diff options
| author | Markus Heiser <markus.heiser@darmarit.de> | 2020-04-28 16:21:45 +0200 |
|---|---|---|
| committer | Markus Heiser <markus.heiser@darmarit.de> | 2020-04-28 16:21:45 +0200 |
| commit | ea3255835a259516c7a8b62eb319a338cebf7e9f (patch) | |
| tree | 55cd99af01fd79317b6d118a0584b2e5d0e7b544 | |
| parent | 26a3a7d52359075bb96b39b26ed60430f2c667b9 (diff) | |
| download | searxng-ea3255835a259516c7a8b62eb319a338cebf7e9f.tar.gz searxng-ea3255835a259516c7a8b62eb319a338cebf7e9f.zip | |
utils/morty.sh: set morty key to avoid service abuse
- https://github.com/asciimoo/searx/issues/1871#issuecomment-592459798
make install all
generates random MORTY_KEY, install service with that key and sets option in the
searx settingy.yml file.
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
| -rwxr-xr-x | utils/morty.sh | 5 | ||||
| -rwxr-xr-x | utils/searx.sh | 4 | ||||
| -rw-r--r-- | utils/templates/lib/systemd/system/morty.service | 2 |
3 files changed, 7 insertions, 4 deletions
diff --git a/utils/morty.sh b/utils/morty.sh index 851b8864d..6b90db581 100755 --- a/utils/morty.sh +++ b/utils/morty.sh @@ -208,6 +208,9 @@ main() { } install_all() { + + MORTY_KEY="$(head -c 32 /dev/urandom | base64)" + rst_title "Install $SERVICE_NAME (service)" assert_user wait_key @@ -233,7 +236,7 @@ install_all() { fi info_searx if ask_yn "Add image and result proxy to searx settings.yml?" Yn; then - "${REPO_ROOT}/utils/searx.sh" option result-proxy "${PUBLIC_URL_MORTY}" + "${REPO_ROOT}/utils/searx.sh" option result-proxy "${PUBLIC_URL_MORTY}" "${MORTY_KEY}" "${REPO_ROOT}/utils/searx.sh" option image-proxy-on fi diff --git a/utils/searx.sh b/utils/searx.sh index 48521f606..7013ec750 100755 --- a/utils/searx.sh +++ b/utils/searx.sh @@ -584,7 +584,7 @@ set_result_proxy() { # usage: set_result_proxy <URL> [<key>] - info_msg "try to set result proxy: $1" + info_msg "try to set result proxy: '$1' ($2)" cp "${SEARX_SETTINGS_PATH}" "${SEARX_SETTINGS_PATH}.bak" _set_result_proxy "$1" "$2" > "${SEARX_SETTINGS_PATH}" } @@ -593,7 +593,7 @@ _set_result_proxy() { local line local stage=0 local url=" url: $1" - local key=" key: $2" + local key=" key: !!binary \"$2\"" if [[ -z $2 ]]; then key= fi diff --git a/utils/templates/lib/systemd/system/morty.service b/utils/templates/lib/systemd/system/morty.service index d463c5097..25b676b51 100644 --- a/utils/templates/lib/systemd/system/morty.service +++ b/utils/templates/lib/systemd/system/morty.service @@ -10,7 +10,7 @@ Type=simple User=${SERVICE_USER} Group=${SERVICE_GROUP} WorkingDirectory=${SERVICE_HOME} -ExecStart=${SERVICE_HOME}/go-apps/bin/morty -key '' -listen '${MORTY_LISTEN}' -timeout ${MORTY_TIMEOUT} +ExecStart=${SERVICE_HOME}/go-apps/bin/morty -key '${MORTY_KEY}' -listen '${MORTY_LISTEN}' -timeout ${MORTY_TIMEOUT} Restart=always Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME} DEBUG=${SERVICE_ENV_DEBUG} |