mirror of
https://github.com/benbusby/whoogle-search
synced 2024-11-04 18:00:25 +00:00
dcb80ac250
Introduces a new content security policy header for responses to all requests to reduce the possibility of ip leaks to outside connections. By default blocks all inline scripts, and only allows content loaded from Whoogle. Refactors a few small inline scripting cases in the project to their own individual scripts.
69 lines
2.4 KiB
Python
69 lines
2.4 KiB
Python
from app.request import send_tor_signal
|
|
from app.utils.session_utils import generate_user_keys
|
|
from app.utils.gen_ddg_bangs import gen_bangs_json
|
|
from flask import Flask
|
|
from flask_session import Session
|
|
import json
|
|
import os
|
|
from stem import Signal
|
|
|
|
app = Flask(__name__, static_folder=os.path.dirname(
|
|
os.path.abspath(__file__)) + '/static')
|
|
app.user_elements = {}
|
|
app.default_key_set = generate_user_keys()
|
|
app.no_cookie_ips = []
|
|
app.config['SECRET_KEY'] = os.urandom(32)
|
|
app.config['SESSION_TYPE'] = 'filesystem'
|
|
app.config['VERSION_NUMBER'] = '0.3.2'
|
|
app.config['APP_ROOT'] = os.getenv(
|
|
'APP_ROOT',
|
|
os.path.dirname(os.path.abspath(__file__)))
|
|
app.config['LANGUAGES'] = json.load(open(
|
|
os.path.join(app.config['APP_ROOT'], 'misc/languages.json')))
|
|
app.config['COUNTRIES'] = json.load(open(
|
|
os.path.join(app.config['APP_ROOT'], 'misc/countries.json')))
|
|
app.config['STATIC_FOLDER'] = os.getenv(
|
|
'STATIC_FOLDER',
|
|
os.path.join(app.config['APP_ROOT'], 'static'))
|
|
app.config['CONFIG_PATH'] = os.getenv(
|
|
'CONFIG_VOLUME',
|
|
os.path.join(app.config['STATIC_FOLDER'], 'config'))
|
|
app.config['DEFAULT_CONFIG'] = os.path.join(
|
|
app.config['CONFIG_PATH'],
|
|
'config.json')
|
|
app.config['SESSION_FILE_DIR'] = os.path.join(
|
|
app.config['CONFIG_PATH'],
|
|
'session')
|
|
app.config['BANG_PATH'] = os.getenv(
|
|
'CONFIG_VOLUME',
|
|
os.path.join(app.config['STATIC_FOLDER'], 'bangs'))
|
|
app.config['BANG_FILE'] = os.path.join(
|
|
app.config['BANG_PATH'],
|
|
'bangs.json')
|
|
app.config['CSP'] = 'default-src \'none\';' \
|
|
'img-src \'self\';' \
|
|
'style-src \'self\' \'unsafe-inline\';' \
|
|
'script-src \'self\';' \
|
|
'media-src \'self\';' \
|
|
'connect-src \'self\';' \
|
|
'form-action \'self\';'
|
|
|
|
if not os.path.exists(app.config['CONFIG_PATH']):
|
|
os.makedirs(app.config['CONFIG_PATH'])
|
|
|
|
if not os.path.exists(app.config['SESSION_FILE_DIR']):
|
|
os.makedirs(app.config['SESSION_FILE_DIR'])
|
|
|
|
# Generate DDG bang filter, and create path if it doesn't exist yet
|
|
if not os.path.exists(app.config['BANG_PATH']):
|
|
os.makedirs(app.config['BANG_PATH'])
|
|
if not os.path.exists(app.config['BANG_FILE']):
|
|
gen_bangs_json(app.config['BANG_FILE'])
|
|
|
|
Session(app)
|
|
|
|
# Attempt to acquire tor identity, to determine if Tor config is available
|
|
send_tor_signal(Signal.HEARTBEAT)
|
|
|
|
from app import routes # noqa
|