Commit Graph

38 Commits (afd01820bbb859d86938abb0b55ac7df96278d8a)

Author SHA1 Message Date
Ben Busby bcb1d8ecc9
Add lingva translation support in search (#360)
* Add support for Lingva translations in results

Searches that contain the word "translate" and are normal search queries
(i.e. not news/images/video/etc) now create an iframe to a Lingva url to
translate the user's search using their configured search language.

The Lingva url can be configured using the WHOOGLE_ALT_TL env var, or
will fall back to the official Lingva instance url (lingva.ml).

For more info, visit https://github.com/TheDavidDelta/lingva-translate

* Add basic test for lingva results

* Allow user specified lingva instances through csp frame-src

* Fix pep8 issue
2021-06-15 10:14:42 -04:00
Ben Busby 904091f440
Bump version to 0.5.4 2021-06-06 13:45:03 -04:00
Ben Busby a64a86efb6
Bump version to 0.5.3 2021-06-04 11:31:03 -04:00
Ben Busby 614dceeb70
Add fallback interface/search lang + cleanup
Since the interface language defaults to IP geolocation by google, the
default language is now set to english. Still not sure if this is the
best solution, but at least temporarily should clear up some confusion
for users with instances deployed in countries outside of their own.

Also performed some minor cleanup:
  - Updated name of strip_blocked_sites to clean_query
  - Added clean_query to list of jinja template functions
  - Ensured site block list doesn't contain duplicate filters
2021-06-04 11:09:30 -04:00
Ben Busby cbe32a081e
Hotfix: extract only 'q' element from query string
Occasionally the search results will contain links with arguments such
as 'dq', which was being erroneously used in attempts to extract the 'q'
element from query strings. This enforces that only links with '?q=' or
'&q=' (elements with a standalone 'q' arg) will have the element
extracted.

I also refactored the naming of this element once extracted to be just
'q'. Although this seems counterintuitive, it makes a little more sense
since this element is the one we're extracting. It's a vague url arg
name, but it is what it is.

Bump version to 0.5.2 for hotfix release
2021-05-29 12:22:37 -04:00
Ben Busby 43faaee77f
Hotfix: remove site filter for maps links
The new site filter breaks links to Maps results, so filter.py needed
to be updated to handle these links as a unique case. A new method was
introduced to easily remove any "-site:..." filters from the query,
which is now also used to format queries in the header template rather
than manually removing the blocked site list within the template itself.

Bumps version to 0.5.1 for releasing the bugfix

Fixes #329
2021-05-27 12:01:57 -04:00
Ben Busby 4649d96dda
Support basic localization (#325)
* Replace hardcoded strings using translation json file

This introduces a new "translations.json" file under app/static/settings
that is loaded on app init and uses the user config value for interface
language to determine the appropriate strings to use in Whoogle-specific
elements of the UI (primarily only on the home page).

* Verify interface lang can be used for localization

Check the configured interface language against the available
localization dict before attempting to use, otherwise fall back to
english.

Also expanded language names in the languages json file.

* Add test for validating translation language keys

Also adds Spanish translation to json (the only non-English language I
can add and reasonably validate on my own).

* Validate all translations against original keyset, update readme

Readme has been updated to include basic contributing guidelines for
both code and translations.
2021-05-24 17:03:02 -04:00
Ben Busby fcfa3783e3
Bump version to 0.5.0 2021-05-21 10:50:07 -04:00
Ben Busby a7bf9728e3
Allow 'data:' for img src in app CSP
Disallowing base64 images in the app resulted in broken image
placeholders for things like pronunciation guides, business reviews,
etc.
2021-05-05 12:51:11 -04:00
Angel Mario d6d7110e22
Add option to disable changing config from client (#295)
* Add option to disable changing of configuration

Introduces a test to ensure the correct response code is found when
attempting to update the config when disabled, and ensure default config
is unchanged when posting a new config dict.

Attempting to update the config using the API when disabled now returns
a 403 code + redirect.

Co-authored-by: Ben Busby <benbusby@protonmail.com>
2021-04-27 10:36:03 -04:00
Ben Busby ed32fb927c
Disable logging from imported modules
The logging from imported modules (stem, in particular) has caused quite
a few users to assume there are errors where there aren't any. The logs
from stem also aren't helpful, as everything in the library works as
expected despite the implication from the logs that it is not working.
2021-04-09 09:26:16 -04:00
Ben Busby a321d55f13
Hotfix: Send generic "Mozilla" in user agent
Randomizing the "Mozilla" portion of the user agent changed the
character encoding to GB2312. Setting it to plain "Mozilla" enforces
UTF-8 encoding.

Bump to version 0.4.1 for release of bug fix

Fixes #267
2021-04-08 09:43:41 -04:00
Ben Busby 30be540b97 Bump version to 0.4.0 2021-04-05 11:00:56 -04:00
Ben Busby df0b7afa50 Switch to single Fernet key per session
This moves away from the previous (messy) approach of using two separate
keys for decrypting text and element URLs separately and regenerating
them for new searches. The current implementation of sessions is not very
reliable, which lead to keys being regenerated too soon, which would
break page navigation. Until that can be addressed, the single
key per session approach should work a lot better.

Fixes #250

Fixes #90
2021-04-05 11:00:56 -04:00
Shimul 8a10efaa01 Allow setting environment variables in whoogle.env (#237)
This allows the user to enable their preferred settings in a variety of
ways, depending on their deployment preference. Values added to
whoogle.env can be enabled using WHOOGLE_DOTENV=1, in which case all
values in the env var file will overwrite defaults or user provided
settings.

Co-authored-by: Ben Busby <benbusby@protonmail.com>
2021-04-05 11:00:56 -04:00
Ben Busby 62a9b9e949 Allow user-defined CSS/theming (#227)
* Add custom CSS field to config

This allows users to set/customize an instance's theme and appearance to
their liking. The config CSS field is prepopulated with all default CSS
variable values to allow quick editing.

Note that this can be somewhat of a "footgun" if someone updates the
CSS to hide all fields/search/etc. Should probably add some sort of
bandaid "admin" feature for public instances to employ until the whole
cookie/session issue is investigated further.

* Symlink all app static files to test dir

* Refactor app/misc/*.json -> app/static/settings/*.json

The country/language json files are used for user config settings, so
the "misc" name didn't really make sense. Also moved these to the static
folder to make testing easier.

* Fix light theme variables in dark theme css

* Minor style tweaking
2021-04-05 11:00:56 -04:00
Shimul 337d0ebe37 Handle manifest-src in CSP (#231) 2021-04-05 11:00:56 -04:00
Ben Busby f8dfc78539 Improve naming of *_utils files, update fn/class doc
The app/utils/*_utils weren't named very well, and all have been updated
to have more accurate names.

Function and class documention for the utils have been updated as well,
as part of the effort to improve overall documentation for the project.
2021-04-05 11:00:56 -04:00
Ben Busby dcb80ac250 Send CSP header in all responses
Introduces a new content security policy header for responses to all
requests to reduce the possibility of ip leaks to outside connections.
By default blocks all inline scripts, and only allows content loaded
from Whoogle.

Refactors a few small inline scripting cases in the project to their own
individual scripts.
2021-04-05 11:00:56 -04:00
Ben Busby b57c86a1d0
Bump version to 0.3.2 2021-04-02 12:57:15 -04:00
Ben Busby 0a6575d219
Hotfix: Move language/country json to app dir
Pip installs of whoogle search were missing access to the misc/ folder,
which previously contained the language and country json files. These
have been moved to app/misc, and the previous root level misc/ was
renamed to config/ (since it now only contains the tor config files).

Bump to 0.3.1.
2021-02-07 18:55:27 -05:00
Ben Busby 406e236666
Bump version to 0.3.0 2021-01-17 23:07:43 -05:00
Ben Busby 6e7ec9918a
Move language/country settings to app config
Moves the language and country dicts from the config model to json files
that are loaded during app init and stored in the app config dict. This
substantially improves the readability of the config model and allows
for much more sensible loading of the language/country options.
2020-12-17 16:42:05 -05:00
Ben Busby 375f4ee9fd
PEP-8: Fix formatting issues, add CI workflow (#161)
Enforces PEP-8 formatting for all python code

Adds a github action build for checking pep8 formatting using pycodestyle
2020-12-17 16:06:47 -05:00
Ben Busby 0ef098069e
Add tor and http/socks proxy support (#137)
* Add tor and http/socks proxy support

Allows users to enable/disable tor from the config menu, which will
forward all requests through Tor.

Also adds support for setting environment variables for alternative
proxy support. Setting the following variables will forward requests
through the proxy:
    - WHOOGLE_PROXY_USER (optional)
    - WHOOGLE_PROXY_PASS (optional)
    - WHOOGLE_PROXY_TYPE (required)
      - Can be "http", "socks4", or "socks5"
    - WHOOGLE_PROXY_LOC  (required)
      - Format: "<ip address>:<port>"

See #30

* Refactor acquire_tor_conn -> acquire_tor_identity

Also updated travis CI to set up tor

* Add check for Tor socket on init, improve Tor error handling

Initializing the app sends a heartbeat request to Tor to check for
availability, and updates the home page config options accordingly. This
heartbeat is sent on every request, to ensure Tor support can be
reconfigured without restarting the entire app.

If Tor support is enabled, and a subsequent request fails, then a new
TorError exception is raised, and the Tor feature is disabled until a
valid connection is restored.

The max attempts has been updated to 10, since 5 seemed a bit too low
for how quickly the attempts go by.

* Change send_tor_signal arg type, update function doc

send_tor_signal now accepts a stem.Signal arg (a bit cleaner tbh). Also
added the doc string for the "disable" attribute in TorError.

* Fix tor identity logic in Request.send

* Update proxy init, change proxyloc var name

Proxy is now only initialized if both type and location are specified,
as neither have a default fallback and both are required. I suppose the
type could fall back to http, but seems safer this way.

Also refactored proxyurl -> proxyloc for the runtime args in order to
match the Dockerfile args.

* Add tor/proxy support for Docker builds, fix opensearch/init

The Dockerfile is now updated to include support for Tor configuration,
with a working torrc file included in the repo.

An issue with opensearch was fixed as well, which was uncovered during
testing and was simple enough to fix here. Likewise, DDG bang gen was
updated to only ever happen if the file didn't exist previously, as
testing with the file being regenerated every time was tedious.

* Add missing "@" for socks proxy requests
2020-10-28 20:47:42 -04:00
Ben Busby ae05e8ff8b Finished basic implementation of DDG bang feature
Initialization of the app now includes generation of a ddg-bang json
file, which is used for all bang style searches afterwards.

Also added search suggestion handling for bang json lookup. Queries
beginning with "!" now reference the bang json file to pull all keys
that match.

Updated test suite to include basic tests for bang functionality.

Updated gitignore to exclude bang subdir.
2020-10-10 15:55:14 -04:00
Ben Busby 0c0a01b83f Minor opensearch route and description updates
Bumped version to 0.2.1 for next release

Updated image in opensearch template to use base64 image

Updated opensearch route to serve file as attachment
2020-08-15 13:02:17 -06:00
Ben Busby 975ece8cd0
Privacy respecting alternatives in results view (#106)
Full implementation of social media alt redirects (twitter/youtube/instagram -> nitter/invidious/bibliogram) depending on configuration.

Verbatim search and option to ignore search autocorrect are now supported as well.

Also cleaned up the javascript side of whoogle config so that it now
uses arrays of available fields for parsing config values instead of manually assigning each
one to a variable.

This doesn't include support for Google Maps -> Open Street Maps, that
seems a bit more involved than the social media redirects were, so it
should likely be a separate effort.
2020-07-26 11:53:59 -06:00
Ben Busby 6ec65f8754 Reworked pytest client fixture to support new session mgmt 2020-06-05 16:09:04 -06:00
Ben Busby 32e837a5e0 Refactored whoogle session mgmt
Now allows a fallback "default" session to be used if a user's browser
is blocking cookies
2020-06-05 15:24:44 -06:00
Ben Busby 64af72abb5 Moved custom conf files to their own directory 2020-06-02 14:38:29 -06:00
Ben Busby b6fb4723f9
Project refactor (#85)
* Major refactor of requests and session management

- Switches from pycurl to requests library
  - Allows for less janky decoding, especially with non-latin character
  sets
- Adds session level management of user configs
  - Allows for each session to set its own config (people are probably
  going to complain about this, though not sure if it'll be the same
  number of people who are upset that their friends/family have to share
  their config)
- Updates key gen/regen to more aggressively swap out keys after each
request

* Added ability to save/load configs by name

- New PUT method for config allows changing config with specified name
- New methods in js controller to handle loading/saving of configs

* Result formatting and removal of unused elements

- Fixed question section formatting from results page (added appropriate
padding and made questions styled as italic)
- Removed user agent display from main config settings

* Minor change to button label

* Fixed issue with "de-pickling" of flask session

Having a gitignore-everything ("*") file within a flask session folder seems to cause a
weird bug where the state of the app becomes unusable from continuously
trying to prune files listed in the gitignore (and it can't prune '*').

* Switched to pickling saved configs

* Updated ad/sponsored content filter and conf naming

Configs are now named with a .conf extension to allow for easier manual
cleanup/modification of named config files

Sponsored content now removed by basic string matching of span content

* Version bump to 0.2.0

* Fixed request.send return style
2020-06-02 12:54:47 -06:00
Ben Busby 699aa4f2e7 Bumped version to 0.1.4 2020-05-22 16:08:47 -06:00
Ben Busby b131f47641 Bumped version to v0.1.3
(forgot to update pip package version)
2020-05-22 10:45:49 -06:00
Ben Busby f1e17d8119
Bumped version to v0.1.2 2020-05-22 10:38:58 -06:00
Ben Busby c51f186419 Added version footer, minor PEP 8 refactoring 2020-05-20 11:02:30 -06:00
Ben Busby 0c0ebb8917 Added POST search, encrypted query strings, refactoring
The implementation of POST search support comes with a few benefits. The
most apparent is the avoidance of search queries appearing in web server
logs -- instead of the prior GET approach (i.e.
/search?q=my+search+query), using POST requests with the query stored in
the request body creates logs that simply appear as "/search".

Since a lot of relative links are generated in the results page, I came
up with a way to generate a unique key at run time that is used to
encrypt any query strings before sending to the user. This benefits both
regular text queries as well as fetching of image links and means that
web logs will only show an encrypted string where a link or query
string might slip through.

Unfortunately, GET search requests still need to be supported, as it
doesn't seem that Firefox (on iOS) supports loading search engines by
their opensearch.xml file, but instead relies on manual entry of a
search query string. Once this is updated, I'll probably remove GET
request search support.
2020-04-28 18:19:34 -06:00
Ben Busby 6e7eef165e Initial commit 2020-01-21 13:26:49 -07:00