From c325552af4f3c9cbb47cc277b8b7497d5e10dcf2 Mon Sep 17 00:00:00 2001
From: Stan Grishin <stangri@melmac.net>
Date: Tue, 8 Oct 2019 09:36:25 -0700
Subject: [PATCH] luci-app-https_dns_proxy: bugfix: subnet address datatype,
 add DNS.SB provider

Signed-off-by: Stan Grishin <stangri@melmac.net>
---
 .../luci-app-https_dns_proxy/Makefile         |   2 +-
 .../luasrc/model/cbi/https_dns_proxy.lua      | 126 +++++++++++++-----
 2 files changed, 95 insertions(+), 33 deletions(-)

diff --git a/applications/luci-app-https_dns_proxy/Makefile b/applications/luci-app-https_dns_proxy/Makefile
index 7af2d1d10..09ee8a3a9 100644
--- a/applications/luci-app-https_dns_proxy/Makefile
+++ b/applications/luci-app-https_dns_proxy/Makefile
@@ -10,7 +10,7 @@ LUCI_TITLE:=HTTPS DNS Proxy Web UI
 LUCI_DESCRIPTION:=Provides Web UI for HTTPS DNS Proxy
 LUCI_DEPENDS:=+luci-mod-admin-full +https_dns_proxy
 LUCI_PKGARCH:=all
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 include ../../luci.mk
 
diff --git a/applications/luci-app-https_dns_proxy/luasrc/model/cbi/https_dns_proxy.lua b/applications/luci-app-https_dns_proxy/luasrc/model/cbi/https_dns_proxy.lua
index 2cc9f303c..17ce610ea 100644
--- a/applications/luci-app-https_dns_proxy/luasrc/model/cbi/https_dns_proxy.lua
+++ b/applications/luci-app-https_dns_proxy/luasrc/model/cbi/https_dns_proxy.lua
@@ -1,4 +1,6 @@
 local uci = require("luci.model.uci").cursor()
+local dispatcher = require("luci.dispatcher")
+
 function uci_del_list(conf, sect, opt, value)
   local lval = uci:get(conf, sect, opt)
   if lval == nil or lval == "" then
@@ -40,37 +42,96 @@ end
 m = Map("https_dns_proxy", translate("HTTPS DNS Proxy Settings"))
 m.template="cbi/map"
 
-s3 = m:section(TypedSection, "https_dns_proxy", translate("Instances"))
+s3 = m:section(TypedSection, "https_dns_proxy", translate("Instances"), translate("When you add/remove any instances below, they will be used to override the 'DNS forwardings' section of ")
+		.. [[ <a href="]] .. dispatcher.build_url("admin/network/dhcp") .. [[">]]
+    .. translate("DHCP and DNS") .. [[</a>]] .. "."
+--    .. "</br>"
+--    .. translate("For more information on different options check ")
+--		.. [[ <a href="https://adguard.com/en/adguard-dns/overview.html#instruction">]]
+--    .. "AdGuard.com" .. [[</a>]] .. ", "
+--		.. [[ <a href="https://cleanbrowsing.org/guides/dnsoverhttps">]]
+--    .. "CleanBrowsing.org" .. [[</a>]] .. " " .. translate("and") .. " "
+--		.. [[ <a href="https://www.quad9.net/doh-quad9-dns-servers/">]]
+--    .. "Quad9.net" .. [[</a>]] .. "."
+    )
 s3.template = "cbi/tblsection"
 s3.sortable  = false
 s3.anonymous = true
 s3.addremove = true
 
-local n = 0
-uci:foreach("https_dns_proxy", "https_dns_proxy", function(s)
-    if s[".name"] == section then
-        return false
-    end
-    n = n + 1
-end)
-
 prov = s3:option(ListValue, "url_prefix", translate("Provider"))
-prov:value("https://cloudflare-dns.com/dns-query?ct=application/dns-json&","Cloudflare")
-prov:value("https://dns.google.com/resolve?","Google")
+-- prov:value("https://dns.adguard.com/dns-query?", "AdGuard (Standard)")
+-- prov:value("https://dns-family.adguard.com/dns-query?", "AdGuard (Family Protection)")
+-- prov:value("https://doh.cleanbrowsing.org/doh/security-filter/?ct&", "CleanBrowsing (Security Filter)")
+-- prov:value("https://doh.cleanbrowsing.org/doh/family-filter/?ct&", "CleanBrowsing (Family Filter)")
+-- prov:value("https://doh.cleanbrowsing.org/doh/adult-filter/?ct&", "CleanBrowsing (Adult Filter)")
+prov:value("https://cloudflare-dns.com/dns-query?ct=application/dns-json&", "Cloudflare")
+-- prov:value("https://dns.digitale-gesellschaft.ch/dns-query?", "Digitale Gesellschaft (ch)")
+prov:value("https://doh.dns.sb/dns-query?", "DNS.SB")
+prov:value("https://dns.google.com/resolve?", "Google")
+-- prov:value("https://odvr.nic.cz/doh?", "ODVR (nic.cz)")
+-- prov:value("https://dns.quad9.net:5053/dns-query?", "Quad9 (Recommended)")
+-- prov:value("https://dns9.quad9.net:5053/dns-query?", "Quad9 (Secured)")
+-- prov:value("https://dns10.quad9.net:5053/dns-query?", "Quad9 (Unsecured)")
+-- prov:value("https://dns11.quad9.net:5053/dns-query?", "Quad9 (Secured with ECS Support)")
+prov.default = "https://dns.google.com/resolve?"
+prov.forcewrite = true
 prov.write = function(self, section, value)
+  if not value then return end
+  local n = 0
+  uci:foreach("https_dns_proxy", "https_dns_proxy", function(s)
+      if s[".name"] == section then
+          return false
+      end
+      n = n + 1
+  end)
   local la_val = la:formvalue(section)
   local lp_val = lp:formvalue(section)
-  if not la_val then la_val = "127.0.0.1" end
-  if not lp_val then lp_val = n + 5053 end
-  if value and value:match("cloudflare") then
+  if not la_val or la_val == "" then la_val = "127.0.0.1" end
+  if not lp_val or lp_val == "" then lp_val = n + 5053 end
+  if value:match("dns\.adguard") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "176.103.130.130,176.103.130.131")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://dns.adguard.com/dns-query?ct&")
+  elseif value:match("family\.adguard") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "176.103.130.132,176.103.130.134")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://dns-family.adguard.com/dns-query?ct&")
+  elseif value:match("cleanbrowsing\.org/doh/security") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "185.228.168.168")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://doh.cleanbrowsing.org/doh/security-filter/?ct&")
+  elseif value:match("cleanbrowsing\.org/doh/family") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "185.228.168.168")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://doh.cleanbrowsing.org/doh/family-filter/?ct&")
+  elseif value:match("cleanbrowsing\.org/doh/adult") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "185.228.168.168")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://doh.cleanbrowsing.org/doh/adult-filter/?ct&")
+  elseif value:match("cloudflare") then
     uci:set("https_dns_proxy", section, "bootstrap_dns", "1.1.1.1,1.0.0.1")
     uci:set("https_dns_proxy", section, "url_prefix", "https://cloudflare-dns.com/dns-query?ct=application/dns-json&")
-  else
+  elseif value:match("gesellschaft\.ch") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "185.95.218.42,185.95.218.43")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://dns.digitale-gesellschaft.ch/dns-query?")
+  elseif value:match("dns\.sb") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "185.222.222.222,185.184.222.222")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://doh.dns.sb/dns-query?")
+  elseif value:match("google") then
     uci:set("https_dns_proxy", section, "bootstrap_dns", "8.8.8.8,8.8.4.4")
     uci:set("https_dns_proxy", section, "url_prefix", "https://dns.google.com/resolve?")
+  elseif value:match("odvr\.nic\.cz") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "193.17.47.1,185.43.135.1")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://odvr.nic.cz/doh?")
+  elseif value:match("dns\.quad9") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "9.9.9.9,149.112.112.112")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://dns.quad9.net:5053/dns-query?")
+  elseif value:match("dns9\.quad9") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "9.9.9.9,149.112.112.9")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://dns9.quad9.net:5053/dns-query?")
+  elseif value:match("dns10\.quad9") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "9.9.9.10,149.112.112.10")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://dns10.quad9.net:5053/dns-query?")
+  elseif value:match("dns11\.quad9") then
+    uci:set("https_dns_proxy", section, "bootstrap_dns", "9.9.9.11,149.112.112.11")
+    uci:set("https_dns_proxy", section, "url_prefix", "https://dns11.quad9.net:5053/dns-query?")
   end
-  uci:set("https_dns_proxy", section, "user", "nobody")
-  uci:set("https_dns_proxy", section, "group", "nogroup")
   uci:save("https_dns_proxy")
   if n == 0 then
     uci:delete("dhcp", "@dnsmasq[0]", "server")
@@ -81,27 +142,28 @@ prov.write = function(self, section, value)
 end
 
 la = s3:option(Value, "listen_addr", translate("Listen address"))
-la.value   = "127.0.0.1"
-la.rmempty = true
+la.datatype    = "host"
+la.placeholder = "127.0.0.1"
+la.rmempty     = true
+
+local n = 0
+uci:foreach("https_dns_proxy", "https_dns_proxy", function(s)
+    if s[".name"] == section then
+        return false
+    end
+    n = n + 1
+end)
 
 lp = s3:option(Value, "listen_port", translate("Listen port"))
-lp.datatype    = "port"
-lp.value       = n + 5053
-lp.write = function(self, section, value)
-  if not value then
-    uci:set("https_dns_proxy", section, "listen_port", n + 5053)
-  else
-    uci:set("https_dns_proxy", section, "listen_port", value)
-  end
-  uci:save("https_dns_proxy")
-end
+lp.datatype = "port"
+lp.value    = n + 5053
 
 sa = s3:option(Value, "subnet_addr", translate("Subnet address"))
-sa.datatype = "ip4prefix"
+sa.datatype = "host"
 sa.rmempty  = true
 
 ps = s3:option(Value, "proxy_server", translate("Proxy server"))
-ps.datatype = "or(ipaddr,hostname)"
-ps.rmempty = true
+ps.datatype = "host"
+ps.rmempty  = true
 
 return m
-- 
2.25.1