+	fi
+
+	# Determine file path
+	local file_path
+	if echo "$download_url" | grep -q "^file://"; then
+		file_path=${download_url#file://}
+	else
+		# Random delay (0-5s) before starting the download
+		local delay=$((RANDOM % 6))
+		logger -p info "update_bundle_file_from_url: Waiting ${delay}s before downloading..."
+		sleep "$delay"
+
+		# Retry logic with exponential backoff
+		local temp_file="${bundle_dir}/tmp_${file_name}"
+		local attempt=1
+		local success=0
+		while [ $attempt -le 3 ]; do
+			wget -q -O "$temp_file" "$download_url"
+			if [ $? -eq 0 ]; then
+				success=1
+				break
+			else
+				logger -p info "update_bundle_file_from_url: Download failed. Retrying..."
+				local backoff=$(( (2 ** attempt) + (RANDOM % 3) )) # Exponential backoff + 0-2s jitter
+				sleep "$backoff"
+			fi
+			((attempt++))
+		done
+
+		if [ $success -ne 1 ]; then
+			logger -p info "update_bundle_file_from_url: Failed to download bundle: ${bundle_name}"
+			rm -f "$temp_file"
+			return 1
+		fi
+		file_path="$temp_file"
+	fi
+
+	# Handle compressed files
+	local final_path="${bundle_dir}/${bundle_file_name}"
+	if [[ "$file_path" =~ \.xz$ ]]; then
+		if ! xz -dc "$file_path" > "$final_path"; then
+			logger -p info "update_bundle_file_from_url: Decompression failed."
+			rm -f "$final_path"
+			return 1
+		fi
+	elif [[ "$file_path" =~ \.gz$ ]]; then
+		if ! gzip -dc "$file_path" > "$final_path"; then
+			logger -p info "update_bundle_file_from_url: Decompression failed."
+			rm -f "$final_path"
+			return 1
+		fi
+	else
+		mv "$file_path" "$final_path"
+	fi
+
+	# file would have lines of the format: 0.0.0.0 www.facebook.com
+	# so we keep only the url part and remove duplicates
+	awk '{print $NF}' "$final_path" | sort -u > "${final_path}_urls"
+
+	# delete unprocessed file
+	logger -p info "deleting $final_path"
+	rm -rf "$final_path"
+
+	# save the processed file path
+	final_path="${final_path}_urls"
+	logger -p info "final_path is $final_path"
+
+	# Update the bundle size and send ubus event
+	logger -p info "sending event for $bundle_file_path"
+	echo "$bundle_file_name $bundle_file_size" >> "$bundle_sizes"
+	ubus send "parentalcontrol.bundle.update" "{\"bundle_file_path\":\"${final_path}\",\"bundle_name\":\"${bundle_name}\"}"
+
+	return 0
+}
+
+handle_download_url() {
+	local raw_download_url="$1"
+	local bundle_name="$2"
+
+	local sanitized_url
+	sanitized_url=$(sanitize_url "$raw_download_url")
+
+	local file_name="${sanitized_url##*/}" # Get everything after the last '/'
+	#file_name="${file_name%.gz}"           # Remove .gz if present
+	#file_name="${file_name%.xz}"           # Remove .xz if present
+
+	local bundle_file_name="${file_name}.urlbundle"
+	local unprocessed_file=0
+	local file_path="${sanitized_url#file://}"
+
+	if echo "$sanitized_url" | grep -q "^http://\|^file://"; then
+		local previous_bundle_size
+		previous_bundle_size=$(grep "^${bundle_file_name} " "$bundle_sizes" | awk '{print $2}')
+
+		# If the URL is HTTP, fetch the file size
+		local bundle_file_size
+		if echo "$sanitized_url" | grep -q "^http://"; then
+			bundle_file_size=$(curl -I "$sanitized_url" 2>&1 | awk '/Content-Length:/ {print $2}' | tail -n 1)
+			[ -z "$bundle_file_size" ] && bundle_file_size=0
+		else
+			# If it's a file:// URL, get the file size from the filesystem
+			bundle_file_size=$(ls -l "$file_path" 2>/dev/null | awk '{print $5}')
+			[ -z "$bundle_file_size" ] && bundle_file_size=0
+		fi
+
+		if [ -n "$previous_bundle_size" ] && [ "$bundle_file_size" -eq "$previous_bundle_size" ]; then
+			return
+		fi
+
+		if echo "$sanitized_url" | grep -q "^file://" && ! echo "$sanitized_url" | grep -Eq "\.(xz|gz)$"; then
+			# the file is not processed and hence not moved if it is a local uncompressed file
+			sed -i "/^${bundle_file_name} /d" "$bundle_sizes"
+			echo "$bundle_file_name $bundle_file_size" >> "$bundle_sizes"
+			ubus send "parentalcontrol.bundle.update" "{\"bundle_file_path\":\"${file_path}\",\"bundle_name\":\"${bundle_name}\"}"
+			return
+		fi
+
+		# Remove existing entries
+		if [ -n "$previous_bundle_size" ]; then
+			sed -i "/^${bundle_file_name} /d" "$bundle_sizes"
+			rm -f "${bundle_dir}/${bundle_file_name}"
+		fi
+
+		update_bundle_file_from_url "$sanitized_url" "$bundle_file_name" "$bundle_file_size" "$bundle_name" "$file_name"
+	else
+		logger -p info "Error: Unsupported URL format for ${bundle_file_name}"
+	fi
+}
+
+cleanup_bundle_files() {
+	dir="$1"
+	[ -d "$dir" ] || return 1
+
+	# Loop through all files in the directory
+	for file in "$dir"/*; do
+		[ -f "$file" ] || continue  # Skip non-files
+
+		# Remove the suffix after the last dot
+		base_name=$(basename "$file")
+		name="${base_name%.*}"  # Removes the last dot and suffix
+
+		# Check if the name is present in any urlbundle section
+		if ! uci show parentalcontrol | grep '.download_url=' | grep -q "$name'"; then
+			echo "Removing stale stringstore: $file"
+			rm -f "$file"
+			if [ "$dir" = "$bundle_dir" ]; then
+				sed -i "/^${file_name} /d" "$bundle_sizes"
+			fi
+		fi
+	done
+}
+
+# Main handler for all profile URL bundles
+handle_filter_for_bundles() {
+	ubus -t 20 wait_for bbfdm.parentalcontrol
+
+	if [ "$?" -ne 0 ]; then
+		logger -p error "bbfdm.parentalcontrol object not found"
+		return
+	fi
+
+	mkdir -p "$stringstore_dir"
+
+	cleanup_bundle_files "$bundle_dir"
+	cleanup_bundle_files "$stringstore_dir"
+
+	config_load parentalcontrol
+
+	config_get_bool enable globals enable 0
+	if [ "${enable}" -eq 0 ]; then
+		# Parental control is disabled
+		return 0
+	fi
+
+	initialize_environment
+
+	local profile enable bundles bundle_name download_url
+
+	check_bundle_exists() {
+		config_get name "$1" name
+		config_get download_url "$1" download_url
+
+		if [ "$name" = "$2" ]; then
+			handle_download_url "$download_url" "$name"
+		fi
+	}
+
+	handle_bundle_from_profile() {
+		local bundle_name="$1"
+
+		config_foreach check_bundle_exists urlbundle "$bundle_name"
+	}
+
+	handle_profile() {
+		config_get_bool enable "$1" enable 0
+		[ "$enable" -ne 1 ] && return
+
+		config_list_foreach "$1" profile_urlbundle handle_bundle_from_profile
+	}
+
+	config_foreach handle_profile profile_urlfilter
+}
+
+handle_filter_for_bundles