From d6d7110e22410b85aec15ff955f3f8ce41649162 Mon Sep 17 00:00:00 2001 From: Angel Mario Date: Tue, 27 Apr 2021 17:36:03 +0300 Subject: [PATCH] Add option to disable changing config from client (#295) * Add option to disable changing of configuration Introduces a test to ensure the correct response code is found when attempting to update the config when disabled, and ensure default config is unchanged when posting a new config dict. Attempting to update the config using the API when disabled now returns a 403 code + redirect. Co-authored-by: Ben Busby --- app.json | 5 + app/__init__.py | 1 + app/routes.py | 8 +- app/templates/index.html | 212 ++++++++++++++++++++------------------- test/test_routes.py | 13 +++ whoogle.env | 1 + 6 files changed, 133 insertions(+), 107 deletions(-) diff --git a/app.json b/app.json index d1c7b55..6889e5b 100644 --- a/app.json +++ b/app.json @@ -80,6 +80,11 @@ "value": "", "required": false }, + "WHOOGLE_CONFIG_DISABLE": { + "description": "[CONFIG] Disable ability for client to change config (set to 1 or leave blank)", + "value": "", + "required": false + }, "WHOOGLE_CONFIG_DARK": { "description": "[CONFIG] Enable dark mode (set to 1 or leave blank)", "value": "", diff --git a/app/__init__.py b/app/__init__.py index 164b8e9..a6dbd38 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -39,6 +39,7 @@ app.config['CONFIG_PATH'] = os.getenv( app.config['DEFAULT_CONFIG'] = os.path.join( app.config['CONFIG_PATH'], 'config.json') +app.config['CONFIG_DISABLE'] = os.getenv('WHOOGLE_CONFIG_DISABLE', '') app.config['SESSION_FILE_DIR'] = os.path.join( app.config['CONFIG_PATH'], 'session') diff --git a/app/routes.py b/app/routes.py index ff915ca..053cb72 100644 --- a/app/routes.py +++ b/app/routes.py @@ -129,6 +129,7 @@ def index(): logo=render_template( 'logo.html', dark=g.user_config.dark), + config_disabled=app.config['CONFIG_DISABLE'], config=g.user_config, tor_available=int(os.environ.get('TOR_AVAILABLE')), version_number=app.config['VERSION_NUMBER']) @@ -237,9 +238,10 @@ def search(): @app.route('/config', methods=['GET', 'POST', 'PUT']) @auth_required def config(): + config_disabled = app.config['CONFIG_DISABLE'] if request.method == 'GET': return json.dumps(g.user_config.__dict__) - elif request.method == 'PUT': + elif request.method == 'PUT' and not config_disabled: if 'name' in request.args: config_pkl = os.path.join( app.config['CONFIG_PATH'], @@ -250,7 +252,7 @@ def config(): return json.dumps(session['config']) else: return json.dumps({}) - else: + elif not config_disabled: config_data = request.form.to_dict() if 'url' not in config_data or not config_data['url']: config_data['url'] = g.user_config.url @@ -270,6 +272,8 @@ def config(): session['config'] = config_data return redirect(config_data['url']) + else: + return redirect(url_for('.index'), code=403) @app.route('/url', methods=['GET']) diff --git a/app/templates/index.html b/app/templates/index.html index 41c33ae..3625719 100644 --- a/app/templates/index.html +++ b/app/templates/index.html @@ -56,111 +56,113 @@ -
- -
-
-
-
- - -
— Note: If enabled, a website will only appear in the results if it is *hosted* in the selected country.
-
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
— Replaces Twitter/YouTube/Instagram/Reddit links - with Nitter/Invidious/Bibliogram/Libreddit links.
-
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
-   -   - -
-
-
-
- + {% if not config_disabled %} +
+ +
+
+
+
+ + +
— Note: If enabled, a website will only appear in the results if it is *hosted* in the selected country.
+
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
— Replaces Twitter/YouTube/Instagram/Reddit links + with Nitter/Invidious/Bibliogram/Libreddit links.
+
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+   +   + +
+
+
+
+ {% endif %} +