add encryption only when option is set
This commit is contained in:
Joao Ramos
parent
2b7935618c
commit
5e75fd7ea8
|
|
@ -35,7 +35,9 @@ class Config:
|
||||||
self.view_image = read_config_bool('WHOOGLE_CONFIG_VIEW_IMAGE')
|
self.view_image = read_config_bool('WHOOGLE_CONFIG_VIEW_IMAGE')
|
||||||
self.get_only = read_config_bool('WHOOGLE_CONFIG_GET_ONLY')
|
self.get_only = read_config_bool('WHOOGLE_CONFIG_GET_ONLY')
|
||||||
self.anon_view = read_config_bool('WHOOGLE_CONFIG_ANON_VIEW')
|
self.anon_view = read_config_bool('WHOOGLE_CONFIG_ANON_VIEW')
|
||||||
|
self.preferences_encrypted = read_config_bool('WHOOGLE_CONFIG_PREFERENCES_ENCRYPTED')
|
||||||
self.preferences_key = os.getenv('WHOOGLE_CONFIG_PREFERENCES_KEY', '')
|
self.preferences_key = os.getenv('WHOOGLE_CONFIG_PREFERENCES_KEY', '')
|
||||||
|
|
||||||
self.accept_language = False
|
self.accept_language = False
|
||||||
|
|
||||||
self.safe_keys = [
|
self.safe_keys = [
|
||||||
|
|
@ -85,7 +87,9 @@ class Config:
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def preferences(self) -> str:
|
def preferences(self) -> str:
|
||||||
return self._encode_preferences()
|
encrypted_flag = "e" if self.preferences_encrypted else 'u'
|
||||||
|
preferences_digest = self._encode_preferences()
|
||||||
|
return f"{encrypted_flag}{preferences_digest}"
|
||||||
|
|
||||||
def is_safe_key(self, key) -> bool:
|
def is_safe_key(self, key) -> bool:
|
||||||
"""Establishes a group of config options that are safe to set
|
"""Establishes a group of config options that are safe to set
|
||||||
|
|
@ -166,25 +170,32 @@ class Config:
|
||||||
return key
|
return key
|
||||||
|
|
||||||
def _encode_preferences(self) -> str:
|
def _encode_preferences(self) -> str:
|
||||||
if self.preferences_key == '':
|
|
||||||
return ''
|
|
||||||
encoded_preferences = brotli.compress(pickle.dumps(self.get_attrs()))
|
encoded_preferences = brotli.compress(pickle.dumps(self.get_attrs()))
|
||||||
key = self._get_fernet_key(self.preferences_key)
|
if self.preferences_encrypted:
|
||||||
encrypted_preferences = Fernet(key).encrypt(encoded_preferences)
|
if self.preferences_key != '':
|
||||||
|
key = self._get_fernet_key(self.preferences_key)
|
||||||
|
encoded_preferences = Fernet(key).encrypt(encoded_preferences)
|
||||||
|
|
||||||
return urlsafe_b64encode(
|
return urlsafe_b64encode(
|
||||||
brotli.compress(encrypted_preferences)
|
brotli.compress(encoded_preferences)
|
||||||
).decode()
|
).decode()
|
||||||
|
|
||||||
def _decode_preferences(self, preferences: str) -> dict:
|
def _decode_preferences(self, preferences: str) -> dict:
|
||||||
try:
|
if preferences.startswith('e'): # preferences are encrypted
|
||||||
key = self._get_fernet_key(self.preferences_key)
|
try:
|
||||||
|
key = self._get_fernet_key(self.preferences_key)
|
||||||
|
|
||||||
config = Fernet(key).decrypt(
|
config = Fernet(key).decrypt(
|
||||||
|
brotli.decompress(urlsafe_b64decode(preferences.encode()))
|
||||||
|
)
|
||||||
|
|
||||||
|
config = pickle.loads(brotli.decompress(config))
|
||||||
|
except Exception:
|
||||||
|
config = {}
|
||||||
|
elif preferences.startswith('u'): # preferences are not encrypted
|
||||||
|
config = pickle.loads(
|
||||||
brotli.decompress(urlsafe_b64decode(preferences.encode()))
|
brotli.decompress(urlsafe_b64decode(preferences.encode()))
|
||||||
)
|
)
|
||||||
|
else: # preferences are incorrectly formatted
|
||||||
config = pickle.loads(brotli.decompress(config))
|
|
||||||
except Exception:
|
|
||||||
config = {}
|
config = {}
|
||||||
|
|
||||||
return config
|
return config
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,9 @@
|
||||||
"config-tor": "Use Tor",
|
"config-tor": "Use Tor",
|
||||||
"config-get-only": "GET Requests Only",
|
"config-get-only": "GET Requests Only",
|
||||||
"config-url": "Root URL",
|
"config-url": "Root URL",
|
||||||
"config-url-pref": "Preferences URL",
|
"config-pref-url": "Preferences URL",
|
||||||
|
"config-pref-encryption": "Encrypt Preferences",
|
||||||
|
"config-pref-help": "You need to set the encryption key in WHOOGLE_CONFIG_PREFERENCES_ENCRYPTED otherwise the encryption will be ignored.",
|
||||||
"config-css": "Custom CSS",
|
"config-css": "Custom CSS",
|
||||||
"load": "Load",
|
"load": "Load",
|
||||||
"apply": "Apply",
|
"apply": "Apply",
|
||||||
|
|
|
||||||
|
|
@ -236,13 +236,14 @@
|
||||||
{{ config.style.replace('\t', '') }}
|
{{ config.style.replace('\t', '') }}
|
||||||
</textarea>
|
</textarea>
|
||||||
</div>
|
</div>
|
||||||
{% if config.preferences %}
|
<div class="config-div config-div-pref-url">
|
||||||
<div class="config-div config-div-pref-url">
|
<label for="config-pref-encryption">{{ translation['config-pref-encryption'] }}: </label>
|
||||||
<label for="config-pref-url">{{ translation['config-url-pref'] }}: </label>
|
<input type="checkbox" name="preferences_encrypted"
|
||||||
<input type="text" name="pref-url" id="config-pref-url" value="{{ config.url }}?preferences={{ config.preferences }}">
|
id="config-pref-encryption" {{ 'checked' if config.preferences_encrypted and config.preferences_key else '' }}>
|
||||||
</div>
|
<div><span class="info-text"> — {{ translation['config-pref-help'] }}</span></div>
|
||||||
{% endif %}
|
<label for="config-pref-url">{{ translation['config-pref-url'] }}: </label>
|
||||||
|
<input type="text" name="pref-url" id="config-pref-url" value="{{ config.url }}?preferences={{ config.preferences }}">
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="config-div config-buttons">
|
<div class="config-div config-buttons">
|
||||||
<input type="submit" id="config-load" value="{{ translation['load'] }}">
|
<input type="submit" id="config-load" value="{{ translation['load'] }}">
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user