From 7702f2f74cc4a48362083693ba893938140bbfc6 Mon Sep 17 00:00:00 2001 From: Nethius Date: Thu, 15 May 2025 21:34:48 +0800 Subject: [PATCH] bugfix: adding gateway to exceptions only if strict killswitch is enabled (#1585) --- client/core/controllers/gatewayController.cpp | 19 +++++++++------ client/core/controllers/gatewayController.h | 4 +++- .../controllers/api/apiConfigsController.cpp | 24 ++++++++++++------- .../api/apiPremV1MigrationController.cpp | 12 ++++++---- .../controllers/api/apiSettingsController.cpp | 3 ++- 5 files changed, 41 insertions(+), 21 deletions(-) diff --git a/client/core/controllers/gatewayController.cpp b/client/core/controllers/gatewayController.cpp index 0d86b9d5..9a7ee6e5 100644 --- a/client/core/controllers/gatewayController.cpp +++ b/client/core/controllers/gatewayController.cpp @@ -14,8 +14,8 @@ #include "amnezia_application.h" #include "core/api/apiUtils.h" -#include "utilities.h" #include "core/networkUtilities.h" +#include "utilities.h" #ifdef AMNEZIA_DESKTOP #include "core/ipcclient.h" @@ -38,8 +38,13 @@ namespace constexpr QLatin1String errorResponsePattern3("Account not found."); } -GatewayController::GatewayController(const QString &gatewayEndpoint, bool isDevEnvironment, int requestTimeoutMsecs, QObject *parent) - : QObject(parent), m_gatewayEndpoint(gatewayEndpoint), m_isDevEnvironment(isDevEnvironment), m_requestTimeoutMsecs(requestTimeoutMsecs) +GatewayController::GatewayController(const QString &gatewayEndpoint, const bool isDevEnvironment, const int requestTimeoutMsecs, + const bool isStrictKillSwitchEnabled, QObject *parent) + : QObject(parent), + m_gatewayEndpoint(gatewayEndpoint), + m_isDevEnvironment(isDevEnvironment), + m_requestTimeoutMsecs(requestTimeoutMsecs), + m_isStrictKillSwitchEnabled(isStrictKillSwitchEnabled) { } @@ -58,11 +63,11 @@ ErrorCode GatewayController::get(const QString &endpoint, QByteArray &responseBo // bypass killSwitch exceptions for API-gateway #ifdef AMNEZIA_DESKTOP - { + if (m_isStrictKillSwitchEnabled) { QString host = QUrl(request.url()).host(); QString ip = NetworkUtilities::getIPAddress(host); if (!ip.isEmpty()) { - IpcClient::Interface()->addKillSwitchAllowedRange(QStringList{ip}); + IpcClient::Interface()->addKillSwitchAllowedRange(QStringList { ip }); } } #endif @@ -120,11 +125,11 @@ ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject api // bypass killSwitch exceptions for API-gateway #ifdef AMNEZIA_DESKTOP - { + if (m_isStrictKillSwitchEnabled) { QString host = QUrl(request.url()).host(); QString ip = NetworkUtilities::getIPAddress(host); if (!ip.isEmpty()) { - IpcClient::Interface()->addKillSwitchAllowedRange(QStringList{ip}); + IpcClient::Interface()->addKillSwitchAllowedRange(QStringList { ip }); } } #endif diff --git a/client/core/controllers/gatewayController.h b/client/core/controllers/gatewayController.h index 45d989f0..9f91df53 100644 --- a/client/core/controllers/gatewayController.h +++ b/client/core/controllers/gatewayController.h @@ -15,7 +15,8 @@ class GatewayController : public QObject Q_OBJECT public: - explicit GatewayController(const QString &gatewayEndpoint, bool isDevEnvironment, int requestTimeoutMsecs, QObject *parent = nullptr); + explicit GatewayController(const QString &gatewayEndpoint, const bool isDevEnvironment, const int requestTimeoutMsecs, + const bool isStrictKillSwitchEnabled, QObject *parent = nullptr); amnezia::ErrorCode get(const QString &endpoint, QByteArray &responseBody); amnezia::ErrorCode post(const QString &endpoint, const QJsonObject apiPayload, QByteArray &responseBody); @@ -30,6 +31,7 @@ private: int m_requestTimeoutMsecs; QString m_gatewayEndpoint; bool m_isDevEnvironment = false; + bool m_isStrictKillSwitchEnabled = false; }; #endif // GATEWAYCONTROLLER_H diff --git a/client/ui/controllers/api/apiConfigsController.cpp b/client/ui/controllers/api/apiConfigsController.cpp index 74e22a85..21d371bb 100644 --- a/client/ui/controllers/api/apiConfigsController.cpp +++ b/client/ui/controllers/api/apiConfigsController.cpp @@ -63,7 +63,8 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode, return false; } - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex()); auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject(); @@ -94,7 +95,8 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode, bool ApiConfigsController::revokeNativeConfig(const QString &serverCountryCode) { - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex()); auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject(); @@ -140,7 +142,8 @@ void ApiConfigsController::copyVpnKeyToClipboard() bool ApiConfigsController::fillAvailableServices() { - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); QJsonObject apiPayload; apiPayload[configKey::osVersion] = QSysInfo::productType(); @@ -171,7 +174,8 @@ bool ApiConfigsController::importServiceFromGateway() return false; } - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); auto installationUuid = m_settings->getInstallationUuid(true); auto userCountryCode = m_apiServicesModel->getCountryCode(); @@ -211,7 +215,8 @@ bool ApiConfigsController::importServiceFromGateway() bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const QString &newCountryCode, const QString &newCountryName, bool reloadServiceConfig) { - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); auto serverConfig = m_serversModel->getServerConfig(serverIndex); auto apiConfig = serverConfig.value(configKey::apiConfig).toObject(); @@ -274,7 +279,8 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex) QThread::msleep(10); #endif - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); auto serverConfig = m_serversModel->getServerConfig(serverIndex); auto installationUuid = m_settings->getInstallationUuid(true); @@ -304,7 +310,8 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex) bool ApiConfigsController::deactivateDevice() { - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); auto serverIndex = m_serversModel->getProcessedServerIndex(); auto serverConfigObject = m_serversModel->getServerConfig(serverIndex); @@ -339,7 +346,8 @@ bool ApiConfigsController::deactivateDevice() bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const QString &serverCountryCode) { - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); auto serverIndex = m_serversModel->getProcessedServerIndex(); auto serverConfigObject = m_serversModel->getServerConfig(serverIndex); diff --git a/client/ui/controllers/api/apiPremV1MigrationController.cpp b/client/ui/controllers/api/apiPremV1MigrationController.cpp index 0a9b6139..7b0ff100 100644 --- a/client/ui/controllers/api/apiPremV1MigrationController.cpp +++ b/client/ui/controllers/api/apiPremV1MigrationController.cpp @@ -29,7 +29,8 @@ bool ApiPremV1MigrationController::hasConfigsToMigration() vpnKeys.append(vpnKey); } - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); QJsonObject apiPayload; apiPayload["configs"] = vpnKeys; @@ -48,7 +49,8 @@ bool ApiPremV1MigrationController::hasConfigsToMigration() void ApiPremV1MigrationController::getSubscriptionList(const QString &email) { - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); QJsonObject apiPayload; apiPayload[apiDefs::key::email] = email; @@ -80,7 +82,8 @@ void ApiPremV1MigrationController::sendMigrationCode(const int subscriptionIndex QTimer::singleShot(1000, &wait, &QEventLoop::quit); wait.exec(); - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); QJsonObject apiPayload; apiPayload[apiDefs::key::email] = m_email; @@ -97,7 +100,8 @@ void ApiPremV1MigrationController::sendMigrationCode(const int subscriptionIndex void ApiPremV1MigrationController::migrate(const QString &migrationCode) { - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); QJsonObject apiPayload; apiPayload[apiDefs::key::email] = m_email; diff --git a/client/ui/controllers/api/apiSettingsController.cpp b/client/ui/controllers/api/apiSettingsController.cpp index 8927312d..b5da751d 100644 --- a/client/ui/controllers/api/apiSettingsController.cpp +++ b/client/ui/controllers/api/apiSettingsController.cpp @@ -48,7 +48,8 @@ bool ApiSettingsController::getAccountInfo(bool reload) wait.exec(); } - GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), requestTimeoutMsecs); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), requestTimeoutMsecs, + m_settings->isStrictKillSwitchEnabled()); auto processedIndex = m_serversModel->getProcessedServerIndex(); auto serverConfig = m_serversModel->getServerConfig(processedIndex);