From c9ee9dcc8b66868dce8a057e0ee9f0d539118366 Mon Sep 17 00:00:00 2001 From: MadcowOG <88654251+MadcowOG@users.noreply.github.com> Date: Thu, 16 Jun 2022 17:05:41 +0000 Subject: [PATCH] Tor password authentication (#746) Added password authentication for tor control port. For user configuration of access to tor control port. This file should be heavily restricted in file system. Co-authored-by: MadcowOG --- README.md | 8 +++++--- app/request.py | 22 +++++++++++++++++++++- app/routes.py | 1 - misc/tor/control.conf | 1 + 4 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 misc/tor/control.conf diff --git a/README.md b/README.md index df5f408..4874388 100644 --- a/README.md +++ b/README.md @@ -337,12 +337,14 @@ There are a few optional environment variables available for customizing a Whoog | WHOOGLE_ALT_RD | The reddit.com alternative to use when site alternatives are enabled in the config. | | WHOOGLE_ALT_TL | The Google Translate alternative to use. This is used for all "translate ____" searches. | | WHOOGLE_ALT_MD | The medium.com alternative to use when site alternatives are enabled in the config. | -| WHOOGLE_ALT_IMG | The imgur.com alternative to use when site alternatives are enabled in the config. | -| WHOOGLE_ALT_WIKI | The wikipedia.com alternative to use when site alternatives are enabled in the config. | +| WHOOGLE_ALT_IMG | The imgur.com alternative to use when site alternatives are enabled in the config. | +| WHOOGLE_ALT_WIKI | The wikipedia.com alternative to use when site alternatives are enabled in the config. | | WHOOGLE_AUTOCOMPLETE | Controls visibility of autocomplete/search suggestions. Default on -- use '0' to disable | | WHOOGLE_MINIMAL | Remove everything except basic result cards from all search queries. | | WHOOGLE_CSP | Sets a default set of 'Content-Security-Policy' headers | -| WHOOGLE_RESULTS_PER_PAGE | Set the number of results per page | +| WHOOGLE_RESULTS_PER_PAGE | Set the number of results per page | +| WHOOGLE_TOR_USE_PASS | Use password authentication for tor control port. | +| WHOOGLE_TOR_CONF | The absolute path to the config file containing the password for the tor control port. Default: ./misc/tor/control.conf WHOOGLE_TOR_PASS must be 1 for this to work.| ### Config Environment Variables These environment variables allow setting default config values, but can be overwritten manually by using the home page config menu. These allow a shortcut for destroying/rebuilding an instance to the same config state every time. diff --git a/app/request.py b/app/request.py index d222c45..8a73e6d 100644 --- a/app/request.py +++ b/app/request.py @@ -1,4 +1,5 @@ from app.models.config import Config +from app.utils.misc import read_config_bool from datetime import datetime from defusedxml import ElementTree as ET import random @@ -8,6 +9,7 @@ import urllib.parse as urlparse import os from stem import Signal, SocketError from stem.control import Controller +from stem.connection import authenticate_cookie, authenticate_password MAPS_URL = 'https://maps.google.com/maps' AUTOCOMPLETE_URL = ('https://suggestqueries.google.com/' @@ -37,9 +39,27 @@ class TorError(Exception): def send_tor_signal(signal: Signal) -> bool: + use_pass = read_config_bool('WHOOGLE_TOR_USE_PASS') + + confloc = './misc/tor/control.conf' + # Check that the custom location of conf is real. + temp = os.getenv('WHOOGLE_TOR_CONF', '') + if os.path.isfile(temp): + confloc = temp + + # Attempt to authenticate and send signal. try: with Controller.from_port(port=9051) as c: - c.authenticate() + if use_pass: + with open(confloc, "r") as conf: + # Scan for the last line of the file. + for line in conf: + pass + secret = line + authenticate_password(c, password=secret) + else: + cookie_path = '/var/lib/tor/control_auth_cookie' + authenticate_cookie(c, cookie_path=cookie_path) c.signal(signal) os.environ['TOR_AVAILABLE'] = '1' return True diff --git a/app/routes.py b/app/routes.py index 90826bc..4d4e116 100644 --- a/app/routes.py +++ b/app/routes.py @@ -1,7 +1,6 @@ import argparse import base64 import io -import os import json import os import pickle diff --git a/misc/tor/control.conf b/misc/tor/control.conf new file mode 100644 index 0000000..9f0dc08 --- /dev/null +++ b/misc/tor/control.conf @@ -0,0 +1 @@ +# Place password here. Keep this safe. \ No newline at end of file