Tor password authentication (#746)

Added password authentication for tor control port.

For user configuration of access to tor control port. This file should be
heavily restricted in file system.

Co-authored-by: MadcowOG <madcowog@Arch-Main.localdomain>
main
MadcowOG 2022-06-16 17:05:41 +00:00 committed by GitHub
parent dc03022e27
commit c9ee9dcc8b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 27 additions and 5 deletions

View File

@ -337,12 +337,14 @@ There are a few optional environment variables available for customizing a Whoog
| WHOOGLE_ALT_RD | The reddit.com alternative to use when site alternatives are enabled in the config. | | WHOOGLE_ALT_RD | The reddit.com alternative to use when site alternatives are enabled in the config. |
| WHOOGLE_ALT_TL | The Google Translate alternative to use. This is used for all "translate ____" searches. | | WHOOGLE_ALT_TL | The Google Translate alternative to use. This is used for all "translate ____" searches. |
| WHOOGLE_ALT_MD | The medium.com alternative to use when site alternatives are enabled in the config. | | WHOOGLE_ALT_MD | The medium.com alternative to use when site alternatives are enabled in the config. |
| WHOOGLE_ALT_IMG | The imgur.com alternative to use when site alternatives are enabled in the config. | | WHOOGLE_ALT_IMG | The imgur.com alternative to use when site alternatives are enabled in the config. |
| WHOOGLE_ALT_WIKI | The wikipedia.com alternative to use when site alternatives are enabled in the config. | | WHOOGLE_ALT_WIKI | The wikipedia.com alternative to use when site alternatives are enabled in the config. |
| WHOOGLE_AUTOCOMPLETE | Controls visibility of autocomplete/search suggestions. Default on -- use '0' to disable | | WHOOGLE_AUTOCOMPLETE | Controls visibility of autocomplete/search suggestions. Default on -- use '0' to disable |
| WHOOGLE_MINIMAL | Remove everything except basic result cards from all search queries. | | WHOOGLE_MINIMAL | Remove everything except basic result cards from all search queries. |
| WHOOGLE_CSP | Sets a default set of 'Content-Security-Policy' headers | | WHOOGLE_CSP | Sets a default set of 'Content-Security-Policy' headers |
| WHOOGLE_RESULTS_PER_PAGE | Set the number of results per page | | WHOOGLE_RESULTS_PER_PAGE | Set the number of results per page |
| WHOOGLE_TOR_USE_PASS | Use password authentication for tor control port. |
| WHOOGLE_TOR_CONF | The absolute path to the config file containing the password for the tor control port. Default: ./misc/tor/control.conf WHOOGLE_TOR_PASS must be 1 for this to work.|
### Config Environment Variables ### Config Environment Variables
These environment variables allow setting default config values, but can be overwritten manually by using the home page config menu. These allow a shortcut for destroying/rebuilding an instance to the same config state every time. These environment variables allow setting default config values, but can be overwritten manually by using the home page config menu. These allow a shortcut for destroying/rebuilding an instance to the same config state every time.

View File

@ -1,4 +1,5 @@
from app.models.config import Config from app.models.config import Config
from app.utils.misc import read_config_bool
from datetime import datetime from datetime import datetime
from defusedxml import ElementTree as ET from defusedxml import ElementTree as ET
import random import random
@ -8,6 +9,7 @@ import urllib.parse as urlparse
import os import os
from stem import Signal, SocketError from stem import Signal, SocketError
from stem.control import Controller from stem.control import Controller
from stem.connection import authenticate_cookie, authenticate_password
MAPS_URL = 'https://maps.google.com/maps' MAPS_URL = 'https://maps.google.com/maps'
AUTOCOMPLETE_URL = ('https://suggestqueries.google.com/' AUTOCOMPLETE_URL = ('https://suggestqueries.google.com/'
@ -37,9 +39,27 @@ class TorError(Exception):
def send_tor_signal(signal: Signal) -> bool: def send_tor_signal(signal: Signal) -> bool:
use_pass = read_config_bool('WHOOGLE_TOR_USE_PASS')
confloc = './misc/tor/control.conf'
# Check that the custom location of conf is real.
temp = os.getenv('WHOOGLE_TOR_CONF', '')
if os.path.isfile(temp):
confloc = temp
# Attempt to authenticate and send signal.
try: try:
with Controller.from_port(port=9051) as c: with Controller.from_port(port=9051) as c:
c.authenticate() if use_pass:
with open(confloc, "r") as conf:
# Scan for the last line of the file.
for line in conf:
pass
secret = line
authenticate_password(c, password=secret)
else:
cookie_path = '/var/lib/tor/control_auth_cookie'
authenticate_cookie(c, cookie_path=cookie_path)
c.signal(signal) c.signal(signal)
os.environ['TOR_AVAILABLE'] = '1' os.environ['TOR_AVAILABLE'] = '1'
return True return True

View File

@ -1,7 +1,6 @@
import argparse import argparse
import base64 import base64
import io import io
import os
import json import json
import os import os
import pickle import pickle

1
misc/tor/control.conf Normal file
View File

@ -0,0 +1 @@
# Place password here. Keep this safe.