macblock 0.2.1__py3-none-any.whl

macblock/__init__.py

@@ -0,0 +1,8 @@
+from importlib.metadata import PackageNotFoundError, version
+
+try:
+    __version__ = version("macblock")
+except PackageNotFoundError:
+    __version__ = "0.0.0"
+
+__all__ = ["__version__"]

macblock/__main__.py

@@ -0,0 +1,4 @@
+from macblock.cli import main
+
+if __name__ == "__main__":
+    raise SystemExit(main())

macblock/blocklists.py

@@ -0,0 +1,260 @@
+from __future__ import annotations
+
+import hashlib
+import re
+import urllib.request
+from pathlib import Path
+
+from macblock.constants import (
+    APP_LABEL,
+    DEFAULT_BLOCKLIST_SOURCE,
+    SYSTEM_BLACKLIST_FILE,
+    SYSTEM_BLOCKLIST_FILE,
+    SYSTEM_RAW_BLOCKLIST_FILE,
+    SYSTEM_STATE_FILE,
+    SYSTEM_WHITELIST_FILE,
+    VAR_DB_DNSMASQ_PID,
+    BLOCKLIST_SOURCES,
+)
+from macblock.launchd import kickstart, service_exists
+from macblock.errors import MacblockError
+from macblock.exec import run
+from macblock.fs import atomic_write_text
+from macblock.state import load_state, replace_state, save_state_atomic
+from macblock.ui import (
+    dim,
+    green,
+    result_success,
+    Spinner,
+    step_done,
+    SYMBOL_ACTIVE,
+)
+
+
+_domain_re = re.compile(
+    r"^[a-z0-9](?:[a-z0-9-]*[a-z0-9])?(?:\.[a-z0-9](?:[a-z0-9-]*[a-z0-9])?)*$",
+    re.IGNORECASE,
+)
+
+
+def normalize_domain(domain: str) -> str:
+    d = domain.strip().lower().strip(".")
+    if not d:
+        raise MacblockError("invalid domain")
+    if not _domain_re.match(d):
+        raise MacblockError("invalid domain")
+    return d
+
+
+def _read_lines(path: Path) -> list[str]:
+    if not path.exists():
+        return []
+    out: list[str] = []
+    for line in path.read_text(encoding="utf-8").splitlines():
+        s = line.strip()
+        if not s or s.startswith("#"):
+            continue
+        out.append(s)
+    return out
+
+
+def _parse_hosts_domains(text: str) -> set[str]:
+    domains: set[str] = set()
+
+    for raw_line in text.splitlines():
+        line = raw_line.strip()
+        if not line or line.startswith("#"):
+            continue
+        if "#" in line:
+            line = line.split("#", 1)[0].strip()
+        parts = line.split()
+        if len(parts) < 2:
+            continue
+
+        for token in parts[1:]:
+            try:
+                d = normalize_domain(token)
+            except MacblockError:
+                continue
+            if d in {"localhost", "localhost.localdomain"}:
+                continue
+            domains.add(d)
+
+    return domains
+
+
+def compile_blocklist(
+    raw_path: Path, whitelist_path: Path, blacklist_path: Path, out_path: Path
+) -> int:
+    raw = raw_path.read_text(encoding="utf-8") if raw_path.exists() else ""
+    base = _parse_hosts_domains(raw)
+
+    allow = {normalize_domain(x) for x in _read_lines(whitelist_path)}
+    deny = {normalize_domain(x) for x in _read_lines(blacklist_path)}
+
+    final = (base - allow) | deny
+
+    lines = [f"server=/{d}/" for d in sorted(final)]
+    atomic_write_text(out_path, "\n".join(lines) + ("\n" if lines else ""), mode=0o644)
+
+    return len(final)
+
+
+_MAX_BLOCKLIST_BYTES = 20 * 1024 * 1024
+
+
+def _download(url: str, *, expected_sha256: str | None = None) -> str:
+    req = urllib.request.Request(
+        url,
+        headers={"User-Agent": "macblock/0.0.0"},
+    )
+
+    hasher = hashlib.sha256()
+    chunks: list[bytes] = []
+    total = 0
+
+    with urllib.request.urlopen(req, timeout=30) as resp:
+        while True:
+            chunk = resp.read(64 * 1024)
+            if not chunk:
+                break
+            total += len(chunk)
+            if total > _MAX_BLOCKLIST_BYTES:
+                raise MacblockError(
+                    f"blocklist too large (>{_MAX_BLOCKLIST_BYTES} bytes)"
+                )
+            hasher.update(chunk)
+            chunks.append(chunk)
+
+    if expected_sha256 is not None:
+        expected = expected_sha256.strip().lower()
+        actual = hasher.hexdigest()
+        if expected != actual:
+            raise MacblockError(f"sha256 mismatch: expected {expected}, got {actual}")
+
+    return b"".join(chunks).decode("utf-8", errors="replace")
+
+
+def reload_dnsmasq() -> None:
+    label = f"{APP_LABEL}.dnsmasq"
+    if service_exists(label):
+        kickstart(label)
+        return
+
+    if VAR_DB_DNSMASQ_PID.exists():
+        try:
+            pid = int(VAR_DB_DNSMASQ_PID.read_text(encoding="utf-8").strip())
+        except Exception:
+            pid = 0
+        if pid > 1:
+            run(["/bin/kill", "-HUP", str(pid)])
+
+
+def list_blocklist_sources() -> int:
+    st = load_state(SYSTEM_STATE_FILE)
+    current = st.blocklist_source or DEFAULT_BLOCKLIST_SOURCE
+
+    print()
+    for key in sorted(BLOCKLIST_SOURCES.keys()):
+        if key == current:
+            print(
+                f"  {green(SYMBOL_ACTIVE)} {green(key)} - {BLOCKLIST_SOURCES[key]['name']}"
+            )
+        else:
+            print(f"    {key} - {dim(str(BLOCKLIST_SOURCES[key]['name']))}")
+    print()
+
+    return 0
+
+
+def set_blocklist_source(source: str) -> int:
+    src = source.strip()
+
+    if not src:
+        raise MacblockError("source is required")
+
+    if not (src.startswith("https://") or src in BLOCKLIST_SOURCES):
+        raise MacblockError("unknown source")
+
+    st = load_state(SYSTEM_STATE_FILE)
+    save_state_atomic(
+        SYSTEM_STATE_FILE,
+        replace_state(st, blocklist_source=src),
+    )
+
+    step_done(f"Blocklist source set to {src}")
+    print()
+    return 0
+
+
+def update_blocklist(source: str | None = None, sha256: str | None = None) -> int:
+    st = load_state(SYSTEM_STATE_FILE)
+    chosen = source or st.blocklist_source or DEFAULT_BLOCKLIST_SOURCE
+
+    if chosen.startswith("https://"):
+        url = chosen
+        source_name = "custom URL"
+    elif chosen in BLOCKLIST_SOURCES:
+        url = str(BLOCKLIST_SOURCES[chosen]["url"])
+        source_name = chosen
+    else:
+        raise MacblockError("unknown source")
+
+    print()
+
+    # Download with spinner
+    with Spinner(f"Downloading blocklist ({source_name})") as spinner:
+        try:
+            raw = _download(url, expected_sha256=sha256)
+        except Exception as e:
+            spinner.fail(f"Download failed: {e}")
+            raise
+
+        if not raw.strip():
+            spinner.fail("Downloaded blocklist is empty")
+            raise MacblockError("downloaded blocklist is empty")
+
+        head = raw.lstrip()[:200].lower()
+        if (
+            head.startswith("<!doctype html")
+            or head.startswith("<html")
+            or "<html" in head
+        ):
+            spinner.fail("Downloaded file looks like HTML, not a blocklist")
+            raise MacblockError("downloaded blocklist looks like HTML")
+
+        spinner.succeed("Downloaded blocklist")
+
+    # Parse and compile
+    count = 0
+    with Spinner("Compiling blocklist") as spinner:
+        count_raw = len(_parse_hosts_domains(raw))
+        if count_raw < 1000:
+            spinner.warn(f"Blocklist looks small ({count_raw} domains)")
+        else:
+            atomic_write_text(SYSTEM_RAW_BLOCKLIST_FILE, raw, mode=0o644)
+            count = compile_blocklist(
+                SYSTEM_RAW_BLOCKLIST_FILE,
+                SYSTEM_WHITELIST_FILE,
+                SYSTEM_BLACKLIST_FILE,
+                SYSTEM_BLOCKLIST_FILE,
+            )
+            spinner.succeed(f"Compiled {count:,} domains")
+
+    # Save state
+    save_state_atomic(
+        SYSTEM_STATE_FILE,
+        replace_state(st, blocklist_source=chosen),
+    )
+
+    # Reload dnsmasq
+    with Spinner("Reloading dnsmasq") as spinner:
+        try:
+            reload_dnsmasq()
+            spinner.succeed("Reloaded dnsmasq")
+        except Exception:
+            spinner.warn("Could not reload dnsmasq (may need restart)")
+
+    result_success(f"Blocklist updated: {count:,} domains blocked")
+    print()
+    return 0

macblock/cli.py

@@ -0,0 +1,323 @@
+from __future__ import annotations
+
+import importlib
+import os
+import shutil
+import sys
+
+from macblock import __version__
+from macblock.errors import MacblockError, PrivilegeError, UnsupportedPlatformError
+from macblock.install import do_install, do_uninstall
+from macblock.blocklists import (
+    list_blocklist_sources,
+    set_blocklist_source,
+    update_blocklist,
+)
+from macblock.control import do_disable, do_enable, do_pause, do_resume
+from macblock.doctor import run_diagnostics
+from macblock.dns_test import test_domain
+from macblock.help import show_main_help, show_command_help
+from macblock.lists import (
+    add_blacklist,
+    add_whitelist,
+    list_blacklist,
+    list_whitelist,
+    remove_blacklist,
+    remove_whitelist,
+)
+from macblock.platform import is_root, require_macos
+from macblock.status import show_status
+
+
+def _has_help_flag(args: list[str]) -> bool:
+    """Check if args contain help flags."""
+    return "-h" in args or "--help" in args
+
+
+def _remove_help_flags(args: list[str]) -> list[str]:
+    """Remove help flags from args."""
+    return [a for a in args if a not in ("-h", "--help")]
+
+
+def _get_help_context(args: list[str]) -> str | None:
+    """Extract command context for help display.
+
+    Returns the command (and subcommand if applicable) that help was requested for.
+    """
+    clean = _remove_help_flags(args)
+    if not clean:
+        return None
+
+    cmd = clean[0]
+    # Handle subcommands for sources, allow, deny
+    if cmd in ("sources", "allow", "deny") and len(clean) >= 2:
+        subcmd = clean[1]
+        if subcmd not in ("-h", "--help"):
+            return f"{cmd} {subcmd}"
+
+    return cmd
+
+
+def _needs_root(cmd: str, args: dict) -> bool:
+    if cmd in {
+        "install",
+        "uninstall",
+        "enable",
+        "disable",
+        "pause",
+        "resume",
+        "update",
+    }:
+        return True
+
+    if cmd == "sources":
+        return args.get("sources_cmd") == "set"
+
+    if cmd == "allow":
+        return args.get("allow_cmd") in ("add", "remove")
+
+    if cmd == "deny":
+        return args.get("deny_cmd") in ("add", "remove")
+
+    return False
+
+
+def _exec_sudo(argv: list[str]) -> None:
+    sudo = shutil.which("sudo")
+    if sudo is None:
+        raise PrivilegeError("sudo not found")
+
+    if os.environ.get("MACBLOCK_ELEVATED") == "1":
+        raise PrivilegeError("failed to elevate privileges")
+
+    env = dict(os.environ)
+    env["MACBLOCK_ELEVATED"] = "1"
+
+    exe = shutil.which(sys.argv[0])
+    if exe:
+        os.execve(sudo, [sudo, "-E", exe, *argv], env)
+
+    os.execve(sudo, [sudo, "-E", sys.executable, "-m", "macblock", *argv], env)
+
+
+def _parse_args(argv: list[str]) -> tuple[str | None, dict]:
+    """Simple argument parser.
+
+    Returns (command, args_dict). If help was requested, args will contain
+    {"_help": True, "_help_context": "command"} and command will be "_help".
+    """
+    args: dict = {}
+
+    if not argv:
+        return "status", args
+
+    # Handle --version first (can appear anywhere)
+    if "--version" in argv or "-V" in argv:
+        print(f"macblock {__version__}")
+        sys.exit(0)
+
+    # Check for help flag anywhere in args
+    if _has_help_flag(argv):
+        help_context = _get_help_context(argv)
+        args["_help"] = True
+        args["_help_context"] = help_context
+        return "_help", args
+
+    # Handle explicit "help" command
+    if argv[0] == "help":
+        rest = argv[1:]
+        if rest:
+            # "help sources set" -> "sources set"
+            if len(rest) >= 2 and rest[0] in ("sources", "allow", "deny"):
+                args["_help_context"] = f"{rest[0]} {rest[1]}"
+            else:
+                args["_help_context"] = rest[0]
+        else:
+            args["_help_context"] = None
+        args["_help"] = True
+        return "_help", args
+
+    cmd = argv[0]
+    rest = argv[1:]
+
+    # Handle subcommands
+    if cmd == "logs":
+        args["component"] = "daemon"
+        args["lines"] = 200
+        args["follow"] = False
+        args["stderr"] = False
+        i = 0
+        while i < len(rest):
+            if rest[i] == "--component" and i + 1 < len(rest):
+                args["component"] = rest[i + 1]
+                i += 2
+            elif rest[i] == "--lines" and i + 1 < len(rest):
+                args["lines"] = int(rest[i + 1])
+                i += 2
+            elif rest[i] == "--follow":
+                args["follow"] = True
+                i += 1
+            elif rest[i] == "--stderr":
+                args["stderr"] = True
+                i += 1
+            else:
+                i += 1
+
+    elif cmd == "install":
+        args["force"] = "--force" in rest
+        args["skip_update"] = "--skip-update" in rest
+
+    elif cmd == "uninstall":
+        args["force"] = "--force" in rest
+
+    elif cmd == "pause":
+        if rest:
+            args["duration"] = rest[0]
+        else:
+            raise MacblockError("pause requires a duration (e.g., 10m, 2h, 1d)")
+
+    elif cmd == "test":
+        if rest:
+            args["domain"] = rest[0]
+        else:
+            raise MacblockError("test requires a domain")
+
+    elif cmd == "update":
+        args["source"] = None
+        args["sha256"] = None
+        i = 0
+        while i < len(rest):
+            if rest[i] == "--source" and i + 1 < len(rest):
+                args["source"] = rest[i + 1]
+                i += 2
+            elif rest[i] == "--sha256" and i + 1 < len(rest):
+                args["sha256"] = rest[i + 1]
+                i += 2
+            else:
+                i += 1
+
+    elif cmd == "sources":
+        if not rest:
+            raise MacblockError("sources requires a subcommand: list or set")
+        args["sources_cmd"] = rest[0]
+        if rest[0] == "set":
+            if len(rest) < 2:
+                raise MacblockError("sources set requires a source name")
+            args["source"] = rest[1]
+
+    elif cmd == "allow":
+        if not rest:
+            raise MacblockError("allow requires a subcommand: add, remove, or list")
+        args["allow_cmd"] = rest[0]
+        if rest[0] in ("add", "remove"):
+            if len(rest) < 2:
+                raise MacblockError(f"allow {rest[0]} requires a domain")
+            args["domain"] = rest[1]
+
+    elif cmd == "deny":
+        if not rest:
+            raise MacblockError("deny requires a subcommand: add, remove, or list")
+        args["deny_cmd"] = rest[0]
+        if rest[0] in ("add", "remove"):
+            if len(rest) < 2:
+                raise MacblockError(f"deny {rest[0]} requires a domain")
+            args["domain"] = rest[1]
+
+    return cmd, args
+
+
+def main(argv: list[str] | None = None) -> int:
+    argv = list(sys.argv[1:] if argv is None else argv)
+
+    try:
+        require_macos()
+
+        cmd, args = _parse_args(argv)
+
+        # Show help if no command provided
+        if cmd is None:
+            show_main_help()
+            return 0
+
+        # Handle help requests
+        if cmd == "_help":
+            help_context = args.get("_help_context")
+            if help_context:
+                show_command_help(help_context)
+            else:
+                show_main_help()
+            return 0
+
+        # Check if we need root
+        if _needs_root(cmd, args) and not is_root():
+            _exec_sudo(argv)
+
+        if cmd == "status":
+            return show_status()
+        if cmd == "doctor":
+            return run_diagnostics()
+        if cmd == "daemon":
+            from macblock.daemon import run_daemon
+
+            return run_daemon()
+        if cmd == "logs":
+            show_logs = importlib.import_module("macblock.logs").show_logs
+            return show_logs(
+                component=str(args.get("component", "daemon")),
+                lines=int(args.get("lines", 200)),
+                follow=bool(args.get("follow", False)),
+                stderr=bool(args.get("stderr", False)),
+            )
+        if cmd == "install":
+            return do_install(
+                force=bool(args.get("force")), skip_update=bool(args.get("skip_update"))
+            )
+        if cmd == "uninstall":
+            return do_uninstall(force=bool(args.get("force")))
+        if cmd == "enable":
+            return do_enable()
+        if cmd == "disable":
+            return do_disable()
+        if cmd == "pause":
+            return do_pause(args["duration"])
+        if cmd == "resume":
+            return do_resume()
+        if cmd == "test":
+            return test_domain(args["domain"])
+        if cmd == "update":
+            return update_blocklist(
+                source=args.get("source"), sha256=args.get("sha256")
+            )
+        if cmd == "sources":
+            if args.get("sources_cmd") == "list":
+                return list_blocklist_sources()
+            return set_blocklist_source(args["source"])
+        if cmd == "allow":
+            if args.get("allow_cmd") == "add":
+                return add_whitelist(args["domain"])
+            if args.get("allow_cmd") == "remove":
+                return remove_whitelist(args["domain"])
+            return list_whitelist()
+        if cmd == "deny":
+            if args.get("deny_cmd") == "add":
+                return add_blacklist(args["domain"])
+            if args.get("deny_cmd") == "remove":
+                return remove_blacklist(args["domain"])
+            return list_blacklist()
+
+        print(f"error: unknown command: {cmd}", file=sys.stderr)
+        print("Run 'macblock --help' for usage.", file=sys.stderr)
+        return 2
+
+    except UnsupportedPlatformError as e:
+        print(str(e), file=sys.stderr)
+        return 2
+    except PrivilegeError as e:
+        print(str(e), file=sys.stderr)
+        return 2
+    except MacblockError as e:
+        print(f"error: {e}", file=sys.stderr)
+        return 1
+    except Exception as e:
+        print(f"error: {e}", file=sys.stderr)
+        return 1

macblock/colors.py

@@ -0,0 +1,62 @@
+from __future__ import annotations
+
+import sys
+
+
+class Colors:
+    RED = "\033[91m"
+    GREEN = "\033[92m"
+    YELLOW = "\033[93m"
+    BLUE = "\033[94m"
+    MAGENTA = "\033[95m"
+    CYAN = "\033[96m"
+    WHITE = "\033[97m"
+    BOLD = "\033[1m"
+    DIM = "\033[2m"
+    RESET = "\033[0m"
+
+
+def color(text: str, *styles: str) -> str:
+    if not sys.stdout.isatty():
+        return text
+    return "".join(styles) + text + Colors.RESET
+
+
+def success(text: str) -> str:
+    return color(text, Colors.GREEN)
+
+
+def error(text: str) -> str:
+    return color(text, Colors.RED)
+
+
+def warning(text: str) -> str:
+    return color(text, Colors.YELLOW)
+
+
+def info(text: str) -> str:
+    return color(text, Colors.CYAN)
+
+
+def bold(text: str) -> str:
+    return color(text, Colors.BOLD)
+
+
+def dim(text: str) -> str:
+    return color(text, Colors.DIM)
+
+
+def print_success(text: str) -> None:
+    print(success(text))
+
+
+def print_warning(text: str) -> None:
+    print(warning(text))
+
+
+def print_info(text: str) -> None:
+    print(info(text))
+
+
+def print_error(text: str) -> None:
+    print(error(text), file=sys.stderr)