From dceb9031140a12972d000849ea8819a6d383739a Mon Sep 17 00:00:00 2001 From: Adam Tauber Date: Sat, 1 Oct 2016 20:22:52 +0200 Subject: [mod] disallow search results for robots --- searx/webapp.py | 1 + 1 file changed, 1 insertion(+) (limited to 'searx/webapp.py') diff --git a/searx/webapp.py b/searx/webapp.py index 262bf9bdf..5bdbc71a6 100644 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -657,6 +657,7 @@ Allow: / Allow: /about Disallow: /stats Disallow: /preferences +Disallow: /*?*q=* """, mimetype='text/plain') -- cgit v1.2.3 From 19a6ca0b68839e8d8903e99c336e1c1b1df624e1 Mon Sep 17 00:00:00 2001 From: Adam Tauber Date: Sun, 16 Oct 2016 23:40:56 +0200 Subject: [enh] use HMAC for image proxy url verification --- searx/webapp.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'searx/webapp.py') diff --git a/searx/webapp.py b/searx/webapp.py index 5bdbc71a6..962367c84 100644 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -22,10 +22,11 @@ if __name__ == '__main__': from os.path import realpath, dirname path.append(realpath(dirname(realpath(__file__)) + '/../')) -import json import cStringIO -import os import hashlib +import hmac +import json +import os import requests from searx import logger @@ -250,8 +251,7 @@ def image_proxify(url): if not request.preferences.get_value('image_proxy'): return url - hash_string = url + settings['server']['secret_key'] - h = hashlib.sha256(hash_string.encode('utf-8')).hexdigest() + h = hmac.new(settings['server']['secret_key'], url, hashlib.sha256).hexdigest() return '{0}?{1}'.format(url_for('image_proxy'), urlencode(dict(url=url.encode('utf-8'), h=h))) @@ -599,7 +599,7 @@ def image_proxy(): if not url: return '', 400 - h = hashlib.sha256(url + settings['server']['secret_key'].encode('utf-8')).hexdigest() + h = hmac.new(settings['server']['secret_key'], url, hashlib.sha256).hexdigest() if h != request.args.get('h'): return '', 400 -- cgit v1.2.3 From 1be6e72d517c1651fc466d3222a23dbda0a53c2c Mon Sep 17 00:00:00 2001 From: Adam Tauber Date: Mon, 17 Oct 2016 00:22:41 +0200 Subject: [enh] add result proxy support - #707 --- searx/webapp.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'searx/webapp.py') diff --git a/searx/webapp.py b/searx/webapp.py index 962367c84..b8d79b56c 100644 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -243,6 +243,20 @@ def url_for_theme(endpoint, override_theme=None, **values): return url_for(endpoint, **values) +def proxify(url): + if url.startswith('//'): + url = 'https:' + url + + if not settings.get('result_proxy'): + return url + + h = hmac.new(settings['result_proxy']['key'], url, hashlib.sha256).hexdigest() + + return '{0}?{1}'.format(settings['result_proxy']['url'], + urlencode(dict(mortyurl=url.encode('utf-8'), + mortyhash=h))) + + def image_proxify(url): if url.startswith('//'): @@ -310,6 +324,8 @@ def render(template_name, override_theme=None, **kwargs): kwargs['image_proxify'] = image_proxify + kwargs['proxify'] = proxify if settings.get('result_proxy') else None + kwargs['get_result_template'] = get_result_template kwargs['theme'] = get_current_theme_name(override=override_theme) -- cgit v1.2.3 From d5c0dcd18a04940f3ac0552f98f812fd005ae8d1 Mon Sep 17 00:00:00 2001 From: Adam Tauber Date: Mon, 17 Oct 2016 01:32:31 +0200 Subject: [fix] unicode url proxiing --- searx/webapp.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'searx/webapp.py') diff --git a/searx/webapp.py b/searx/webapp.py index b8d79b56c..6c2b98c9c 100644 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -250,7 +250,7 @@ def proxify(url): if not settings.get('result_proxy'): return url - h = hmac.new(settings['result_proxy']['key'], url, hashlib.sha256).hexdigest() + h = hmac.new(settings['result_proxy']['key'], url.encode('utf-8'), hashlib.sha256).hexdigest() return '{0}?{1}'.format(settings['result_proxy']['url'], urlencode(dict(mortyurl=url.encode('utf-8'), @@ -265,7 +265,7 @@ def image_proxify(url): if not request.preferences.get_value('image_proxy'): return url - h = hmac.new(settings['server']['secret_key'], url, hashlib.sha256).hexdigest() + h = hmac.new(settings['server']['secret_key'], url.encode('utf-8'), hashlib.sha256).hexdigest() return '{0}?{1}'.format(url_for('image_proxy'), urlencode(dict(url=url.encode('utf-8'), h=h))) -- cgit v1.2.3