From ea3255835a259516c7a8b62eb319a338cebf7e9f Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Tue, 28 Apr 2020 16:21:45 +0200 Subject: [PATCH] utils/morty.sh: set morty key to avoid service abuse - https://github.com/asciimoo/searx/issues/1871#issuecomment-592459798 make install all generates random MORTY_KEY, install service with that key and sets option in the searx settingy.yml file. Signed-off-by: Markus Heiser --- utils/morty.sh | 5 ++++- utils/searx.sh | 4 ++-- utils/templates/lib/systemd/system/morty.service | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/utils/morty.sh b/utils/morty.sh index 851b8864d..6b90db581 100755 --- a/utils/morty.sh +++ b/utils/morty.sh @@ -208,6 +208,9 @@ main() { } install_all() { + + MORTY_KEY="$(head -c 32 /dev/urandom | base64)" + rst_title "Install $SERVICE_NAME (service)" assert_user wait_key @@ -233,7 +236,7 @@ install_all() { fi info_searx if ask_yn "Add image and result proxy to searx settings.yml?" Yn; then - "${REPO_ROOT}/utils/searx.sh" option result-proxy "${PUBLIC_URL_MORTY}" + "${REPO_ROOT}/utils/searx.sh" option result-proxy "${PUBLIC_URL_MORTY}" "${MORTY_KEY}" "${REPO_ROOT}/utils/searx.sh" option image-proxy-on fi diff --git a/utils/searx.sh b/utils/searx.sh index 48521f606..7013ec750 100755 --- a/utils/searx.sh +++ b/utils/searx.sh @@ -584,7 +584,7 @@ set_result_proxy() { # usage: set_result_proxy [] - info_msg "try to set result proxy: $1" + info_msg "try to set result proxy: '$1' ($2)" cp "${SEARX_SETTINGS_PATH}" "${SEARX_SETTINGS_PATH}.bak" _set_result_proxy "$1" "$2" > "${SEARX_SETTINGS_PATH}" } @@ -593,7 +593,7 @@ _set_result_proxy() { local line local stage=0 local url=" url: $1" - local key=" key: $2" + local key=" key: !!binary \"$2\"" if [[ -z $2 ]]; then key= fi diff --git a/utils/templates/lib/systemd/system/morty.service b/utils/templates/lib/systemd/system/morty.service index d463c5097..25b676b51 100644 --- a/utils/templates/lib/systemd/system/morty.service +++ b/utils/templates/lib/systemd/system/morty.service @@ -10,7 +10,7 @@ Type=simple User=${SERVICE_USER} Group=${SERVICE_GROUP} WorkingDirectory=${SERVICE_HOME} -ExecStart=${SERVICE_HOME}/go-apps/bin/morty -key '' -listen '${MORTY_LISTEN}' -timeout ${MORTY_TIMEOUT} +ExecStart=${SERVICE_HOME}/go-apps/bin/morty -key '${MORTY_KEY}' -listen '${MORTY_LISTEN}' -timeout ${MORTY_TIMEOUT} Restart=always Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME} DEBUG=${SERVICE_ENV_DEBUG}