[fix] ERROR:searx:server.secret_key is not changed #2386
Conversation
When do searx use a secret_key ?The secret_key is not useful for:
In the master branch, the only use case of secret_key is the webapp.
Why do we need a secret_key ?According to https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY :
According to https://github.com/pallets/flask/search?l=Python&q=secret_key , the only use case of secret_key is the flask.session. searx don't use flask.session on purpose. According to https://github.com/searx/searx/search?q=secret_key , the only searx usage of secret_key is the image proxy (the image proxy written in Python, not Morty). Sum up
About this PRI'm not comfortable adding another step to configure a searx instance ( make sure INSTANCE_ENV='production' ). A different solutionmove these lines Lines 64 to 66 in 3660011
to the run function in webapp.py (just before the logger.debug) : Lines 1090 to 1098 in 3660011
The test_webapp still require this line: searx/tests/unit/test_webapp.py Line 14 in 3660011
but utils/standalone.py, make test, make docs will be okay. A third solutionIf the key is None, empty string or 'ultrasecretkey' then searx creates a secure random key. The key will change after each restart, so the image proxy URL won't be reliable over time. (I prefer the previous solution). |
@dalf: thanks a lot for your detailed analyses , I didn't know this details before. I moved the condition to webapp.py .. and renamed this PR. |
May I ask you to remove searx/.github/workflows/integration.yml Line 69 in 002d53a
since it is not more mandatory with this PR. [EDIT] And there are the tests too : Line 2 in 002d53a
But here, this test will fail (perhaps another ?): searx/tests/unit/test_webapp.py Line 15 in 002d53a
A quick solution is not to change the tests for now. |
good point, I removed all the obsolete SEARX_DEBUG ..
for me the test works .. may you like to verify. |
This was puzzling me, actually the PR doesn't work:
So the The actual check must be done on wsgi application. Flask doesn't provide callbacks when the app starts, only on the first request: https://flask.palletsprojects.com/en/1.1.x/api/#flask.Flask.before_first_request So the only solution I see is a wsgi middleware, that doesn't nothing except check for the SECRET_KEY when initialize. |
Or we bury the idea to test SECRET_KEY,thoughts? Since #2256 we have a lot of trouble and the only benefit is to catch up sloppy admins.
Admins have to read the documentation, how to configure searx |
The other solution is to create a random key each time: at least it is secure even for a sloppy admin: no open proxy |
I will have a look ... WIP |
Perhaps there is a better version, just for reference: |
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
@dalf: key is now generated in the settings_loader searx/searx/settings_loader.py Lines 146 to 147 in f65a4dc
|
@dalf Generating a secret key every time searx starts up is not viable if image proxy is enabled. Once the instance is restarted, it gets a new secret key. Thus, previously working links image result links break on the instance because the secret key is changed. I prefer the initial solution I have submitted. (To me, it is somewhat weird that the documentation requires starting the web application.) |
The application is not started, but searx will be imported. The documentation build itself needs a some values from the searx package like version number .. Line 5 in 59217bb
You can test it by :
|
key is only generated when it equals to |
@kvch currently Here a patch so the documentation doesn't [LAST EDIT] is it still weird written like this ? It requires some adjustments, at least:
diff --git a/docs/conf.py b/docs/conf.py
index d6fde9be..5f0ab02b 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -27,9 +27,15 @@ numfig = True
exclude_patterns = ['build-templates/*.rst']
-from searx import webapp
+import searx.search
+import searx.engines
+import searx.plugins
+searx.search.initialize()
jinja_contexts = {
- 'webapp': dict(**webapp.__dict__),
+ 'webapp': {
+ 'engines': searx.engines.engines,
+ 'plugins': searx.plugins.plugins
+ },
}
# usage:: lorem :patch:`f373169` ipsum
diff --git a/searx/__init__.py b/searx/__init__.py
index 9bbc7c8c..579fcf66 100644
--- a/searx/__init__.py
+++ b/searx/__init__.py
@@ -61,6 +61,3 @@ if 'SEARX_SECRET' in environ:
if 'SEARX_BIND_ADDRESS' in environ:
settings['server']['bind_address'] = environ['SEARX_BIND_ADDRESS']
-if not searx_debug and settings['server']['secret_key'] == 'ultrasecretkey':
- logger.error('server.secret_key is not changed. Please use something else instead of ultrasecretkey.')
- exit(1)
--- a/searx/webapp.py
+++ b/searx/webapp.py
@@ -1141,3 +1141,7 @@ app.wsgi_app = ReverseProxyPathFix(ProxyFix(application.wsgi_app))
if __name__ == "__main__":
run()
+
+if not searx_debug and settings['server']['secret_key'] == 'ultrasecretkey':
+ logger.error('server.secret_key is not changed. Please use something else instead of ultrasecretkey.')
+ exit(1) So this fix Line 2 in 59217bb
My idea about the generated key is to avoid an open proxy, and yes it breaks the links, but only for misconfigured instance. |
What is the problem with this PR? Every time I implement the solution other solutions are preferred. If this PR does not match the needs and someone knows a better solution close it |
Note: the patch just above is a different thing, basically it shows the documentation doesn't depend on the webapp only some other components. |
The patch just above is totally OK for me, but it is not mine solution. Lets close this PR and send a PR with your solution. BTW: the main problem is loading setup stuff and decide to exit the whole execution at import time. Your patch reduces the problem to the webapp, so I would prefer your solution. |
Before this commit the secret_key is checked as soon as the searx module is imported. So the documentation, utils/standalone_searx.py have to set SEARX_DEBUG=1 With this commit: * searx check the secret_key when the webapp is loaded * after searx loads that the engines. For reference see searx#2386
Without this commit the module searx checks the secret_key value. With this commit, make docs, utils/standalone_searx.py, utils/fetch_firefox_version.py works without SEARX_DEBUG=1 For reference see searx#2386
Without this commit the module searx checks the secret_key value. With this commit, make docs, utils/standalone_searx.py, utils/fetch_firefox_version.py works without SEARX_DEBUG=1 For reference see searx#2386
Without this commit the module searx checks the secret_key value. With this commit, make docs, utils/standalone_searx.py, utils/fetch_firefox_version.py works without SEARX_DEBUG=1 For reference see searx#2386
What does this PR do?
fix #2256
Related issues
Closes #2278