Streamline doh headers

serverless-dns · Dec 21, 2021 · a850e52 · amithm7 · Dec 22, 2021 · ignoramous
1 parent 0129245
commit a850e52
Show file tree

Hide file tree

Showing 9 changed files with 227 additions and 171 deletions.
diff --git a/src/command-control/cc.js b/src/command-control/cc.js
@@ -84,7 +84,7 @@ export class CommandControl {
         if (pathSplit.length >= 3) {
           b64UserFlag = pathSplit[2];
         }
-        response.data.httpResponse = configRedirect(          
+        response.data.httpResponse = configRedirect(
           b64UserFlag,
           reqUrl.origin,
           this.latestTimestamp
@@ -103,13 +103,7 @@ export class CommandControl {
       response.isException = true;
       response.exceptionStack = e.stack;
       response.exceptionFrom = "CommandControl commandOperation";
-      response.data.httpResponse = new Response(
-        JSON.stringify(response.exceptionStack),
-      );
-      response.data.httpResponse.headers.set(
-        "Content-Type",
-        "application/json",
-      );
+      response.data.httpResponse = jsonResponse(response.exceptionStack);
     }
     return response;
   }
@@ -144,9 +138,7 @@ function domainNameToList(queryString, blocklistFilter, latestTimestamp) {
     returndata.list = false;
   }
 
-  let response = new Response(JSON.stringify(returndata));
-  response.headers.set("Content-Type", "application/json");
-  return response;
+  return jsonResponse(returndata);
 }
 
 function domainNameToUint(queryString, blocklistFilter) {
@@ -163,9 +155,7 @@ function domainNameToUint(queryString, blocklistFilter) {
     returndata.list = false;
   }
 
-  let response = new Response(JSON.stringify(returndata));
-  response.headers.set("Content-Type", "application/json");
-  return response;
+  return jsonResponse(returndata);
 }
 
 function listToB64(queryString, blocklistFilter) {
@@ -179,9 +169,7 @@ function listToB64(queryString, blocklistFilter) {
     list.split(","),
     flagVersion,
   );
-  let response = new Response(JSON.stringify(returndata));
-  response.headers.set("Content-Type", "application/json");
-  return response;
+  return jsonResponse(returndata);
 }
 
 function b64ToList(queryString, blocklistFilter) {
@@ -200,7 +188,13 @@ function b64ToList(queryString, blocklistFilter) {
   } else {
     returndata.list = "Invalid B64 String";
   }
-  response = new Response(JSON.stringify(returndata));
-  response.headers.set("Content-Type", "application/json");
-  return response;
+  return jsonResponse(returndata);
+}
+
+function jsonResponse(obj) {
+  return new Response(
+    JSON.stringify(obj),
+    { headers : util.jsonHeaders() },
+  );
 }
+
diff --git a/src/dns-operation/dnsAggCache.js b/src/dns-operation/dnsAggCache.js
@@ -41,8 +41,7 @@ export default class DNSAggCache {
       response.isException = true;
       response.exceptionStack = e.stack;
       response.exceptionFrom = "DNSAggCache RethinkModule";
-      console.error("Error At : DNSAggCache -> RethinkModule");
-      console.error(e.stack);
+      console.error("Error At : DNSAggCache -> RethinkModule", e);
     }
     return response;
   }
@@ -65,8 +64,7 @@ export default class DNSAggCache {
         : "").trim().toLowerCase() +
         ":" + response.reqDecodedDnsPacket.questions[0].type;
       let cacheResponse = await getCacheapi(this.wCache, param.request.url, dn);
-      console.debug("Cache Api Response");
-      console.debug(cacheResponse);
+      log.d("Cache Api Response", cacheResponse);
       if (cacheResponse) {
         response.aggCacheResponse = await parseCacheapiResponse(
           cacheResponse,

diff --git a/src/dns-operation/dnsResolver.js b/src/dns-operation/dnsResolver.js
@@ -94,13 +94,14 @@ export default class DNSResolver {
   async resolveFromCache(param) {
     const key = this.cacheKey(param.requestDecodedDnsPacket);
     const qid = param.requestDecodedDnsPacket.id;
+    const url = param.request.url;
 
     if (!key) return null;
 
     let cacheRes = this.resolveFromLocalCache(qid, key);
 
     if (!cacheRes) {
-      cacheRes = await this.resolveFromHttpCache(qid, key);
+      cacheRes = await this.resolveFromHttpCache(qid, url, key);
       this.updateLocalCacheIfNeeded(key, cacheRes);
     }
 
@@ -114,10 +115,10 @@ export default class DNSResolver {
     return this.makeCacheResponse(queryId, cacheRes.dnsPacket, cacheRes.ttlEndTime);
   }
 
-  async resolveFromHttpCache(queryId, key) {
+  async resolveFromHttpCache(queryId, url, key) {
     if (!this.httpCache) return false; // no http-cache
 
-    const hKey = this.httpCacheKey(param.request.url, key);
+    const hKey = this.httpCacheKey(url, key);
     const resp = await this.httpCache.match(hKey);
 
     if (!resp) return false; // cache-miss
@@ -196,19 +197,24 @@ export default class DNSResolver {
 
     const cacheUrl = this.httpCacheKey(param.request.url, k);
     const value = new Response(cacheRes.dnsPacket, {
-      headers: {
-        "Content-Length": cacheRes.dnsPacket.byteLength,
-        "x-rethink-metadata": JSON.stringify(
-          this.httpCacheMetadata(cacheRes, param.blocklistFilter)
-        ),
-      },
-      cf: { cacheTtl: httpCacheTtl },
+      headers: this.httpCacheHeaders(cacheRes, param.blocklistFilter),
     });
 
-    util.dnsHeaders(value);
     param.event.waitUntil(this.httpCache.put(cacheUrl, value));
   }
 
+  httpCacheHeaders(cres, blFilter) {
+    return util.concatHeaders(
+      {
+        "x-rethink-metadata": JSON.stringify(
+          this.httpCacheMetadata(cres, blFilter))
+      },
+      util.contentLengthHeader(cres.dnsPacket),
+      util.dnsHeaders(),
+      { cf: { cacheTtl: httpCacheTtl } },
+    );
+  }
+
   /**
    * @param {Object} param
    * @param {Object} cacheRes
@@ -360,16 +366,16 @@ DNSResolver.prototype.resolveDnsUpstream = async function (
     } else if (request.method === "POST") {
       newRequest = new Request(u.href, {
         method: "POST",
-        headers: {
-          "Content-Length": requestBodyBuffer.byteLength,
-        },
+        headers: util.concatHeaders(
+          util.contentLengthHeader(requestBodyBuffer),
+          util.dnsHeaders(),
+        ),
         body: requestBodyBuffer,
       });
     } else {
       throw new Error("get/post requests only");
     }
 
-    util.dnsHeaders(newRequest);
 
     return this.http2 ? this.doh2(newRequest) : fetch(newRequest);
   } catch (e) {

diff --git a/src/helpers/currentRequest.js b/src/helpers/currentRequest.js
@@ -8,6 +8,7 @@
 
 import { DNSParserWrap as DnsParser } from "../dns-operation/dnsOperation.js";
 import * as dnsutil from "../helpers/dnsutil.js";
+import * as util from "../helpers/util.js";
 
 export default class CurrentRequest {
   constructor() {
@@ -28,25 +29,39 @@ export default class CurrentRequest {
     const singleLog = {};
     singleLog.exceptionFrom = this.exceptionFrom;
     singleLog.exceptionStack = this.exceptionStack;
-    this.httpResponse = new Response(dnsutil.servfail);
-    this.setHeaders();
-    this.httpResponse.headers.set("x-err", JSON.stringify(singleLog));
+    this.httpResponse = new Response(
+      dnsutil.servfail,
+      {
+        headers : util.concatHeaders(
+          this.headers(),
+          this.additionalHeader(JSON.stringify(singleLog)),
+        )
+      },
+    );
   }
 
   customResponse(data) {
-    this.httpResponse = new Response(dnsutil);
-    this.setHeaders();
-    this.httpResponse.headers.set("x-err", JSON.stringify(data));
+    this.httpResponse = new Response(null,
+      {
+        headers : util.concatHeaders(
+          this.headers(),
+          this.additionalHeader(JSON.stringify(data)),
+        )
+      },
+    );
   }
 
   /**
    * @param {ArrayBuffer} arrayBuffer - responseBodyBuffer
    * @returns Web API Response
    */
   dnsResponse(arrayBuffer) {
-    this.httpResponse = new Response(arrayBuffer);
-    this.setHeaders();
+    this.httpResponse = new Response(
+      arrayBuffer,
+      { headers : this.headers() },
+    );
   }
+
   dnsBlockResponse() {
     try {
       this.decodedDnsPacket.type = "response";
@@ -75,8 +90,10 @@ export default class CurrentRequest {
         this.decodedDnsPacket.answers[0].data.svcParams = {};
       }
       this.decodedDnsPacket.authorities = []
-      this.httpResponse = new Response(this.dnsParser.Encode(this.decodedDnsPacket));
-      this.setHeaders();
+      this.httpResponse = new Response(
+        this.dnsParser.Encode(this.decodedDnsPacket),
+        { headers : this.headers() },
+      );
     } catch (e) {
       log.e(JSON.stringify(this.decodedDnsPacket))
       this.isException = true;
@@ -85,17 +102,25 @@ export default class CurrentRequest {
     }
   }
 
-  setHeaders() {
-    this.httpResponse.headers.set("Content-Type", "application/dns-message");
-    this.httpResponse.headers.append("Vary", "Origin");
-    this.httpResponse.headers.delete("expect-ct");
-    this.httpResponse.headers.delete("cf-ray");
-    if(this.isDnsBlock){
-      this.httpResponse.headers.set("x-nile-flags", this.blockedB64Flag);
-    }
-    else if(this.blockedB64Flag !== ""){
-      this.httpResponse.headers.set('x-nile-flag-notblocked', this.blockedB64Flag)
-    }
+  headers() {
+    const xNileFlags = (this.isDnsBlock) ?
+      { "x-nile-flags" : this.blockedB64Flag } : null;
+    const xNileFlagsAllowed = (this.blockedB64Flag) ?
+      { "x-nile-flags-allowed" : this.blockedB64Flag } : null;
+
+    return util.concatHeaders(
+      util.dnsHeaders(),
+      xNileFlags,
+      xNileFlagsAllowed,
+    );
+  }
+
+  additionalHeader(json) {
+    if (!json) return null;
+
+    return {
+      "x-nile-add" : json,
+    };
   }
 
 }

diff --git a/src/helpers/dnsutil.js b/src/helpers/dnsutil.js
@@ -9,6 +9,7 @@
 import { DNSParserWrap as Dns } from "../dns-operation/dnsOperation.js";
 
 // dns packet constants (in bytes)
+// A dns message over TCP stream has a header indicating length.
 export const dnsHeaderSize = 2
 export const dnsPacketHeaderSize = 12
 export const minDNSPacketSize = dnsPacketHeaderSize + 5
@@ -32,9 +33,12 @@ export function truncated(ans) {
 }
 
 export function validResponseSize(r) {
-  return r &&
-    r.byteLength >= minDNSPacketSize &&
-    r.byteLength <= maxDNSPacketSize
+  return r && validateSize(r.byteLength)
+}
+
+export function validateSize(sz) {
+  return sz >= minDNSPacketSize &&
+    sz <= maxDNSPacketSize
 }
 
 export function hasAnswers(packet) {
@@ -57,3 +61,10 @@ export function optAnswer(a) {
   // github.com/serverless-dns/dns-parser/blob/7de73303/index.js#L1770
   return a && a.type && a.type.toUpperCase() === "OPT"
 }
+
+export function dohStatusCode(b) {
+  if (!b || !b.byteLength) return 412
+  if (b.byteLength > maxDNSPacketSize) return 413
+  if (b.byteLength < minDNSPacketSize) return 400
+  return 200
+}
diff --git a/src/helpers/plugin.js b/src/helpers/plugin.js
@@ -14,6 +14,7 @@ import {
   DNSResolver,
   DNSResponseBlock,
 } from "../dns-operation/dnsOperation.js";
+import * as util from "./util.js";
 
 const blocklistWrapper = new BlocklistWrapper();
 const commandControl = new CommandControl();
@@ -34,11 +35,7 @@ export default class RethinkPlugin {
     this.parameter = new Map(envManager.getMap());
     this.registerParameter("request", event.request);
     this.registerParameter("event", event);
-    this.registerParameter(
-      "isDnsMsg",
-      (event.request.headers.get("Accept") == "application/dns-message" ||
-        event.request.headers.get("Content-Type") == "application/dns-message"),
-    );
+    this.registerParameter("isDnsMsg", util.isDnsMsg(event.request));
 
     this.plugin = [];
 
@@ -82,7 +79,12 @@ export default class RethinkPlugin {
     this.registerPlugin(
       "commandControl",
       commandControl,
-      ["request", "blocklistFilter", "latestTimestamp"],
+      [
+        "request",
+        "blocklistFilter",
+        "latestTimestamp",
+        "isDnsMsg",
+      ],
       commandControlCallBack,
       false,
     );
@@ -241,6 +243,7 @@ function dnsAggCacheCallBack(response, currentRequest) {
   if (response.isException) {
     loadException(response, currentRequest);
   } else if (response.data !== null) {
+
     this.registerParameter(
       "requestDecodedDnsPacket",
       response.data.reqDecodedDnsPacket,