From d13a8f64534b2ba7883cabdae1d08ea68b7899c8 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Mon, 2 Oct 2023 18:29:58 +0200 Subject: [PATCH] [mod] document server:public_instance & remove it out of the botdetection - the option server:public_instance lacks some documentation - the processing of this option belongs in the limiter and not in botdetection module Signed-off-by: Markus Heiser --- docs/admin/settings/settings_server.rst | 12 +++++++++++- searx/__init__.py | 3 ++- searx/botdetection/ip_limit.py | 3 +-- searx/limiter.py | 20 +++++++++++++++----- 4 files changed, 29 insertions(+), 9 deletions(-) diff --git a/docs/admin/settings/settings_server.rst b/docs/admin/settings/settings_server.rst index ba0c9484d..e4e66ee2f 100644 --- a/docs/admin/settings/settings_server.rst +++ b/docs/admin/settings/settings_server.rst @@ -12,6 +12,7 @@ bind_address: "127.0.0.1" secret_key: "ultrasecretkey" # change this! limiter: false + public_instance: false image_proxy: false default_http_headers: X-Content-Type-Options : nosniff @@ -20,7 +21,6 @@ X-Robots-Tag : noindex, nofollow Referrer-Policy : no-referrer - ``base_url`` : ``$SEARXNG_URL`` :ref:`buildenv ` The base URL where SearXNG is deployed. Used to create correct inbound links. If you change the value, don't forget to rebuild instance's environment @@ -40,6 +40,16 @@ Rate limit the number of request on the instance, block some bots. The :ref:`limiter` requires a :ref:`settings redis` database. +.. _public_instance: + +``public_instance`` : + + Setting that allows to enable features specifically for public instances (not + needed for local usage). By set to ``true`` the following features are + activated: + + - :py:obj:`searx.botdetection.link_token` in the :ref:`limiter` + .. _image_proxy: ``image_proxy`` : diff --git a/searx/__init__.py b/searx/__init__.py index f86052660..d611ef6a2 100644 --- a/searx/__init__.py +++ b/searx/__init__.py @@ -108,5 +108,6 @@ else: if settings['server']['public_instance']: logger.warning( "Be aware you have activated features intended only for public instances. " - + "This force the usage of the bot limiter and link_token plugins." + "This force the usage of the limiter and link_token / " + "see https://docs.searxng.org/admin/searx.limiter.html" ) diff --git a/searx/botdetection/ip_limit.py b/searx/botdetection/ip_limit.py index 071978a33..387e580ee 100644 --- a/searx/botdetection/ip_limit.py +++ b/searx/botdetection/ip_limit.py @@ -45,7 +45,6 @@ from ipaddress import ( import flask import werkzeug -from searx import settings from searx import redisdb from searx.redislib import incr_sliding_window, drop_counter @@ -109,7 +108,7 @@ def filter_request( if c > API_MAX: return too_many_requests(network, "too many request in API_WINDOW") - if settings['server']['public_instance'] or cfg['botdetection.ip_limit.link_token']: + if cfg['botdetection.ip_limit.link_token']: suspicious = link_token.is_suspicious(network, request, True) diff --git a/searx/limiter.py b/searx/limiter.py index b61292d70..fa7418922 100644 --- a/searx/limiter.py +++ b/searx/limiter.py @@ -211,23 +211,33 @@ def pre_request(): def is_installed(): + """Returns ``True`` if limiter is active and a redis DB is available.""" return _INSTALLED def initialize(app: flask.Flask, settings): - """Instal the botlimiter aka limiter""" + """Install the limiter""" global _INSTALLED # pylint: disable=global-statement - if not settings['server']['limiter'] and not settings['server']['public_instance']: + + if not (settings['server']['limiter'] or settings['server']['public_instance']): return + redis_client = redisdb.client() if not redis_client: logger.error( "The limiter requires Redis, please consult the documentation: " - + "https://docs.searxng.org/admin/searx.botdetection.html#limiter" + "https://docs.searxng.org/admin/searx.limiter.html" ) if settings['server']['public_instance']: sys.exit(1) return - botdetection.init(get_cfg(), redis_client) - app.before_request(pre_request) + _INSTALLED = True + + cfg = get_cfg() + if settings['server']['public_instance']: + # overwrite limiter.toml setting + cfg.set('botdetection.ip_limit.link_token', True) + + botdetection.init(cfg, redis_client) + app.before_request(pre_request)