Archives
/
whoogle-search
mirror of https://github.com/benbusby/whoogle-search
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dependabot/pip/requests-2.32.0
dependabot/pip/jinja2-3.1.4
dependabot/pip/werkzeug-3.0.3
main
dependabot/pip/idna-3.7
0.2.0
v0.0.1
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.2.1
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.0
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9bfdd88a5e'
${ noResults }
whoogle-search/app/routes.py

714 lines
24 KiB
Python
Raw Normal View History Unescape Escape

Updated setup and routes for pipx compatibility
4 years ago
import argparse
Feature: country and safe search config options (#71) * Added country and safe search config options * Updated handling of parser error in results test * Improved handling of default country * Added 1px empty gif fallback as a replacement for images that fail to load
4 years ago
import base64
Added image proxying, refactored filter class Images were previously directly fetched from google search results, which was a potential privacy hazard. All image sources are now modified to be passed through shoogle's routing first, which will then fetch raw image data and pass it through to the user. Filter class was refactored to split the primary clean method into smaller, more manageable submethods.
4 years ago
import io
Added run script, updated to use config json file for general location, general restyling
4 years ago
import json
Fix missing `os` import in routes
2 years ago
import os
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
import pickle
Validate urls in `element` and `window` endpoints Domains were previously not validated before being handled, leading to a potential scenario where someone could pass something like "element_url=127.0.0.1:<port>/<resource>" to access other resources on a machine running Whoogle. This change ensures that the resource used in both endpoints is a valid domain. This also includes validation of config names to prevent names from including path values such as "../../(etc)".
9 months ago
import re
Added optional no-js functionality, added location based searching (hardcoded), updated html
4 years ago
import urllib.parse as urlparse
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
import uuid
Validate urls in `element` and `window` endpoints Domains were previously not validated before being handled, leading to a potential scenario where someone could pass something like "element_url=127.0.0.1:<port>/<resource>" to access other resources on a machine running Whoogle. This change ensures that the resource used in both endpoints is a valid domain. This also includes validation of config names to prevent names from including path values such as "../../(etc)".
9 months ago
import validators
Add support for custom bangs (#1132) Add the possibility for user-defined bangs, stored in app/static/bangs. These are parsed in alphabetical order, with the DDG bangs parsed first.
1 month ago
import sys
import traceback
Check for updates using 24 hour time delta Rather than only checking for an available update on app init, the check for updates now performs the check once every 24 hours on the first request sent after that period. This also now catches the requests.exceptions.ConnectionError that is thrown if the app is initialized without an active internet connection. Fixes #649
2 years ago
from datetime import datetime, timedelta
Removed no-cache enforcement, minor styling/formatting improvements
4 years ago
from functools import wraps
Swap out Flask's default web server for Waitress (#32) * Ignore venv when building docker file * Remove reference to 8888 port It wasn't really used anywhere, and setting it to 5000 everywhere removes ambiguity, and makes things easier to track and reason about * Use waitress rather than Flask's built in web server It's not production grade * Actually add waitress to requirements Woops!
4 years ago
import waitress
Removed no-cache enforcement, minor styling/formatting improvements
4 years ago
from app import app
from app.models.config import Config
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
from app.models.endpoint import Endpoint
Add tor and http/socks proxy support (#137) * Add tor and http/socks proxy support Allows users to enable/disable tor from the config menu, which will forward all requests through Tor. Also adds support for setting environment variables for alternative proxy support. Setting the following variables will forward requests through the proxy: - WHOOGLE_PROXY_USER (optional) - WHOOGLE_PROXY_PASS (optional) - WHOOGLE_PROXY_TYPE (required) - Can be "http", "socks4", or "socks5" - WHOOGLE_PROXY_LOC (required) - Format: "<ip address>:<port>" See #30 * Refactor acquire_tor_conn -> acquire_tor_identity Also updated travis CI to set up tor * Add check for Tor socket on init, improve Tor error handling Initializing the app sends a heartbeat request to Tor to check for availability, and updates the home page config options accordingly. This heartbeat is sent on every request, to ensure Tor support can be reconfigured without restarting the entire app. If Tor support is enabled, and a subsequent request fails, then a new TorError exception is raised, and the Tor feature is disabled until a valid connection is restored. The max attempts has been updated to 10, since 5 seemed a bit too low for how quickly the attempts go by. * Change send_tor_signal arg type, update function doc send_tor_signal now accepts a stem.Signal arg (a bit cleaner tbh). Also added the doc string for the "disable" attribute in TorError. * Fix tor identity logic in Request.send * Update proxy init, change proxyloc var name Proxy is now only initialized if both type and location are specified, as neither have a default fallback and both are required. I suppose the type could fall back to http, but seems safer this way. Also refactored proxyurl -> proxyloc for the runtime args in order to match the Dockerfile args. * Add tor/proxy support for Docker builds, fix opensearch/init The Dockerfile is now updated to include support for Tor configuration, with a working torrc file included in the repo. An issue with opensearch was fixed as well, which was uncovered during testing and was simple enough to fix here. Likewise, DDG bang gen was updated to only ever happen if the file didn't exist previously, as testing with the file being regenerated every time was tedious. * Add missing "@" for socks proxy requests
4 years ago
from app.request import Request, TorError
Add support for custom bangs (#1132) Add the possibility for user-defined bangs, stored in app/static/bangs. These are parsed in alphabetical order, with the DDG bangs parsed first.
1 month ago
from app.utils.bangs import suggest_bang, resolve_bang
Fetch fallback site icons from DDG DDG provides favicons using the url format icons.duckduckgo.com/ip2/{site}.ico This can be used to fetch favicons in the event that the default "/favicon.ico" path does not work.
8 months ago
from app.utils.misc import empty_gif, placeholder_img, get_proxy_host_url, \
fetch_favicon
Support proxying results through Whoogle (aka "anonymous view") (#682) * Expand `/window` endpoint to behave like a proxy The `/window` endpoint was previously used as a type of proxy, but only for removing Javascript from the result page. This expands the existing functionality to allow users to proxy search result pages (with or without Javascript) through their Whoogle instance. * Implement filtering of remote content from css * Condense NoJS feature into Anonymous View Enabling NoJS now removes Javascript from the Anonymous View, rather than creating a separate option. * Exclude 'data:' urls from filter, add translations The 'data:' url must be allowed in results to view certain elements on the page, such as stars for review based results. Add translations for the remaining languages. * Add cssutils to requirements
2 years ago
from app.filter import Filter
Check for updates using 24 hour time delta Rather than only checking for an available update on app init, the check for updates now performs the check once every 24 hours on the first request sent after that period. This also now catches the requests.exceptions.ConnectionError that is thrown if the app is initialized without an active internet connection. Fixes #649
2 years ago
from app.utils.misc import read_config_bool, get_client_ip, get_request_url, \
Redirect POST search -> enc GET request This should fix the annoyance with browsers like Firefox not caching POST request responses. By redirecting a POST search to be a GET request instead (with an encrypted query string), the page can be cached and successfully navigated back to after visiting a result.
8 months ago
check_for_update, encrypt_string
Add calculator widget (#956) This adds a simple calculator widget, somewhat similar to the one presented when searching calculator on Google. Also, it adds somewhat of a template for making the addition of new widgets easier via the app/utils/widgets.py file. My eventual plan is to use this to create more widgets that appear in Google, such as a color picker, timer, etc. --------- Co-authored-by: Ben Busby <contact@benbusby.com>
1 year ago
from app.utils.widgets import *
from app.utils.results import bold_search_terms,\
Use consistent header for all result types (#535) Introduces a header for switching between result types (i.e. "All", "News", etc) that is consistent between the different result types. Previously, image results had a tab header that was formatted in a drastically different manner, which was jarring when switching from a different result page to the Images page. Created a G class enum to reference class names returned in search results. As noted in the class doc, this should only be used/updated as a last resort, as class names change frequently. For some instances, such as replacing the tbm tab, it's a lot easier to just replace by header name than attempting to replace it based on how the element is structured. Also updated a few styles to revert the latest styling changes being applied by Google. Co-authored-by: jacr13 <ramos.joao@protonmail.com> Co-authored-by: Ben Busby <contact@benbusby.com>
2 years ago
add_currency_card, check_currency, get_tabs_content
from app.utils.search import Search, needs_https, has_captcha
Use app init enc key by default for all queries This can be updated later to allow users with cookies enabled to use a key that is unique to their session (if they want, not mandatory), but for now it makes more sense to just use a single key for all queries from all users. This should eliminate a lot of issues that users have reported where they are unable to decrypt queries or page elements due to an expired/renewed session key.
2 years ago
from app.utils.session import valid_user_session
Show client IP for "my ip" searches (#469) This introduces a new UI element for displaying the client IP address when a search for "my ip" is used. Note that this does not show the IP address seen by Google if Whoogle is deployed remotely. It uses `request.remote_addr` to display the client IP address in the UI, not the actual address of the server (which is what Google sees in requests sent from remote Whoogle instances).
3 years ago
from bs4 import BeautifulSoup as bsoup
from flask import jsonify, make_response, request, redirect, render_template, \
Use consistent header for all result types (#535) Introduces a header for switching between result types (i.e. "All", "News", etc) that is consistent between the different result types. Previously, image results had a tab header that was formatted in a drastically different manner, which was jarring when switching from a different result page to the Images page. Created a G class enum to reference class names returned in search results. As noted in the class doc, this should only be used/updated as a last resort, as class names change frequently. For some instances, such as replacing the tbm tab, it's a lot easier to just replace by header name than attempting to replace it based on how the element is structured. Also updated a few styles to revert the latest styling changes being applied by Google. Co-authored-by: jacr13 <ramos.joao@protonmail.com> Co-authored-by: Ben Busby <contact@benbusby.com>
2 years ago
send_file, session, url_for, g
Add more OpenSearch definitions (for images etc.) (#786)
2 years ago
from requests import exceptions
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
from requests.models import PreparedRequest
Return 401 when token is invalid (#714) In some rare instances (a race condition perhaps?) a `cryptography.fernet.InvalidToken` exception is thrown resulting in a broken connection. This change gracefully returns a 401 error instead.
2 years ago
from cryptography.fernet import Fernet, InvalidToken
from cryptography.exceptions import InvalidSignature
Redirect POST search -> enc GET request This should fix the annoyance with browsers like Firefox not caching POST request responses. By redirecting a POST search to be a GET request instead (with an encrypted query string), the page can be cached and successfully navigated back to after visiting a result.
8 months ago
from werkzeug.datastructures import MultiDict
Initial commit
4 years ago
Skip loading autocomplete.js if `WHOOGLE_AUTOCOMPLETE=0` (#611) Bypasses autocomplete.js if `WHOOGLE_AUTOCOMPLETE` is set to 0
2 years ago
ac_var = 'WHOOGLE_AUTOCOMPLETE'
autocomplete_enabled = os.getenv(ac_var, '1')
Add "update available" indicator to footer (#517) This checks the latest released version of Whoogle against the current app version, and shows an "update available" message if the current version num < latest release num. Closes #305
3 years ago
Add more OpenSearch definitions (for images etc.) (#786)
2 years ago
def get_search_name(tbm):
for tab in app.config['HEADER_TABS'].values():
if tab['tbm'] == tbm:
return tab['name']
Added basic authentication (#51) Username/password can be set either as Dockerfile build arguments or passed into the run script as "--userpass <username:password>"
4 years ago
def auth_required(f):
@wraps(f)
def decorated(*args, **kwargs):
Add auth to cookie (#964) When authenticated, the cookie set will allow the user to stay connected even if the browser is restarted. Fixes #951
1 year ago
# do not ask password if cookies already present
if (
valid_user_session(session)
and 'cookies_disabled' not in request.args
and session['auth']
):
return f(*args, **kwargs)
Added basic authentication (#51) Username/password can be set either as Dockerfile build arguments or passed into the run script as "--userpass <username:password>"
4 years ago
auth = request.authorization
# Skip if username/password not set
whoogle_user = os.getenv('WHOOGLE_USER', '')
whoogle_pass = os.getenv('WHOOGLE_PASS', '')
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
if (not whoogle_user or not whoogle_pass) or (
auth
and whoogle_user == auth.username
and whoogle_pass == auth.password):
Add auth to cookie (#964) When authenticated, the cookie set will allow the user to stay connected even if the browser is restarted. Fixes #951
1 year ago
session['auth'] = True
Added basic authentication (#51) Username/password can be set either as Dockerfile build arguments or passed into the run script as "--userpass <username:password>"
4 years ago
return f(*args, **kwargs)
else:
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
return make_response('Not logged in', 401, {
'WWW-Authenticate': 'Basic realm="Login Required"'})
Added basic authentication (#51) Username/password can be set either as Dockerfile build arguments or passed into the run script as "--userpass <username:password>"
4 years ago
return decorated
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
def session_required(f):
@wraps(f)
def decorated(*args, **kwargs):
Use app init enc key by default for all queries This can be updated later to allow users with cookies enabled to use a key that is unique to their session (if they want, not mandatory), but for now it makes more sense to just use a single key for all queries from all users. This should eliminate a lot of issues that users have reported where they are unable to decrypt queries or page elements due to an expired/renewed session key.
2 years ago
if not valid_user_session(session):
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
session.pop('_permanent', None)
Use app init enc key by default for all queries This can be updated later to allow users with cookies enabled to use a key that is unique to their session (if they want, not mandatory), but for now it makes more sense to just use a single key for all queries from all users. This should eliminate a lot of issues that users have reported where they are unable to decrypt queries or page elements due to an expired/renewed session key.
2 years ago
# Note: This sets all requests to use the encryption key determined per
# instance on app init. This can be updated in the future to use a key
# that is unique for their session (session['key']) but this should use
# a config setting to enable the session based key. Otherwise there can
# be problems with searches performed by users with cookies blocked if
# a session based key is always used.
g.session_key = app.enc_key
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
# Clear out old sessions
invalid_sessions = []
for user_session in os.listdir(app.config['SESSION_FILE_DIR']):
Flip country config check in template Country config value should be checked against the valid value when updating the home page config, not the other way around. This can lead to a state where a user sets up an invalid country value, but can still be matched against a correct value that is part of the invalid value (i.e. "countryUK" is invalid, but would match against the correct value, "UK") Also minor refactor of where the session file size validation occurs.
2 years ago
file_path = os.path.join(
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
app.config['SESSION_FILE_DIR'],
user_session)
Check file sizes in session dir before validation For pip installed instances of Whoogle, there seems to be an issue where files other than sessions are being stored in the same directory as the sessions. From a brief investigation, this does not seem to be caused by Whoogle, since Flask-Session objects are the only files stored in that directory. It could be an issue with the library that is being used for sessions, however. Regardless, the app shouldn't crash when trying to validate and remove invalid sessions, so a file size limit of 4KB was imposed during validation. Any file found in the session directory that exceeds this size limit will be ignored. Fixes #777 Fixes #793
2 years ago
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
try:
Flip country config check in template Country config value should be checked against the valid value when updating the home page config, not the other way around. This can lead to a state where a user sets up an invalid country value, but can still be matched against a correct value that is part of the invalid value (i.e. "countryUK" is invalid, but would match against the correct value, "UK") Also minor refactor of where the session file size validation occurs.
2 years ago
# Ignore files that are larger than the max session file size
if os.path.getsize(file_path) > app.config['MAX_SESSION_SIZE']:
continue
with open(file_path, 'rb') as session_file:
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
_ = pickle.load(session_file)
data = pickle.load(session_file)
if isinstance(data, dict) and 'valid' in data:
continue
Flip country config check in template Country config value should be checked against the valid value when updating the home page config, not the other way around. This can lead to a state where a user sets up an invalid country value, but can still be matched against a correct value that is part of the invalid value (i.e. "countryUK" is invalid, but would match against the correct value, "UK") Also minor refactor of where the session file size validation occurs.
2 years ago
invalid_sessions.append(file_path)
Broaden session validation exception handling Due to how instances installed with pip seem to have issues storing unrelated files in the same directory as sessions, exception handling during session validation has been expanded to blindly ignore all exceptions. This portion of the code is more for maintainers of large public instances with a bunch of users who block cookies anyways, so having basic app functionality break down as a result shouldn't be the default.
2 years ago
except Exception:
# Broad exception handling here due to how instances installed
# with pip seem to have issues storing unrelated files in the
# same directory as sessions
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
pass
for invalid_session in invalid_sessions:
Catch `FileNotFound` when clearing invalid sessions The server now consumes the FNF error if an invalid session is found but is deleted in an earlier thread. Fixes #577
2 years ago
try:
os.remove(invalid_session)
except FileNotFoundError:
# Don't throw error if the invalid session has been removed
pass
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
return f(*args, **kwargs)
return decorated
Refactoring of user requests and routing Curl requests and user agent related functionality was moved to its own request class. Routes was refactored to only include strictly routing related functionality. Filter class was cleaned up (had routing/request related logic in here, which didn't make sense)
4 years ago
@app.before_request
def before_request_func():
Refactor session behavior, remove `Flask-Session` dep Sessions are no longer validated using the "/session/..." route. This created a lot of problems due to buggy/unexpected behavior coming from the Flask-Session dependency, which is (more or less) no longer maintained. Sessions are also no longer strictly server-side-only. The majority of information that was being stored in user sessions was aesthetic only, aside from the session specific key used to encrypt URLs. This key is still unique per user, but is not (or shouldn't be) in anyone's threat model to keep absolutely 100% private from everyone. Especially paranoid users of Whoogle can easily modify the code to use a randomly generated encryption key that is reset on session invalidation (and set invalidation time to a short enough period for their liking). Ultimately, this should result in much more stable sessions per client. There shouldn't be decryption issues with element URLs or queries during result page navigation.
2 years ago
session.permanent = True
Move bangs init to bg thread Initializing the DDG bangs when running whoogle for the first time creates an indeterminate amount of delay before the app becomes usable, which makes usability tests (particularly w/ Docker) unreliable. This moves the bang json init to a background thread and writes a temporary empty dict to the bangs json file until the full bangs json can be used.
2 years ago
Check for updates using 24 hour time delta Rather than only checking for an available update on app init, the check for updates now performs the check once every 24 hours on the first request sent after that period. This also now catches the requests.exceptions.ConnectionError that is thrown if the app is initialized without an active internet connection. Fixes #649
2 years ago
# Check for latest version if needed
now = datetime.now()
Add env vars for hiding favicons and removing daily update check - WHOOGLE_SHOW_FAVICONS: Default on, can be set to 0 to hide favicons and skip the request for fetching them - WHOOGLE_UPDATE_CHECK: Default on, can be set to 0 to disable the daily check for new versions released on github Closes #1098 Closes #1059
5 months ago
needs_update_check = now - timedelta(hours=24) > app.config['LAST_UPDATE_CHECK']
if read_config_bool('WHOOGLE_UPDATE_CHECK', True) and needs_update_check:
Check for updates using 24 hour time delta Rather than only checking for an available update on app init, the check for updates now performs the check once every 24 hours on the first request sent after that period. This also now catches the requests.exceptions.ConnectionError that is thrown if the app is initialized without an active internet connection. Fixes #649
2 years ago
app.config['LAST_UPDATE_CHECK'] = now
app.config['HAS_UPDATE'] = check_for_update(
app.config['RELEASES_URL'],
app.config['VERSION_NUMBER'])
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
g.request_params = (
request.args if request.method == 'GET' else request.form
)
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
default_config = json.load(open(app.config['DEFAULT_CONFIG'])) \
if os.path.exists(app.config['DEFAULT_CONFIG']) else {}
Refactored whoogle session mgmt Now allows a fallback "default" session to be used if a user's browser is blocking cookies
4 years ago
# Generate session values for user if unavailable
Use app init enc key by default for all queries This can be updated later to allow users with cookies enabled to use a key that is unique to their session (if they want, not mandatory), but for now it makes more sense to just use a single key for all queries from all users. This should eliminate a lot of issues that users have reported where they are unable to decrypt queries or page elements due to an expired/renewed session key.
2 years ago
if not valid_user_session(session):
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
session['config'] = default_config
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
session['uuid'] = str(uuid.uuid4())
Use app init enc key by default for all queries This can be updated later to allow users with cookies enabled to use a key that is unique to their session (if they want, not mandatory), but for now it makes more sense to just use a single key for all queries from all users. This should eliminate a lot of issues that users have reported where they are unable to decrypt queries or page elements due to an expired/renewed session key.
2 years ago
session['key'] = app.enc_key
Add auth to cookie (#964) When authenticated, the cookie set will allow the user to stay connected even if the browser is restarted. Fixes #951
1 year ago
session['auth'] = False
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
Refactor session behavior, remove `Flask-Session` dep Sessions are no longer validated using the "/session/..." route. This created a lot of problems due to buggy/unexpected behavior coming from the Flask-Session dependency, which is (more or less) no longer maintained. Sessions are also no longer strictly server-side-only. The majority of information that was being stored in user sessions was aesthetic only, aside from the session specific key used to encrypt URLs. This key is still unique per user, but is not (or shouldn't be) in anyone's threat model to keep absolutely 100% private from everyone. Especially paranoid users of Whoogle can easily modify the code to use a randomly generated encryption key that is reset on session invalidation (and set invalidation time to a short enough period for their liking). Ultimately, this should result in much more stable sessions per client. There shouldn't be decryption issues with element URLs or queries during result page navigation.
2 years ago
# Establish config values per user session
g.user_config = Config(**session['config'])
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
Use app init enc key by default for all queries This can be updated later to allow users with cookies enabled to use a key that is unique to their session (if they want, not mandatory), but for now it makes more sense to just use a single key for all queries from all users. This should eliminate a lot of issues that users have reported where they are unable to decrypt queries or page elements due to an expired/renewed session key.
2 years ago
# Update user config if specified in search args
g.user_config = g.user_config.from_params(g.request_params)
Feature: language config (#27) * Added language configuration support Main page now has a dropdown for selecting preferred language of results. Refactored config to be its own model with language constants. * Added more language support Interface language is now updated using the "hl" arg Fixed chinese traditional and simplified values Updated decoding of characters to gb2312 * Updated to use conditional decoding dependent on language * Updated filter to not rely on valid config to work properly
4 years ago
if not g.user_config.url:
Fix incorrect redirect protocol used by Flask Flask's `request.url` uses `http` as the protocol, which breaks instances that enforce `https`, since the session redirect relies on `request.url` for the follow-through URL. This introduces a new method for determining the correct URL to use for these redirects by automatically replacing the protocol with `https` if the `HTTPS_ONLY` env var is set for that instance. Fixes #538 Fixes #545
3 years ago
g.user_config.url = get_request_url(request.url_root)
Added config option to address instance behind reverse proxy Config options now allow setting a "root url", which defaults to the request url root. Saving a new url in this field will allow for proper redirects and usage of the opensearch element. Also provides a possible solution for #17, where the default flask redirect method redirects to http instead of https.
4 years ago
Add tor and http/socks proxy support (#137) * Add tor and http/socks proxy support Allows users to enable/disable tor from the config menu, which will forward all requests through Tor. Also adds support for setting environment variables for alternative proxy support. Setting the following variables will forward requests through the proxy: - WHOOGLE_PROXY_USER (optional) - WHOOGLE_PROXY_PASS (optional) - WHOOGLE_PROXY_TYPE (required) - Can be "http", "socks4", or "socks5" - WHOOGLE_PROXY_LOC (required) - Format: "<ip address>:<port>" See #30 * Refactor acquire_tor_conn -> acquire_tor_identity Also updated travis CI to set up tor * Add check for Tor socket on init, improve Tor error handling Initializing the app sends a heartbeat request to Tor to check for availability, and updates the home page config options accordingly. This heartbeat is sent on every request, to ensure Tor support can be reconfigured without restarting the entire app. If Tor support is enabled, and a subsequent request fails, then a new TorError exception is raised, and the Tor feature is disabled until a valid connection is restored. The max attempts has been updated to 10, since 5 seemed a bit too low for how quickly the attempts go by. * Change send_tor_signal arg type, update function doc send_tor_signal now accepts a stem.Signal arg (a bit cleaner tbh). Also added the doc string for the "disable" attribute in TorError. * Fix tor identity logic in Request.send * Update proxy init, change proxyloc var name Proxy is now only initialized if both type and location are specified, as neither have a default fallback and both are required. I suppose the type could fall back to http, but seems safer this way. Also refactored proxyurl -> proxyloc for the runtime args in order to match the Dockerfile args. * Add tor/proxy support for Docker builds, fix opensearch/init The Dockerfile is now updated to include support for Tor configuration, with a working torrc file included in the repo. An issue with opensearch was fixed as well, which was uncovered during testing and was simple enough to fix here. Likewise, DDG bang gen was updated to only ever happen if the file didn't exist previously, as testing with the file being regenerated every time was tedious. * Add missing "@" for socks proxy requests
4 years ago
g.user_request = Request(
request.headers.get('User-Agent'),
Fix incorrect redirect protocol used by Flask Flask's `request.url` uses `http` as the protocol, which breaks instances that enforce `https`, since the session redirect relies on `request.url` for the follow-through URL. This introduces a new method for determining the correct URL to use for these redirects by automatically replacing the protocol with `https` if the `HTTPS_ONLY` env var is set for that instance. Fixes #538 Fixes #545
3 years ago
get_request_url(request.url_root),
Add tor and http/socks proxy support (#137) * Add tor and http/socks proxy support Allows users to enable/disable tor from the config menu, which will forward all requests through Tor. Also adds support for setting environment variables for alternative proxy support. Setting the following variables will forward requests through the proxy: - WHOOGLE_PROXY_USER (optional) - WHOOGLE_PROXY_PASS (optional) - WHOOGLE_PROXY_TYPE (required) - Can be "http", "socks4", or "socks5" - WHOOGLE_PROXY_LOC (required) - Format: "<ip address>:<port>" See #30 * Refactor acquire_tor_conn -> acquire_tor_identity Also updated travis CI to set up tor * Add check for Tor socket on init, improve Tor error handling Initializing the app sends a heartbeat request to Tor to check for availability, and updates the home page config options accordingly. This heartbeat is sent on every request, to ensure Tor support can be reconfigured without restarting the entire app. If Tor support is enabled, and a subsequent request fails, then a new TorError exception is raised, and the Tor feature is disabled until a valid connection is restored. The max attempts has been updated to 10, since 5 seemed a bit too low for how quickly the attempts go by. * Change send_tor_signal arg type, update function doc send_tor_signal now accepts a stem.Signal arg (a bit cleaner tbh). Also added the doc string for the "disable" attribute in TorError. * Fix tor identity logic in Request.send * Update proxy init, change proxyloc var name Proxy is now only initialized if both type and location are specified, as neither have a default fallback and both are required. I suppose the type could fall back to http, but seems safer this way. Also refactored proxyurl -> proxyloc for the runtime args in order to match the Dockerfile args. * Add tor/proxy support for Docker builds, fix opensearch/init The Dockerfile is now updated to include support for Tor configuration, with a working torrc file included in the repo. An issue with opensearch was fixed as well, which was uncovered during testing and was simple enough to fix here. Likewise, DDG bang gen was updated to only ever happen if the file didn't exist previously, as testing with the file being regenerated every time was tedious. * Add missing "@" for socks proxy requests
4 years ago
config=g.user_config)
Feature: language config (#27) * Added language configuration support Main page now has a dropdown for selecting preferred language of results. Refactored config to be its own model with language constants. * Added more language support Interface language is now updated using the "hl" arg Fixed chinese traditional and simplified values Updated decoding of characters to gb2312 * Updated to use conditional decoding dependent on language * Updated filter to not rely on valid config to work properly
4 years ago
g.app_location = g.user_config.url
Added desktop/mobile agent switching, updated gitignore
4 years ago
Initial commit
4 years ago
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
@app.after_request
Send CSP header in all responses Introduces a new content security policy header for responses to all requests to reduce the possibility of ip leaks to outside connections. By default blocks all inline scripts, and only allows content loaded from Whoogle. Refactors a few small inline scripting cases in the project to their own individual scripts.
3 years ago
def after_request_func(resp):
Improve default response headers Reponse headers now include the following: - X-Content-Type-Options: nosniff - X-Frame-Options: DENY - Strict-Transport-Security: max-age=63072000 - Only when HTTPS_ONLY is set https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security https://infosec.mozilla.org/guidelines/web_security#x-content-type-options https://infosec.mozilla.org/guidelines/web_security#x-frame-options
3 years ago
resp.headers['X-Content-Type-Options'] = 'nosniff'
resp.headers['X-Frame-Options'] = 'DENY'
Redirect POST search -> enc GET request This should fix the annoyance with browsers like Firefox not caching POST request responses. By redirecting a POST search to be a GET request instead (with an encrypted query string), the page can be cached and successfully navigated back to after visiting a result.
8 months ago
resp.headers['Cache-Control'] = 'max-age=86400'
Disable in-app CSP unless enabled via WHOOGLE_CSP The default CSP is only helpful for some, and can break instances for others. Since these aren't always necessary and are occasionally set by the user's preferred reverse proxy, it is being disabled unless explicitly enabled by setting `WHOOGLE_CSP`. Fixes #493
3 years ago
if os.getenv('WHOOGLE_CSP', False):
resp.headers['Content-Security-Policy'] = app.config['CSP']
if os.environ.get('HTTPS_ONLY', False):
pep8: fix CSP header line length
3 years ago
resp.headers['Content-Security-Policy'] += \
'upgrade-insecure-requests'
Send CSP header in all responses Introduces a new content security policy header for responses to all requests to reduce the possibility of ip leaks to outside connections. By default blocks all inline scripts, and only allows content loaded from Whoogle. Refactors a few small inline scripting cases in the project to their own individual scripts.
3 years ago
return resp
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
Removed referrer from links, refacored routes Added <meta name="referrer" content="no-referrer"> to all whoogle templates Refactored search route to use conditionally use either request.args or request.form, depending on rest call (get vs post respectively)
4 years ago
@app.errorhandler(404)
def unknown_page(e):
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
app.logger.warn(e)
Added config option to address instance behind reverse proxy Config options now allow setting a "root url", which defaults to the request url root. Saving a new url in this field will allow for proper redirects and usage of the opensearch element. Also provides a possible solution for #17, where the default flask redirect method redirects to http instead of https.
4 years ago
return redirect(g.app_location)
Removed referrer from links, refacored routes Added <meta name="referrer" content="no-referrer"> to all whoogle templates Refactored search route to use conditionally use either request.args or request.form, depending on rest call (get vs post respectively)
4 years ago
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
@app.route(f'/{Endpoint.healthz}', methods=['GET'])
Use curl-based healthcheck w/ new non-auth route The wget method seemed to have a possible issue with creating endless index.html copies (despite being specified to output to console only), so this has been updated to use curl instead. Also uses new non-authenticated "healthz" route to perform the healthcheck. Fix #316 Fix #313
3 years ago
def healthz():
return ''
Initial commit
4 years ago
@app.route('/', methods=['GET'])
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
@app.route(f'/{Endpoint.home}', methods=['GET'])
Added basic authentication (#51) Username/password can be set either as Dockerfile build arguments or passed into the run script as "--userpass <username:password>"
4 years ago
@auth_required
Initial commit
4 years ago
def index():
Send CSP header in all responses Introduces a new content security policy header for responses to all requests to reduce the possibility of ip leaks to outside connections. By default blocks all inline scripts, and only allows content loaded from Whoogle. Refactors a few small inline scripting cases in the project to their own individual scripts.
3 years ago
# Redirect if an error was raised
if 'error_message' in session and session['error_message']:
error_message = session['error_message']
session['error_message'] = ''
return render_template('error.html', error_message=error_message)
Refactored whoogle session mgmt Now allows a fallback "default" session to be used if a user's browser is blocking cookies
4 years ago
Feature: language config (#27) * Added language configuration support Main page now has a dropdown for selecting preferred language of results. Refactored config to be its own model with language constants. * Added more language support Interface language is now updated using the "hl" arg Fixed chinese traditional and simplified values Updated decoding of characters to gb2312 * Updated to use conditional decoding dependent on language * Updated filter to not rely on valid config to work properly
4 years ago
return render_template('index.html',
Check for updates using 24 hour time delta Rather than only checking for an available update on app init, the check for updates now performs the check once every 24 hours on the first request sent after that period. This also now catches the requests.exceptions.ConnectionError that is thrown if the app is initialized without an active internet connection. Fixes #649
2 years ago
has_update=app.config['HAS_UPDATE'],
Move language/country settings to app config Moves the language and country dicts from the config model to json files that are loaded during app init and stored in the app config dict. This substantially improves the readability of the config model and allows for much more sensible loading of the language/country options.
3 years ago
languages=app.config['LANGUAGES'],
countries=app.config['COUNTRIES'],
Add time constraint to search options (#888) Introduces the ability to refine searches by time period: - Past hour - Past 24 hours - Past week - Past month - Past year Co-authored-by: Ben Busby <contact@benbusby.com>
1 year ago
time_periods=app.config['TIME_PERIODS'],
Allow theme to mirror user system settings Introduces a new config element and environment variable (WHOOGLE_CONFIG_THEME) for setting the theme of the app. Rather than just having either light or dark, this allows a user to have their instance use their current system light/dark preference to determine the theme to use. As a result, the dark mode setting (and WHOOGLE_CONFIG_DARK) have been deprecated, but will still work as expected until a system theme has been chosen.
3 years ago
themes=app.config['THEMES'],
Skip loading autocomplete.js if `WHOOGLE_AUTOCOMPLETE=0` (#611) Bypasses autocomplete.js if `WHOOGLE_AUTOCOMPLETE` is set to 0
2 years ago
autocomplete_enabled=autocomplete_enabled,
Support basic localization (#325) * Replace hardcoded strings using translation json file This introduces a new "translations.json" file under app/static/settings that is loaded on app init and uses the user config value for interface language to determine the appropriate strings to use in Whoogle-specific elements of the UI (primarily only on the home page). * Verify interface lang can be used for localization Check the configured interface language against the available localization dict before attempting to use, otherwise fall back to english. Also expanded language names in the languages json file. * Add test for validating translation language keys Also adds Spanish translation to json (the only non-English language I can add and reasonably validate on my own). * Validate all translations against original keyset, update readme Readme has been updated to include basic contributing guidelines for both code and translations.
3 years ago
translation=app.config['TRANSLATIONS'][
g.user_config.get_localization_lang()
],
Expand custom css variables and functionality Squashed commit of the following: commit 37e22d2945b077a94d9997d064f4355ff8819bae Author: Ben Busby <benbusby@protonmail.com> Date: Mon Apr 5 10:27:05 2021 -0400 Pass user config to logo template commit 2406fee05c3e221112fbe802fbf2ecca1df99127 Author: Ben Busby <benbusby@protonmail.com> Date: Mon Apr 5 10:24:54 2021 -0400 Fix incorrect contrast text in dark theme commit 91dd677e22c2e99819123154e03e9f519f95a9bd Author: Ben Busby <benbusby@protonmail.com> Date: Fri Apr 2 17:21:38 2021 -0400 Remove inline onclicks, fix svg sizing commit 91bbf9c0fae36febd6a6a0d8e6a560babe8622d5 Merge: 72637df b1227bd Author: Ben Busby <benbusby@protonmail.com> Date: Fri Apr 2 15:35:37 2021 -0400 Merge remote-tracking branch 'origin/develop' into custom-css-tweaks commit 72637df213f4b9e83e4b58fe76973de02f63ec8e Author: Ben Busby <benbusby@protonmail.com> Date: Fri Apr 2 11:38:38 2021 -0400 Use svg logo w/ custom styling on results pages commit 666a7ceac4a6e4d3fe1975dcee91e6094b66149e Author: Ben Busby <benbusby@protonmail.com> Date: Fri Apr 2 11:10:37 2021 -0400 Split whoogle-accent into whoogle-element-bg and whoogle-logo See discussion on #247
3 years ago
logo=render_template(
'logo.html',
Expand custom css theming support Also adds new default dark theme designed by @gripped.
3 years ago
dark=g.user_config.dark),
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
config_disabled=(
Create separate test workflow for docker This expands on the current testing suite a bit by introducing a new workflow for testing functionality within the docker container. It runs the same test suite as the regular "test" workflow, but also performs a health check after running the app for 10 seconds to ensure functionality. The buildx workflow now waits for the docker test script to finish successfully, rather than the regular test workflow. This will hopefully avoid situations where new images are pushed with issues that aren't detected in regular testing of the app.
3 years ago
app.config['CONFIG_DISABLE'] or
Refactor session behavior, remove `Flask-Session` dep Sessions are no longer validated using the "/session/..." route. This created a lot of problems due to buggy/unexpected behavior coming from the Flask-Session dependency, which is (more or less) no longer maintained. Sessions are also no longer strictly server-side-only. The majority of information that was being stored in user sessions was aesthetic only, aside from the session specific key used to encrypt URLs. This key is still unique per user, but is not (or shouldn't be) in anyone's threat model to keep absolutely 100% private from everyone. Especially paranoid users of Whoogle can easily modify the code to use a randomly generated encryption key that is reset on session invalidation (and set invalidation time to a short enough period for their liking). Ultimately, this should result in much more stable sessions per client. There shouldn't be decryption issues with element URLs or queries during result page navigation.
2 years ago
not valid_user_session(session)),
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
config=g.user_config,
Add tor and http/socks proxy support (#137) * Add tor and http/socks proxy support Allows users to enable/disable tor from the config menu, which will forward all requests through Tor. Also adds support for setting environment variables for alternative proxy support. Setting the following variables will forward requests through the proxy: - WHOOGLE_PROXY_USER (optional) - WHOOGLE_PROXY_PASS (optional) - WHOOGLE_PROXY_TYPE (required) - Can be "http", "socks4", or "socks5" - WHOOGLE_PROXY_LOC (required) - Format: "<ip address>:<port>" See #30 * Refactor acquire_tor_conn -> acquire_tor_identity Also updated travis CI to set up tor * Add check for Tor socket on init, improve Tor error handling Initializing the app sends a heartbeat request to Tor to check for availability, and updates the home page config options accordingly. This heartbeat is sent on every request, to ensure Tor support can be reconfigured without restarting the entire app. If Tor support is enabled, and a subsequent request fails, then a new TorError exception is raised, and the Tor feature is disabled until a valid connection is restored. The max attempts has been updated to 10, since 5 seemed a bit too low for how quickly the attempts go by. * Change send_tor_signal arg type, update function doc send_tor_signal now accepts a stem.Signal arg (a bit cleaner tbh). Also added the doc string for the "disable" attribute in TorError. * Fix tor identity logic in Request.send * Update proxy init, change proxyloc var name Proxy is now only initialized if both type and location are specified, as neither have a default fallback and both are required. I suppose the type could fall back to http, but seems safer this way. Also refactored proxyurl -> proxyloc for the runtime args in order to match the Dockerfile args. * Add tor/proxy support for Docker builds, fix opensearch/init The Dockerfile is now updated to include support for Tor configuration, with a working torrc file included in the repo. An issue with opensearch was fixed as well, which was uncovered during testing and was simple enough to fix here. Likewise, DDG bang gen was updated to only ever happen if the file didn't exist previously, as testing with the file being regenerated every time was tedious. * Add missing "@" for socks proxy requests
4 years ago
tor_available=int(os.environ.get('TOR_AVAILABLE')),
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
version_number=app.config['VERSION_NUMBER'])
Initial commit
4 years ago
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
@app.route(f'/{Endpoint.opensearch}', methods=['GET'])
Complete refactoring of opensearch Refactored opensearch.xml to only exist as a template that is served by a flask route, which is then populated with the necessary url root.
4 years ago
def opensearch():
Added config option to address instance behind reverse proxy Config options now allow setting a "root url", which defaults to the request url root. Saving a new url in this field will allow for proper redirects and usage of the opensearch element. Also provides a possible solution for #17, where the default flask redirect method redirects to http instead of https.
4 years ago
opensearch_url = g.app_location
if opensearch_url.endswith('/'):
opensearch_url = opensearch_url[:-1]
Complete refactoring of opensearch Refactored opensearch.xml to only exist as a template that is served by a flask route, which is then populated with the necessary url root.
4 years ago
Hotfix: Enforce https in heroku opensearch template Heroku instances were using the base http url when formatting the opensearch.xml template. This adds a new routing utility, "needs_https", which can be used for determining if the url in question needs upgrading.
3 years ago
# Enforce https for opensearch template
if needs_https(opensearch_url):
opensearch_url = opensearch_url.replace('http://', 'https://', 1)
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
get_only = g.user_config.get_only or 'Chrome' in request.headers.get(
'User-Agent')
Enforce GET-only in opensearch for Chrome The resolution for enabling full support for search + suggestions in Chrome is to remove the "method" tag altogether for any Chrome based browser. Any inclusion of this tag seems to break the search suggestion feature, and makes the user add the search engine manually.
4 years ago
Minor opensearch route and description updates Bumped version to 0.2.1 for next release Updated image in opensearch template to use base64 image Updated opensearch route to serve file as attachment
4 years ago
return render_template(
'opensearch.xml',
main_url=opensearch_url,
Add more OpenSearch definitions (for images etc.) (#786)
2 years ago
request_type='' if get_only else 'method="post"',
search_type=request.args.get('tbm'),
Remove `preferences` arg from opensearch template When a browser adds a search engine using the opensearch template, it does not have the correct context necessary to autofill the `preferences` arg with the user's session prefs. As a result, queries made using the browser bar will have the instance's default preferences filled into the template. Removing this shouldn't have any side effects, since queries made on the same machine will have the correct session associated with the user. Fixes #929
1 year ago
search_name=get_search_name(request.args.get('tbm'))
Do not offer opensearch.xml as attachment (#713) Sending opensearch.xml as an attachment is unnecessary. This will also allow inspecting the XML file via browser without downloading it.
2 years ago
), 200, {'Content-Type': 'application/xml'}
Complete refactoring of opensearch Refactored opensearch.xml to only exist as a template that is served by a flask route, which is then populated with the necessary url root.
4 years ago
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
@app.route(f'/{Endpoint.search_html}', methods=['GET'])
Add iframe-able search page for insertion into other sites Introduces a new html template, search.html, which provides a very basic form for submitting search queries. Closes #319
3 years ago
def search_html():
search_url = g.app_location
if search_url.endswith('/'):
search_url = search_url[:-1]
return render_template('search.html', url=search_url)
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
@app.route(f'/{Endpoint.autocomplete}', methods=['GET', 'POST'])
Feature: autocomplete/search suggestions (#72) Basic autocomplete/search suggestion functionality added * Adds new GET and POST routes for '/autocomplete' that accept a string query and returns an array of suggestions * Adds new autoscript.js file for handling queries on the main page and results view * Updated requests class to include autocomplete method * Updated opensearch template to handle search suggestions * Added header template to allow for autocomplete on results view * Updated readme to mention autocomplete feature
4 years ago
def autocomplete():
Disable autocomplete via WHOOGLE_AUTOCOMPLETE var Setting WHOOGLE_AUTOCOMPLETE to 0 now disables the autocomplete/search suggestion feature. Closes #462
3 years ago
if os.getenv(ac_var) and not read_config_bool(ac_var):
return jsonify({})
Refactored whoogle session mgmt Now allows a fallback "default" session to be used if a user's browser is blocking cookies
4 years ago
q = g.request_params.get('q')
Handle FF sending bad search suggestion param Occasionally, Firefox will send the search suggestion string to the server without a mimetype, resulting in the suggestion only appearing in Flask's `request.data` field. This field is typically not used for parsing arguments, as the documentation states: Contains the incoming request data as string in case it came with a mimetype Flask does not handle. This fix captures the bytes object sent to the server and parses it into a normal query to be used in forming suggestions.
4 years ago
if not q:
# FF will occasionally (incorrectly) send the q field without a
# mimetype in the format "b'q=<query>'" through the request.data field
q = str(request.data).replace('q=', '')
Feature: autocomplete/search suggestions (#72) Basic autocomplete/search suggestion functionality added * Adds new GET and POST routes for '/autocomplete' that accept a string query and returns an array of suggestions * Adds new autoscript.js file for handling queries on the main page and results view * Updated requests class to include autocomplete method * Updated opensearch template to handle search suggestions * Added header template to allow for autocomplete on results view * Updated readme to mention autocomplete feature
4 years ago
Finished basic implementation of DDG bang feature Initialization of the app now includes generation of a ddg-bang json file, which is used for all bang style searches afterwards. Also added search suggestion handling for bang json lookup. Queries beginning with "!" now reference the bang json file to pull all keys that match. Updated test suite to include basic tests for bang functionality. Updated gitignore to exclude bang subdir.
4 years ago
# Search bangs if the query begins with "!", but not "! " (feeling lucky)
if q.startswith('!') and len(q) > 1 and not q.startswith('! '):
Add support for custom bangs (#1132) Add the possibility for user-defined bangs, stored in app/static/bangs. These are parsed in alphabetical order, with the DDG bangs parsed first.
1 month ago
return jsonify([q, suggest_bang(q)])
Finished basic implementation of DDG bang feature Initialization of the app now includes generation of a ddg-bang json file, which is used for all bang style searches afterwards. Also added search suggestion handling for bang json lookup. Queries beginning with "!" now reference the bang json file to pull all keys that match. Updated test suite to include basic tests for bang functionality. Updated gitignore to exclude bang subdir.
4 years ago
Feature: autocomplete/search suggestions (#72) Basic autocomplete/search suggestion functionality added * Adds new GET and POST routes for '/autocomplete' that accept a string query and returns an array of suggestions * Adds new autoscript.js file for handling queries on the main page and results view * Updated requests class to include autocomplete method * Updated opensearch template to handle search suggestions * Added header template to allow for autocomplete on results view * Updated readme to mention autocomplete feature
4 years ago
if not q and not request.data:
return jsonify({'?': []})
elif request.data:
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
q = urlparse.unquote_plus(
request.data.decode('utf-8').replace('q=', ''))
Feature: autocomplete/search suggestions (#72) Basic autocomplete/search suggestion functionality added * Adds new GET and POST routes for '/autocomplete' that accept a string query and returns an array of suggestions * Adds new autoscript.js file for handling queries on the main page and results view * Updated requests class to include autocomplete method * Updated opensearch template to handle search suggestions * Added header template to allow for autocomplete on results view * Updated readme to mention autocomplete feature
4 years ago
Add tor and http/socks proxy support (#137) * Add tor and http/socks proxy support Allows users to enable/disable tor from the config menu, which will forward all requests through Tor. Also adds support for setting environment variables for alternative proxy support. Setting the following variables will forward requests through the proxy: - WHOOGLE_PROXY_USER (optional) - WHOOGLE_PROXY_PASS (optional) - WHOOGLE_PROXY_TYPE (required) - Can be "http", "socks4", or "socks5" - WHOOGLE_PROXY_LOC (required) - Format: "<ip address>:<port>" See #30 * Refactor acquire_tor_conn -> acquire_tor_identity Also updated travis CI to set up tor * Add check for Tor socket on init, improve Tor error handling Initializing the app sends a heartbeat request to Tor to check for availability, and updates the home page config options accordingly. This heartbeat is sent on every request, to ensure Tor support can be reconfigured without restarting the entire app. If Tor support is enabled, and a subsequent request fails, then a new TorError exception is raised, and the Tor feature is disabled until a valid connection is restored. The max attempts has been updated to 10, since 5 seemed a bit too low for how quickly the attempts go by. * Change send_tor_signal arg type, update function doc send_tor_signal now accepts a stem.Signal arg (a bit cleaner tbh). Also added the doc string for the "disable" attribute in TorError. * Fix tor identity logic in Request.send * Update proxy init, change proxyloc var name Proxy is now only initialized if both type and location are specified, as neither have a default fallback and both are required. I suppose the type could fall back to http, but seems safer this way. Also refactored proxyurl -> proxyloc for the runtime args in order to match the Dockerfile args. * Add tor/proxy support for Docker builds, fix opensearch/init The Dockerfile is now updated to include support for Tor configuration, with a working torrc file included in the repo. An issue with opensearch was fixed as well, which was uncovered during testing and was simple enough to fix here. Likewise, DDG bang gen was updated to only ever happen if the file didn't exist previously, as testing with the file being regenerated every time was tedious. * Add missing "@" for socks proxy requests
4 years ago
# Return a list of suggestions for the query
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
#
# Note: If Tor is enabled, this returns nothing, as the request is
# almost always rejected
return jsonify([
q,
g.user_request.autocomplete(q) if not g.user_config.tor else []
])
Feature: autocomplete/search suggestions (#72) Basic autocomplete/search suggestion functionality added * Adds new GET and POST routes for '/autocomplete' that accept a string query and returns an array of suggestions * Adds new autoscript.js file for handling queries on the main page and results view * Updated requests class to include autocomplete method * Updated opensearch template to handle search suggestions * Added header template to allow for autocomplete on results view * Updated readme to mention autocomplete feature
4 years ago
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
@app.route(f'/{Endpoint.search}', methods=['GET', 'POST'])
@session_required
Added basic authentication (#51) Username/password can be set either as Dockerfile build arguments or passed into the run script as "--userpass <username:password>"
4 years ago
@auth_required
Initial commit
4 years ago
def search():
Redirect POST search -> enc GET request This should fix the annoyance with browsers like Firefox not caching POST request responses. By redirecting a POST search to be a GET request instead (with an encrypted query string), the page can be cached and successfully navigated back to after visiting a result.
8 months ago
if request.method == 'POST':
# Redirect as a GET request with an encrypted query
post_data = MultiDict(request.form)
post_data['q'] = encrypt_string(g.session_key, post_data['q'])
get_req_str = urlparse.urlencode(post_data)
return redirect(url_for('.search') + '?' + get_req_str)
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
search_util = Search(request, g.user_config, g.session_key)
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
query = search_util.new_search_query()
Added "I'm feeling lucky" function (#46) * Putting '! ' at the beginning of the query now redirects to the first search result Signed-off-by: Paul Rothrock <paul@movetoiceland.com> * Moved get_first_url outside of filter class Signed-off-by: Paul Rothrock <paul@movetoiceland.com>
4 years ago
Add support for custom bangs (#1132) Add the possibility for user-defined bangs, stored in app/static/bangs. These are parsed in alphabetical order, with the DDG bangs parsed first.
1 month ago
bang = resolve_bang(query)
Fallback to home page for empty bang searches Bang searches without an actual query (i.e. just searching "!gh") will now redirect to the home page. I guess people do this for some reason and don't like that it redirects to the correct bang result URL, but without an actual search term. Fixes #595
2 years ago
if bang:
Improve naming of *_utils files, update fn/class doc The app/utils/*_utils weren't named very well, and all have been updated to have more accurate names. Function and class documention for the utils have been updated as well, as part of the effort to improve overall documentation for the project.
3 years ago
return redirect(bang)
Added ddg-style !bang-operators This is a proof of concept! The code works, but uses hardcoded operators and may be placed in the wrong file/class. The best-case scenario would be the possibility to use the 13.000+ ddg operators, but I don't know if that's possible without having to redirect to duckduckgo first.
4 years ago
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
# Redirect to home if invalid/blank search
if not query:
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
return redirect(url_for('.index'))
Added "I'm feeling lucky" function (#46) * Putting '! ' at the beginning of the query now redirects to the first search result Signed-off-by: Paul Rothrock <paul@movetoiceland.com> * Moved get_first_url outside of filter class Signed-off-by: Paul Rothrock <paul@movetoiceland.com>
4 years ago
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
# Generate response and number of external elements from the page
Add tor and http/socks proxy support (#137) * Add tor and http/socks proxy support Allows users to enable/disable tor from the config menu, which will forward all requests through Tor. Also adds support for setting environment variables for alternative proxy support. Setting the following variables will forward requests through the proxy: - WHOOGLE_PROXY_USER (optional) - WHOOGLE_PROXY_PASS (optional) - WHOOGLE_PROXY_TYPE (required) - Can be "http", "socks4", or "socks5" - WHOOGLE_PROXY_LOC (required) - Format: "<ip address>:<port>" See #30 * Refactor acquire_tor_conn -> acquire_tor_identity Also updated travis CI to set up tor * Add check for Tor socket on init, improve Tor error handling Initializing the app sends a heartbeat request to Tor to check for availability, and updates the home page config options accordingly. This heartbeat is sent on every request, to ensure Tor support can be reconfigured without restarting the entire app. If Tor support is enabled, and a subsequent request fails, then a new TorError exception is raised, and the Tor feature is disabled until a valid connection is restored. The max attempts has been updated to 10, since 5 seemed a bit too low for how quickly the attempts go by. * Change send_tor_signal arg type, update function doc send_tor_signal now accepts a stem.Signal arg (a bit cleaner tbh). Also added the doc string for the "disable" attribute in TorError. * Fix tor identity logic in Request.send * Update proxy init, change proxyloc var name Proxy is now only initialized if both type and location are specified, as neither have a default fallback and both are required. I suppose the type could fall back to http, but seems safer this way. Also refactored proxyurl -> proxyloc for the runtime args in order to match the Dockerfile args. * Add tor/proxy support for Docker builds, fix opensearch/init The Dockerfile is now updated to include support for Tor configuration, with a working torrc file included in the repo. An issue with opensearch was fixed as well, which was uncovered during testing and was simple enough to fix here. Likewise, DDG bang gen was updated to only ever happen if the file didn't exist previously, as testing with the file being regenerated every time was tedious. * Add missing "@" for socks proxy requests
4 years ago
try:
Switch to single Fernet key per session This moves away from the previous (messy) approach of using two separate keys for decrypting text and element URLs separately and regenerating them for new searches. The current implementation of sessions is not very reliable, which lead to keys being regenerated too soon, which would break page navigation. Until that can be addressed, the single key per session approach should work a lot better. Fixes #250 Fixes #90
3 years ago
response = search_util.generate_response()
Add tor and http/socks proxy support (#137) * Add tor and http/socks proxy support Allows users to enable/disable tor from the config menu, which will forward all requests through Tor. Also adds support for setting environment variables for alternative proxy support. Setting the following variables will forward requests through the proxy: - WHOOGLE_PROXY_USER (optional) - WHOOGLE_PROXY_PASS (optional) - WHOOGLE_PROXY_TYPE (required) - Can be "http", "socks4", or "socks5" - WHOOGLE_PROXY_LOC (required) - Format: "<ip address>:<port>" See #30 * Refactor acquire_tor_conn -> acquire_tor_identity Also updated travis CI to set up tor * Add check for Tor socket on init, improve Tor error handling Initializing the app sends a heartbeat request to Tor to check for availability, and updates the home page config options accordingly. This heartbeat is sent on every request, to ensure Tor support can be reconfigured without restarting the entire app. If Tor support is enabled, and a subsequent request fails, then a new TorError exception is raised, and the Tor feature is disabled until a valid connection is restored. The max attempts has been updated to 10, since 5 seemed a bit too low for how quickly the attempts go by. * Change send_tor_signal arg type, update function doc send_tor_signal now accepts a stem.Signal arg (a bit cleaner tbh). Also added the doc string for the "disable" attribute in TorError. * Fix tor identity logic in Request.send * Update proxy init, change proxyloc var name Proxy is now only initialized if both type and location are specified, as neither have a default fallback and both are required. I suppose the type could fall back to http, but seems safer this way. Also refactored proxyurl -> proxyloc for the runtime args in order to match the Dockerfile args. * Add tor/proxy support for Docker builds, fix opensearch/init The Dockerfile is now updated to include support for Tor configuration, with a working torrc file included in the repo. An issue with opensearch was fixed as well, which was uncovered during testing and was simple enough to fix here. Likewise, DDG bang gen was updated to only ever happen if the file didn't exist previously, as testing with the file being regenerated every time was tedious. * Add missing "@" for socks proxy requests
4 years ago
except TorError as e:
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
session['error_message'] = e.message + (
"\\n\\nTor config is now disabled!" if e.disable else "")
session['config']['tor'] = False if e.disable else session['config'][
'tor']
Add tor and http/socks proxy support (#137) * Add tor and http/socks proxy support Allows users to enable/disable tor from the config menu, which will forward all requests through Tor. Also adds support for setting environment variables for alternative proxy support. Setting the following variables will forward requests through the proxy: - WHOOGLE_PROXY_USER (optional) - WHOOGLE_PROXY_PASS (optional) - WHOOGLE_PROXY_TYPE (required) - Can be "http", "socks4", or "socks5" - WHOOGLE_PROXY_LOC (required) - Format: "<ip address>:<port>" See #30 * Refactor acquire_tor_conn -> acquire_tor_identity Also updated travis CI to set up tor * Add check for Tor socket on init, improve Tor error handling Initializing the app sends a heartbeat request to Tor to check for availability, and updates the home page config options accordingly. This heartbeat is sent on every request, to ensure Tor support can be reconfigured without restarting the entire app. If Tor support is enabled, and a subsequent request fails, then a new TorError exception is raised, and the Tor feature is disabled until a valid connection is restored. The max attempts has been updated to 10, since 5 seemed a bit too low for how quickly the attempts go by. * Change send_tor_signal arg type, update function doc send_tor_signal now accepts a stem.Signal arg (a bit cleaner tbh). Also added the doc string for the "disable" attribute in TorError. * Fix tor identity logic in Request.send * Update proxy init, change proxyloc var name Proxy is now only initialized if both type and location are specified, as neither have a default fallback and both are required. I suppose the type could fall back to http, but seems safer this way. Also refactored proxyurl -> proxyloc for the runtime args in order to match the Dockerfile args. * Add tor/proxy support for Docker builds, fix opensearch/init The Dockerfile is now updated to include support for Tor configuration, with a working torrc file included in the repo. An issue with opensearch was fixed as well, which was uncovered during testing and was simple enough to fix here. Likewise, DDG bang gen was updated to only ever happen if the file didn't exist previously, as testing with the file being regenerated every time was tedious. * Add missing "@" for socks proxy requests
4 years ago
return redirect(url_for('.index'))
Switch to single Fernet key per session This moves away from the previous (messy) approach of using two separate keys for decrypting text and element URLs separately and regenerating them for new searches. The current implementation of sessions is not very reliable, which lead to keys being regenerated too soon, which would break page navigation. Until that can be addressed, the single key per session approach should work a lot better. Fixes #250 Fixes #90
3 years ago
if search_util.feeling_lucky:
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
return redirect(response, code=303)
Added "I'm feeling lucky" function (#46) * Putting '! ' at the beginning of the query now redirects to the first search result Signed-off-by: Paul Rothrock <paul@movetoiceland.com> * Moved get_first_url outside of filter class Signed-off-by: Paul Rothrock <paul@movetoiceland.com>
4 years ago
Add lingva translation support in search (#360) * Add support for Lingva translations in results Searches that contain the word "translate" and are normal search queries (i.e. not news/images/video/etc) now create an iframe to a Lingva url to translate the user's search using their configured search language. The Lingva url can be configured using the WHOOGLE_ALT_TL env var, or will fall back to the official Lingva instance url (lingva.ml). For more info, visit https://github.com/TheDavidDelta/lingva-translate * Add basic test for lingva results * Allow user specified lingva instances through csp frame-src * Fix pep8 issue
3 years ago
# If the user is attempting to translate a string, determine the correct
# string for formatting the lingva.ml url
localization_lang = g.user_config.get_localization_lang()
translation = app.config['TRANSLATIONS'][localization_lang]
translate_to = localization_lang.replace('lang_', '')
Add time constraint to search options (#888) Introduces the ability to refine searches by time period: - Past hour - Past 24 hours - Past week - Past month - Past year Co-authored-by: Ben Busby <contact@benbusby.com>
1 year ago
# removing st-card to only use whoogle time selector
soup = bsoup(response, "html.parser");
for x in soup.find_all(attrs={"id": "st-card"}):
x.replace_with("")
Escape html text in result body (#912) Moved the cleaner functions to app/utils/escaper.py Removed unused import 're' Moved the cleaner functionalities to the "search.py" and "routes.py" Making sure escaped chars stay escaped during process Replaced "&lt;" and "&gt;" with "andlt;" and "andgt;", respectively. This way, when the 'response' object get loaded to bsoup (which happens several times throughout the process between search.py and routes.py), bsoup will not unescape them.
1 year ago
Add time constraint to search options (#888) Introduces the ability to refine searches by time period: - Past hour - Past 24 hours - Past week - Past month - Past year Co-authored-by: Ben Busby <contact@benbusby.com>
1 year ago
response = str(soup)
Return 503 if response is blocked by captcha Also added in a slight modification to the dark theme style, which should only apply the border radius in the header. Closes #226
3 years ago
# Return 503 if temporarily blocked by captcha
Use farside.link for frontend alternatives in results (#560) * Integrate Farside into Whoogle When instances are ratelimited (when a captcha is returned instead of the user's search results) the user can now hop to a new instance via Farside, a new backend service that redirects users to working instances of a particular frontend. In this case, it presents a user with a Farside link to a new Whoogle (or Searx) instance instead, so that the user can resume their search. For the generated Farside->Whoogle link, the generated link includes the user's current Whoogle configuration settings as URL params, to ensure a more seamless transition between instances. This doesn't translate to the Farside->Searx link, but potentially could with some changes. * Expand conversion of config<->url params Config settings can now be translated to and from URL params using a predetermined set of "safe" keys (i.e. config settings that easily translate to URL params). * Allow jumping instances via Farside when ratelimited When instances are ratelimited (when a captcha is returned instead of the user's search results) the user can now hop to a new instance via Farside, a new backend service that redirects users to working instances of a particular frontend. In this case, it presents a user with a Farside link to a new Whoogle (or Searx) instance instead, so that the user can resume their search. For the generated Farside->Whoogle link, the generated link includes the user's current Whoogle configuration settings as URL params, to ensure a more seamless transition between instances. This doesn't translate to the Farside->Searx link, but potentially could with some changes. Closes #554 Closes #559
3 years ago
if has_captcha(str(response)):
Log rate-limiting errors Rate limiting is now reported to the console as an error message. Fixes #914
1 year ago
app.logger.error('503 (CAPTCHA)')
Use farside.link for frontend alternatives in results (#560) * Integrate Farside into Whoogle When instances are ratelimited (when a captcha is returned instead of the user's search results) the user can now hop to a new instance via Farside, a new backend service that redirects users to working instances of a particular frontend. In this case, it presents a user with a Farside link to a new Whoogle (or Searx) instance instead, so that the user can resume their search. For the generated Farside->Whoogle link, the generated link includes the user's current Whoogle configuration settings as URL params, to ensure a more seamless transition between instances. This doesn't translate to the Farside->Searx link, but potentially could with some changes. * Expand conversion of config<->url params Config settings can now be translated to and from URL params using a predetermined set of "safe" keys (i.e. config settings that easily translate to URL params). * Allow jumping instances via Farside when ratelimited When instances are ratelimited (when a captcha is returned instead of the user's search results) the user can now hop to a new instance via Farside, a new backend service that redirects users to working instances of a particular frontend. In this case, it presents a user with a Farside link to a new Whoogle (or Searx) instance instead, so that the user can resume their search. For the generated Farside->Whoogle link, the generated link includes the user's current Whoogle configuration settings as URL params, to ensure a more seamless transition between instances. This doesn't translate to the Farside->Searx link, but potentially could with some changes. Closes #554 Closes #559
3 years ago
return render_template(
'error.html',
blocked=True,
error_message=translation['ratelimit'],
translation=translation,
farside='https://farside.link',
config=g.user_config,
query=urlparse.unquote(query),
Replace error query params w/ preferences param (#867)
2 years ago
params=g.user_config.to_params(keys=['preferences'])), 503
Escape html text in result body (#912) Moved the cleaner functions to app/utils/escaper.py Removed unused import 're' Moved the cleaner functionalities to the "search.py" and "routes.py" Making sure escaped chars stay escaped during process Replaced "&lt;" and "&gt;" with "andlt;" and "andgt;", respectively. This way, when the 'response' object get loaded to bsoup (which happens several times throughout the process between search.py and routes.py), bsoup will not unescape them.
1 year ago
Bold search query in results (#487) This modifies the search result page by bold-ing all appearances of any word in the original query. If portions of the query are in quotes (i.e. "ice cream"), only exact matches of the sequence of words will be made bold. Co-authored-by: Ben Busby <noreply+git@benbusby.com>
3 years ago
response = bold_search_terms(response, query)
Pass response as str to bsoup for "my ip" card Due to how the response is now reformed into a new bsoup object when bolding search query terms, creating an ip card for "my ip" searches threw an error due to how the new bsoup object was initialized for the "my ip" card. This passes the response in as a string instead. Fixes #504
3 years ago
Add calculator widget (#956) This adds a simple calculator widget, somewhat similar to the one presented when searching calculator on Google. Also, it adds somewhat of a template for making the addition of new widgets easier via the app/utils/widgets.py file. My eventual plan is to use this to create more widgets that appear in Google, such as a color picker, timer, etc. --------- Co-authored-by: Ben Busby <contact@benbusby.com>
1 year ago
# check for widgets and add if requested
if search_util.widget != '':
Pass response as str to bsoup for "my ip" card Due to how the response is now reformed into a new bsoup object when bolding search query terms, creating an ip card for "my ip" searches threw an error due to how the new bsoup object was initialized for the "my ip" card. This passes the response in as a string instead. Fixes #504
3 years ago
html_soup = bsoup(str(response), 'html.parser')
Replace Python 3.10 `match` with if/else Some distributions require manually installing Python 3.10, which makes it less convenient than just using whatever version of Python3.X the package manager supports. Since the only 3.10 feature being used was "match", and it was a very small change, it's been replaced with an if/else statement to ensure compatibility with older versions of Python 3.
1 year ago
if search_util.widget == 'ip':
response = add_ip_card(html_soup, get_client_ip(request))
elif search_util.widget == 'calculator' and not 'nojs' in request.args:
response = add_calculator_card(html_soup)
Show client IP for "my ip" searches (#469) This introduces a new UI element for displaying the client IP address when a search for "my ip" is used. Note that this does not show the IP address seen by Google if Whoogle is deployed remotely. It uses `request.remote_addr` to display the client IP address in the UI, not the actual address of the server (which is what Google sees in requests sent from remote Whoogle instances).
3 years ago
Use consistent header for all result types (#535) Introduces a header for switching between result types (i.e. "All", "News", etc) that is consistent between the different result types. Previously, image results had a tab header that was formatted in a drastically different manner, which was jarring when switching from a different result page to the Images page. Created a G class enum to reference class names returned in search results. As noted in the class doc, this should only be used/updated as a last resort, as class names change frequently. For some instances, such as replacing the tbm tab, it's a lot easier to just replace by header name than attempting to replace it based on how the element is structured. Also updated a few styles to revert the latest styling changes being applied by Google. Co-authored-by: jacr13 <ramos.joao@protonmail.com> Co-authored-by: Ben Busby <contact@benbusby.com>
2 years ago
# Update tabs content
tabs = get_tabs_content(app.config['HEADER_TABS'],
search_util.full_query,
search_util.search_type,
Encode config params in URL (#842) Adds support for encoding (and optionally encrypting) user config values as a single string that can be passed to any endpoint with the "preferences" url param. Co-authored-by: Ben Busby <contact@benbusby.com>
2 years ago
g.user_config.preferences,
Use consistent header for all result types (#535) Introduces a header for switching between result types (i.e. "All", "News", etc) that is consistent between the different result types. Previously, image results had a tab header that was formatted in a drastically different manner, which was jarring when switching from a different result page to the Images page. Created a G class enum to reference class names returned in search results. As noted in the class doc, this should only be used/updated as a last resort, as class names change frequently. For some instances, such as replacing the tbm tab, it's a lot easier to just replace by header name than attempting to replace it based on how the element is structured. Also updated a few styles to revert the latest styling changes being applied by Google. Co-authored-by: jacr13 <ramos.joao@protonmail.com> Co-authored-by: Ben Busby <contact@benbusby.com>
2 years ago
translation)
Add tools for currency conversion in search results (#536) This implements a method for converting between various currencies. When a user searches "<currency A> to <currency B>" (including when prefixed by a specific amount), they are now presented with a table for quickly converting between the two. This makes use of the currency ratio returned as the first "card" in currency related searches, and the table is inserted into this same card.
3 years ago
# Feature to display currency_card
Add calculator widget (#956) This adds a simple calculator widget, somewhat similar to the one presented when searching calculator on Google. Also, it adds somewhat of a template for making the addition of new widgets easier via the app/utils/widgets.py file. My eventual plan is to use this to create more widgets that appear in Google, such as a color picker, timer, etc. --------- Co-authored-by: Ben Busby <contact@benbusby.com>
1 year ago
# Since this is determined by more than just the
# query is it not defined as a standard widget
Add tools for currency conversion in search results (#536) This implements a method for converting between various currencies. When a user searches "<currency A> to <currency B>" (including when prefixed by a specific amount), they are now presented with a table for quickly converting between the two. This makes use of the currency ratio returned as the first "card" in currency related searches, and the table is inserted into this same card.
3 years ago
conversion = check_currency(str(response))
if conversion:
html_soup = bsoup(str(response), 'html.parser')
response = add_currency_card(html_soup, conversion)
Encode config params in URL (#842) Adds support for encoding (and optionally encrypting) user config values as a single string that can be passed to any endpoint with the "preferences" url param. Co-authored-by: Ben Busby <contact@benbusby.com>
2 years ago
preferences = g.user_config.preferences
home_url = f"home?preferences={preferences}" if preferences else "home"
Escape html text in result body (#912) Moved the cleaner functions to app/utils/escaper.py Removed unused import 're' Moved the cleaner functionalities to the "search.py" and "routes.py" Making sure escaped chars stay escaped during process Replaced "&lt;" and "&gt;" with "andlt;" and "andgt;", respectively. This way, when the 'response' object get loaded to bsoup (which happens several times throughout the process between search.py and routes.py), bsoup will not unescape them.
1 year ago
cleanresponse = str(response).replace("andlt;","&lt;").replace("andgt;","&gt;")
Encode config params in URL (#842) Adds support for encoding (and optionally encrypting) user config values as a single string that can be passed to any endpoint with the "preferences" url param. Co-authored-by: Ben Busby <contact@benbusby.com>
2 years ago
Feature: autocomplete/search suggestions (#72) Basic autocomplete/search suggestion functionality added * Adds new GET and POST routes for '/autocomplete' that accept a string query and returns an array of suggestions * Adds new autoscript.js file for handling queries on the main page and results view * Updated requests class to include autocomplete method * Updated opensearch template to handle search suggestions * Added header template to allow for autocomplete on results view * Updated readme to mention autocomplete feature
4 years ago
return render_template(
'display.html',
Check for updates using 24 hour time delta Rather than only checking for an available update on app init, the check for updates now performs the check once every 24 hours on the first request sent after that period. This also now catches the requests.exceptions.ConnectionError that is thrown if the app is initialized without an active internet connection. Fixes #649
2 years ago
has_update=app.config['HAS_UPDATE'],
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
query=urlparse.unquote(query),
search_type=search_util.search_type,
Add more OpenSearch definitions (for images etc.) (#786)
2 years ago
search_name=get_search_name(search_util.search_type),
Allow user-defined CSS/theming (#227) * Add custom CSS field to config This allows users to set/customize an instance's theme and appearance to their liking. The config CSS field is prepopulated with all default CSS variable values to allow quick editing. Note that this can be somewhat of a "footgun" if someone updates the CSS to hide all fields/search/etc. Should probably add some sort of bandaid "admin" feature for public instances to employ until the whole cookie/session issue is investigated further. * Symlink all app static files to test dir * Refactor app/misc/*.json -> app/static/settings/*.json The country/language json files are used for user config settings, so the "misc" name didn't really make sense. Also moved these to the static folder to make testing easier. * Fix light theme variables in dark theme css * Minor style tweaking
3 years ago
config=g.user_config,
Skip loading autocomplete.js if `WHOOGLE_AUTOCOMPLETE=0` (#611) Bypasses autocomplete.js if `WHOOGLE_AUTOCOMPLETE` is set to 0
2 years ago
autocomplete_enabled=autocomplete_enabled,
Add lingva translation support in search (#360) * Add support for Lingva translations in results Searches that contain the word "translate" and are normal search queries (i.e. not news/images/video/etc) now create an iframe to a Lingva url to translate the user's search using their configured search language. The Lingva url can be configured using the WHOOGLE_ALT_TL env var, or will fall back to the official Lingva instance url (lingva.ml). For more info, visit https://github.com/TheDavidDelta/lingva-translate * Add basic test for lingva results * Allow user specified lingva instances through csp frame-src * Fix pep8 issue
3 years ago
lingva_url=app.config['TRANSLATE_URL'],
translation=translation,
translate_to=translate_to,
translate_str=query.replace(
'translate', ''
).replace(
translation['translate'], ''
),
is_translation=any(
_ in query.lower() for _ in [translation['translate'], 'translate']
) and not search_util.search_type, # Standard search queries only
Escape html text in result body (#912) Moved the cleaner functions to app/utils/escaper.py Removed unused import 're' Moved the cleaner functionalities to the "search.py" and "routes.py" Making sure escaped chars stay escaped during process Replaced "&lt;" and "&gt;" with "andlt;" and "andgt;", respectively. This way, when the 'response' object get loaded to bsoup (which happens several times throughout the process between search.py and routes.py), bsoup will not unescape them.
1 year ago
response=cleanresponse,
Added footer to results page
4 years ago
version_number=app.config['VERSION_NUMBER'],
Use consistent header for all result types (#535) Introduces a header for switching between result types (i.e. "All", "News", etc) that is consistent between the different result types. Previously, image results had a tab header that was formatted in a drastically different manner, which was jarring when switching from a different result page to the Images page. Created a G class enum to reference class names returned in search results. As noted in the class doc, this should only be used/updated as a last resort, as class names change frequently. For some instances, such as replacing the tbm tab, it's a lot easier to just replace by header name than attempting to replace it based on how the element is structured. Also updated a few styles to revert the latest styling changes being applied by Google. Co-authored-by: jacr13 <ramos.joao@protonmail.com> Co-authored-by: Ben Busby <contact@benbusby.com>
2 years ago
search_header=render_template(
Feature: autocomplete/search suggestions (#72) Basic autocomplete/search suggestion functionality added * Adds new GET and POST routes for '/autocomplete' that accept a string query and returns an array of suggestions * Adds new autoscript.js file for handling queries on the main page and results view * Updated requests class to include autocomplete method * Updated opensearch template to handle search suggestions * Added header template to allow for autocomplete on results view * Updated readme to mention autocomplete feature
4 years ago
'header.html',
Encode config params in URL (#842) Adds support for encoding (and optionally encrypting) user config values as a single string that can be passed to any endpoint with the "preferences" url param. Co-authored-by: Ben Busby <contact@benbusby.com>
2 years ago
home_url=home_url,
Allow user-defined CSS/theming (#227) * Add custom CSS field to config This allows users to set/customize an instance's theme and appearance to their liking. The config CSS field is prepopulated with all default CSS variable values to allow quick editing. Note that this can be somewhat of a "footgun" if someone updates the CSS to hide all fields/search/etc. Should probably add some sort of bandaid "admin" feature for public instances to employ until the whole cookie/session issue is investigated further. * Symlink all app static files to test dir * Refactor app/misc/*.json -> app/static/settings/*.json The country/language json files are used for user config settings, so the "misc" name didn't really make sense. Also moved these to the static folder to make testing easier. * Fix light theme variables in dark theme css * Minor style tweaking
3 years ago
config=g.user_config,
Allow temp region selection from result view This adds a new "temporary" config section of the results view, where a user can now change the country that their results come from without changing their default config settings. Closes #322
2 years ago
translation=translation,
languages=app.config['LANGUAGES'],
countries=app.config['COUNTRIES'],
Add time constraint to search options (#888) Introduces the ability to refine searches by time period: - Past hour - Past 24 hours - Past week - Past month - Past year Co-authored-by: Ben Busby <contact@benbusby.com>
1 year ago
time_periods=app.config['TIME_PERIODS'],
Expand custom css theming support Also adds new default dark theme designed by @gripped.
3 years ago
logo=render_template('logo.html', dark=g.user_config.dark),
Add fallback interface/search lang + cleanup Since the interface language defaults to IP geolocation by google, the default language is now set to english. Still not sure if this is the best solution, but at least temporarily should clear up some confusion for users with instances deployed in countries outside of their own. Also performed some minor cleanup: - Updated name of strip_blocked_sites to clean_query - Added clean_query to list of jinja template functions - Ensured site block list doesn't contain duplicate filters
3 years ago
query=urlparse.unquote(query),
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
search_type=search_util.search_type,
Use consistent header for all result types (#535) Introduces a header for switching between result types (i.e. "All", "News", etc) that is consistent between the different result types. Previously, image results had a tab header that was formatted in a drastically different manner, which was jarring when switching from a different result page to the Images page. Created a G class enum to reference class names returned in search results. As noted in the class doc, this should only be used/updated as a last resort, as class names change frequently. For some instances, such as replacing the tbm tab, it's a lot easier to just replace by header name than attempting to replace it based on how the element is structured. Also updated a few styles to revert the latest styling changes being applied by Google. Co-authored-by: jacr13 <ramos.joao@protonmail.com> Co-authored-by: Ben Busby <contact@benbusby.com>
2 years ago
mobile=g.user_request.mobile,
Add calculator widget (#956) This adds a simple calculator widget, somewhat similar to the one presented when searching calculator on Google. Also, it adds somewhat of a template for making the addition of new widgets easier via the app/utils/widgets.py file. My eventual plan is to use this to create more widgets that appear in Google, such as a color picker, timer, etc. --------- Co-authored-by: Ben Busby <contact@benbusby.com>
1 year ago
tabs=tabs)).replace(" ", "")
Initial commit
4 years ago
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
@app.route(f'/{Endpoint.config}', methods=['GET', 'POST', 'PUT'])
@session_required
Added basic authentication (#51) Username/password can be set either as Dockerfile build arguments or passed into the run script as "--userpass <username:password>"
4 years ago
@auth_required
Added ability to update config from home page
4 years ago
def config():
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
config_disabled = (
app.config['CONFIG_DISABLE'] or
not valid_user_session(session))
Validate urls in `element` and `window` endpoints Domains were previously not validated before being handled, leading to a potential scenario where someone could pass something like "element_url=127.0.0.1:<port>/<resource>" to access other resources on a machine running Whoogle. This change ensures that the resource used in both endpoints is a valid domain. This also includes validation of config names to prevent names from including path values such as "../../(etc)".
9 months ago
name = ''
if 'name' in request.args:
name = os.path.normpath(request.args.get('name'))
if not re.match(r'^[A-Za-z0-9_.+-]+$', name):
return make_response('Invalid config name', 400)
Added testing and ci build, refactored filter class, refactored project structure
4 years ago
if request.method == 'GET':
Feature: language config (#27) * Added language configuration support Main page now has a dropdown for selecting preferred language of results. Refactored config to be its own model with language constants. * Added more language support Interface language is now updated using the "hl" arg Fixed chinese traditional and simplified values Updated decoding of characters to gb2312 * Updated to use conditional decoding dependent on language * Updated filter to not rely on valid config to work properly
4 years ago
return json.dumps(g.user_config.__dict__)
Add option to disable changing config from client (#295) * Add option to disable changing of configuration Introduces a test to ensure the correct response code is found when attempting to update the config when disabled, and ensure default config is unchanged when posting a new config dict. Attempting to update the config using the API when disabled now returns a 403 code + redirect. Co-authored-by: Ben Busby <benbusby@protonmail.com>
3 years ago
elif request.method == 'PUT' and not config_disabled:
Validate urls in `element` and `window` endpoints Domains were previously not validated before being handled, leading to a potential scenario where someone could pass something like "element_url=127.0.0.1:<port>/<resource>" to access other resources on a machine running Whoogle. This change ensures that the resource used in both endpoints is a valid domain. This also includes validation of config names to prevent names from including path values such as "../../(etc)".
9 months ago
if name:
config_pkl = os.path.join(app.config['CONFIG_PATH'], name)
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
session['config'] = (pickle.load(open(config_pkl, 'rb'))
if os.path.exists(config_pkl)
else session['config'])
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
return json.dumps(session['config'])
else:
return json.dumps({})
Add option to disable changing config from client (#295) * Add option to disable changing of configuration Introduces a test to ensure the correct response code is found when attempting to update the config when disabled, and ensure default config is unchanged when posting a new config dict. Attempting to update the config using the API when disabled now returns a 403 code + redirect. Co-authored-by: Ben Busby <benbusby@protonmail.com>
3 years ago
elif not config_disabled:
Updated js controller and config api route Controller was refactored to be a bit less monolithic. Config route was updated to accept an html form data POST rather than just a json object.
4 years ago
config_data = request.form.to_dict()
Added config option to address instance behind reverse proxy Config options now allow setting a "root url", which defaults to the request url root. Saving a new url in this field will allow for proper redirects and usage of the opensearch element. Also provides a possible solution for #17, where the default flask redirect method redirects to http instead of https.
4 years ago
if 'url' not in config_data or not config_data['url']:
Minor improvement to https enforcement
4 years ago
config_data['url'] = g.user_config.url
Added config option to address instance behind reverse proxy Config options now allow setting a "root url", which defaults to the request url root. Saving a new url in this field will allow for proper redirects and usage of the opensearch element. Also provides a possible solution for #17, where the default flask redirect method redirects to http instead of https.
4 years ago
Refactored whoogle session mgmt Now allows a fallback "default" session to be used if a user's browser is blocking cookies
4 years ago
# Save config by name to allow a user to easily load later
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
if 'name' in request.args:
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
pickle.dump(
config_data,
open(os.path.join(
app.config['CONFIG_PATH'],
Validate urls in `element` and `window` endpoints Domains were previously not validated before being handled, leading to a potential scenario where someone could pass something like "element_url=127.0.0.1:<port>/<resource>" to access other resources on a machine running Whoogle. This change ensures that the resource used in both endpoints is a valid domain. This also includes validation of config names to prevent names from including path values such as "../../(etc)".
9 months ago
name), 'wb'))
Refactored whoogle session mgmt Now allows a fallback "default" session to be used if a user's browser is blocking cookies
4 years ago
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
session['config'] = config_data
Added config option to address instance behind reverse proxy Config options now allow setting a "root url", which defaults to the request url root. Saving a new url in this field will allow for proper redirects and usage of the opensearch element. Also provides a possible solution for #17, where the default flask redirect method redirects to http instead of https.
4 years ago
return redirect(config_data['url'])
Add option to disable changing config from client (#295) * Add option to disable changing of configuration Introduces a test to ensure the correct response code is found when attempting to update the config when disabled, and ensure default config is unchanged when posting a new config dict. Attempting to update the config using the API when disabled now returns a 403 code + redirect. Co-authored-by: Ben Busby <benbusby@protonmail.com>
3 years ago
else:
return redirect(url_for('.index'), code=403)
Added ability to update config from home page
4 years ago
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
@app.route(f'/{Endpoint.imgres}')
@session_required
Added basic authentication (#51) Username/password can be set either as Dockerfile build arguments or passed into the run script as "--userpass <username:password>"
4 years ago
@auth_required
Added html parsing to remove returned scripts, added logo
4 years ago
def imgres():
return redirect(request.args.get('imgurl'))
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
@app.route(f'/{Endpoint.element}')
@session_required
Added basic authentication (#51) Username/password can be set either as Dockerfile build arguments or passed into the run script as "--userpass <username:password>"
4 years ago
@auth_required
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
def element():
Support proxying results through Whoogle (aka "anonymous view") (#682) * Expand `/window` endpoint to behave like a proxy The `/window` endpoint was previously used as a type of proxy, but only for removing Javascript from the result page. This expands the existing functionality to allow users to proxy search result pages (with or without Javascript) through their Whoogle instance. * Implement filtering of remote content from css * Condense NoJS feature into Anonymous View Enabling NoJS now removes Javascript from the Anonymous View, rather than creating a separate option. * Exclude 'data:' urls from filter, add translations The 'data:' url must be allowed in results to view certain elements on the page, such as stars for review based results. Add translations for the remaining languages. * Add cssutils to requirements
2 years ago
element_url = src_url = request.args.get('url')
if element_url.startswith('gAAAAA'):
Return 401 when token is invalid (#714) In some rare instances (a race condition perhaps?) a `cryptography.fernet.InvalidToken` exception is thrown resulting in a broken connection. This change gracefully returns a 401 error instead.
2 years ago
try:
cipher_suite = Fernet(g.session_key)
src_url = cipher_suite.decrypt(element_url.encode()).decode()
except (InvalidSignature, InvalidToken) as e:
return render_template(
'error.html',
error_message=str(e)), 401
Support proxying results through Whoogle (aka "anonymous view") (#682) * Expand `/window` endpoint to behave like a proxy The `/window` endpoint was previously used as a type of proxy, but only for removing Javascript from the result page. This expands the existing functionality to allow users to proxy search result pages (with or without Javascript) through their Whoogle instance. * Implement filtering of remote content from css * Condense NoJS feature into Anonymous View Enabling NoJS now removes Javascript from the Anonymous View, rather than creating a separate option. * Exclude 'data:' urls from filter, add translations The 'data:' url must be allowed in results to view certain elements on the page, such as stars for review based results. Add translations for the remaining languages. * Add cssutils to requirements
2 years ago
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
src_type = request.args.get('type')
Feature: country and safe search config options (#71) * Added country and safe search config options * Updated handling of parser error in results test * Improved handling of default country * Added 1px empty gif fallback as a replacement for images that fail to load
4 years ago
Validate urls in `element` and `window` endpoints Domains were previously not validated before being handled, leading to a potential scenario where someone could pass something like "element_url=127.0.0.1:<port>/<resource>" to access other resources on a machine running Whoogle. This change ensures that the resource used in both endpoints is a valid domain. This also includes validation of config names to prevent names from including path values such as "../../(etc)".
9 months ago
# Ensure requested element is from a valid domain
domain = urlparse.urlparse(src_url).netloc
if not validators.domain(domain):
return send_file(io.BytesIO(empty_gif), mimetype='image/gif')
Feature: country and safe search config options (#71) * Added country and safe search config options * Updated handling of parser error in results test * Improved handling of default country * Added 1px empty gif fallback as a replacement for images that fail to load
4 years ago
try:
Display an empty img if a site icon can't be found This improves the search result icon feature by "hiding" the site's icon if one was not found. This happens in scenarios where a site doesn't have a /favicon.ico due to having a unique path or using javascript to load the icon.
8 months ago
response = g.user_request.send(base_url=src_url)
# Display an empty gif if the requested element couldn't be retrieved
Display audio controls, refactor site icon placement Audio controls are now always shown by default (mostly found in searches that contain word pronunciation guides). Site icons were moved to the left side of the results.
8 months ago
if response.status_code != 200 or len(response.content) == 0:
if 'favicon' in src_url:
Fetch fallback site icons from DDG DDG provides favicons using the url format icons.duckduckgo.com/ip2/{site}.ico This can be used to fetch favicons in the event that the default "/favicon.ico" path does not work.
8 months ago
favicon = fetch_favicon(src_url)
return send_file(io.BytesIO(favicon), mimetype='image/png')
Display audio controls, refactor site icon placement Audio controls are now always shown by default (mostly found in searches that contain word pronunciation guides). Site icons were moved to the left side of the results.
8 months ago
else:
return send_file(io.BytesIO(empty_gif), mimetype='image/gif')
Display an empty img if a site icon can't be found This improves the search result icon feature by "hiding" the site's icon if one was not found. This happens in scenarios where a site doesn't have a /favicon.ico due to having a unique path or using javascript to load the icon.
8 months ago
file_data = response.content
Feature: country and safe search config options (#71) * Added country and safe search config options * Updated handling of parser error in results test * Improved handling of default country * Added 1px empty gif fallback as a replacement for images that fail to load
4 years ago
tmp_mem = io.BytesIO()
tmp_mem.write(file_data)
tmp_mem.seek(0)
Project refactor (#85) * Major refactor of requests and session management - Switches from pycurl to requests library - Allows for less janky decoding, especially with non-latin character sets - Adds session level management of user configs - Allows for each session to set its own config (people are probably going to complain about this, though not sure if it'll be the same number of people who are upset that their friends/family have to share their config) - Updates key gen/regen to more aggressively swap out keys after each request * Added ability to save/load configs by name - New PUT method for config allows changing config with specified name - New methods in js controller to handle loading/saving of configs * Result formatting and removal of unused elements - Fixed question section formatting from results page (added appropriate padding and made questions styled as italic) - Removed user agent display from main config settings * Minor change to button label * Fixed issue with "de-pickling" of flask session Having a gitignore-everything ("*") file within a flask session folder seems to cause a weird bug where the state of the app becomes unusable from continuously trying to prune files listed in the gitignore (and it can't prune '*'). * Switched to pickling saved configs * Updated ad/sponsored content filter and conf naming Configs are now named with a .conf extension to allow for easier manual cleanup/modification of named config files Sponsored content now removed by basic string matching of span content * Version bump to 0.2.0 * Fixed request.send return style
4 years ago
return send_file(tmp_mem, mimetype=src_type)
except exceptions.RequestException:
Feature: country and safe search config options (#71) * Added country and safe search config options * Updated handling of parser error in results test * Improved handling of default country * Added 1px empty gif fallback as a replacement for images that fail to load
4 years ago
pass
return send_file(io.BytesIO(empty_gif), mimetype='image/gif')
Added image proxying, refactored filter class Images were previously directly fetched from google search results, which was a potential privacy hazard. All image sources are now modified to be passed through shoogle's routing first, which will then fetch raw image data and pass it through to the user. Filter class was refactored to split the primary clean method into smaller, more manageable submethods.
4 years ago
Improve public instance session management (#480) This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
3 years ago
@app.route(f'/{Endpoint.window}')
Support proxying results through Whoogle (aka "anonymous view") (#682) * Expand `/window` endpoint to behave like a proxy The `/window` endpoint was previously used as a type of proxy, but only for removing Javascript from the result page. This expands the existing functionality to allow users to proxy search result pages (with or without Javascript) through their Whoogle instance. * Implement filtering of remote content from css * Condense NoJS feature into Anonymous View Enabling NoJS now removes Javascript from the Anonymous View, rather than creating a separate option. * Exclude 'data:' urls from filter, add translations The 'data:' url must be allowed in results to view certain elements on the page, such as stars for review based results. Add translations for the remaining languages. * Add cssutils to requirements
2 years ago
@session_required
Added basic authentication (#51) Username/password can be set either as Dockerfile build arguments or passed into the run script as "--userpass <username:password>"
4 years ago
@auth_required
Added optional no-js functionality, added location based searching (hardcoded), updated html
4 years ago
def window():
Support proxying results through Whoogle (aka "anonymous view") (#682) * Expand `/window` endpoint to behave like a proxy The `/window` endpoint was previously used as a type of proxy, but only for removing Javascript from the result page. This expands the existing functionality to allow users to proxy search result pages (with or without Javascript) through their Whoogle instance. * Implement filtering of remote content from css * Condense NoJS feature into Anonymous View Enabling NoJS now removes Javascript from the Anonymous View, rather than creating a separate option. * Exclude 'data:' urls from filter, add translations The 'data:' url must be allowed in results to view certain elements on the page, such as stars for review based results. Add translations for the remaining languages. * Add cssutils to requirements
2 years ago
target_url = request.args.get('location')
if target_url.startswith('gAAAAA'):
cipher_suite = Fernet(g.session_key)
target_url = cipher_suite.decrypt(target_url.encode()).decode()
content_filter = Filter(
g.session_key,
root_url=request.url_root,
config=g.user_config)
target = urlparse.urlparse(target_url)
Validate urls in `element` and `window` endpoints Domains were previously not validated before being handled, leading to a potential scenario where someone could pass something like "element_url=127.0.0.1:<port>/<resource>" to access other resources on a machine running Whoogle. This change ensures that the resource used in both endpoints is a valid domain. This also includes validation of config names to prevent names from including path values such as "../../(etc)".
9 months ago
# Ensure requested URL has a valid domain
if not validators.domain(target.netloc):
return render_template(
'error.html',
error_message='Invalid location'), 400
Support proxying results through Whoogle (aka "anonymous view") (#682) * Expand `/window` endpoint to behave like a proxy The `/window` endpoint was previously used as a type of proxy, but only for removing Javascript from the result page. This expands the existing functionality to allow users to proxy search result pages (with or without Javascript) through their Whoogle instance. * Implement filtering of remote content from css * Condense NoJS feature into Anonymous View Enabling NoJS now removes Javascript from the Anonymous View, rather than creating a separate option. * Exclude 'data:' urls from filter, add translations The 'data:' url must be allowed in results to view certain elements on the page, such as stars for review based results. Add translations for the remaining languages. * Add cssutils to requirements
2 years ago
host_url = f'{target.scheme}://{target.netloc}'
get_body = g.user_request.send(base_url=target_url).text
Added optional no-js functionality, added location based searching (hardcoded), updated html
4 years ago
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
results = bsoup(get_body, 'html.parser')
Support proxying results through Whoogle (aka "anonymous view") (#682) * Expand `/window` endpoint to behave like a proxy The `/window` endpoint was previously used as a type of proxy, but only for removing Javascript from the result page. This expands the existing functionality to allow users to proxy search result pages (with or without Javascript) through their Whoogle instance. * Implement filtering of remote content from css * Condense NoJS feature into Anonymous View Enabling NoJS now removes Javascript from the Anonymous View, rather than creating a separate option. * Exclude 'data:' urls from filter, add translations The 'data:' url must be allowed in results to view certain elements on the page, such as stars for review based results. Add translations for the remaining languages. * Add cssutils to requirements
2 years ago
src_attrs = ['src', 'href', 'srcset', 'data-srcset', 'data-src']
# Parse HTML response and replace relative links w/ absolute
for element in results.find_all():
for attr in src_attrs:
if not element.has_attr(attr) or not element[attr].startswith('/'):
continue
element[attr] = host_url + element[attr]
# Replace or remove javascript sources
for script in results.find_all('script', {'src': True}):
if 'nojs' in request.args:
script.decompose()
else:
content_filter.update_element_src(script, 'application/javascript')
# Replace all possible image attributes
img_sources = ['src', 'data-src', 'data-srcset', 'srcset']
for img in results.find_all('img'):
_ = [
content_filter.update_element_src(img, 'image/png', attr=_)
for _ in img_sources if img.has_attr(_)
]
# Replace all stylesheet sources
for link in results.find_all('link', {'href': True}):
content_filter.update_element_src(link, 'text/css', attr='href')
# Use anonymous view for all links on page
for a in results.find_all('a', {'href': True}):
Use `window` from Endpoint enum for anon view (#748) Removes previously hardcoded "/window" from anon view links
2 years ago
a['href'] = f'{Endpoint.window}?location=' + a['href'] + (
Support proxying results through Whoogle (aka "anonymous view") (#682) * Expand `/window` endpoint to behave like a proxy The `/window` endpoint was previously used as a type of proxy, but only for removing Javascript from the result page. This expands the existing functionality to allow users to proxy search result pages (with or without Javascript) through their Whoogle instance. * Implement filtering of remote content from css * Condense NoJS feature into Anonymous View Enabling NoJS now removes Javascript from the Anonymous View, rather than creating a separate option. * Exclude 'data:' urls from filter, add translations The 'data:' url must be allowed in results to view certain elements on the page, such as stars for review based results. Add translations for the remaining languages. * Add cssutils to requirements
2 years ago
'&nojs=1' if 'nojs' in request.args else '')
Added optional no-js functionality, added location based searching (hardcoded), updated html
4 years ago
Support proxying results through Whoogle (aka "anonymous view") (#682) * Expand `/window` endpoint to behave like a proxy The `/window` endpoint was previously used as a type of proxy, but only for removing Javascript from the result page. This expands the existing functionality to allow users to proxy search result pages (with or without Javascript) through their Whoogle instance. * Implement filtering of remote content from css * Condense NoJS feature into Anonymous View Enabling NoJS now removes Javascript from the Anonymous View, rather than creating a separate option. * Exclude 'data:' urls from filter, add translations The 'data:' url must be allowed in results to view certain elements on the page, such as stars for review based results. Add translations for the remaining languages. * Add cssutils to requirements
2 years ago
# Remove all iframes -- these are commonly used inside of <noscript> tags
# to enforce loading Google Analytics
for iframe in results.find_all('iframe'):
iframe.decompose()
Added optional no-js functionality, added location based searching (hardcoded), updated html
4 years ago
Include translation mapping in nojs windows The translation map was missing for links opened via the nojs feature, causing a server error. Fixes #507
3 years ago
return render_template(
'display.html',
response=results,
translation=app.config['TRANSLATIONS'][
g.user_config.get_localization_lang()
]
)
Added optional no-js functionality, added location based searching (hardcoded), updated html
4 years ago
Add favicon.ico endpoint Closes #1121
3 months ago
@app.route('/robots.txt')
Serve basic robots.txt to avoid indexing Closes #1015
11 months ago
def robots():
response = make_response(
'''User-Agent: *
Disallow: /''', 200)
response.mimetype = 'text/plain'
return response
Add favicon.ico endpoint Closes #1121
3 months ago
@app.route('/favicon.ico')
def favicon():
return app.send_static_file('img/favicon.ico')
Suppress invalid warning from bs4, add 404 handler An invalid parsing warning was being thrown by the latest version of the bs4 library. This suppresses that warning from being shown in the console. A 404 handler was added to move logging from the console to the error template, since a lot of users assumed that 404 errors from the result page were problems with Whoogle itself. Fixes #967
1 year ago
@app.errorhandler(404)
def page_not_found(e):
return render_template('error.html', error_message=str(e)), 404
Include more options for continuing search in error tmpl The error template previously only included the option to continue a user's search via Farside (whoogle or searxng), and would only appear when an instance was ratelimited. This has been updated to display anytime an exception has occurred, and now includes other options for continuing a search, such as Kagi, DDG, Brave, Ecosia, etc. Closes #1099
5 months ago
@app.errorhandler(Exception)
def internal_error(e):
query = ''
if request.method == 'POST':
query = request.form.get('q')
else:
query = request.args.get('q')
Attempt to query on error condition and print trace (#1131)
1 month ago
# Attempt to parse the query
try:
search_util = Search(request, g.user_config, g.session_key)
query = search_util.new_search_query()
except Exception:
pass
print(traceback.format_exc(), file=sys.stderr)
Include more options for continuing search in error tmpl The error template previously only included the option to continue a user's search via Farside (whoogle or searxng), and would only appear when an instance was ratelimited. This has been updated to display anytime an exception has occurred, and now includes other options for continuing a search, such as Kagi, DDG, Brave, Ecosia, etc. Closes #1099
5 months ago
localization_lang = g.user_config.get_localization_lang()
translation = app.config['TRANSLATIONS'][localization_lang]
return render_template(
'error.html',
error_message='Internal server error (500)',
translation=translation,
farside='https://farside.link',
config=g.user_config,
query=urlparse.unquote(query),
params=g.user_config.to_params(keys=['preferences'])), 500
Improve static typing throughout repo Eventually this should be part of a separate mypy ci build, but right now it's just a general guideline. Future commits and PRs should be validated for static typing wherever possible. For reference, the testing commands used for this commit were: mypy --ignore-missing-imports --pretty --disallow-untyped-calls app/ mypy --ignore-missing-imports --pretty --disallow-untyped-calls test/
3 years ago
def run_app() -> None:
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
parser = argparse.ArgumentParser(
description='Whoogle Search console runner')
parser.add_argument(
'--port',
default=5000,
metavar='<port number>',
help='Specifies a port to run on (default 5000)')
parser.add_argument(
'--host',
default='127.0.0.1',
metavar='<ip address>',
help='Specifies the host address to use (default 127.0.0.1)')
Add ability to listen on unix sockets Introduces a way to tell the app to listen on unix socket instead of host:port. Fixes #436
2 years ago
parser.add_argument(
'--unix-socket',
default='',
metavar='</path/to/unix.sock>',
help='Listen for app on unix socket instead of host:port')
Add arg for configuring unix socket perms (#1103) The default unix socket permissions of 600 is too restrictive for many use cases. Added a new argument --unix-socket-perms which is passed to waitress to allow for user configurable socket permissions
5 months ago
parser.add_argument(
'--unix-socket-perms',
default='600',
metavar='<octal permissions>',
help='Octal permissions to use for the Unix domain socket (default 600)')
PEP-8: Fix formatting issues, add CI workflow (#161) Enforces PEP-8 formatting for all python code Adds a github action build for checking pep8 formatting using pycodestyle
3 years ago
parser.add_argument(
'--debug',
default=False,
action='store_true',
help='Activates debug mode for the server (default False)')
parser.add_argument(
'--https-only',
default=False,
action='store_true',
help='Enforces HTTPS redirects for all requests')
parser.add_argument(
'--userpass',
default='',
metavar='<username:password>',
help='Sets a username/password basic auth combo (default None)')
parser.add_argument(
'--proxyauth',
default='',
metavar='<username:password>',
help='Sets a username/password for a HTTP/SOCKS proxy (default None)')
parser.add_argument(
'--proxytype',
default='',
metavar='<socks4|socks5|http>',
help='Sets a proxy type for all connections (default None)')
parser.add_argument(
'--proxyloc',
default='',
metavar='<location:port>',
help='Sets a proxy location for all connections (default None)')
Updated setup and routes for pipx compatibility
4 years ago
args = parser.parse_args()
Added basic authentication (#51) Username/password can be set either as Dockerfile build arguments or passed into the run script as "--userpass <username:password>"
4 years ago
if args.userpass:
user_pass = args.userpass.split(':')
os.environ['WHOOGLE_USER'] = user_pass[0]
os.environ['WHOOGLE_PASS'] = user_pass[1]
Add tor and http/socks proxy support (#137) * Add tor and http/socks proxy support Allows users to enable/disable tor from the config menu, which will forward all requests through Tor. Also adds support for setting environment variables for alternative proxy support. Setting the following variables will forward requests through the proxy: - WHOOGLE_PROXY_USER (optional) - WHOOGLE_PROXY_PASS (optional) - WHOOGLE_PROXY_TYPE (required) - Can be "http", "socks4", or "socks5" - WHOOGLE_PROXY_LOC (required) - Format: "<ip address>:<port>" See #30 * Refactor acquire_tor_conn -> acquire_tor_identity Also updated travis CI to set up tor * Add check for Tor socket on init, improve Tor error handling Initializing the app sends a heartbeat request to Tor to check for availability, and updates the home page config options accordingly. This heartbeat is sent on every request, to ensure Tor support can be reconfigured without restarting the entire app. If Tor support is enabled, and a subsequent request fails, then a new TorError exception is raised, and the Tor feature is disabled until a valid connection is restored. The max attempts has been updated to 10, since 5 seemed a bit too low for how quickly the attempts go by. * Change send_tor_signal arg type, update function doc send_tor_signal now accepts a stem.Signal arg (a bit cleaner tbh). Also added the doc string for the "disable" attribute in TorError. * Fix tor identity logic in Request.send * Update proxy init, change proxyloc var name Proxy is now only initialized if both type and location are specified, as neither have a default fallback and both are required. I suppose the type could fall back to http, but seems safer this way. Also refactored proxyurl -> proxyloc for the runtime args in order to match the Dockerfile args. * Add tor/proxy support for Docker builds, fix opensearch/init The Dockerfile is now updated to include support for Tor configuration, with a working torrc file included in the repo. An issue with opensearch was fixed as well, which was uncovered during testing and was simple enough to fix here. Likewise, DDG bang gen was updated to only ever happen if the file didn't exist previously, as testing with the file being regenerated every time was tedious. * Add missing "@" for socks proxy requests
4 years ago
if args.proxytype and args.proxyloc:
if args.proxyauth:
proxy_user_pass = args.proxyauth.split(':')
os.environ['WHOOGLE_PROXY_USER'] = proxy_user_pass[0]
os.environ['WHOOGLE_PROXY_PASS'] = proxy_user_pass[1]
os.environ['WHOOGLE_PROXY_TYPE'] = args.proxytype
os.environ['WHOOGLE_PROXY_LOC'] = args.proxyloc
Improve cookie security when `HTTPS_ONLY` is set Adds the "Secure" flag and "__Secure-" prefix if the `HTTPS_ONLY` environment variable is enabled. Fixes #539
3 years ago
if args.https_only:
os.environ['HTTPS_ONLY'] = '1'
Feature: https only -- adds option to enforce https on running instances (#48) * Adding HTTPS enforcement Command line runs of Whoogle Search through pip/pipx/etc will need the `--https-only` flag appended to the run command. Docker runs require the `use_https` build arg applied. * Update README.md Moved https-only note to top of docker run command, updated pip runner help output * Dockerfile: removed HTTPS enforcement, updated PORT setting Dockerfile no longer enforces an HTTPS connection, but still allows for setting via a build arg. The Flask server port is now configurable as a build arg as well, by setting a port number to "whoogle_port" * Fixed incorrect port assignment
4 years ago
Swap out Flask's default web server for Waitress (#32) * Ignore venv when building docker file * Remove reference to 8888 port It wasn't really used anywhere, and setting it to 5000 everywhere removes ambiguity, and makes things easier to track and reason about * Use waitress rather than Flask's built in web server It's not production grade * Actually add waitress to requirements Woops!
4 years ago
if args.debug:
app.run(host=args.host, port=args.port, debug=args.debug)
Add ability to listen on unix sockets Introduces a way to tell the app to listen on unix socket instead of host:port. Fixes #436
2 years ago
elif args.unix_socket:
Add arg for configuring unix socket perms (#1103) The default unix socket permissions of 600 is too restrictive for many use cases. Added a new argument --unix-socket-perms which is passed to waitress to allow for user configurable socket permissions
5 months ago
waitress.serve(app, unix_socket=args.unix_socket, unix_socket_perms=args.unix_socket_perms)
Swap out Flask's default web server for Waitress (#32) * Ignore venv when building docker file * Remove reference to 8888 port It wasn't really used anywhere, and setting it to 5000 everywhere removes ambiguity, and makes things easier to track and reason about * Use waitress rather than Flask's built in web server It's not production grade * Actually add waitress to requirements Woops!
4 years ago
else:
Add support for relative search results (#715) * Relativization of search results * Fix JavaScript error when opening images * Replace single-letter logo and remove sign-in link * Add `WHOOGLE_URL_PREFIX` env var to support relative path redirection The `WHOOGLE_URL_PREFIX` var can now be set to fix internal app redirects, such as the `/session` redirect performed on the first visit to the Whoogle home page. Co-authored-by: Ben Busby <contact@benbusby.com>
2 years ago
waitress.serve(
app,
listen="{}:{}".format(args.host, args.port),
url_prefix=os.environ.get('WHOOGLE_URL_PREFIX', ''))