Tor password authentication (#746)
Added password authentication for tor control port. For user configuration of access to tor control port. This file should be heavily restricted in file system. Co-authored-by: MadcowOG <madcowog@Arch-Main.localdomain>
This commit is contained in:
parent
dc03022e27
commit
c9ee9dcc8b
|
@ -337,12 +337,14 @@ There are a few optional environment variables available for customizing a Whoog
|
|||
| WHOOGLE_ALT_RD | The reddit.com alternative to use when site alternatives are enabled in the config. |
|
||||
| WHOOGLE_ALT_TL | The Google Translate alternative to use. This is used for all "translate ____" searches. |
|
||||
| WHOOGLE_ALT_MD | The medium.com alternative to use when site alternatives are enabled in the config. |
|
||||
| WHOOGLE_ALT_IMG | The imgur.com alternative to use when site alternatives are enabled in the config. |
|
||||
| WHOOGLE_ALT_WIKI | The wikipedia.com alternative to use when site alternatives are enabled in the config. |
|
||||
| WHOOGLE_ALT_IMG | The imgur.com alternative to use when site alternatives are enabled in the config. |
|
||||
| WHOOGLE_ALT_WIKI | The wikipedia.com alternative to use when site alternatives are enabled in the config. |
|
||||
| WHOOGLE_AUTOCOMPLETE | Controls visibility of autocomplete/search suggestions. Default on -- use '0' to disable |
|
||||
| WHOOGLE_MINIMAL | Remove everything except basic result cards from all search queries. |
|
||||
| WHOOGLE_CSP | Sets a default set of 'Content-Security-Policy' headers |
|
||||
| WHOOGLE_RESULTS_PER_PAGE | Set the number of results per page |
|
||||
| WHOOGLE_RESULTS_PER_PAGE | Set the number of results per page |
|
||||
| WHOOGLE_TOR_USE_PASS | Use password authentication for tor control port. |
|
||||
| WHOOGLE_TOR_CONF | The absolute path to the config file containing the password for the tor control port. Default: ./misc/tor/control.conf WHOOGLE_TOR_PASS must be 1 for this to work.|
|
||||
|
||||
### Config Environment Variables
|
||||
These environment variables allow setting default config values, but can be overwritten manually by using the home page config menu. These allow a shortcut for destroying/rebuilding an instance to the same config state every time.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
from app.models.config import Config
|
||||
from app.utils.misc import read_config_bool
|
||||
from datetime import datetime
|
||||
from defusedxml import ElementTree as ET
|
||||
import random
|
||||
|
@ -8,6 +9,7 @@ import urllib.parse as urlparse
|
|||
import os
|
||||
from stem import Signal, SocketError
|
||||
from stem.control import Controller
|
||||
from stem.connection import authenticate_cookie, authenticate_password
|
||||
|
||||
MAPS_URL = 'https://maps.google.com/maps'
|
||||
AUTOCOMPLETE_URL = ('https://suggestqueries.google.com/'
|
||||
|
@ -37,9 +39,27 @@ class TorError(Exception):
|
|||
|
||||
|
||||
def send_tor_signal(signal: Signal) -> bool:
|
||||
use_pass = read_config_bool('WHOOGLE_TOR_USE_PASS')
|
||||
|
||||
confloc = './misc/tor/control.conf'
|
||||
# Check that the custom location of conf is real.
|
||||
temp = os.getenv('WHOOGLE_TOR_CONF', '')
|
||||
if os.path.isfile(temp):
|
||||
confloc = temp
|
||||
|
||||
# Attempt to authenticate and send signal.
|
||||
try:
|
||||
with Controller.from_port(port=9051) as c:
|
||||
c.authenticate()
|
||||
if use_pass:
|
||||
with open(confloc, "r") as conf:
|
||||
# Scan for the last line of the file.
|
||||
for line in conf:
|
||||
pass
|
||||
secret = line
|
||||
authenticate_password(c, password=secret)
|
||||
else:
|
||||
cookie_path = '/var/lib/tor/control_auth_cookie'
|
||||
authenticate_cookie(c, cookie_path=cookie_path)
|
||||
c.signal(signal)
|
||||
os.environ['TOR_AVAILABLE'] = '1'
|
||||
return True
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
import argparse
|
||||
import base64
|
||||
import io
|
||||
import os
|
||||
import json
|
||||
import os
|
||||
import pickle
|
||||
|
|
1
misc/tor/control.conf
Normal file
1
misc/tor/control.conf
Normal file
|
@ -0,0 +1 @@
|
|||
# Place password here. Keep this safe.
|
Loading…
Reference in New Issue
Block a user