Commit Graph

169 Commits (65d948368cd17a9369512a64b878ec9bf9acc9e9)

Author SHA1 Message Date
Ben Busby 1fdf226802
Use curl-based healthcheck w/ new non-auth route
The wget method seemed to have a possible issue with creating endless
index.html copies (despite being specified to output to console only),
so this has been updated to use curl instead.

Also uses new non-authenticated "healthz" route to perform the
healthcheck.

Fix #316

Fix #313
2021-05-18 11:48:15 -04:00
bruvv 27b6d05b6a
Fix EU consent bug (#320)
* Update request.py

* Use current date to format EU consent cookie

Co-authored-by: Ben Busby <benbusby@protonmail.com>
2021-05-18 10:52:24 -04:00
Harsh Barsaiyan 4466bbc8f4
Add divider to user-defined CSS (#310) 2021-05-11 12:26:37 -04:00
Ben Busby 05995649f3
Hotfix: check for site filters before modifying query
The previous method of removing all site filters from the search query
removed the last letter of the search. This only applies the substring
filter if any site filters are present in the query.

Fixes #306
2021-05-10 12:07:55 -04:00
Ben Busby c8da53d4b0
Block websites from search results via user config (#304)
* Block websites in search results via user config

Adds a new config field "Block" to specify a comma separated list of
websites to block in search results. This is applied for all searches.

* Add test for blocking sites from search results

* Document WHOOGLE_CONFIG_BLOCK usage

* Strip '-site:' filters from query in header template

The 'behind the scenes' site filter applied for blocked sites was
appearing in the query field when navigating between search categories
(all -> images -> news, etc). This prevents the filter from appearing in
all except "images", since the image category uses a separate header.
This should eventually be addressed when the image page can begin using
the standard whoogle header, but until then, the filter will still
appear for image searches.
2021-05-07 11:45:53 -04:00
Ben Busby a7bf9728e3
Allow 'data:' for img src in app CSP
Disallowing base64 images in the app resulted in broken image
placeholders for things like pronunciation guides, business reviews,
etc.
2021-05-05 12:51:11 -04:00
Angel Mario d6d7110e22
Add option to disable changing config from client (#295)
* Add option to disable changing of configuration

Introduces a test to ensure the correct response code is found when
attempting to update the config when disabled, and ensure default config
is unchanged when posting a new config dict.

Attempting to update the config using the API when disabled now returns
a 403 code + redirect.

Co-authored-by: Ben Busby <benbusby@protonmail.com>
2021-04-27 10:36:03 -04:00
Ben Busby 8ae7b5947e
Separate interface language from search language in env vars
The search language is now set using the WHOOGLE_CONFIG_SEARCH_LANGUAGE
environment variable. Interface language is still set using
WHOOGLE_CONFIG_LANGUAGE.

Fixes #260
2021-04-26 11:38:55 -04:00
Ben Busby f56e913521
Remove gap between input and result types
Enforces 0 margin for the search input form on the result page, which
removes the weird gap that is seen by default.

Also made minor changes to the border styling. Desktop searches now have
a single bottom border in dark mode rather than an all around border,
and the border around the mobile search result input was removed
entirely.
2021-04-22 16:24:43 -04:00
Ben Busby 5b963b441c
Focus search input after clearing w/ reset btn
See #291
2021-04-22 10:02:15 -04:00
Ben Busby 01fe0c02a5
Add button to clear search input on mobile
This was unfortunately a bit more complex than just adding an HTML reset
button, since reset buttons only "reset" input content to its original
value rather than clearing it. This doesn't work for Whoogle's needs,
since inputs on search result pages are auto populated with the search
content as their default value.

A reset button was introduced anyways, but is controlled by a few lines
of javascript to allow completely clearing the search input. The button
will only appear on mobile searches.

At the moment, it isn't particularly pretty, but is functional. It uses
just a plain "x" character and is always visible on mobile search result
pages. This leaves plenty of room for improvement moving forward.

Fixes #291
2021-04-21 11:38:19 -04:00
Ben Busby 7136197e5d
Fix missing text style for active search suggestions 2021-04-21 10:49:27 -04:00
Ben Busby 2eb33007f7
Disable autocorrect on mobile search inputs
Fixes #292
2021-04-21 10:48:26 -04:00
Ben Busby d2fac809ca
Fix mishandling of empty config environment variables
The recent change to cast bool config vars as ints to handle a '0' or
'1' value was shortsighted, since it doesn't allow for instances where
the variable is set to an empty value (or '' or any invalid/non-int
value).

This introduces a read_config_bool method for reading values that should
be a '0' or '1', but will default to False if not a digit (otherwise the
value will be cast as bool(int(value)) if "value" is a digit str).

Fixes #288
2021-04-14 10:42:41 -04:00
Ben Busby baa7a87efb
Fix incorrect config bool env var casting
Config boolean environment variables need to be cast to ints, since
they are set or unset using 0 and 1. Previously they were interpreted as
(pseudocode) read_var(name, default=False), which meant that setting
CONFIG_VAR=0 would enable that variable since Python reads environment
variables as strings, and '0' is truthy. This updates the previous logic
to (still pseudocode) int(read_var(name, default='0')).

Fixes #279
2021-04-12 16:40:59 -04:00
Ben Busby b7e48a9597
Replace remaining hardcoded theme values
Both light and dark themes have been updated to remove the leftover
hardcoded values (mostly related to the search suggestion styling).

See discussion in #247.
2021-04-12 10:22:34 -04:00
Ben Busby 1030118d0b
Expand custom css theming support
Also adds new default dark theme designed by @gripped.
2021-04-09 11:00:02 -04:00
gripped 13abb0ae7f
Add .BVG0Nb to dark-theme.css 2021-04-09 10:57:23 -04:00
Ben Busby ed32fb927c
Disable logging from imported modules
The logging from imported modules (stem, in particular) has caused quite
a few users to assume there are errors where there aren't any. The logs
from stem also aren't helpful, as everything in the library works as
expected despite the implication from the logs that it is not working.
2021-04-09 09:26:16 -04:00
Ben Busby a321d55f13
Hotfix: Send generic "Mozilla" in user agent
Randomizing the "Mozilla" portion of the user agent changed the
character encoding to GB2312. Setting it to plain "Mozilla" enforces
UTF-8 encoding.

Bump to version 0.4.1 for release of bug fix

Fixes #267
2021-04-08 09:43:41 -04:00
Ben Busby 30be540b97 Bump version to 0.4.0 2021-04-05 11:00:56 -04:00
Ben Busby 0b9600b564 Expand custom css variables and functionality
Squashed commit of the following:

commit 37e22d2945b077a94d9997d064f4355ff8819bae
Author: Ben Busby <benbusby@protonmail.com>
Date:   Mon Apr 5 10:27:05 2021 -0400

    Pass user config to logo template

commit 2406fee05c3e221112fbe802fbf2ecca1df99127
Author: Ben Busby <benbusby@protonmail.com>
Date:   Mon Apr 5 10:24:54 2021 -0400

    Fix incorrect contrast text in dark theme

commit 91dd677e22c2e99819123154e03e9f519f95a9bd
Author: Ben Busby <benbusby@protonmail.com>
Date:   Fri Apr 2 17:21:38 2021 -0400

    Remove inline onclicks, fix svg sizing

commit 91bbf9c0fae36febd6a6a0d8e6a560babe8622d5
Merge: 72637df b1227bd
Author: Ben Busby <benbusby@protonmail.com>
Date:   Fri Apr 2 15:35:37 2021 -0400

    Merge remote-tracking branch 'origin/develop' into custom-css-tweaks

commit 72637df213f4b9e83e4b58fe76973de02f63ec8e
Author: Ben Busby <benbusby@protonmail.com>
Date:   Fri Apr 2 11:38:38 2021 -0400

    Use svg logo w/ custom styling on results pages

commit 666a7ceac4a6e4d3fe1975dcee91e6094b66149e
Author: Ben Busby <benbusby@protonmail.com>
Date:   Fri Apr 2 11:10:37 2021 -0400

    Split whoogle-accent into whoogle-element-bg and whoogle-logo

    See discussion on #247
2021-04-05 11:00:56 -04:00
Ben Busby 50c888f9a7 Revert heroku app https upgrade fix 2021-04-05 11:00:56 -04:00
Ben Busby df0b7afa50 Switch to single Fernet key per session
This moves away from the previous (messy) approach of using two separate
keys for decrypting text and element URLs separately and regenerating
them for new searches. The current implementation of sessions is not very
reliable, which lead to keys being regenerated too soon, which would
break page navigation. Until that can be addressed, the single
key per session approach should work a lot better.

Fixes #250

Fixes #90
2021-04-05 11:00:56 -04:00
Ben Busby ed4432f3f8 Hotfix: Upgrade heroku apps to https for all endpoints
The previous implementation of the is_heroku check in
search.needs_https() was implemented to only match URLs ending in
'.herokuapp.com', and skipped upgrading to HTTPS for other endpoints.
2021-04-05 11:00:56 -04:00
Ben Busby 7b9ee37beb Allow defining initial config state w/ env vars
This introduces a set of environment variables that can be used for
defining initial config state, to expedite the process of
destroying/relaunching instances quickly with the same settings every
time.

Closes #228

Closes #195
2021-04-05 11:00:56 -04:00
Shimul 8a10efaa01 Allow setting environment variables in whoogle.env (#237)
This allows the user to enable their preferred settings in a variety of
ways, depending on their deployment preference. Values added to
whoogle.env can be enabled using WHOOGLE_DOTENV=1, in which case all
values in the env var file will overwrite defaults or user provided
settings.

Co-authored-by: Ben Busby <benbusby@protonmail.com>
2021-04-05 11:00:56 -04:00
Ben Busby 8ad8e66d37 Improve static typing throughout repo
Eventually this should be part of a separate mypy ci build, but right
now it's just a general guideline. Future commits and PRs should be
validated for static typing wherever possible.

For reference, the testing commands used for this commit were:

mypy --ignore-missing-imports --pretty --disallow-untyped-calls app/
mypy --ignore-missing-imports --pretty --disallow-untyped-calls test/
2021-04-05 11:00:56 -04:00
Shimul 892b646a4e Configure PWA for mobile browsers (#234)
Fix PWA issue for mobile phones
Fix icon loading issue
Update app/static/img/favicon/manifest.json

Co-authored-by: Ben Busby <benbusby@pm.me>
2021-04-05 11:00:56 -04:00
Ben Busby e7c63afc1a Re-add search css to results page
The results page search css was removed during the refactor to allow for
user defined css. This adds that back.
2021-04-05 11:00:56 -04:00
Ben Busby 083c3758a1 Return 503 if response is blocked by captcha
Also added in a slight modification to the dark theme style, which
should only apply the border radius in the header.

Closes #226
2021-04-05 11:00:56 -04:00
Ben Busby 62a9b9e949 Allow user-defined CSS/theming (#227)
* Add custom CSS field to config

This allows users to set/customize an instance's theme and appearance to
their liking. The config CSS field is prepopulated with all default CSS
variable values to allow quick editing.

Note that this can be somewhat of a "footgun" if someone updates the
CSS to hide all fields/search/etc. Should probably add some sort of
bandaid "admin" feature for public instances to employ until the whole
cookie/session issue is investigated further.

* Symlink all app static files to test dir

* Refactor app/misc/*.json -> app/static/settings/*.json

The country/language json files are used for user config settings, so
the "misc" name didn't really make sense. Also moved these to the static
folder to make testing easier.

* Fix light theme variables in dark theme css

* Minor style tweaking
2021-04-05 11:00:56 -04:00
Shimul 337d0ebe37 Handle manifest-src in CSP (#231) 2021-04-05 11:00:56 -04:00
Ben Busby e5d1f6a292 Add healthcheck to Dockerfile
See #184
2021-04-05 11:00:56 -04:00
Ben Busby f8dfc78539 Improve naming of *_utils files, update fn/class doc
The app/utils/*_utils weren't named very well, and all have been updated
to have more accurate names.

Function and class documention for the utils have been updated as well,
as part of the effort to improve overall documentation for the project.
2021-04-05 11:00:56 -04:00
Ben Busby dcb80ac250 Send CSP header in all responses
Introduces a new content security policy header for responses to all
requests to reduce the possibility of ip leaks to outside connections.
By default blocks all inline scripts, and only allows content loaded
from Whoogle.

Refactors a few small inline scripting cases in the project to their own
individual scripts.
2021-04-05 11:00:56 -04:00
Ben Busby d146016860 Remove auth req for accessing opensearch
Requiring authentication for accessing the opensearch template prevents
the browser from accessing the file when adding as a default search
engine. This removes the authentication requirement from the opensearch
route, which should never provide any sensitive information anyways.
2021-04-05 11:00:56 -04:00
Ben Busby ecb7885a56 Allow bang operator anywhere in query
Bang operator can now be placed anywhere in the query, to allow for peak
efficiency in stream of consciousness querying (i.e. `big !reddit
chungus` will search reddit for big chungus`).

Fixes #196
2021-04-05 11:00:56 -04:00
Ben Busby 64567a63ea Ensure G logo doesn't appear in mobile img results
Adds a separate check to remove all images sourced from www.gstatic.com,
which is where the mobile logo in particular is coming from.
2021-04-05 11:00:56 -04:00
Tomasz Borychowski 03bd4b6871 fix 'j' and 'k' inside search input 2021-04-05 11:00:56 -04:00
Roman Štefko 7f3a284e04 Do not autocapitalize on index page search bar (#200) 2021-04-05 11:00:56 -04:00
Tomasz Borychowski 5538ac862e add basic keyboard support 2021-04-05 11:00:56 -04:00
Ben Busby 6600d8580c Add ability to redirect reddit.com to libredd.it (#180)
* Adds the ability to redirect reddit.com to libredd.it using the existing
 "site alts" config setting.

This adds the WHOOGLE_ALT_RD environment variable for optionally
redirecting reddit links to libreddit
(https://github.com/spikecodes/libreddit).

* Include libreddit in home page site alt note
2021-04-05 11:00:56 -04:00
Ben Busby b57c86a1d0
Bump version to 0.3.2 2021-04-02 12:57:15 -04:00
Ben Busby fdd4ee590f
Hotfix: Set EU consent cookie to pending for all requests
See discussion on #243
2021-04-02 12:32:59 -04:00
Ben Busby 0a6575d219
Hotfix: Move language/country json to app dir
Pip installs of whoogle search were missing access to the misc/ folder,
which previously contained the language and country json files. These
have been moved to app/misc, and the previous root level misc/ was
renamed to config/ (since it now only contains the tor config files).

Bump to 0.3.1.
2021-02-07 18:55:27 -05:00
Ben Busby 329c38efb0
Hotfix: Enforce https in heroku opensearch template
Heroku instances were using the base http url when formatting the
opensearch.xml template. This adds a new routing utility, "needs_https",
which can be used for determining if the url in question needs
upgrading.
2021-01-23 14:50:30 -05:00
Ben Busby 5c69283e80
Hotfix: Add hidden submit btn for nojs searches
With javascript disabled, searches could not be submitted on the results
page using the "Enter" key. Adding a hidden submit button to the header
template resolves this issue.
2021-01-19 11:11:13 -05:00
Ben Busby 406e236666
Bump version to 0.3.0 2021-01-17 23:07:43 -05:00
Ben Busby 440c4e9c50
Remove lxml dependency
The lxml dependency in the project was fairly unnecessary, and made the
initial build time for the project considerably slower. This replaces
all instances of lxml with either the default html parser (for bs4
constructors) or the built in xml.etree package (for search suggestion
parsing).
2020-12-29 18:43:42 -05:00