Pull request 2347: AGDNS-2690-global-context

Merge in DNS/adguard-home from AGDNS-2690-global-context to master

Squashed commit of the following:

commit 58d5999e5d9112b3391f988ed76e87eff2919d6b
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Wed Feb 19 18:51:41 2025 +0300

    home: imp naming

commit cfb371df59c816be1022d499cc41ffaf2b72d124
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Wed Feb 19 18:42:52 2025 +0300

    home: global context

internal/home/auth.go

@@ -356,7 +356,7 @@ func (a *Auth) getCurrentUser(r *http.Request) (u webUser) {
 		// There's no Cookie, check Basic authentication.
 		user, pass, ok := r.BasicAuth()
 		if ok {
-			u, _ = Context.auth.findUser(user, pass)
+			u, _ = globalContext.auth.findUser(user, pass)
 
 			return u
 		}

internal/home/authhttp.go

@@ -155,7 +155,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if rateLimiter := Context.auth.rateLimiter; rateLimiter != nil {
+	if rateLimiter := globalContext.auth.rateLimiter; rateLimiter != nil {
 		if left := rateLimiter.check(remoteIP); left > 0 {
 			w.Header().Set(httphdr.RetryAfter, strconv.Itoa(int(left.Seconds())))
 			writeErrorWithIP(
@@ -176,10 +176,10 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
 		log.Error("auth: getting real ip from request with remote ip %s: %s", remoteIP, err)
 	}
 
-	cookie, err := Context.auth.newCookie(req, remoteIP)
+	cookie, err := globalContext.auth.newCookie(req, remoteIP)
 	if err != nil {
 		logIP := remoteIP
-		if Context.auth.trustedProxies.Contains(ip.Unmap()) {
+		if globalContext.auth.trustedProxies.Contains(ip.Unmap()) {
 			logIP = ip.String()
 		}
 
@@ -213,7 +213,7 @@ func handleLogout(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	Context.auth.removeSession(c.Value)
+	globalContext.auth.removeSession(c.Value)
 
 	c = &http.Cookie{
 		Name:    sessionCookieName,
@@ -232,7 +232,7 @@ func handleLogout(w http.ResponseWriter, r *http.Request) {
 
 // RegisterAuthHandlers - register handlers
 func RegisterAuthHandlers() {
-	Context.mux.Handle("/control/login", postInstallHandler(ensureHandler(http.MethodPost, handleLogin)))
+	globalContext.mux.Handle("/control/login", postInstallHandler(ensureHandler(http.MethodPost, handleLogin)))
 	httpRegister(http.MethodGet, "/control/logout", handleLogout)
 }
 
@@ -254,13 +254,13 @@ func optionalAuthThird(w http.ResponseWriter, r *http.Request) (mustAuth bool) {
 		// Check Basic authentication.
 		user, pass, hasBasic := r.BasicAuth()
 		if hasBasic {
-			_, isAuthenticated = Context.auth.findUser(user, pass)
+			_, isAuthenticated = globalContext.auth.findUser(user, pass)
 			if !isAuthenticated {
 				log.Info("%s: invalid basic authorization value", pref)
 			}
 		}
 	} else {
-		res := Context.auth.checkSession(cookie.Value)
+		res := globalContext.auth.checkSession(cookie.Value)
 		isAuthenticated = res == checkSessionOK
 		if !isAuthenticated {
 			log.Debug("%s: invalid cookie value: %q", pref, cookie)
@@ -294,12 +294,12 @@ func optionalAuth(
 ) (wrapped func(http.ResponseWriter, *http.Request)) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		p := r.URL.Path
-		authRequired := Context.auth != nil && Context.auth.authRequired()
+		authRequired := globalContext.auth != nil && globalContext.auth.authRequired()
 		if p == "/login.html" {
 			cookie, err := r.Cookie(sessionCookieName)
 			if authRequired && err == nil {
 				// Redirect to the dashboard if already authenticated.
-				res := Context.auth.checkSession(cookie.Value)
+				res := globalContext.auth.checkSession(cookie.Value)
 				if res == checkSessionOK {
 					http.Redirect(w, r, "", http.StatusFound)
 

internal/home/authhttp_internal_test.go

@@ -39,7 +39,7 @@ func TestAuthHTTP(t *testing.T) {
 	users := []webUser{
 		{Name: "name", PasswordHash: "$2y$05$..vyzAECIhJPfaQiOK17IukcQnqEgKJHy0iETyYqxn3YXJl8yZuo2"},
 	}
-	Context.auth = InitAuth(fn, users, 60, nil, nil)
+	globalContext.auth = InitAuth(fn, users, 60, nil, nil)
 
 	handlerCalled := false
 	handler := func(_ http.ResponseWriter, _ *http.Request) {
@@ -68,7 +68,7 @@ func TestAuthHTTP(t *testing.T) {
 	assert.True(t, handlerCalled)
 
 	// perform login
-	cookie, err := Context.auth.newCookie(loginJSON{Name: "name", Password: "password"}, "")
+	cookie, err := globalContext.auth.newCookie(loginJSON{Name: "name", Password: "password"}, "")
 	require.NoError(t, err)
 	require.NotNil(t, cookie)
 
@@ -114,7 +114,7 @@ func TestAuthHTTP(t *testing.T) {
 	assert.True(t, handlerCalled)
 	r.Header.Del(httphdr.Cookie)
 
-	Context.auth.Close()
+	globalContext.auth.Close()
 }
 
 func TestRealIP(t *testing.T) {

internal/home/config.go

@@ -486,9 +486,9 @@ var config = &configuration{
 // configFilePath returns the absolute path to the symlink-evaluated path to the
 // current config file.
 func configFilePath() (confPath string) {
-	confPath, err := filepath.EvalSymlinks(Context.confFilePath)
+	confPath, err := filepath.EvalSymlinks(globalContext.confFilePath)
 	if err != nil {
-		confPath = Context.confFilePath
+		confPath = globalContext.confFilePath
 		logFunc := log.Error
 		if errors.Is(err, os.ErrNotExist) {
 			logFunc = log.Debug
@@ -498,7 +498,7 @@ func configFilePath() (confPath string) {
 	}
 
 	if !filepath.IsAbs(confPath) {
-		confPath = filepath.Join(Context.workDir, confPath)
+		confPath = filepath.Join(globalContext.workDir, confPath)
 	}
 
 	return confPath
@@ -530,8 +530,8 @@ func parseConfig() (err error) {
 	}
 
 	migrator := configmigrate.New(&configmigrate.Config{
-		WorkingDir: Context.workDir,
+		WorkingDir: globalContext.workDir,
-		DataDir:    Context.getDataDir(),
+		DataDir:    globalContext.getDataDir(),
 	})
 
 	var upgraded bool
@@ -644,27 +644,27 @@ func (c *configuration) write() (err error) {
 	c.Lock()
 	defer c.Unlock()
 
-	if Context.auth != nil {
+	if globalContext.auth != nil {
-		config.Users = Context.auth.usersList()
+		config.Users = globalContext.auth.usersList()
 	}
 
-	if Context.tls != nil {
+	if globalContext.tls != nil {
 		tlsConf := tlsConfigSettings{}
-		Context.tls.WriteDiskConfig(&tlsConf)
+		globalContext.tls.WriteDiskConfig(&tlsConf)
 		config.TLS = tlsConf
 	}
 
-	if Context.stats != nil {
+	if globalContext.stats != nil {
 		statsConf := stats.Config{}
-		Context.stats.WriteDiskConfig(&statsConf)
+		globalContext.stats.WriteDiskConfig(&statsConf)
 		config.Stats.Interval = timeutil.Duration(statsConf.Limit)
 		config.Stats.Enabled = statsConf.Enabled
 		config.Stats.Ignored = statsConf.Ignored.Values()
 	}
 
-	if Context.queryLog != nil {
+	if globalContext.queryLog != nil {
 		dc := querylog.Config{}
-		Context.queryLog.WriteDiskConfig(&dc)
+		globalContext.queryLog.WriteDiskConfig(&dc)
 		config.DNS.AnonymizeClientIP = dc.AnonymizeClientIP
 		config.QueryLog.Enabled = dc.Enabled
 		config.QueryLog.FileEnabled = dc.FileEnabled
@@ -673,14 +673,14 @@ func (c *configuration) write() (err error) {
 		config.QueryLog.Ignored = dc.Ignored.Values()
 	}
 
-	if Context.filters != nil {
+	if globalContext.filters != nil {
-		Context.filters.WriteDiskConfig(config.Filtering)
+		globalContext.filters.WriteDiskConfig(config.Filtering)
 		config.Filters = config.Filtering.Filters
 		config.WhitelistFilters = config.Filtering.WhitelistFilters
 		config.UserRules = config.Filtering.UserRules
 	}
 
-	if s := Context.dnsServer; s != nil {
+	if s := globalContext.dnsServer; s != nil {
 		c := dnsforward.Config{}
 		s.WriteDiskConfig(&c)
 		dns := &config.DNS
@@ -695,11 +695,11 @@ func (c *configuration) write() (err error) {
 		dns.UpstreamTimeout = timeutil.Duration(s.UpstreamTimeout())
 	}
 
-	if Context.dhcpServer != nil {
+	if globalContext.dhcpServer != nil {
-		Context.dhcpServer.WriteDiskConfig(config.DHCP)
+		globalContext.dhcpServer.WriteDiskConfig(config.DHCP)
 	}
 
-	config.Clients.Persistent = Context.clients.forConfig()
+	config.Clients.Persistent = globalContext.clients.forConfig()
 
 	confPath := configFilePath()
 	log.Debug("writing config file %q", confPath)
@@ -726,14 +726,14 @@ func setContextTLSCipherIDs() (err error) {
 	if len(config.TLS.OverrideTLSCiphers) == 0 {
 		log.Info("tls: using default ciphers")
 
-		Context.tlsCipherIDs = aghtls.SaferCipherSuites()
+		globalContext.tlsCipherIDs = aghtls.SaferCipherSuites()
 
 		return nil
 	}
 
 	log.Info("tls: overriding ciphers: %s", config.TLS.OverrideTLSCiphers)
 
-	Context.tlsCipherIDs, err = aghtls.ParseCiphers(config.TLS.OverrideTLSCiphers)
+	globalContext.tlsCipherIDs, err = aghtls.ParseCiphers(config.TLS.OverrideTLSCiphers)
 	if err != nil {
 		return fmt.Errorf("parsing override ciphers: %w", err)
 	}

internal/home/control.go

@@ -129,10 +129,10 @@ func handleStatus(w http.ResponseWriter, r *http.Request) {
 		protectionDisabledUntil *time.Time
 		protectionEnabled       bool
 	)
-	if Context.dnsServer != nil {
+	if globalContext.dnsServer != nil {
 		fltConf = &dnsforward.Config{}
-		Context.dnsServer.WriteDiskConfig(fltConf)
+		globalContext.dnsServer.WriteDiskConfig(fltConf)
-		protectionEnabled, protectionDisabledUntil = Context.dnsServer.UpdatedProtectionStatus()
+		protectionEnabled, protectionDisabledUntil = globalContext.dnsServer.UpdatedProtectionStatus()
 	}
 
 	var resp statusResponse
@@ -162,7 +162,7 @@ func handleStatus(w http.ResponseWriter, r *http.Request) {
 
 	// IsDHCPAvailable field is now false by default for Windows.
 	if runtime.GOOS != "windows" {
-		resp.IsDHCPAvailable = Context.dhcpServer != nil
+		resp.IsDHCPAvailable = globalContext.dhcpServer != nil
 	}
 
 	aghhttp.WriteJSONResponseOK(w, r, resp)
@@ -172,7 +172,7 @@ func handleStatus(w http.ResponseWriter, r *http.Request) {
 // registration of handlers
 // ------------------------
 func registerControlHandlers(web *webAPI) {
-	Context.mux.HandleFunc(
+	globalContext.mux.HandleFunc(
 		"/control/version.json",
 		postInstall(optionalAuth(web.handleVersionJSON)),
 	)
@@ -185,19 +185,19 @@ func registerControlHandlers(web *webAPI) {
 	httpRegister(http.MethodPut, "/control/profile/update", handlePutProfile)
 
 	// No auth is necessary for DoH/DoT configurations
-	Context.mux.HandleFunc("/apple/doh.mobileconfig", postInstall(handleMobileConfigDoH))
+	globalContext.mux.HandleFunc("/apple/doh.mobileconfig", postInstall(handleMobileConfigDoH))
-	Context.mux.HandleFunc("/apple/dot.mobileconfig", postInstall(handleMobileConfigDoT))
+	globalContext.mux.HandleFunc("/apple/dot.mobileconfig", postInstall(handleMobileConfigDoT))
 	RegisterAuthHandlers()
 }
 
 func httpRegister(method, url string, handler http.HandlerFunc) {
 	if method == "" {
 		// "/dns-query" handler doesn't need auth, gzip and isn't restricted by 1 HTTP method
-		Context.mux.HandleFunc(url, postInstall(handler))
+		globalContext.mux.HandleFunc(url, postInstall(handler))
 		return
 	}
 
-	Context.mux.Handle(url, postInstallHandler(optionalAuthHandler(gziphandler.GzipHandler(ensureHandler(method, handler)))))
+	globalContext.mux.Handle(url, postInstallHandler(optionalAuthHandler(gziphandler.GzipHandler(ensureHandler(method, handler)))))
 }
 
 // ensure returns a wrapped handler that makes sure that the request has the
@@ -223,8 +223,8 @@ func ensure(
 				return
 			}
 
-			Context.controlLock.Lock()
+			globalContext.controlLock.Lock()
-			defer Context.controlLock.Unlock()
+			defer globalContext.controlLock.Unlock()
 		}
 
 		handler(w, r)
@@ -293,7 +293,7 @@ func ensureHandler(method string, handler func(http.ResponseWriter, *http.Reques
 // preInstall lets the handler run only if firstRun is true, no redirects
 func preInstall(handler func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if !Context.firstRun {
+		if !globalContext.firstRun {
 			// if it's not first run, don't let users access it (for example /install.html when configuration is done)
 			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 			return
@@ -320,7 +320,7 @@ func preInstallHandler(handler http.Handler) http.Handler {
 // HTTPS-related headers.  If proceed is true, the middleware must continue
 // handling the request.
 func handleHTTPSRedirect(w http.ResponseWriter, r *http.Request) (proceed bool) {
-	web := Context.web
+	web := globalContext.web
 	if web.httpsServer.server == nil {
 		return true
 	}
@@ -409,7 +409,7 @@ func httpsURL(u *url.URL, host string, portHTTPS uint16) (redirectURL *url.URL)
 func postInstall(handler func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		path := r.URL.Path
-		if Context.firstRun && !strings.HasPrefix(path, "/install.") &&
+		if globalContext.firstRun && !strings.HasPrefix(path, "/install.") &&
 			!strings.HasPrefix(path, "/assets/") {
 			http.Redirect(w, r, "install.html", http.StatusFound)
 

internal/home/controlinstall.go

@@ -428,20 +428,20 @@ func (web *webAPI) handleInstallConfigure(w http.ResponseWriter, r *http.Request
 	curConfig := &configuration{}
 	copyInstallSettings(curConfig, config)
 
-	Context.firstRun = false
+	globalContext.firstRun = false
 	config.DNS.BindHosts = []netip.Addr{req.DNS.IP}
 	config.DNS.Port = req.DNS.Port
 	config.Filtering.SafeFSPatterns = []string{
-		filepath.Join(Context.workDir, userFilterDataDir, "*"),
+		filepath.Join(globalContext.workDir, userFilterDataDir, "*"),
 	}
 	config.HTTPConfig.Address = netip.AddrPortFrom(req.Web.IP, req.Web.Port)
 
 	u := &webUser{
 		Name: req.Username,
 	}
-	err = Context.auth.addUser(u, req.Password)
+	err = globalContext.auth.addUser(u, req.Password)
 	if err != nil {
-		Context.firstRun = true
+		globalContext.firstRun = true
 		copyInstallSettings(config, curConfig)
 		aghhttp.Error(r, w, http.StatusUnprocessableEntity, "%s", err)
 
@@ -454,7 +454,7 @@ func (web *webAPI) handleInstallConfigure(w http.ResponseWriter, r *http.Request
 	// functions potentially restart the HTTPS server.
 	err = startMods(web.baseLogger)
 	if err != nil {
-		Context.firstRun = true
+		globalContext.firstRun = true
 		copyInstallSettings(config, curConfig)
 		aghhttp.Error(r, w, http.StatusInternalServerError, "%s", err)
 
@@ -463,7 +463,7 @@ func (web *webAPI) handleInstallConfigure(w http.ResponseWriter, r *http.Request
 
 	err = config.write()
 	if err != nil {
-		Context.firstRun = true
+		globalContext.firstRun = true
 		copyInstallSettings(config, curConfig)
 		aghhttp.Error(r, w, http.StatusInternalServerError, "Couldn't write config: %s", err)
 
@@ -528,7 +528,7 @@ func decodeApplyConfigReq(r io.Reader) (req *applyConfigReq, restartHTTP bool, e
 }
 
 func (web *webAPI) registerInstallHandlers() {
-	Context.mux.HandleFunc("/control/install/get_addresses", preInstall(ensureGET(web.handleInstallGetAddresses)))
+	globalContext.mux.HandleFunc("/control/install/get_addresses", preInstall(ensureGET(web.handleInstallGetAddresses)))
-	Context.mux.HandleFunc("/control/install/check_config", preInstall(ensurePOST(web.handleInstallCheckConfig)))
+	globalContext.mux.HandleFunc("/control/install/check_config", preInstall(ensurePOST(web.handleInstallCheckConfig)))
-	Context.mux.HandleFunc("/control/install/configure", preInstall(ensurePOST(web.handleInstallConfigure)))
+	globalContext.mux.HandleFunc("/control/install/configure", preInstall(ensurePOST(web.handleInstallConfigure)))
 }

internal/home/controlupdate.go

@@ -165,7 +165,7 @@ func (vr *versionResponse) setAllowedToAutoUpdate() (err error) {
 	}
 
 	tlsConf := &tlsConfigSettings{}
-	Context.tls.WriteDiskConfig(tlsConf)
+	globalContext.tls.WriteDiskConfig(tlsConf)
 
 	canUpdate := true
 	if tlsConfUsesPrivilegedPorts(tlsConf) ||

internal/home/dns.go

@@ -45,9 +45,9 @@ func onConfigModified() {
 	}
 }
 
-// initDNS updates all the fields of the [Context] needed to initialize the DNS
+// initDNS updates all the fields of the [globalContext] needed to initialize the DNS
 // server and initializes it at last.  It also must not be called unless
-// [config] and [Context] are initialized.  baseLogger must not be nil.
+// [config] and [globalContext] are initialized.  baseLogger must not be nil.
 func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error) {
 	anonymizer := config.anonymizer()
 
@@ -58,7 +58,7 @@ func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error)
 		ConfigModified:    onConfigModified,
 		HTTPRegister:      httpRegister,
 		Enabled:           config.Stats.Enabled,
-		ShouldCountClient: Context.clients.shouldCountClient,
+		ShouldCountClient: globalContext.clients.shouldCountClient,
 	}
 
 	engine, err := aghnet.NewIgnoreEngine(config.Stats.Ignored)
@@ -67,7 +67,7 @@ func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error)
 	}
 
 	statsConf.Ignored = engine
-	Context.stats, err = stats.New(statsConf)
+	globalContext.stats, err = stats.New(statsConf)
 	if err != nil {
 		return fmt.Errorf("init stats: %w", err)
 	}
@@ -77,7 +77,7 @@ func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error)
 		Anonymizer:        anonymizer,
 		ConfigModified:    onConfigModified,
 		HTTPRegister:      httpRegister,
-		FindClient:        Context.clients.findMultiple,
+		FindClient:        globalContext.clients.findMultiple,
 		BaseDir:           querylogDir,
 		AnonymizeClientIP: config.DNS.AnonymizeClientIP,
 		RotationIvl:       time.Duration(config.QueryLog.Interval),
@@ -92,25 +92,25 @@ func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error)
 	}
 
 	conf.Ignored = engine
-	Context.queryLog, err = querylog.New(conf)
+	globalContext.queryLog, err = querylog.New(conf)
 	if err != nil {
 		return fmt.Errorf("init querylog: %w", err)
 	}
 
-	Context.filters, err = filtering.New(config.Filtering, nil)
+	globalContext.filters, err = filtering.New(config.Filtering, nil)
 	if err != nil {
 		// Don't wrap the error, since it's informative enough as is.
 		return err
 	}
 
 	tlsConf := &tlsConfigSettings{}
-	Context.tls.WriteDiskConfig(tlsConf)
+	globalContext.tls.WriteDiskConfig(tlsConf)
 
 	return initDNSServer(
-		Context.filters,
+		globalContext.filters,
-		Context.stats,
+		globalContext.stats,
-		Context.queryLog,
+		globalContext.queryLog,
-		Context.dhcpServer,
+		globalContext.dhcpServer,
 		anonymizer,
 		httpRegister,
 		tlsConf,
@@ -121,7 +121,7 @@ func initDNS(baseLogger *slog.Logger, statsDir, querylogDir string) (err error)
 // initDNSServer initializes the [context.dnsServer].  To only use the internal
 // proxy, none of the arguments are required, but tlsConf and l still must not
 // be nil, in other cases all the arguments also must not be nil.  It also must
-// not be called unless [config] and [Context] are initialized.
+// not be called unless [config] and [globalContext] are initialized.
 //
 // TODO(e.burkov): Use [dnsforward.DNSCreateParams] as a parameter.
 func initDNSServer(
@@ -134,7 +134,7 @@ func initDNSServer(
 	tlsConf *tlsConfigSettings,
 	l *slog.Logger,
 ) (err error) {
-	Context.dnsServer, err = dnsforward.NewServer(dnsforward.DNSCreateParams{
+	globalContext.dnsServer, err = dnsforward.NewServer(dnsforward.DNSCreateParams{
 		Logger:      l,
 		DNSFilter:   filters,
 		Stats:       sts,
@@ -142,7 +142,7 @@ func initDNSServer(
 		PrivateNets: parseSubnetSet(config.DNS.PrivateNets),
 		Anonymizer:  anonymizer,
 		DHCPServer:  dhcpSrv,
-		EtcHosts:    Context.etcHosts,
+		EtcHosts:    globalContext.etcHosts,
 		LocalDomain: config.DHCP.LocalDomainName,
 	})
 	defer func() {
@@ -154,7 +154,7 @@ func initDNSServer(
 		return fmt.Errorf("dnsforward.NewServer: %w", err)
 	}
 
-	Context.clients.clientChecker = Context.dnsServer
+	globalContext.clients.clientChecker = globalContext.dnsServer
 
 	dnsConf, err := newServerConfig(&config.DNS, config.Clients.Sources, tlsConf, httpReg)
 	if err != nil {
@@ -163,12 +163,12 @@ func initDNSServer(
 
 	// Try to prepare the server with disabled private RDNS resolution if it
 	// failed to prepare as is.  See TODO on [dnsforward.PrivateRDNSError].
-	err = Context.dnsServer.Prepare(dnsConf)
+	err = globalContext.dnsServer.Prepare(dnsConf)
 	if privRDNSErr := (&dnsforward.PrivateRDNSError{}); errors.As(err, &privRDNSErr) {
 		log.Info("WARNING: %s; trying to disable private RDNS resolution", err)
 
 		dnsConf.UsePrivateRDNS = false
-		err = Context.dnsServer.Prepare(dnsConf)
+		err = globalContext.dnsServer.Prepare(dnsConf)
 	}
 
 	if err != nil {
@@ -194,7 +194,7 @@ func parseSubnetSet(nets []netutil.Prefix) (s netutil.SubnetSet) {
 }
 
 func isRunning() bool {
-	return Context.dnsServer != nil && Context.dnsServer.IsRunning()
+	return globalContext.dnsServer != nil && globalContext.dnsServer.IsRunning()
 }
 
 func ipsToTCPAddrs(ips []netip.Addr, port uint16) (tcpAddrs []*net.TCPAddr) {
@@ -235,7 +235,7 @@ func newServerConfig(
 
 	fwdConf := dnsConf.Config
 	fwdConf.FilterHandler = applyAdditionalFiltering
-	fwdConf.ClientsContainer = &Context.clients
+	fwdConf.ClientsContainer = &globalContext.clients
 
 	newConf = &dnsforward.ServerConfig{
 		UDPListenAddrs:         ipsToUDPAddrs(hosts, dnsConf.Port),
@@ -244,7 +244,7 @@ func newServerConfig(
 		TLSConfig:              newDNSTLSConfig(tlsConf, hosts),
 		TLSAllowUnencryptedDoH: tlsConf.AllowUnencryptedDoH,
 		UpstreamTimeout:        time.Duration(dnsConf.UpstreamTimeout),
-		TLSv12Roots:            Context.tlsRoots,
+		TLSv12Roots:            globalContext.tlsRoots,
 		ConfigModified:         onConfigModified,
 		HTTPRegister:           httpReg,
 		LocalPTRResolvers:      dnsConf.PrivateRDNSResolvers,
@@ -259,16 +259,16 @@ func newServerConfig(
 	var initialAddresses []netip.Addr
 	// Context.stats may be nil here if initDNSServer is called from
 	// [cmdlineUpdate].
-	if sts := Context.stats; sts != nil {
+	if sts := globalContext.stats; sts != nil {
 		const initialClientsNum = 100
-		initialAddresses = Context.stats.TopClientsIP(initialClientsNum)
+		initialAddresses = globalContext.stats.TopClientsIP(initialClientsNum)
 	}
 
 	// Do not set DialContext, PrivateSubnets, and UsePrivateRDNS, because they
 	// are set by [dnsforward.Server.Prepare].
 	newConf.AddrProcConf = &client.DefaultAddrProcConfig{
-		Exchanger:        Context.dnsServer,
+		Exchanger:        globalContext.dnsServer,
-		AddressUpdater:   &Context.clients,
+		AddressUpdater:   &globalContext.clients,
 		InitialAddresses: initialAddresses,
 		CatchPanics:      true,
 		UseRDNS:          clientSrcConf.RDNS,
@@ -359,7 +359,7 @@ type dnsEncryption struct {
 func getDNSEncryption() (de dnsEncryption) {
 	tlsConf := tlsConfigSettings{}
 
-	Context.tls.WriteDiskConfig(&tlsConf)
+	globalContext.tls.WriteDiskConfig(&tlsConf)
 
 	if !tlsConf.Enabled || len(tlsConf.ServerName) == 0 {
 		return dnsEncryption{}
@@ -402,7 +402,7 @@ func applyAdditionalFiltering(clientIP netip.Addr, clientID string, setts *filte
 	// pref is a prefix for logging messages around the scope.
 	const pref = "applying filters"
 
-	Context.filters.ApplyBlockedServices(setts)
+	globalContext.filters.ApplyBlockedServices(setts)
 
 	log.Debug("%s: looking for client with ip %s and clientid %q", pref, clientIP, clientID)
 
@@ -412,9 +412,9 @@ func applyAdditionalFiltering(clientIP netip.Addr, clientID string, setts *filte
 
 	setts.ClientIP = clientIP
 
-	c, ok := Context.clients.storage.Find(clientID)
+	c, ok := globalContext.clients.storage.Find(clientID)
 	if !ok {
-		c, ok = Context.clients.storage.Find(clientIP.String())
+		c, ok = globalContext.clients.storage.Find(clientIP.String())
 		if !ok {
 			log.Debug("%s: no clients with ip %s and clientid %q", pref, clientIP, clientID)
 
@@ -429,7 +429,7 @@ func applyAdditionalFiltering(clientIP netip.Addr, clientID string, setts *filte
 		setts.ServicesRules = nil
 		svcs := c.BlockedServices.IDs
 		if !c.BlockedServices.Schedule.Contains(time.Now()) {
-			Context.filters.ApplyBlockedServicesList(setts, svcs)
+			globalContext.filters.ApplyBlockedServicesList(setts, svcs)
 			log.Debug("%s: services for client %q set: %s", pref, c.Name, svcs)
 		}
 	}
@@ -455,24 +455,24 @@ func startDNSServer() error {
 		return fmt.Errorf("unable to start forwarding DNS server: Already running")
 	}
 
-	Context.filters.EnableFilters(false)
+	globalContext.filters.EnableFilters(false)
 
 	// TODO(s.chzhen):  Pass context.
 	ctx := context.TODO()
-	err := Context.clients.Start(ctx)
+	err := globalContext.clients.Start(ctx)
 	if err != nil {
 		return fmt.Errorf("starting clients container: %w", err)
 	}
 
-	err = Context.dnsServer.Start()
+	err = globalContext.dnsServer.Start()
 	if err != nil {
 		return fmt.Errorf("starting dns server: %w", err)
 	}
 
-	Context.filters.Start()
+	globalContext.filters.Start()
-	Context.stats.Start()
+	globalContext.stats.Start()
 
-	err = Context.queryLog.Start(ctx)
+	err = globalContext.queryLog.Start(ctx)
 	if err != nil {
 		return fmt.Errorf("starting query log: %w", err)
 	}
@@ -482,14 +482,14 @@ func startDNSServer() error {
 
 func reconfigureDNSServer() (err error) {
 	tlsConf := &tlsConfigSettings{}
-	Context.tls.WriteDiskConfig(tlsConf)
+	globalContext.tls.WriteDiskConfig(tlsConf)
 
 	newConf, err := newServerConfig(&config.DNS, config.Clients.Sources, tlsConf, httpRegister)
 	if err != nil {
 		return fmt.Errorf("generating forwarding dns server config: %w", err)
 	}
 
-	err = Context.dnsServer.Reconfigure(newConf)
+	err = globalContext.dnsServer.Reconfigure(newConf)
 	if err != nil {
 		return fmt.Errorf("starting forwarding dns server: %w", err)
 	}
@@ -502,12 +502,12 @@ func stopDNSServer() (err error) {
 		return nil
 	}
 
-	err = Context.dnsServer.Stop()
+	err = globalContext.dnsServer.Stop()
 	if err != nil {
 		return fmt.Errorf("stopping forwarding dns server: %w", err)
 	}
 
-	err = Context.clients.close(context.TODO())
+	err = globalContext.clients.close(context.TODO())
 	if err != nil {
 		return fmt.Errorf("closing clients container: %w", err)
 	}
@@ -519,25 +519,25 @@ func stopDNSServer() (err error) {
 
 func closeDNSServer() {
 	// DNS forward module must be closed BEFORE stats or queryLog because it depends on them
-	if Context.dnsServer != nil {
+	if globalContext.dnsServer != nil {
-		Context.dnsServer.Close()
+		globalContext.dnsServer.Close()
-		Context.dnsServer = nil
+		globalContext.dnsServer = nil
 	}
 
-	if Context.filters != nil {
+	if globalContext.filters != nil {
-		Context.filters.Close()
+		globalContext.filters.Close()
 	}
 
-	if Context.stats != nil {
+	if globalContext.stats != nil {
-		err := Context.stats.Close()
+		err := globalContext.stats.Close()
 		if err != nil {
 			log.Error("closing stats: %s", err)
 		}
 	}
 
-	if Context.queryLog != nil {
+	if globalContext.queryLog != nil {
 		// TODO(s.chzhen):  Pass context.
-		err := Context.queryLog.Shutdown(context.TODO())
+		err := globalContext.queryLog.Shutdown(context.TODO())
 		if err != nil {
 			log.Error("closing query log: %s", err)
 		}

internal/home/dns_internal_test.go

@@ -37,14 +37,14 @@ func newStorage(tb testing.TB, clients []*client.Persistent) (s *client.Storage)
 func TestApplyAdditionalFiltering(t *testing.T) {
 	var err error
 
-	Context.filters, err = filtering.New(&filtering.Config{
+	globalContext.filters, err = filtering.New(&filtering.Config{
 		BlockedServices: &filtering.BlockedServices{
 			Schedule: schedule.EmptyWeekly(),
 		},
 	}, nil)
 	require.NoError(t, err)
 
-	Context.clients.storage = newStorage(t, []*client.Persistent{{
+	globalContext.clients.storage = newStorage(t, []*client.Persistent{{
 		Name:                "default",
 		ClientIDs:           []string{"default"},
 		UseOwnSettings:      false,
@@ -124,7 +124,7 @@ func TestApplyAdditionalFiltering_blockedServices(t *testing.T) {
 		err error
 	)
 
-	Context.filters, err = filtering.New(&filtering.Config{
+	globalContext.filters, err = filtering.New(&filtering.Config{
 		BlockedServices: &filtering.BlockedServices{
 			Schedule: schedule.EmptyWeekly(),
 			IDs:      globalBlockedServices,
@@ -132,7 +132,7 @@ func TestApplyAdditionalFiltering_blockedServices(t *testing.T) {
 	}, nil)
 	require.NoError(t, err)
 
-	Context.clients.storage = newStorage(t, []*client.Persistent{{
+	globalContext.clients.storage = newStorage(t, []*client.Persistent{{
 		Name:                  "default",
 		ClientIDs:             []string{"default"},
 		UseOwnBlockedServices: false,

internal/home/home.go

@@ -91,10 +91,10 @@ func (c *homeContext) getDataDir() string {
 	return filepath.Join(c.workDir, dataDir)
 }
 
-// Context - a global context object
+// globalContext is a global context object.
 //
 // TODO(a.garipov): Refactor.
-var Context homeContext
+var globalContext homeContext
 
 // Main is the entry point
 func Main(clientBuildFS fs.FS) {
@@ -120,8 +120,8 @@ func Main(clientBuildFS fs.FS) {
 			log.Info("Received signal %q", sig)
 			switch sig {
 			case syscall.SIGHUP:
-				Context.clients.storage.ReloadARP(ctx)
+				globalContext.clients.storage.ReloadARP(ctx)
-				Context.tls.reload()
+				globalContext.tls.reload()
 			default:
 				cleanup(ctx)
 				cleanupAlways()
@@ -140,13 +140,13 @@ func Main(clientBuildFS fs.FS) {
 	run(opts, clientBuildFS, done)
 }
 
-// setupContext initializes [Context] fields.  It also reads and upgrades
+// setupContext initializes [globalContext] fields.  It also reads and upgrades
 // config file if necessary.
 func setupContext(opts options) (err error) {
-	Context.firstRun = detectFirstRun()
+	globalContext.firstRun = detectFirstRun()
 
-	Context.tlsRoots = aghtls.SystemRootCAs()
+	globalContext.tlsRoots = aghtls.SystemRootCAs()
-	Context.mux = http.NewServeMux()
+	globalContext.mux = http.NewServeMux()
 
 	if !opts.noEtcHosts {
 		err = setupHostsContainer()
@@ -156,7 +156,7 @@ func setupContext(opts options) (err error) {
 		}
 	}
 
-	if Context.firstRun {
+	if globalContext.firstRun {
 		log.Info("This is the first time AdGuard Home is launched")
 		checkNetworkPermissions()
 
@@ -247,7 +247,7 @@ func setupHostsContainer() (err error) {
 		return fmt.Errorf("getting default system hosts paths: %w", err)
 	}
 
-	Context.etcHosts, err = aghnet.NewHostsContainer(osutil.RootDirFS(), hostsWatcher, paths...)
+	globalContext.etcHosts, err = aghnet.NewHostsContainer(osutil.RootDirFS(), hostsWatcher, paths...)
 	if err != nil {
 		closeErr := hostsWatcher.Close()
 		if errors.Is(err, aghnet.ErrNoHostsPaths) {
@@ -271,7 +271,7 @@ func setupOpts(opts options) (err error) {
 	}
 
 	if len(opts.pidFile) != 0 && writePIDFile(opts.pidFile) {
-		Context.pidFileName = opts.pidFile
+		globalContext.pidFileName = opts.pidFile
 	}
 
 	return nil
@@ -286,13 +286,13 @@ func initContextClients(ctx context.Context, logger *slog.Logger) (err error) {
 	}
 
 	//lint:ignore SA1019 Migration is not over.
-	config.DHCP.WorkDir = Context.workDir
+	config.DHCP.WorkDir = globalContext.workDir
-	config.DHCP.DataDir = Context.getDataDir()
+	config.DHCP.DataDir = globalContext.getDataDir()
 	config.DHCP.HTTPRegister = httpRegister
 	config.DHCP.ConfigModified = onConfigModified
 
-	Context.dhcpServer, err = dhcpd.Create(config.DHCP)
+	globalContext.dhcpServer, err = dhcpd.Create(config.DHCP)
-	if Context.dhcpServer == nil || err != nil {
+	if globalContext.dhcpServer == nil || err != nil {
 		// TODO(a.garipov): There are a lot of places in the code right
 		// now which assume that the DHCP server can be nil despite this
 		// condition.  Inspect them and perhaps rewrite them to use
@@ -305,12 +305,12 @@ func initContextClients(ctx context.Context, logger *slog.Logger) (err error) {
 		arpDB = arpdb.New(logger.With(slogutil.KeyError, "arpdb"))
 	}
 
-	return Context.clients.Init(
+	return globalContext.clients.Init(
 		ctx,
 		logger,
 		config.Clients.Persistent,
-		Context.dhcpServer,
+		globalContext.dhcpServer,
-		Context.etcHosts,
+		globalContext.etcHosts,
 		arpDB,
 		config.Filtering,
 	)
@@ -374,15 +374,15 @@ func setupDNSFilteringConf(
 		pcTXTSuffix           = `pc.dns.adguard.com.`
 	)
 
-	conf.EtcHosts = Context.etcHosts
+	conf.EtcHosts = globalContext.etcHosts
 	// TODO(s.chzhen):  Use empty interface.
-	if Context.etcHosts == nil || !config.DNS.HostsFileEnabled {
+	if globalContext.etcHosts == nil || !config.DNS.HostsFileEnabled {
 		conf.EtcHosts = nil
 	}
 
 	conf.ConfigModified = onConfigModified
 	conf.HTTPRegister = httpRegister
-	conf.DataDir = Context.getDataDir()
+	conf.DataDir = globalContext.getDataDir()
 	conf.Filters = slices.Clone(config.Filters)
 	conf.WhitelistFilters = slices.Clone(config.WhitelistFilters)
 	conf.UserRules = slices.Clone(config.UserRules)
@@ -560,7 +560,7 @@ func initWeb(
 		ReadHeaderTimeout: readHdrTimeout,
 		WriteTimeout:      writeTimeout,
 
-		firstRun:         Context.firstRun,
+		firstRun:         globalContext.firstRun,
 		disableUpdate:    disableUpdate,
 		runningAsService: opts.runningAsService,
 		serveHTTP3:       config.DNS.ServeHTTP3,
@@ -602,7 +602,7 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
 
 	// Print the first message after logger is configured.
 	log.Info(version.Full())
-	log.Debug("current working directory is %s", Context.workDir)
+	log.Debug("current working directory is %s", globalContext.workDir)
 	if opts.runningAsService {
 		log.Info("AdGuard Home is running as a service")
 	}
@@ -632,13 +632,13 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
 
 	confPath := configFilePath()
 
-	upd, customURL := newUpdater(ctx, slogLogger, Context.workDir, confPath, execPath, config)
+	upd, customURL := newUpdater(ctx, slogLogger, globalContext.workDir, confPath, execPath, config)
 
 	// TODO(e.burkov): This could be made earlier, probably as the option's
 	// effect.
 	cmdlineUpdate(ctx, slogLogger, opts, upd)
 
-	if !Context.firstRun {
+	if !globalContext.firstRun {
 		// Save the updated config.
 		err = config.write()
 		fatalOnError(err)
@@ -648,33 +648,33 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
 		}
 	}
 
-	dataDir := Context.getDataDir()
+	dataDir := globalContext.getDataDir()
 	err = os.MkdirAll(dataDir, aghos.DefaultPermDir)
 	fatalOnError(errors.Annotate(err, "creating DNS data dir at %s: %w", dataDir))
 
 	GLMode = opts.glinetMode
 
 	// Init auth module.
-	Context.auth, err = initUsers()
+	globalContext.auth, err = initUsers()
 	fatalOnError(err)
 
-	Context.tls, err = newTLSManager(config.TLS, config.DNS.ServePlainDNS)
+	globalContext.tls, err = newTLSManager(config.TLS, config.DNS.ServePlainDNS)
 	if err != nil {
 		log.Error("initializing tls: %s", err)
 		onConfigModified()
 	}
 
-	Context.web, err = initWeb(ctx, opts, clientBuildFS, upd, slogLogger, customURL)
+	globalContext.web, err = initWeb(ctx, opts, clientBuildFS, upd, slogLogger, customURL)
 	fatalOnError(err)
 
-	statsDir, querylogDir, err := checkStatsAndQuerylogDirs(&Context, config)
+	statsDir, querylogDir, err := checkStatsAndQuerylogDirs(&globalContext, config)
 	fatalOnError(err)
 
-	if !Context.firstRun {
+	if !globalContext.firstRun {
 		err = initDNS(slogLogger, statsDir, querylogDir)
 		fatalOnError(err)
 
-		Context.tls.start()
+		globalContext.tls.start()
 
 		go func() {
 			startErr := startDNSServer()
@@ -684,8 +684,8 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
 			}
 		}()
 
-		if Context.dhcpServer != nil {
+		if globalContext.dhcpServer != nil {
-			err = Context.dhcpServer.Start()
+			err = globalContext.dhcpServer.Start()
 			if err != nil {
 				log.Error("starting dhcp server: %s", err)
 			}
@@ -693,10 +693,10 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
 	}
 
 	if !opts.noPermCheck {
-		checkPermissions(ctx, slogLogger, Context.workDir, confPath, dataDir, statsDir, querylogDir)
+		checkPermissions(ctx, slogLogger, globalContext.workDir, confPath, dataDir, statsDir, querylogDir)
 	}
 
-	Context.web.start(ctx)
+	globalContext.web.start(ctx)
 
 	// Wait for other goroutines to complete their job.
 	<-done
@@ -775,7 +775,7 @@ func checkPermissions(
 
 // initUsers initializes context auth module.  Clears config users field.
 func initUsers() (auth *Auth, err error) {
-	sessFilename := filepath.Join(Context.getDataDir(), "sessions.db")
+	sessFilename := filepath.Join(globalContext.getDataDir(), "sessions.db")
 
 	var rateLimiter *authRateLimiter
 	if config.AuthAttempts > 0 && config.AuthBlockMin > 0 {
@@ -810,7 +810,7 @@ func (c *configuration) anonymizer() (ipmut *aghnet.IPMut) {
 // startMods initializes and starts the DNS server after installation.
 // baseLogger must not be nil.
 func startMods(baseLogger *slog.Logger) (err error) {
-	statsDir, querylogDir, err := checkStatsAndQuerylogDirs(&Context, config)
+	statsDir, querylogDir, err := checkStatsAndQuerylogDirs(&globalContext, config)
 	if err != nil {
 		return err
 	}
@@ -820,7 +820,7 @@ func startMods(baseLogger *slog.Logger) (err error) {
 		return err
 	}
 
-	Context.tls.start()
+	globalContext.tls.start()
 
 	err = startDNSServer()
 	if err != nil {
@@ -883,14 +883,14 @@ func writePIDFile(fn string) bool {
 func initConfigFilename(opts options) {
 	confPath := opts.confFilename
 	if confPath == "" {
-		Context.confFilePath = filepath.Join(Context.workDir, "AdGuardHome.yaml")
+		globalContext.confFilePath = filepath.Join(globalContext.workDir, "AdGuardHome.yaml")
 
 		return
 	}
 
 	log.Debug("config path overridden to %q from cmdline", confPath)
 
-	Context.confFilePath = confPath
+	globalContext.confFilePath = confPath
 }
 
 // initWorkingDir initializes the workDir.  If no command-line arguments are
@@ -904,18 +904,18 @@ func initWorkingDir(opts options) (err error) {
 
 	if opts.workDir != "" {
 		// If there is a custom config file, use it's directory as our working dir
-		Context.workDir = opts.workDir
+		globalContext.workDir = opts.workDir
 	} else {
-		Context.workDir = filepath.Dir(execPath)
+		globalContext.workDir = filepath.Dir(execPath)
 	}
 
-	workDir, err := filepath.EvalSymlinks(Context.workDir)
+	workDir, err := filepath.EvalSymlinks(globalContext.workDir)
 	if err != nil {
 		// Don't wrap the error, because it's informative enough as is.
 		return err
 	}
 
-	Context.workDir = workDir
+	globalContext.workDir = workDir
 
 	return nil
 }
@@ -924,13 +924,13 @@ func initWorkingDir(opts options) (err error) {
 func cleanup(ctx context.Context) {
 	log.Info("stopping AdGuard Home")
 
-	if Context.web != nil {
+	if globalContext.web != nil {
-		Context.web.close(ctx)
+		globalContext.web.close(ctx)
-		Context.web = nil
+		globalContext.web = nil
 	}
-	if Context.auth != nil {
+	if globalContext.auth != nil {
-		Context.auth.Close()
+		globalContext.auth.Close()
-		Context.auth = nil
+		globalContext.auth = nil
 	}
 
 	err := stopDNSServer()
@@ -938,28 +938,28 @@ func cleanup(ctx context.Context) {
 		log.Error("stopping dns server: %s", err)
 	}
 
-	if Context.dhcpServer != nil {
+	if globalContext.dhcpServer != nil {
-		err = Context.dhcpServer.Stop()
+		err = globalContext.dhcpServer.Stop()
 		if err != nil {
 			log.Error("stopping dhcp server: %s", err)
 		}
 	}
 
-	if Context.etcHosts != nil {
+	if globalContext.etcHosts != nil {
-		if err = Context.etcHosts.Close(); err != nil {
+		if err = globalContext.etcHosts.Close(); err != nil {
 			log.Error("closing hosts container: %s", err)
 		}
 	}
 
-	if Context.tls != nil {
+	if globalContext.tls != nil {
-		Context.tls = nil
+		globalContext.tls = nil
 	}
 }
 
 // This function is called before application exits
 func cleanupAlways() {
-	if len(Context.pidFileName) != 0 {
+	if len(globalContext.pidFileName) != 0 {
-		_ = os.Remove(Context.pidFileName)
+		_ = os.Remove(globalContext.pidFileName)
 	}
 
 	log.Info("stopped")
@@ -1007,8 +1007,8 @@ func printWebAddrs(proto, addr string, port uint16) {
 // admin interface.  proto is either schemeHTTP or schemeHTTPS.
 func printHTTPAddresses(proto string) {
 	tlsConf := tlsConfigSettings{}
-	if Context.tls != nil {
+	if globalContext.tls != nil {
-		Context.tls.WriteDiskConfig(&tlsConf)
+		globalContext.tls.WriteDiskConfig(&tlsConf)
 	}
 
 	port := config.HTTPConfig.Address.Port()
@@ -1050,9 +1050,9 @@ func printHTTPAddresses(proto string) {
 
 // detectFirstRun returns true if this is the first run of AdGuard Home.
 func detectFirstRun() (ok bool) {
-	confPath := Context.confFilePath
+	confPath := globalContext.confFilePath
 	if !filepath.IsAbs(confPath) {
-		confPath = filepath.Join(Context.workDir, Context.confFilePath)
+		confPath = filepath.Join(globalContext.workDir, globalContext.confFilePath)
 	}
 
 	_, err := os.Stat(confPath)
@@ -1105,7 +1105,7 @@ func cmdlineUpdate(ctx context.Context, l *slog.Logger, opts options, upd *updat
 		os.Exit(osutil.ExitCodeSuccess)
 	}
 
-	err = upd.Update(Context.firstRun)
+	err = upd.Update(globalContext.firstRun)
 	fatalOnError(err)
 
 	err = restartService()

internal/home/httpclient.go

@@ -17,7 +17,7 @@ func httpClient() (c *http.Client) {
 	// Do not use Context.dnsServer.DialContext directly in the struct literal
 	// below, since Context.dnsServer may be nil when this function is called.
 	dialContext := func(ctx context.Context, network, addr string) (conn net.Conn, err error) {
-		return Context.dnsServer.DialContext(ctx, network, addr)
+		return globalContext.dnsServer.DialContext(ctx, network, addr)
 	}
 
 	return &http.Client{
@@ -27,8 +27,8 @@ func httpClient() (c *http.Client) {
 			DialContext: dialContext,
 			Proxy:       httpProxy,
 			TLSClientConfig: &tls.Config{
-				RootCAs:      Context.tlsRoots,
+				RootCAs:      globalContext.tlsRoots,
-				CipherSuites: Context.tlsCipherIDs,
+				CipherSuites: globalContext.tlsCipherIDs,
 				MinVersion:   tls.VersionTLS12,
 			},
 		},

internal/home/log.go

@@ -66,7 +66,7 @@ func configureLogger(ls *logSettings) (err error) {
 
 	logFilePath := ls.File
 	if !filepath.IsAbs(logFilePath) {
-		logFilePath = filepath.Join(Context.workDir, logFilePath)
+		logFilePath = filepath.Join(globalContext.workDir, logFilePath)
 	}
 
 	log.SetOutput(&lumberjack.Logger{

internal/home/mobileconfig_internal_test.go

@@ -19,10 +19,10 @@ func setupDNSIPs(t testing.TB) {
 	t.Helper()
 
 	prevConfig := config
-	prevTLS := Context.tls
+	prevTLS := globalContext.tls
 	t.Cleanup(func() {
 		config = prevConfig
-		Context.tls = prevTLS
+		globalContext.tls = prevTLS
 	})
 
 	config = &configuration{
@@ -32,7 +32,7 @@ func setupDNSIPs(t testing.TB) {
 		},
 	}
 
-	Context.tls = &tlsManager{}
+	globalContext.tls = &tlsManager{}
 }
 
 func TestHandleMobileConfigDoH(t *testing.T) {
@@ -62,10 +62,10 @@ func TestHandleMobileConfigDoH(t *testing.T) {
 	})
 
 	t.Run("error_no_host", func(t *testing.T) {
-		oldTLSConf := Context.tls
+		oldTLSConf := globalContext.tls
-		t.Cleanup(func() { Context.tls = oldTLSConf })
+		t.Cleanup(func() { globalContext.tls = oldTLSConf })
 
-		Context.tls = &tlsManager{conf: tlsConfigSettings{}}
+		globalContext.tls = &tlsManager{conf: tlsConfigSettings{}}
 
 		r, err := http.NewRequest(http.MethodGet, "https://example.com:12345/apple/doh.mobileconfig", nil)
 		require.NoError(t, err)
@@ -134,10 +134,10 @@ func TestHandleMobileConfigDoT(t *testing.T) {
 	})
 
 	t.Run("error_no_host", func(t *testing.T) {
-		oldTLSConf := Context.tls
+		oldTLSConf := globalContext.tls
-		t.Cleanup(func() { Context.tls = oldTLSConf })
+		t.Cleanup(func() { globalContext.tls = oldTLSConf })
 
-		Context.tls = &tlsManager{conf: tlsConfigSettings{}}
+		globalContext.tls = &tlsManager{conf: tlsConfigSettings{}}
 
 		r, err := http.NewRequest(http.MethodGet, "https://example.com:12345/apple/dot.mobileconfig", nil)
 		require.NoError(t, err)

internal/home/profilehttp.go

@@ -47,7 +47,7 @@ type profileJSON struct {
 
 // handleGetProfile is the handler for GET /control/profile endpoint.
 func handleGetProfile(w http.ResponseWriter, r *http.Request) {
-	u := Context.auth.getCurrentUser(r)
+	u := globalContext.auth.getCurrentUser(r)
 
 	var resp profileJSON
 	func() {

internal/home/tls.go

@@ -112,7 +112,7 @@ func (m *tlsManager) start() {
 	// The background context is used because the TLSConfigChanged wraps context
 	// with timeout on its own and shuts down the server, which handles current
 	// request.
-	Context.web.tlsConfigChanged(context.Background(), tlsConf)
+	globalContext.web.tlsConfigChanged(context.Background(), tlsConf)
 }
 
 // reload updates the configuration and restarts t.
@@ -160,7 +160,7 @@ func (m *tlsManager) reload() {
 	// The background context is used because the TLSConfigChanged wraps context
 	// with timeout on its own and shuts down the server, which handles current
 	// request.
-	Context.web.tlsConfigChanged(context.Background(), tlsConf)
+	globalContext.web.tlsConfigChanged(context.Background(), tlsConf)
 }
 
 // loadTLSConf loads and validates the TLS configuration.  The returned error is
@@ -463,7 +463,7 @@ func (m *tlsManager) handleTLSConfigure(w http.ResponseWriter, r *http.Request)
 	// same reason.
 	if restartHTTPS {
 		go func() {
-			Context.web.tlsConfigChanged(context.Background(), req.tlsConfigSettings)
+			globalContext.web.tlsConfigChanged(context.Background(), req.tlsConfigSettings)
 		}()
 	}
 }
@@ -539,7 +539,7 @@ func validateCertChain(certs []*x509.Certificate, srvName string) (err error) {
 
 	opts := x509.VerifyOptions{
 		DNSName:       srvName,
-		Roots:         Context.tlsRoots,
+		Roots:         globalContext.tlsRoots,
 		Intermediates: pool,
 	}
 	_, err = main.Verify(opts)

internal/home/web.go

@@ -129,7 +129,7 @@ func newWebAPI(ctx context.Context, conf *webConfig) (w *webAPI) {
 	clientFS := http.FileServer(http.FS(conf.clientFS))
 
 	// if not configured, redirect / to /install.html, otherwise redirect /install.html to /
-	Context.mux.Handle("/", withMiddlewares(clientFS, gziphandler.GzipHandler, optionalAuthHandler, postInstallHandler))
+	globalContext.mux.Handle("/", withMiddlewares(clientFS, gziphandler.GzipHandler, optionalAuthHandler, postInstallHandler))
 
 	// add handlers for /install paths, we only need them when we're not configured yet
 	if conf.firstRun {
@@ -138,7 +138,7 @@ func newWebAPI(ctx context.Context, conf *webConfig) (w *webAPI) {
 			"This is the first launch of AdGuard Home, redirecting everything to /install.html",
 		)
 
-		Context.mux.Handle("/install.html", preInstallHandler(clientFS))
+		globalContext.mux.Handle("/install.html", preInstallHandler(clientFS))
 		w.registerInstallHandlers()
 	} else {
 		registerControlHandlers(w)
@@ -154,7 +154,7 @@ func newWebAPI(ctx context.Context, conf *webConfig) (w *webAPI) {
 //
 // TODO(a.garipov): Adapt for HTTP/3.
 func webCheckPortAvailable(port uint16) (ok bool) {
-	if Context.web.httpsServer.server != nil {
+	if globalContext.web.httpsServer.server != nil {
 		return true
 	}
 
@@ -224,7 +224,7 @@ func (web *webAPI) start(ctx context.Context) {
 		errs := make(chan error, 2)
 
 		// Use an h2c handler to support unencrypted HTTP/2, e.g. for proxies.
-		hdlr := h2c.NewHandler(withMiddlewares(Context.mux, limitRequestBody), &http2.Server{})
+		hdlr := h2c.NewHandler(withMiddlewares(globalContext.mux, limitRequestBody), &http2.Server{})
 
 		logger := web.baseLogger.With(loggerKeyServer, "plain")
 
@@ -307,11 +307,11 @@ func (web *webAPI) tlsServerLoop(ctx context.Context) {
 
 		web.httpsServer.server = &http.Server{
 			Addr:    addr,
-			Handler: withMiddlewares(Context.mux, limitRequestBody),
+			Handler: withMiddlewares(globalContext.mux, limitRequestBody),
 			TLSConfig: &tls.Config{
 				Certificates: []tls.Certificate{web.httpsServer.cert},
-				RootCAs:      Context.tlsRoots,
+				RootCAs:      globalContext.tlsRoots,
-				CipherSuites: Context.tlsCipherIDs,
+				CipherSuites: globalContext.tlsCipherIDs,
 				MinVersion:   tls.VersionTLS12,
 			},
 			ReadTimeout:       web.conf.ReadTimeout,
@@ -344,11 +344,11 @@ func (web *webAPI) mustStartHTTP3(ctx context.Context, address string) {
 		Addr: address,
 		TLSConfig: &tls.Config{
 			Certificates: []tls.Certificate{web.httpsServer.cert},
-			RootCAs:      Context.tlsRoots,
+			RootCAs:      globalContext.tlsRoots,
-			CipherSuites: Context.tlsCipherIDs,
+			CipherSuites: globalContext.tlsCipherIDs,
 			MinVersion:   tls.VersionTLS12,
 		},
-		Handler: withMiddlewares(Context.mux, limitRequestBody),
+		Handler: withMiddlewares(globalContext.mux, limitRequestBody),
 	}
 
 	web.logger.DebugContext(ctx, "starting http/3 server")