Commit Graph

208 Commits

Author SHA1 Message Date
Alex Balgavy
6b59800dc6 Fix security vulnerabilities in suggested nginx configuration
The suggested configurations for nginx found in the documentation and
templates lead to vulnerabilities allowing host spoofing [1] and path
traversal [2], as reported by Gixy [3]. This commit fixes those issues.

[1] https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md
[2] https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
[3] https://github.com/yandex/gixy
2021-03-03 12:34:22 +01:00
Alexandre Flament
c22d4c764c [fix] duckduckgo engine: "!ddg !g" do not redirect to google
* searx understand "!ddg !g time" as : send "!g time" to DDG
* !g a DDG bang for Google: DDG return a HTTP redirect to Google

This commit adds a the allows_redirect param not to follow HTTP redirect.

The DDG engine returns a empty result as before without HTTP redirect.
2021-02-12 11:10:08 +01:00
Markus Heiser
89554e42a9 [fix] make books/user.pdf
Error:

  Configuration error:
  There is a programmable error in your configuration file:
  ...
  NameError: name 'DOCS_URL' is not defined
  make: *** [utils/makefile.sphinx:156: books/user.latex] Fehler 2

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-02-02 20:14:07 +01:00
Alexandre Flament
ca93a01844 [mod] dynamically set language_support variable
The language_support variable is set to True by default,
and set to False in only 5 engines.

Except the documentation and the /config URL, this variable is not used.

This commit remove the variable definition in the engines, and
set value according to supported_languages length: False when the length is 0,
True otherwise.

Close #2485
2021-02-01 17:10:37 +01:00
Alexandre Flament
0f18e885bf
Merge pull request #2479 from Tobi823/master
Document workaround for using 2 languages simultaneously #1508
2021-01-27 21:29:42 +01:00
Markus Heiser
a69a8a3ed5 [doc] improve admin-docs about result proxy (morty) configuration
[1] https://github.com/searx/searx/pull/1872#issuecomment-768107138

Suggested-by @dalf [1]
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-01-27 09:58:06 +01:00
Tobi823
16a0a01553 Document workaround for using 2 languages simultaneously #1508 2021-01-18 17:23:09 +01:00
Markus Heiser
c4a98862bf [fix] setup.py requires pyyaml installed
pip install -e .
...
Obtaining file:///usr/local/searx/searx-src
    ERROR: Command errored out with exit status 1:
     command: /usr/local/searx/searx-pyenv/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/usr/local/searx/searx-src/setup.py'"'"'; __file__='"'"'/usr/local/searx/searx-src/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'rn'"'"', '"'"'n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-pip-egg-info-vzer91m2
         cwd: /usr/local/searx/searx-src/
    Complete output (9 lines):
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/usr/local/searx/searx-src/setup.py", line 10, in <module>
        from searx.version import VERSION_STRING
      File "/usr/local/searx/searx-src/searx/__init__.py", line 19, in <module>
        import searx.settings_loader
      File "/usr/local/searx/searx-src/searx/settings_loader.py", line 8, in <module>
        import yaml
    ModuleNotFoundError: No module named 'yaml'
    ----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-01-16 08:58:13 +01:00
Alexandre Flament
9c55d772e9
Merge pull request #2408 from return42/rm-brand-make
[mod] move brand options from Makefile to settings.yml
2021-01-12 10:52:42 +01:00
Archie
ff2370eead
Fixed typo 2021-01-12 01:33:43 +00:00
Markus Heiser
4853a29803 [mod] improve settings documentation
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-01-11 22:12:38 +01:00
Markus Heiser
9485179064 [mod] move brand options from Makefile to settings.yml
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-01-11 22:12:38 +01:00
Alexandre Flament
5fb9a5c7c1
Merge pull request #2411 from dalf/update-secret-key-check
Update secret key check
2020-12-27 18:04:53 +01:00
Markus Heiser
b6dcf90816 Revert "[fix] sphinx 3.1 CSS issues"
This reverts commit 0616684baa.

Since PR https://github.com/sphinx-doc/sphinx/pull/7878 has been merged into
Spinx-doc (v3.1.2), this patch is no longer needed:

  See sphinx-doc project, PR 7838 & 7484 with elementary patch to the basic CSS:

  - https://github.com/sphinx-doc/sphinx/issues/7838#issuecomment-646009605
  - https://github.com/sphinx-doc/sphinx/pull/7484#issuecomment-646058972

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-12-27 11:27:42 +01:00
Alexandre Flament
eb1b5289d5 [mod] documentation: change the jinja context doesn't depend on searx.webapp
Before this commit, in the documentation, the jinja context is 'webapp' and contains
the global variable in the searx.webapp module.

This commit changes this to include only the mandatory variables to build the
documentation.
2020-12-27 10:00:35 +01:00
Markus Heiser
3beede7ab7 [doc] describe 'make books/{name}.html' and 'books/{name}.pdf'
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-12-24 13:55:22 +01:00
Alexandre Flament
02fc4147ce [mod] dictzone, translated, currency_convert: use engine_type online_curency and online_dictionnary 2020-12-17 11:39:36 +01:00
Alexandre Flament
7ec8bc3ea7 [mod] split searx.search into different processors
see searx.search.processors.abstract.EngineProcessor

First the method searx call the get_params method.

If the return value is not None, then the searx call the method search.
2020-12-17 11:39:36 +01:00
Alexandre Flament
9bc1856e2b [mod] themes: remove legacy, courgette and pix-art themes 2020-12-17 11:33:28 +01:00
Alexandre Flament
7865566338
Merge pull request #2384 from return42/improve-doc
Improve doc of the installation skripts
2020-12-14 18:22:12 +01:00
Markus Heiser
dc94a1d4c0 [doc] add a tip about how to brand and stash a searx instance setup
BTW: drop a trailing whitespace

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-12-13 15:20:33 +01:00
Markus Heiser
c8d2b19c85 [doc] document why to use sudoer to run intsallation scripts
related to:

- https://gist.github.com/dalf/60450e19b042bd39b9ce470c095d89b3#gistcomment-3263827
- https://github.com/searx/searx/issues/2013#issuecomment-647132313
- https://github.com/searx/searx/issues/2017#issuecomment-647700327

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-12-13 15:19:04 +01:00
Markus Heiser
ea62df1dc0 [doc] update developer quickstart guide
See https://github.com/searx/searx/issues/2369#issuecomment-740652878

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-12-12 20:31:49 +01:00
Alexandre Flament
d703119d3a [enh] add raise_for_httperror
check HTTP response:
* detect some comme CAPTCHA challenge (no solving). In this case the engine is suspended for long a time.
* otherwise raise HTTPError as before

the check is done in poolrequests.py (was before in search.py).

update qwant, wikipedia, wikidata to use raise_for_httperror instead of raise_for_status
2020-12-11 14:37:08 +01:00
Markus Heiser
a70b9b9f61 [doc] recommend to use 'use_default_settings=True'
Since #2291 is merged, it is recommend to use::

  use_default_settings=True

1. Add a template file use_default_settings.yml::

    SEARX_SETTINGS_TEMPLATE="${REPO_ROOT}/utils/templates/etc/searx/use_default_settings.yml"

2. In Chapter "Configuration" recommend to make use of
   'use_default_settings=True' and describe it

3. Rewrite of docs/admin/settings.rst
   - move chapter 'settings.yml location' to the top
   - update and split chapter 'Global Settings'

4. Add environment SEARX_SETTINGS_TEMPLATE to .config.sh

5. Use environment $SEARX_SETTINGS_TEMPLATE in the utils/searx.sh script

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-12-08 20:19:10 +01:00
Alexandre Flament
925bb561a2
Merge pull request #2352 from dalf/no_http
Remove HTTP connections as much as possible
2020-12-06 10:18:49 +01:00
Alexandre Flament
f0054d67f1 [fix] wikipedia engine: don't raise an error when the query is not found
Add a new parameter "raise_for_status", set by default to True.
When True, any HTTP status code >= 300 raise an exception ( #2332 )
When False, the engine can manage the HTTP status code by itself.
2020-12-04 20:04:39 +01:00
Alexandre Flament
38d32337e7 [mod] documentations & comments: update http://* URL to https://*.
About http://lesscss.org see https://github.com/less/less-docs/issues/520
2020-12-04 16:52:25 +01:00
Alexandre Flament
1d0c368746 [enh] record details exception per engine
add an new API /stats/errors
2020-12-03 10:22:48 +01:00
Alexandre Flament
a1e6bc4cee
Merge pull request #2291 from dalf/settings2
[enh] user settings can relied on the default settings
2020-12-01 14:57:12 +01:00
Noémi Ványi
4a36a3044d
Add recoll engine (#2325)
recoll is a local search engine based on Xapian:
http://www.lesbonscomptes.com/recoll/

By itself recoll does not offer web or API access,
this can be achieved using recoll-webui:
https://framagit.org/medoc92/recollwebui.git

This engine uses a custom 'files' result template

set `base_url` to the location where recoll-webui can be reached
set `dl_prefix` to a location where the file hierarchy as indexed by recoll can be reached
set `search_dir` to the part of the indexed file hierarchy to be searched, use an empty string to search the entire search domain
2020-11-30 08:35:15 +01:00
Alexandre Flament
b4b81a5e1a [enh] settings.yml: add use_default_settings option (2nd version) 2020-11-27 19:40:04 +01:00
Alexandre Flament
1cfe7f2a75 [enh] settings.yml: add use_default_settings option
This change is backward compatible with the existing configurations.

If a settings.yml loaded from an user defined location (SEARX_SETTINGS_PATH or /etc/searx/settings.yml),
then this settings can relied on the default settings.yml with this option:
user_default_settings:True
2020-11-26 18:27:27 +01:00
Alexandre Flament
3786920df9 [enh] Add multiple outgoing proxies
credits go to @bauruine see https://github.com/searx/searx/pull/1958
2020-11-20 15:29:21 +01:00
Pierre Chevalier
482da5c6c7 Correct what was obviously a typo in vir(t)ualenv. 2020-11-13 16:06:16 +01:00
rachmadani haryono
c03e4c86bc
Feature/standalone searx update (#1591)
* chg: dev: update standalone_searx

parent d8a5df721b33dd8a7cc9e21dba4060f21d629f69
author rachmadaniHaryono <foreturiga@gmail.com> 1603896594 +0800
committer rachmadaniHaryono <foreturiga@gmail.com> 1603896619 +0800

chg: dev: debug engine_shortcuts
chg: dev: only initilize if engine is given
chg: dev: split main
chg: dev: standalone_searx
chg: dev: update standalone_searx
chg: doc: remove unnecessary log
chg: test: differentiate travis
chg: test: disable shortcut
chg: test: use default engine settings
fix: dev: category choices
fix: dev: duplicate engine shortcut
fix: dev: travis python3
fix: test:  use empty string as shortcut
fix: test: apkm
fix: test: engine shortcut
fix: test: mypy
fix: test: parameter
fix: test: pep8
fix: test: py2 compatibilities
fix: test: searx settings
fix: test: travis engines
new: dev: deduplicate engine
new: dev: main receive engines parameter
new: dev: parse_argument accept engines parameter
new: dev: split search query from get_result func
new: test: basic result case
Suggestions: use RawTextQuery to make the suggestions URLs. Update all themes accordingly.

* new: doc: searx import and init

* chg: dev: parse_argument

- doc
- run on __main__
- simple parse_args

* chg: doc: module

* chg: dev: import section

- remove unused python path modification
- new required package

* chg: dev: script run

- parse_argument func return directly parsed results
- main func return dict instead json text
- dump directly on sys.stdout.write

* chg: dev: get_search_query and get_search_query func

* chg: dev: main func

- move inner function outside
- return dict instead of json text

* new: dev: add utils to doc sys path

* new: doc: standalone_searx

* fix: doc: run script

* chg: dev: mypy type hint

* chg: dev: SearchQuery don't have attr engines

* chg: dev: reset engines __init__

* chg: test: unit test update

* chg: dev: pylint and flake8

* new: test: standalone_searx

* chg: dev: main func and doc

* chg: dev: import and type hint

* new: dev: main func

- remove get_result func
- single func which just translate dict

* chg: test: put mypy on dev requirement

* chg: doc: update

* new: doc: add standalone_searx module member

* chg: doc: shell command line

* chg: dev: remove mypy

* chg: doc: module docstring
2020-11-04 12:38:54 +00:00
Markus Heiser
45f58a4a2a [fix] searx configuration - quote bash calls in sed replacements
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-11-02 10:02:59 +01:00
Markus Heiser
edef9d2f87 [doc] searx configuration - add 'mkdir /etc/searx' before copy
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-11-02 10:02:59 +01:00
Markus Heiser
dd23ad8ba2 [fix] doc - add missing quotation marks in docs/build-templates
Escape the all the quotation marks (" --> \") in docs/build-templates.

The scripts are *bash evaluated* (e.g)::

  eval "echo \"$(< "${REPO_ROOT}/docs/build-templates/searx.rst")\""

Backslash, quotation marks and other need to be escaped.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-11-02 10:02:59 +01:00
Markus Heiser
e697d78d5a [mod] make docs-live - remove --port option from sphinx-autobuild
Setting port fixed to 8080 has drawbacks when this port is already in use from
another application [1].  Removing this option from the command line offers the
use of the sphinx-autobuild defaults which are much more flexible [2].

[1] https://github.com/searx/searx/issues/2282
[2] https://github.com/executablebooks/sphinx-autobuild/blob/master/README.md

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-10-30 20:30:20 +01:00
renyhp
3bada084a2
Extract to /usr/local/filtron/local
The /usr/local/filtron/local/go directory will be created by tar.
2020-10-19 17:49:03 +02:00
renyhp
aaf9334c79
Fix typo xgd-open > xdg-open 2020-10-19 15:37:45 +02:00
Noémi Ványi
f0e6678aac Add blogpost about command engine 2020-10-08 13:32:32 +02:00
Alexandre Flament
2cafc5462d [fix] revert PR #2232 and #2230 2020-10-01 16:38:54 +02:00
Alexandre Flament
9a856083df [fix] Sphinx 3.2.1 build: call searx.engines.initialize_engines
Fix admin/engines.html
Fix #2230
2020-09-30 10:20:12 +02:00
Alexandre Flament
6c6985aaf8
Merge pull request #2230 from dalf/fix-sphinx-build
[fix] Sphinx 3.2.1 build: add missing "engines" variable in the jinja context
2020-09-30 09:29:09 +02:00
Alexandre Flament
6d56c754a7 [fix] Sphinx 3.2.1 build: add missing "engines" variable in the jinja context
Fix the admin/engines.html page
2020-09-29 12:30:10 +02:00
Alexandre Flament
f204e4903d [fix] migration from github.com/asciimoo/searx to github.com/searx/searx : fix URLs 2020-09-28 16:44:14 +02:00
Markus Heiser
9d60ae1ce6 [fix] missing 'alias' typo in docs/admin/installation-nginx.rst
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-09-28 11:40:45 +02:00
Alexandre Flament
8ffede6140 [fix] docker and k8s: run searx
fix #2181
2020-09-10 10:07:49 +02:00