From 1ed6178e9a50d961ddff4aa13f772937d07c4981 Mon Sep 17 00:00:00 2001 From: Ben Busby Date: Fri, 15 May 2020 15:44:50 -0600 Subject: [PATCH] Feature: https only -- adds option to enforce https on running instances (#48) * Adding HTTPS enforcement Command line runs of Whoogle Search through pip/pipx/etc will need the `--https-only` flag appended to the run command. Docker runs require the `use_https` build arg applied. * Update README.md Moved https-only note to top of docker run command, updated pip runner help output * Dockerfile: removed HTTPS enforcement, updated PORT setting Dockerfile no longer enforces an HTTPS connection, but still allows for setting via a build arg. The Flask server port is now configurable as a build arg as well, by setting a port number to "whoogle_port" * Fixed incorrect port assignment --- Dockerfile | 8 +++++++- README.md | 6 ++++-- app/routes.py | 10 ++++++++++ whoogle-search | 2 +- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index f3438aa..18551cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,8 +10,14 @@ RUN mkdir $config_dir VOLUME $config_dir ENV CONFIG_VOLUME=$config_dir +ARG use_https='' +ENV HTTPS_ONLY=$use_https + +ARG whoogle_port=5000 +ENV EXPOSE_PORT=$whoogle_port + COPY . . -EXPOSE 5000 +EXPOSE $EXPOSE_PORT CMD ["./whoogle-search"] diff --git a/README.md b/README.md index d22d1d7..95de42c 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,7 @@ Sandboxed temporary instance: ```bash $ whoogle-search --help usage: whoogle-search [-h] [--port ] [--host ] [--debug] + [--https-only] Whoogle Search console runner @@ -79,7 +80,8 @@ optional arguments: -h, --help show this help message and exit --port Specifies a port to run on (default 5000) --host Specifies the host address to use (default 127.0.0.1) - --debug Activates debug mode for the Flask server (default False) + --debug Activates debug mode for the server (default False) + --https-only Enforces HTTPS redirects for all requests (default False) ``` ### D) Manual @@ -124,7 +126,7 @@ docker build --tag whoogle-search:1.0 . docker run --publish 5000:5000 --detach --name whoogle-search whoogle-search:1.0 ``` -And kill with: `docker rm --force whooglesearch` +And kill with: `docker rm --force whoogle-search` #### Using [Heroku CLI](https://devcenter.heroku.com/articles/heroku-cli) ```bash diff --git a/app/routes.py b/app/routes.py index 4fa3c93..94a10c3 100644 --- a/app/routes.py +++ b/app/routes.py @@ -20,6 +20,12 @@ CONFIG_PATH = os.getenv('CONFIG_VOLUME', app.config['STATIC_FOLDER']) + '/config @app.before_request def before_request_func(): + # Always redirect to https if HTTPS_ONLY is set + if os.getenv('HTTPS_ONLY', False) and request.url.startswith('http://'): + url = request.url.replace('http://', 'https://', 1) + code = 301 + return redirect(url, code=code) + json_config = json.load(open(CONFIG_PATH)) if os.path.exists(CONFIG_PATH) else {'url': request.url_root} g.user_config = Config(**json_config) @@ -162,7 +168,11 @@ def run_app(): help='Specifies the host address to use (default 127.0.0.1)') parser.add_argument('--debug', default=False, action='store_true', help='Activates debug mode for the server (default False)') + parser.add_argument('--https-only', default=False, action='store_true', + help='Enforces HTTPS redirects for all requests') args = parser.parse_args() + os.environ['HTTPS_ONLY'] = '1' if args.https_only else '' + if args.debug: app.run(host=args.host, port=args.port, debug=args.debug) else: diff --git a/whoogle-search b/whoogle-search index b4f229c..f87c61a 100755 --- a/whoogle-search +++ b/whoogle-search @@ -7,7 +7,7 @@ SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)" # Set default port if unavailable if [[ -z "${PORT}" ]]; then - PORT=5000 + PORT="${EXPOSE_PORT:-5000}" fi # Set directory to serve static content from