i6>dZddlmZmZmZddlZddlZddlZddlm Z ddl m Z m Z ddl mZddl mZd Z d Z d Z d Z e j(d Z ddeezdej*defdZdej*defdZdeezdej*defdZdefdZdefdZy)a Method ``link_token`` --------------------- The ``link_token`` method evaluates a request as :py:obj:`suspicious ` if the URL ``/client.css`` is not requested by the client. By adding a random component (the token) in the URL, a bot can not send a ping by request a static URL. .. note:: This method requires a valkey DB and needs a HTTP X-Forwarded-For_ header. To get in use of this method a flask URL route needs to be added: .. code:: python @app.route('/client.css', methods=['GET', 'POST']) def client_token(token=None): link_token.ping(request, token) return Response('', mimetype='text/css') And in the HTML template from flask a stylesheet link is needed (the value of ``link_token`` comes from :py:obj:`get_token`): .. code:: html .. _X-Forwarded-For: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For ) IPv4Network IPv6Network ip_addressN) secret_hash) get_networklogger)config)valkeydbiXizSearXNG_limiter.pingzSearXNG_limiter.tokenzbotdetection.link_tokennetworkrequestrenewc tj}t||}|j|s"t j d|j |y|r|j|dtt jd|j |y)zChecks whether a valid ping is exists for this (client) network, if not this request is rated as *suspicious*. If a valid ping exists and argument ``renew`` is ``True`` the expire time of this ping is reset to :py:obj:`PING_LIVE_TIME`. z#missing ping (IP: %s) / request: %sTrexz(found ping for (client) network %s -> %sF) r get_valkey_client get_ping_keygetr info compressedsetPING_LIVE_TIMEdebug)r r r valkey_clientping_keys ./root/searxng/searx/botdetection/link_token.py is_suspiciousrIsy..0MGW-H   X & 97;M;MxX (A.9 LL;W=O=OQYZ tokencNtj}tj}t |syt |j }t||}t||}tjd|j|j||j|dty)zThis function is called by a request to URL ``/client.css``. If ``token`` is valid a :py:obj:`PING_KEY` for the client is stored in the DB. The expire time of this ping-key is :py:obj:`PING_LIVE_TIME`. Nz4store ping_key for (client) network %s (IP %s) -> %srr)r rr get_global_cfgtoken_is_validr remote_addrrrr rrrr)r rrcfgreal_ipr rs rpingr&]s ..0M    !C % ,,-G'3'GGW-H LL>@R@RT[TfTfhphn5rreturnctdzt|j|jj ddz|jj ddzzdzS)z\Generates a hashed key that fits (more or less) to a *WEB-browser session* in a network.[zAccept-Languagez User-Agent])PING_KEYrrheadersr)r r s rrrssc       !4!45F!K KgooNaNabnprNs s    rcL|tk(}tjd||S)Nztoken is valid --> %s) get_tokenr r)rvalids rr"r"s" Y[ E LL(%0 Lrc tj}|jt}|r|j d}|Sdj dtdD}|jt|t|S#t$rYywxYw)a Returns current token. If there is no currently active token a new token is generated randomly and stored in the Valkey DB. Without without a database connection, string "12345678" is returned. - :py:obj:`TOKEN_LIVE_TIME` - :py:obj:`TOKEN_KEY` 12345678zUTF-8r*c3K|]8}tjtjtjz:yw)N)randomchoicestringascii_lowercasedigits).0_s r zget_token..s)aRS f&<&Ar) r r ValueErrorr TOKEN_KEYdecodejoinrangerTOKEN_LIVE_TIME)rrs rr/r/s 224   i (E  W% LaW\]_W`aa)U? L sA?? B  B )F)__doc__ ipaddressrrrr6r4flasksearx.valkeylibr_helpersrr r*r r rBrr,r>getChildRequestboolrstrr&rr"r/rrrMs"H  ' ,< !A # 9 2 3;4u}}UY(6%--66, + 3 emm PS T 3r