add encryption only when option is set

2022-09-21 13:24:07 +02:00 · 2022-09-21 13:24:07 +02:00 · 5e75fd7ea8
commit 5e75fd7ea8
parent 2b7935618c
3 changed files with 35 additions and 21 deletions
--- a/app/models/config.py
+++ b/app/models/config.py
@ -35,7 +35,9 @@ class Config:
        self.view_image = read_config_bool('WHOOGLE_CONFIG_VIEW_IMAGE')
        self.get_only = read_config_bool('WHOOGLE_CONFIG_GET_ONLY')
        self.anon_view = read_config_bool('WHOOGLE_CONFIG_ANON_VIEW')
+        self.preferences_encrypted = read_config_bool('WHOOGLE_CONFIG_PREFERENCES_ENCRYPTED')
        self.preferences_key = os.getenv('WHOOGLE_CONFIG_PREFERENCES_KEY', '')
+        
        self.accept_language = False

        self.safe_keys = [
@ -85,7 +87,9 @@ class Config:

    @property
    def preferences(self) -> str:
-        return self._encode_preferences()
+        encrypted_flag = "e" if self.preferences_encrypted else 'u'
+        preferences_digest = self._encode_preferences()
+        return f"{encrypted_flag}{preferences_digest}"

    def is_safe_key(self, key) -> bool:
        """Establishes a group of config options that are safe to set
@ -166,25 +170,32 @@ class Config:
        return key

    def _encode_preferences(self) -> str:
-        if self.preferences_key == '':
-            return ''
        encoded_preferences = brotli.compress(pickle.dumps(self.get_attrs()))
-        key = self._get_fernet_key(self.preferences_key)
-        encrypted_preferences = Fernet(key).encrypt(encoded_preferences)
+        if self.preferences_encrypted:
+            if self.preferences_key != '':
+                key = self._get_fernet_key(self.preferences_key)
+                encoded_preferences = Fernet(key).encrypt(encoded_preferences)
+
        return urlsafe_b64encode(
-            brotli.compress(encrypted_preferences)
+            brotli.compress(encoded_preferences)
        ).decode()

    def _decode_preferences(self, preferences: str) -> dict:
-        try:
-            key = self._get_fernet_key(self.preferences_key)
+        if preferences.startswith('e'): # preferences are encrypted
+            try:
+                key = self._get_fernet_key(self.preferences_key)

-            config = Fernet(key).decrypt(
+                config = Fernet(key).decrypt(
+                    brotli.decompress(urlsafe_b64decode(preferences.encode()))
+                )
+
+                config = pickle.loads(brotli.decompress(config))
+            except Exception:
+                config = {}
+        elif preferences.startswith('u'): # preferences are not encrypted
+            config = pickle.loads(
                brotli.decompress(urlsafe_b64decode(preferences.encode()))
            )
-
-            config = pickle.loads(brotli.decompress(config))
-        except Exception:
+        else: # preferences are incorrectly formatted
            config = {}
-
        return config
--- a/app/static/settings/translations.json
+++ b/app/static/settings/translations.json
@ -26,7 +26,9 @@
        "config-tor": "Use Tor",
        "config-get-only": "GET Requests Only",
        "config-url": "Root URL",
-        "config-url-pref": "Preferences URL",
+        "config-pref-url": "Preferences URL",
+        "config-pref-encryption": "Encrypt Preferences",
+        "config-pref-help": "You need to set the encryption key in WHOOGLE_CONFIG_PREFERENCES_ENCRYPTED otherwise the encryption will be ignored.",
        "config-css": "Custom CSS",
        "load": "Load",
        "apply": "Apply",
--- a/app/templates/index.html
+++ b/app/templates/index.html
@ -236,13 +236,14 @@
                                {{ config.style.replace('\t', '') }}
                            </textarea>
                        </div>
-                        {% if config.preferences %}
-                            <div class="config-div config-div-pref-url">
-                                <label for="config-pref-url">{{ translation['config-url-pref'] }}: </label>
-                                <input type="text" name="pref-url" id="config-pref-url" value="{{ config.url }}?preferences={{ config.preferences }}">
-                            </div>
-                        {% endif %}
-
+                        <div class="config-div config-div-pref-url">
+                            <label for="config-pref-encryption">{{ translation['config-pref-encryption'] }}: </label>
+                            <input type="checkbox" name="preferences_encrypted"
+                                   id="config-pref-encryption" {{ 'checked' if config.preferences_encrypted and config.preferences_key else '' }}>
+                            <div><span class="info-text"> — {{ translation['config-pref-help'] }}</span></div>
+                            <label for="config-pref-url">{{ translation['config-pref-url'] }}: </label>
+                            <input type="text" name="pref-url" id="config-pref-url" value="{{ config.url }}?preferences={{ config.preferences }}">
+                        </div>
                    </div>
                    <div class="config-div config-buttons">
                        <input type="submit" id="config-load" value="{{ translation['load'] }}">&nbsp;