2022-09-22 23:14:56 +03:00
|
|
|
from inspect import Attribute
|
2021-10-15 03:58:13 +03:00
|
|
|
from app.utils.misc import read_config_bool
|
2021-03-21 04:21:41 +03:00
|
|
|
from flask import current_app
|
|
|
|
import os
|
2021-10-21 05:01:04 +03:00
|
|
|
import re
|
2022-09-22 23:14:56 +03:00
|
|
|
from base64 import urlsafe_b64encode, urlsafe_b64decode
|
|
|
|
import pickle
|
|
|
|
from cryptography.fernet import Fernet
|
|
|
|
import hashlib
|
|
|
|
import brotli
|
2021-03-21 04:21:41 +03:00
|
|
|
|
|
|
|
|
2020-05-13 02:15:53 +03:00
|
|
|
class Config:
|
|
|
|
def __init__(self, **kwargs):
|
2021-03-21 04:21:41 +03:00
|
|
|
app_config = current_app.config
|
2021-03-28 21:24:57 +03:00
|
|
|
self.url = os.getenv('WHOOGLE_CONFIG_URL', '')
|
2021-04-26 18:37:03 +03:00
|
|
|
self.lang_search = os.getenv('WHOOGLE_CONFIG_SEARCH_LANGUAGE', '')
|
2021-03-28 21:24:57 +03:00
|
|
|
self.lang_interface = os.getenv('WHOOGLE_CONFIG_LANGUAGE', '')
|
2021-04-12 23:40:59 +03:00
|
|
|
self.style = os.getenv(
|
|
|
|
'WHOOGLE_CONFIG_STYLE',
|
|
|
|
open(os.path.join(app_config['STATIC_FOLDER'],
|
|
|
|
'css/variables.css')).read())
|
2021-05-07 18:45:53 +03:00
|
|
|
self.block = os.getenv('WHOOGLE_CONFIG_BLOCK', '')
|
2021-10-21 05:01:04 +03:00
|
|
|
self.block_title = os.getenv('WHOOGLE_CONFIG_BLOCK_TITLE', '')
|
|
|
|
self.block_url = os.getenv('WHOOGLE_CONFIG_BLOCK_URL', '')
|
2021-12-24 03:01:49 +03:00
|
|
|
self.country = os.getenv('WHOOGLE_CONFIG_COUNTRY', '')
|
Improve public instance session management (#480)
This introduces a new approach to handling user sessions, which should
allow for users to set more reliable config settings on public instances.
Previously, when a user with cookies disabled would update their config,
this would modify the app's default config file, which would in turn
cause new users to inherit these settings when visiting the app for the
first time and cause users to inherit these settings when their current
session cookie expired (which was after 30 days by default I believe).
There was also some half-baked logic for determining on the backend
whether or not a user had cookies disabled, which lead to some issues
with out of control session file creation by Flask.
Now, when a user visits the site, their initial request is forwarded to
a session/<session id> endpoint, and during that subsequent request
their current session id is matched against the one found in the url. If
the ids match, the user has cookies enabled. If not, their original
request is modified with a 'cookies_disabled' query param that tells
Flask not to bother trying to set up a new session for that user, and
instead just use the app's fallback Fernet key for encryption and the
default config.
Since attempting to create a session for a user with cookies disabled
creates a new session file, there is now also a clean-up routine included
in the new session decorator, which will remove all sessions that don't
include a valid key in the dict. NOTE!!! This means that current user
sessions on public instances will be cleared once this update is merged
in. In the long run that's a good thing though, since this will allow session
mgmt to be a lot more reliable overall for users regardless of their cookie
preference.
Individual user sessions still use a unique Fernet key for encrypting queries,
but users with cookies disabled will use the default app key for encryption
and decryption.
Sessions are also now (semi)permanent and have a lifetime of 1 year.
2021-11-18 05:35:30 +03:00
|
|
|
self.theme = os.getenv('WHOOGLE_CONFIG_THEME', 'system')
|
2021-04-14 17:42:41 +03:00
|
|
|
self.safe = read_config_bool('WHOOGLE_CONFIG_SAFE')
|
2021-06-28 17:26:51 +03:00
|
|
|
self.dark = read_config_bool('WHOOGLE_CONFIG_DARK') # deprecated
|
2021-04-14 17:42:41 +03:00
|
|
|
self.alts = read_config_bool('WHOOGLE_CONFIG_ALTS')
|
|
|
|
self.nojs = read_config_bool('WHOOGLE_CONFIG_NOJS')
|
|
|
|
self.tor = read_config_bool('WHOOGLE_CONFIG_TOR')
|
2021-03-28 21:24:57 +03:00
|
|
|
self.near = os.getenv('WHOOGLE_CONFIG_NEAR', '')
|
2021-04-14 17:42:41 +03:00
|
|
|
self.new_tab = read_config_bool('WHOOGLE_CONFIG_NEW_TAB')
|
2021-04-16 17:16:14 +03:00
|
|
|
self.view_image = read_config_bool('WHOOGLE_CONFIG_VIEW_IMAGE')
|
2021-04-14 17:42:41 +03:00
|
|
|
self.get_only = read_config_bool('WHOOGLE_CONFIG_GET_ONLY')
|
2022-04-13 20:29:07 +03:00
|
|
|
self.anon_view = read_config_bool('WHOOGLE_CONFIG_ANON_VIEW')
|
2022-09-22 23:14:56 +03:00
|
|
|
self.preferences_encrypted = read_config_bool('WHOOGLE_CONFIG_PREFERENCES_ENCRYPTED')
|
|
|
|
self.preferences_key = os.getenv('WHOOGLE_CONFIG_PREFERENCES_KEY', '')
|
|
|
|
|
2021-10-26 00:49:09 +03:00
|
|
|
self.accept_language = False
|
2021-04-16 17:16:14 +03:00
|
|
|
|
2020-12-18 00:06:47 +03:00
|
|
|
self.safe_keys = [
|
|
|
|
'lang_search',
|
|
|
|
'lang_interface',
|
Use farside.link for frontend alternatives in results (#560)
* Integrate Farside into Whoogle
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
* Expand conversion of config<->url params
Config settings can now be translated to and from URL params using a
predetermined set of "safe" keys (i.e. config settings that easily
translate to URL params).
* Allow jumping instances via Farside when ratelimited
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
Closes #554
Closes #559
2021-12-09 03:27:33 +03:00
|
|
|
'country',
|
|
|
|
'theme',
|
|
|
|
'alts',
|
|
|
|
'new_tab',
|
|
|
|
'view_image',
|
|
|
|
'block',
|
2022-04-13 20:29:07 +03:00
|
|
|
'safe',
|
|
|
|
'nojs',
|
2022-09-22 23:14:56 +03:00
|
|
|
'anon_view',
|
|
|
|
'preferences_encrypted'
|
2020-12-18 00:06:47 +03:00
|
|
|
]
|
2020-05-13 02:15:53 +03:00
|
|
|
|
2021-04-12 23:40:59 +03:00
|
|
|
# Skip setting custom config if there isn't one
|
|
|
|
if kwargs:
|
2021-04-26 18:37:03 +03:00
|
|
|
mutable_attrs = self.get_mutable_attrs()
|
|
|
|
for attr in mutable_attrs:
|
|
|
|
if attr in kwargs.keys():
|
2021-04-12 23:40:59 +03:00
|
|
|
setattr(self, attr, kwargs[attr])
|
2021-04-26 18:37:03 +03:00
|
|
|
elif attr not in kwargs.keys() and mutable_attrs[attr] == bool:
|
|
|
|
setattr(self, attr, False)
|
2020-05-13 02:15:53 +03:00
|
|
|
|
|
|
|
def __getitem__(self, name):
|
|
|
|
return getattr(self, name)
|
|
|
|
|
|
|
|
def __setitem__(self, name, value):
|
|
|
|
return setattr(self, name, value)
|
|
|
|
|
|
|
|
def __delitem__(self, name):
|
|
|
|
return delattr(self, name)
|
|
|
|
|
|
|
|
def __contains__(self, name):
|
2020-05-23 23:27:23 +03:00
|
|
|
return hasattr(self, name)
|
2020-11-11 08:40:49 +03:00
|
|
|
|
2021-04-12 23:40:59 +03:00
|
|
|
def get_mutable_attrs(self):
|
2021-04-26 18:37:03 +03:00
|
|
|
return {name: type(attr) for name, attr in self.__dict__.items()
|
2021-04-12 23:40:59 +03:00
|
|
|
if not name.startswith("__")
|
2021-04-14 17:42:41 +03:00
|
|
|
and (type(attr) is bool or type(attr) is str)}
|
2021-04-12 23:40:59 +03:00
|
|
|
|
2022-09-22 23:14:56 +03:00
|
|
|
def get_attrs(self):
|
|
|
|
return {name: attr for name, attr in self.__dict__.items()
|
|
|
|
if not name.startswith("__")
|
|
|
|
and (type(attr) is bool or type(attr) is str)}
|
|
|
|
|
|
|
|
@property
|
|
|
|
def preferences(self) -> str:
|
|
|
|
# if encryption key is not set will uncheck preferences encryption
|
|
|
|
if self.preferences_encrypted:
|
|
|
|
self.preferences_encrypted = bool(self.preferences_key)
|
|
|
|
|
|
|
|
# add a tag for visibility if preferences token startswith 'e' it means
|
|
|
|
# the token is encrypted, 'u' means the token is unencrypted and can be
|
|
|
|
# used by other whoogle instances
|
|
|
|
encrypted_flag = "e" if self.preferences_encrypted else 'u'
|
|
|
|
preferences_digest = self._encode_preferences()
|
|
|
|
return f"{encrypted_flag}{preferences_digest}"
|
|
|
|
|
2020-11-11 08:40:49 +03:00
|
|
|
def is_safe_key(self, key) -> bool:
|
|
|
|
"""Establishes a group of config options that are safe to set
|
|
|
|
in the url.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
key (str) -- the key to check against
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
bool -- True/False depending on if the key is in the "safe"
|
|
|
|
array
|
|
|
|
"""
|
|
|
|
|
2020-12-18 00:06:47 +03:00
|
|
|
return key in self.safe_keys
|
2020-11-11 08:40:49 +03:00
|
|
|
|
2021-05-25 00:03:02 +03:00
|
|
|
def get_localization_lang(self):
|
|
|
|
"""Returns the correct language to use for localization, but falls
|
|
|
|
back to english if not set.
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
str -- the localization language string
|
|
|
|
"""
|
|
|
|
if (self.lang_interface and
|
|
|
|
self.lang_interface in current_app.config['TRANSLATIONS']):
|
|
|
|
return self.lang_interface
|
|
|
|
|
|
|
|
return 'lang_en'
|
|
|
|
|
2020-11-11 08:40:49 +03:00
|
|
|
def from_params(self, params) -> 'Config':
|
|
|
|
"""Modify user config with search parameters. This is primarily
|
|
|
|
used for specifying configuration on a search-by-search basis on
|
|
|
|
public instances.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
params -- the url arguments (can be any deemed safe by is_safe())
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
Config -- a modified config object
|
|
|
|
"""
|
2022-09-22 23:14:56 +03:00
|
|
|
if 'preferences' in params:
|
|
|
|
params_new = self._decode_preferences(params['preferences'])
|
|
|
|
# if preferences leads to an empty dictionary it means preferences
|
|
|
|
# parameter was not decrypted successfully
|
|
|
|
if len(params_new):
|
|
|
|
params = params_new
|
|
|
|
|
2020-11-11 08:40:49 +03:00
|
|
|
for param_key in params.keys():
|
|
|
|
if not self.is_safe_key(param_key):
|
|
|
|
continue
|
Use farside.link for frontend alternatives in results (#560)
* Integrate Farside into Whoogle
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
* Expand conversion of config<->url params
Config settings can now be translated to and from URL params using a
predetermined set of "safe" keys (i.e. config settings that easily
translate to URL params).
* Allow jumping instances via Farside when ratelimited
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
Closes #554
Closes #559
2021-12-09 03:27:33 +03:00
|
|
|
param_val = params.get(param_key)
|
|
|
|
|
|
|
|
if param_val == 'off':
|
|
|
|
param_val = False
|
2022-09-22 23:14:56 +03:00
|
|
|
elif isinstance(param_val, str):
|
|
|
|
if param_val.isdigit():
|
|
|
|
param_val = int(param_val)
|
Use farside.link for frontend alternatives in results (#560)
* Integrate Farside into Whoogle
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
* Expand conversion of config<->url params
Config settings can now be translated to and from URL params using a
predetermined set of "safe" keys (i.e. config settings that easily
translate to URL params).
* Allow jumping instances via Farside when ratelimited
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
Closes #554
Closes #559
2021-12-09 03:27:33 +03:00
|
|
|
|
|
|
|
self[param_key] = param_val
|
2020-11-11 08:40:49 +03:00
|
|
|
return self
|
Use farside.link for frontend alternatives in results (#560)
* Integrate Farside into Whoogle
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
* Expand conversion of config<->url params
Config settings can now be translated to and from URL params using a
predetermined set of "safe" keys (i.e. config settings that easily
translate to URL params).
* Allow jumping instances via Farside when ratelimited
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
Closes #554
Closes #559
2021-12-09 03:27:33 +03:00
|
|
|
|
2022-10-26 19:26:14 +03:00
|
|
|
def to_params(self, keys: list = []) -> str:
|
Use farside.link for frontend alternatives in results (#560)
* Integrate Farside into Whoogle
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
* Expand conversion of config<->url params
Config settings can now be translated to and from URL params using a
predetermined set of "safe" keys (i.e. config settings that easily
translate to URL params).
* Allow jumping instances via Farside when ratelimited
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
Closes #554
Closes #559
2021-12-09 03:27:33 +03:00
|
|
|
"""Generates a set of safe params for using in Whoogle URLs
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
str -- a set of URL parameters
|
|
|
|
"""
|
2022-10-26 19:26:14 +03:00
|
|
|
if not len(keys):
|
|
|
|
keys = self.safe_keys
|
|
|
|
|
Use farside.link for frontend alternatives in results (#560)
* Integrate Farside into Whoogle
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
* Expand conversion of config<->url params
Config settings can now be translated to and from URL params using a
predetermined set of "safe" keys (i.e. config settings that easily
translate to URL params).
* Allow jumping instances via Farside when ratelimited
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
Closes #554
Closes #559
2021-12-09 03:27:33 +03:00
|
|
|
param_str = ''
|
2022-10-26 19:26:14 +03:00
|
|
|
for safe_key in keys:
|
Use farside.link for frontend alternatives in results (#560)
* Integrate Farside into Whoogle
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
* Expand conversion of config<->url params
Config settings can now be translated to and from URL params using a
predetermined set of "safe" keys (i.e. config settings that easily
translate to URL params).
* Allow jumping instances via Farside when ratelimited
When instances are ratelimited (when a captcha is returned instead of
the user's search results) the user can now hop to a new instance via
Farside, a new backend service that redirects users to working instances
of a particular frontend. In this case, it presents a user with a
Farside link to a new Whoogle (or Searx) instance instead, so that the
user can resume their search.
For the generated Farside->Whoogle link, the generated link includes the
user's current Whoogle configuration settings as URL params, to ensure a
more seamless transition between instances. This doesn't translate to
the Farside->Searx link, but potentially could with some changes.
Closes #554
Closes #559
2021-12-09 03:27:33 +03:00
|
|
|
if not self[safe_key]:
|
|
|
|
continue
|
|
|
|
param_str = param_str + f'&{safe_key}={self[safe_key]}'
|
|
|
|
|
|
|
|
return param_str
|
2022-09-22 23:14:56 +03:00
|
|
|
|
|
|
|
def _get_fernet_key(self, password: str) -> bytes:
|
|
|
|
hash_object = hashlib.md5(password.encode())
|
|
|
|
key = urlsafe_b64encode(hash_object.hexdigest().encode())
|
|
|
|
return key
|
|
|
|
|
|
|
|
def _encode_preferences(self) -> str:
|
|
|
|
encoded_preferences = brotli.compress(pickle.dumps(self.get_attrs()))
|
|
|
|
if self.preferences_encrypted:
|
|
|
|
if self.preferences_key != '':
|
|
|
|
key = self._get_fernet_key(self.preferences_key)
|
|
|
|
encoded_preferences = Fernet(key).encrypt(encoded_preferences)
|
|
|
|
encoded_preferences = brotli.compress(encoded_preferences)
|
|
|
|
|
|
|
|
return urlsafe_b64encode(encoded_preferences).decode()
|
|
|
|
|
|
|
|
def _decode_preferences(self, preferences: str) -> dict:
|
|
|
|
mode = preferences[0]
|
|
|
|
preferences = preferences[1:]
|
|
|
|
if mode == 'e': # preferences are encrypted
|
|
|
|
try:
|
|
|
|
key = self._get_fernet_key(self.preferences_key)
|
|
|
|
|
|
|
|
config = Fernet(key).decrypt(
|
|
|
|
brotli.decompress(urlsafe_b64decode(preferences.encode()))
|
|
|
|
)
|
|
|
|
|
|
|
|
config = pickle.loads(brotli.decompress(config))
|
|
|
|
except Exception:
|
|
|
|
config = {}
|
|
|
|
elif mode == 'u': # preferences are not encrypted
|
|
|
|
config = pickle.loads(
|
|
|
|
brotli.decompress(urlsafe_b64decode(preferences.encode()))
|
|
|
|
)
|
|
|
|
else: # preferences are incorrectly formatted
|
|
|
|
config = {}
|
|
|
|
return config
|