mirror of https://github.com/searxng/searxng.git
Merge pull request #663 from dalf/mod_secret_key
changes about the secret_key
This commit is contained in:
commit
7966fd3bbd
|
@ -71,6 +71,7 @@ from searx.webutils import (
|
||||||
get_themes,
|
get_themes,
|
||||||
prettify_url,
|
prettify_url,
|
||||||
new_hmac,
|
new_hmac,
|
||||||
|
is_hmac_of,
|
||||||
is_flask_run_cmdline,
|
is_flask_run_cmdline,
|
||||||
)
|
)
|
||||||
from searx.webadapter import (
|
from searx.webadapter import (
|
||||||
|
@ -1067,8 +1068,7 @@ def image_proxy():
|
||||||
if not url:
|
if not url:
|
||||||
return '', 400
|
return '', 400
|
||||||
|
|
||||||
h = new_hmac(settings['server']['secret_key'], url.encode())
|
if not is_hmac_of(settings['server']['secret_key'], url.encode(), request.args.get('h', '')):
|
||||||
if h != request.args.get('h'):
|
|
||||||
return '', 400
|
return '', 400
|
||||||
|
|
||||||
maximum_size = 5 * 1024 * 1024
|
maximum_size = 5 * 1024 * 1024
|
||||||
|
|
|
@ -77,14 +77,12 @@ def get_result_templates(templates_path):
|
||||||
|
|
||||||
|
|
||||||
def new_hmac(secret_key, url):
|
def new_hmac(secret_key, url):
|
||||||
try:
|
return hmac.new(secret_key.encode(), url, hashlib.sha256).hexdigest()
|
||||||
secret_key_bytes = bytes(secret_key, 'utf-8')
|
|
||||||
except TypeError as err:
|
|
||||||
if isinstance(secret_key, bytes):
|
def is_hmac_of(secret_key, value, hmac_to_check):
|
||||||
secret_key_bytes = secret_key
|
hmac_of_value = new_hmac(secret_key, value)
|
||||||
else:
|
return len(hmac_of_value) == len(hmac_to_check) and hmac.compare_digest(hmac_of_value, hmac_to_check)
|
||||||
raise err
|
|
||||||
return hmac.new(secret_key_bytes, url, hashlib.sha256).hexdigest()
|
|
||||||
|
|
||||||
|
|
||||||
def prettify_url(url, max_length=74):
|
def prettify_url(url, max_length=74):
|
||||||
|
|
|
@ -78,10 +78,12 @@ class TestUnicodeWriter(SearxTestCase):
|
||||||
|
|
||||||
class TestNewHmac(SearxTestCase):
|
class TestNewHmac(SearxTestCase):
|
||||||
def test_bytes(self):
|
def test_bytes(self):
|
||||||
for secret_key in ['secret', b'secret', 1]:
|
data = b'http://example.com'
|
||||||
if secret_key == 1:
|
with self.assertRaises(AttributeError):
|
||||||
with self.assertRaises(TypeError):
|
webutils.new_hmac(b'secret', data)
|
||||||
webutils.new_hmac(secret_key, b'http://example.com')
|
|
||||||
continue
|
with self.assertRaises(AttributeError):
|
||||||
res = webutils.new_hmac(secret_key, b'http://example.com')
|
webutils.new_hmac(1, data)
|
||||||
self.assertEqual(res, '23e2baa2404012a5cc8e4a18b4aabf0dde4cb9b56f679ddc0fd6d7c24339d819')
|
|
||||||
|
res = webutils.new_hmac('secret', data)
|
||||||
|
self.assertEqual(res, '23e2baa2404012a5cc8e4a18b4aabf0dde4cb9b56f679ddc0fd6d7c24339d819')
|
||||||
|
|
Loading…
Reference in New Issue