Feature: https only -- adds option to enforce https on running instances (#48)

* Adding HTTPS enforcement

Command line runs of Whoogle Search through pip/pipx/etc will need the
`--https-only` flag appended to the run command.

Docker runs require the `use_https` build arg applied.

* Update README.md

Moved https-only note to top of docker run command, updated pip runner help output

* Dockerfile: removed HTTPS enforcement, updated PORT setting

Dockerfile no longer enforces an HTTPS connection, but still allows for
setting via a build arg. The Flask server port is now configurable as a
build arg as well, by setting a port number to "whoogle_port"

* Fixed incorrect port assignment
main
Ben Busby 2020-05-15 15:44:50 -06:00 committed by GitHub
parent afd5b9aa83
commit 1ed6178e9a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 4 deletions

View File

@ -10,8 +10,14 @@ RUN mkdir $config_dir
VOLUME $config_dir VOLUME $config_dir
ENV CONFIG_VOLUME=$config_dir ENV CONFIG_VOLUME=$config_dir
ARG use_https=''
ENV HTTPS_ONLY=$use_https
ARG whoogle_port=5000
ENV EXPOSE_PORT=$whoogle_port
COPY . . COPY . .
EXPOSE 5000 EXPOSE $EXPOSE_PORT
CMD ["./whoogle-search"] CMD ["./whoogle-search"]

View File

@ -72,6 +72,7 @@ Sandboxed temporary instance:
```bash ```bash
$ whoogle-search --help $ whoogle-search --help
usage: whoogle-search [-h] [--port <port number>] [--host <ip address>] [--debug] usage: whoogle-search [-h] [--port <port number>] [--host <ip address>] [--debug]
[--https-only]
Whoogle Search console runner Whoogle Search console runner
@ -79,7 +80,8 @@ optional arguments:
-h, --help show this help message and exit -h, --help show this help message and exit
--port <port number> Specifies a port to run on (default 5000) --port <port number> Specifies a port to run on (default 5000)
--host <ip address> Specifies the host address to use (default 127.0.0.1) --host <ip address> Specifies the host address to use (default 127.0.0.1)
--debug Activates debug mode for the Flask server (default False) --debug Activates debug mode for the server (default False)
--https-only Enforces HTTPS redirects for all requests (default False)
``` ```
### D) Manual ### D) Manual
@ -124,7 +126,7 @@ docker build --tag whoogle-search:1.0 .
docker run --publish 5000:5000 --detach --name whoogle-search whoogle-search:1.0 docker run --publish 5000:5000 --detach --name whoogle-search whoogle-search:1.0
``` ```
And kill with: `docker rm --force whooglesearch` And kill with: `docker rm --force whoogle-search`
#### Using [Heroku CLI](https://devcenter.heroku.com/articles/heroku-cli) #### Using [Heroku CLI](https://devcenter.heroku.com/articles/heroku-cli)
```bash ```bash

View File

@ -20,6 +20,12 @@ CONFIG_PATH = os.getenv('CONFIG_VOLUME', app.config['STATIC_FOLDER']) + '/config
@app.before_request @app.before_request
def before_request_func(): def before_request_func():
# Always redirect to https if HTTPS_ONLY is set
if os.getenv('HTTPS_ONLY', False) and request.url.startswith('http://'):
url = request.url.replace('http://', 'https://', 1)
code = 301
return redirect(url, code=code)
json_config = json.load(open(CONFIG_PATH)) if os.path.exists(CONFIG_PATH) else {'url': request.url_root} json_config = json.load(open(CONFIG_PATH)) if os.path.exists(CONFIG_PATH) else {'url': request.url_root}
g.user_config = Config(**json_config) g.user_config = Config(**json_config)
@ -162,7 +168,11 @@ def run_app():
help='Specifies the host address to use (default 127.0.0.1)') help='Specifies the host address to use (default 127.0.0.1)')
parser.add_argument('--debug', default=False, action='store_true', parser.add_argument('--debug', default=False, action='store_true',
help='Activates debug mode for the server (default False)') help='Activates debug mode for the server (default False)')
parser.add_argument('--https-only', default=False, action='store_true',
help='Enforces HTTPS redirects for all requests')
args = parser.parse_args() args = parser.parse_args()
os.environ['HTTPS_ONLY'] = '1' if args.https_only else ''
if args.debug: if args.debug:
app.run(host=args.host, port=args.port, debug=args.debug) app.run(host=args.host, port=args.port, debug=args.debug)
else: else:

View File

@ -7,7 +7,7 @@ SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)"
# Set default port if unavailable # Set default port if unavailable
if [[ -z "${PORT}" ]]; then if [[ -z "${PORT}" ]]; then
PORT=5000 PORT="${EXPOSE_PORT:-5000}"
fi fi
# Set directory to serve static content from # Set directory to serve static content from