diff options
Diffstat (limited to 'machines/profpatsch/patches/searx-secret-key.patch')
-rw-r--r-- | machines/profpatsch/patches/searx-secret-key.patch | 250 |
1 files changed, 0 insertions, 250 deletions
diff --git a/machines/profpatsch/patches/searx-secret-key.patch b/machines/profpatsch/patches/searx-secret-key.patch deleted file mode 100644 index 448ef510..00000000 --- a/machines/profpatsch/patches/searx-secret-key.patch +++ /dev/null @@ -1,250 +0,0 @@ -diff --git a/README.rst b/README.rst -index 86334c3c..0f039cd5 100644 ---- a/README.rst -+++ b/README.rst -@@ -19,8 +19,7 @@ Installation - ``git clone https://github.com/asciimoo/searx.git && cd searx`` - - install dependencies: ``./manage.sh update_packages`` - - edit your -- `settings.yml <https://github.com/asciimoo/searx/blob/master/searx/settings.yml>`__ -- (set your ``secret_key``!) -+ `settings.yml <https://github.com/asciimoo/searx/blob/master/searx/settings.yml>` - - run ``python searx/webapp.py`` to start the application - - For all the details, follow this `step by step -diff --git a/searx/settings.yml b/searx/settings.yml -index 00cac5fe..477b1da1 100644 ---- a/searx/settings.yml -+++ b/searx/settings.yml -@@ -10,7 +10,6 @@ search: - server: - port : 8888 - bind_address : "127.0.0.1" # address to listen on -- secret_key : "ultrasecretkey" # change this! - base_url : False # Set custom base_url. Possible values: False or "https://your.custom.host/location/" - image_proxy : False # Proxying image results through searx - http_protocol_version : "1.0" # 1.0 and 1.1 are supported -diff --git a/searx/settings_robot.yml b/searx/settings_robot.yml -index 070a0edb..27227f3a 100644 ---- a/searx/settings_robot.yml -+++ b/searx/settings_robot.yml -@@ -10,7 +10,6 @@ search: - server: - port : 11111 - bind_address : 127.0.0.1 -- secret_key : "ultrasecretkey" # change this! - base_url : False - image_proxy : False - http_protocol_version : "1.0" -diff --git a/searx/utils.py b/searx/utils.py -index 9494bdf3..6657e6f5 100644 ---- a/searx/utils.py -+++ b/searx/utils.py -@@ -3,6 +3,8 @@ import hashlib - import hmac - import os - import re -+import stat -+import xdg.BaseDirectory - - from babel.dates import format_date - from codecs import getincrementalencoder -@@ -336,3 +338,60 @@ def new_hmac(secret_key, url): - return hmac.new(bytes(secret_key), url, hashlib.sha256).hexdigest() - else: - return hmac.new(bytes(secret_key, 'utf-8'), url, hashlib.sha256).hexdigest() -+ -+ -+class SecretAppKeyError(IOError): -+ def __init__(self, reason, caught=None): -+ self.reason = reason -+ self.caught = caught -+ -+ def __str__(self): -+ err = "" -+ if self.caught is not None: -+ err = '\n' + str(self.caught) -+ return repr(self.reason) + err -+ -+ -+_secret_app_key_length = 512 -+ -+ -+_secret_app_key_file_name = "secret_key" -+ -+ -+# tries to read the secret key from the xdg cache directory, -+# if none exists it creates one -+# If directory is given it has to be an existing, readable directory. -+def get_secret_app_key(directory=None): -+ -+ if directory is None: -+ try: -+ directory = xdg.BaseDirectory.save_cache_path("searx") -+ except OSError as e: -+ raise SecretAppKeyError("could not get XDG_CACHE_HOME") -+ -+ # we save it as plaintext, assuming only the owner has access -+ f = os.path.join(directory, _secret_app_key_file_name) -+ -+ def saError(msg, e=None): -+ raise SecretAppKeyError("{} {}".format(f, msg), e) -+ -+ # if it exists, read it -+ if os.path.isfile(f): -+ try: -+ with open(f, 'r') as fh: -+ return fh.read() -+ except IOError as e: -+ saError("could not be read", e) -+ # if it doesn't, create it -+ else: -+ key = os.urandom(_secret_app_key_length) -+ try: -+ with open(f, 'w') as fh: -+ fh.write(key) -+ # the file should be readable/writable only by the owner -+ os.chmod(f, stat.S_IRUSR | stat.S_IWUSR) -+ return key -+ except IOError as e: -+ saError("could not be created", e) -+ except OSError as e: -+ saError("could not be chmodded to 600", e) -diff --git a/searx/webapp.py b/searx/webapp.py -index abbbce95..8614cf90 100644 ---- a/searx/webapp.py -+++ b/searx/webapp.py -@@ -29,6 +29,7 @@ import os - import sys - - import requests -+import xdg - - from searx import logger - logger = logger.getChild('webapp') -@@ -58,7 +59,7 @@ from searx.engines import ( - from searx.utils import ( - UnicodeWriter, highlight_content, html_to_text, get_resources_directory, - get_static_files, get_result_templates, get_themes, gen_useragent, -- dict_subset, prettify_url -+ dict_subset, prettify_url, get_secret_app_key - ) - from searx.version import VERSION_STRING - from searx.languages import language_codes -@@ -123,7 +124,11 @@ app = Flask( - - app.jinja_env.trim_blocks = True - app.jinja_env.lstrip_blocks = True --app.secret_key = settings['server']['secret_key'] -+ -+# notify the user that the secret_key is no longer used -+if 'secret_key' in settings['server']: -+ logger.warning(' The "secret_key" config key is no longer used.') -+app.secret_key = get_secret_app_key() - - if not searx_debug \ - or os.environ.get("WERKZEUG_RUN_MAIN") == "true" \ -@@ -280,7 +285,7 @@ def proxify(url): - url.encode('utf-8'), - hashlib.sha256).hexdigest() - -- return '{0}?{1}'.format(settings['result_proxy']['url'], -+ return '{0}?{1}'.format(settings['re sult_proxy']['url'], - urlencode(url_params)) - - -@@ -295,7 +300,7 @@ def image_proxify(url): - if settings.get('result_proxy'): - return proxify(url) - -- h = new_hmac(settings['server']['secret_key'], url.encode('utf-8')) -+ h = new_hmac(app.secret_key, url.encode('utf-8')) - - return '{0}?{1}'.format(url_for('image_proxy'), - urlencode(dict(url=url.encode('utf-8'), h=h))) -@@ -719,7 +724,7 @@ def image_proxy(): - if not url: - return '', 400 - -- h = new_hmac(settings['server']['secret_key'], url) -+ h = new_hmac(app.secret_key, url) - - if h != request.args.get('h'): - return '', 400 -diff --git a/tests/unit/test_utils.py b/tests/unit/test_utils.py -index eb40e62e..b53aec27 100644 ---- a/tests/unit/test_utils.py -+++ b/tests/unit/test_utils.py -@@ -1,4 +1,8 @@ - # -*- coding: utf-8 -*- -+import os -+import tempfile -+import stat -+ - import mock - import sys - from searx.testing import SearxTestCase -@@ -103,3 +107,63 @@ class TestUnicodeWriter(SearxTestCase): - rows = [1, 2, 3] - self.unicode_writer.writerows(rows) - self.assertEqual(self.unicode_writer.writerow.call_count, len(rows)) -+ -+ -+class TestSecretAppKey(SearxTestCase): -+ -+ def setUp(self): -+ self.getkey = utils.get_secret_app_key -+ self.fn = utils._secret_app_key_file_name -+ -+ def keyfile(self, dir_): -+ return os.path.join(dir_, self.fn) -+ -+ @staticmethod -+ def freshdir(): -+ return tempfile.mkdtemp() -+ -+ # generation of a key -+ def test_empty_dir(self): -+ dir_ = self.freshdir() -+ key = self.getkey(dir_) -+ self.assertNotEqual(key, "") -+ file_ = self.keyfile(dir_) -+ self.assertTrue(os.path.isfile(file_)) -+ mode = os.stat(file_).st_mode -+ # equal to read and write for user -+ self.assertEquals(mode & (stat.S_IRWXG | stat.S_IRWXU | stat.S_IRWXO), -+ (stat.S_IRUSR | stat.S_IWUSR)) -+ -+ # generation & successive read of the generated key -+ def test_existing_key(self): -+ dir_ = self.freshdir() -+ key = self.getkey(dir_) -+ key2 = self.getkey(dir_) -+ self.assertEquals(key, key2) -+ -+ def test_not_nice(self): -+ def touch(f, mode): -+ open(f, 'w').close() -+ os.chmod(f, mode) -+ -+ def raisesappkeyerror(dir_): -+ with self.assertRaises(utils.SecretAppKeyError): -+ self.getkey(dir_) -+ -+ # input dir doesn't exist -+ raisesappkeyerror("<nonexisting file>") -+ -+ # read-only -+ d1 = self.freshdir() -+ touch(self.keyfile(d1), 0) -+ raisesappkeyerror(d1) -+ -+ # dir -+ d2 = self.freshdir() -+ os.mkdir(self.keyfile(d2)) -+ raisesappkeyerror(d2) -+ -+ # non-writable dir -+ d3 = self.freshdir() -+ os.chmod(d3, stat.S_IRUSR) -+ raisesappkeyerror(d3) |