Commit Graph

205 Commits

Author SHA1 Message Date
Markus Heiser b355430eca
Merge ca85d20204 into 0f9694c90b 2024-11-24 02:01:36 +00:00
Markus Heiser a7d02d4101 [doc] documentation of the favicons infrastructure
Run ``make docs.live`` and visit http://0.0.0.0:8000/admin/searx.favicons.html

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-10-05 08:18:28 +02:00
Markus Heiser 7ab577a1fb [mod] Revision of the favicon solution
All favicons implementations have been documented and moved to the Python
package:

    searx.favicons

There is a configuration (based on Pydantic) for the favicons and all its
components:

    searx.favicons.config

A solution for caching favicons has been implemented:

    searx.favicon.cache

If the favicon is already in the cache, the returned URL is a data URL [1]
(something like `data:image/png;base64,...`).  By generating a data url from
the FaviconCache, additional HTTP roundtripps via the favicon_proxy are saved:

    favicons.proxy.favicon_url

The favicon proxy service now sets a HTTP header "Cache-Control: max-age=...":

    favicons.proxy.favicon_proxy

The resolvers now also provide the mime type (data, mime):

    searx.favicon.resolvers

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-10-05 08:18:28 +02:00
Brock Vojkovic e17d7632d0 [feat] add favicons to result urls 2024-10-05 08:18:28 +02:00
Bnyro e4b2823abd [feat] simple theme: pure black theme style 2024-10-03 10:53:17 +02:00
Grant Lanham 0b832f19bf [fix] Removes ``/>`` ending tags for void HTML elements
Removes ``/>`` ending tags for void elements [1] and replaces them with ``>``.
Part of the larger cleanup to cleanup invalid HTML throughout the codebase [2].

[1] https://html.spec.whatwg.org/multipage/syntax.html#void-elements
[2] https://github.com/searxng/searxng/issues/3793
2024-09-15 15:19:51 +02:00
Markus Heiser 2039060b64 [mod] revision of the settings_loader
The intention of this PR is to modernize the settings_loader implementations.
The concept is old (remember, this is partly from 2014), back then we only had
one config file, meanwhile we have had a folder with config files for a very
long time.  Callers can now load a YAML configuration from this folder as
follows ::

    settings_loader.get_yaml_cfg('my-config.yml')

- BTW this is a fix of #3557.

- Further the `existing_filename_or_none` construct dates back to times when
  there was not yet a `pathlib.Path` in all Python versions we supported in the
  past.

- Typehints have been added wherever appropriate

At the same time, this patch should also be downward compatible and not
introduce a new environment variable. The localization of the folder with the
configurations is further based on:

    SEARXNG_SETTINGS_PATH (wich defaults to /etc/searxng/settings.yml)

Which means, the default config folder is `/etc/searxng/`.

ATTENTION: intended functional changes!

 If SEARXNG_SETTINGS_PATH was set and pointed to a not existing file, the
 previous implementation silently loaded the default configuration.  This
 behavior has been changed: if the file or folder does not exist, an
 EnvironmentError exception will be thrown in future.

Closes: https://github.com/searxng/searxng/issues/3557
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-07-14 18:10:06 +02:00
Markus Heiser ca85d20204 [mod] set HTTP GET method by default
HTTP GET vs POST
================

Already diskussed in "Method POST harms UX without providing a tangible privacy
benefit" [1].  At that time we agreed to POST.  However, as we are having more
and more drawbacks with POST, I suggest that we reconsider our previous
decision. The latest cause was [2], but we also have other problems that
negatively affect the UI [1]:

* Open Link in New Tab: does not work for our search result tabs because they
  aren't actual links.

* Bookmarking: a search becomes more difficult with POST. You cannot just press
  a browser keyboard shortcut `Ctrl+D` ... no you have to copy the Search URL from
  the sidebar. This can pose a real struggle for less technically-minded users.

* Sharing: a search with somebody else becomes more difficult with POST (for
  the same reason).

Lock HTTP method in the preferences
===================================

If the user changes the HTTP method in his settings, e.g. from GET to POST, but
has not removed the SearXNG instance from the WEB browser and added it again,
the WEB browser will continue to work with the old setting (GET), while entries
in the HTML form use the newly set method (POST). Not realted to this commit,
but this complication is also known from autocomplete[3].

Only very few maintainers are aware of this fact and probably none of the users
know about it.  We should provide a setup in our defaults that is manageable in
its entirety and comprehensible for the user.  For this reason, the option to
select the HTTP method in the preferences is also disabled in this commit.

[1] https://github.com/searxng/searxng/issues/711
[2] https://github.com/searxng/searxng/issues/3590
[3] https://github.com/searxng/searxng/pull/2333#issuecomment-1565392120

Closes: https://github.com/searxng/searxng/issues/3590
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-06-28 15:14:33 +02:00
holysoles 7be468d213 [feat] docker: add env vars for common public instance settings 2024-06-14 14:58:02 +02:00
Ember cb945276b6 Change 'his/her' to 'them' 2024-06-13 10:23:01 +02:00
Bnyro 3bec04079c [feat] hostname replace plugin: possibility to prioritize certain websites
Co-authored-by: Markus Heiser <markus.heiser@darmarit.de>
2024-06-07 14:42:52 +02:00
Markus Heiser ab8e5383fb [mod] remove X-XSS-Protection headers
Deprecated header not used by browsers nowadays[1]:

"""In modern browsers, X-XSS-Protection has been deprecated in favor of the
Content-Security-Policy to disable the use of inline JavaScript. Its use can
introduce XSS vulnerabilities in otherwise safe websites. This should not be
used unless you need to support older web browsers that don’t yet support CSP.
It is thus recommended to set the header as X-XSS-Protection: 0."""[2]

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
[2] https://infosec.mozilla.org/guidelines/web_security#x-xss-protection

Closes: https://github.com/searxng/searxng/issues/3171
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-01-31 17:23:41 +01:00
Markus Heiser f9c5727ddc [mod] get rid of ./utils/brand.env and its workflow
All the environments defined in ./utils/brand.env are generated on the fly, so
there is no longer a need to define the brand environment in this file and all
the workflows to handle this file.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-01-09 16:31:19 +01:00
Alexandre Flament bd3f526859
Docker: add UWSGI_WORKERS and UWSGI_THREAD environment variables (#2992)
* Docker: add UWSGI_WORKERS and UWSGI_THREAD.

UWSGI_WORKERS specifies the number of process.
UWSGI_THREADS specifies the number of threads.

The Docker convention is to specify the whole configuration
through environment variables. While not done in SearXNG, these two
additional variables allows admins to skip uwsgi.ini

In additional, https://github.com/searxng/preview-environments starts Docker
without additional files through searxng-helm-chat.
Each instance consumes 1Go of RAM which is a lot especially when there are a
lot of instances / pull requests.

* [scripts] add environments UWSGI_WORKERS and UWSGI_THREADS

- UWSGI_WORKERS specifies the number of process.
- UWSGI_THREADS specifies the number of threads.

Templates for uwsgi scripts can be tested by::

    UWSGI_WORKERS=8 UWSGI_THREADS=9 \
      ./utils/searxng.sh --cmd\
      eval "echo \"$(cat utils/templates/etc/uwsgi/*/searxng.ini*)\""\
      | grep "workers\|threads"

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>

---------

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Co-authored-by: Markus Heiser <markus.heiser@darmarit.de>
2023-11-12 16:46:34 +00:00
Markus Heiser d13a8f6453 [mod] document server:public_instance & remove it out of the botdetection
- the option server:public_instance lacks some documentation
- the processing of this option belongs in the limiter and not
  in botdetection module

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-11-01 06:44:56 +01:00
Markus Heiser fd814aac86 [mod] isolation of botdetection from the limiter
This patch was inspired by the discussion around PR-2882 [2].  The goals of this
patch are:

1. Convert plugin searx.plugin.limiter to normal code [1]
2. isolation of botdetection from the limiter [2]
3. searx/{tools => botdetection}/config.py and drop searx.tools
4. in URL /config, 'limiter.enabled' is true only if the limiter is really
   enabled (Redis is available).

This patch moves all the code that belongs to botdetection into namespace
searx.botdetection and code that belongs to limiter is placed in namespace
searx.limiter.

Tthe limiter used to be a plugin at some point botdetection was added, it was
not a plugin.  The modularization of these two components was long overdue.
With the clear modularization, the documentation could then also be organized
according to the architecture.

[1] https://github.com/searxng/searxng/pull/2882
[2] https://github.com/searxng/searxng/pull/2882#issuecomment-1741716891

To test:

- check the app works without the limiter, check `/config`
- check the app works with the limiter and with the token, check `/config`
- make docs.live .. and read
  - http://0.0.0.0:8000/admin/searx.limiter.html
  - http://0.0.0.0:8000/src/searx.botdetection.html#botdetection

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-11-01 06:44:56 +01:00
Alex Balgavy 5d53aac20f [mod] add hotkeys option to settings.yml
The change in the hotkey mechanism introduced in 317db5b04 does not allow
configuration via `settings.yml`.  This commit adds that functionality.

Closes: #2898
2023-10-09 18:13:00 +02:00
Bnyro 26fed56d51 [mod] settings.yml: remove plugin settings for plugins that don't exist anymore 2023-09-29 11:26:49 +02:00
Markus Heiser 597c68b4aa [doc] move dosc of botdetection from developer to admin section
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-09-23 14:00:03 +02:00
Bnyro a55e0ac553 [feat] search on category select without JS
Co-authored-by: Alexandre Flament <alex@al-f.net>
2023-09-18 21:29:11 +02:00
jazzzooo 223b3487c3 [fix] spelling 2023-09-18 16:20:27 +02:00
Bnyro df71c24b20 [mod] autocomplete.py: add support for mwmbl completions 2023-08-27 17:25:26 +02:00
ToxyFlog1627 f175574f37 [fix] typos in documentation & messages 2023-08-13 08:50:29 +02:00
Markus Heiser 01c0ec5d19 [fix] typo in docs/admin/settings/settings_general.rst (doc)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-08-11 11:07:38 +02:00
Markus Heiser 64100db904 [doc] improve documentation of make targets and ./manage script
BTW force modularization of the ./mange script into sub modules:

- utils/lib_sxng_data.sh
- utils/lib_sxng_node.sh
- utils/lib_sxng_static.sh
- utils/lib_sxng_test.sh
- utils/lib_sxng_themes.sh

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-08-06 19:37:12 +02:00
Markus Heiser 5720844fcd [doc] rearranges Settings & Engines docs for better readability
We have built up detailed documentation of the *settings* and the *engines* over
the past few years.  However, this documentation was still spread over various
chapters and was difficult to navigate in its entirety.

This patch rearranges the Settings & Engines documentation for better
readability.

To review new ordered docs::

   make docs.clean docs.live

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-07-01 22:45:19 +02:00
Markus Heiser e8706fb738 [fix] engine & network issues / documentation and type annotations
This patch fixes some quirks and issues related to the engines and the network.
Each engine has its own network and this network was broken for the following
engines[1]:

- archlinux
- bing
- dailymotion
- duckduckgo
- google
- peertube
- startpage
- wikipedia

Since the files have been touched anyway, the type annotaions of the engine
modules has also been completed so that error messages from the type checker are
no longer reported.

Related and (partial) fixed issue:

- [1] https://github.com/searxng/searxng/issues/762#issuecomment-1605323861
- [2] https://github.com/searxng/searxng/issues/2513
- [3] https://github.com/searxng/searxng/issues/2515

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-06-25 13:58:26 +02:00
Markus Heiser 825846ed4b [doc] settings.yml: add missing $SEARXNG_REDIS_URL to the docs
Closes: https://github.com/searxng/searxng/issues/2499
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-06-16 07:49:41 +02:00
Markus Heiser 1ec325adcc [mod] limiter -> botdetection: modularization and documentation
In order to be able to meet the outstanding requirements, the implementation is
modularized and supplemented with documentation.

This patch does not contain functional change, except it fixes issue #2455

----

Aktivate limiter in the settings.yml and simulate a bot request by::

    curl -H 'Accept-Language: de-DE,en-US;q=0.7,en;q=0.3' \
         -H 'Accept: text/html'
         -H 'User-Agent: xyz' \
         -H 'Accept-Encoding: gzip' \
         'http://127.0.0.1:8888/search?q=foo'

In the LOG:

    DEBUG   searx.botdetection.link_token : missing ping for this request: .....

Since ``BURST_MAX_SUSPICIOUS = 2`` you can repeat the query above two time
before you get a "Too Many Requests" response.

Closes: https://github.com/searxng/searxng/issues/2455
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-29 14:54:56 +02:00
Markus Heiser 0ee27ba3aa [doc] answer CAPTCHA from server's IP
Related: https://github.com/searxng/searxng/issues/2011#issuecomment-1553317619
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-22 10:46:10 +02:00
Markus Heiser 007a615ffa [mod] donation_url: disable by default
SearXNG's donation campaign has been ended.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-05-15 09:19:17 +02:00
spalinger 1918fb2ea0 [fix] typos/grammar in docs 2023-04-21 06:51:44 +02:00
Markus Heiser a5dad3b7c8 [doc] slightly reorder the chapters & improve TOCs for better navigation
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-04-16 15:21:26 +02:00
xrrxr c9d55e3559
[doc] misspelling: weight 2023-04-09 21:21:55 +08:00
Markus Heiser f117f969d8 [mod] in the preference page, show !bang of subgrouping categories
The names of the subgrouping categories in the preference page are translated,
to use this categories the user needs to know by which !bang the category can be
selected.  Related to "Make 'non tab category' bangs discoverable" in [#690].

Related:

- [#690] https://github.com/searxng/searxng/issues/690
- https://github.com/searxng/searxng/issues/1604
- https://github.com/searxng/searxng/pull/1545

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-04-08 11:10:14 +02:00
Markus Heiser 8f79dd7659 [doc] additional descriptions about categories & categories_as_tabs
Add missing documentation of PR [#634].  Related to checkbox "Document how to
categorize engines" in [#690].

Related:

- [#634] https://github.com/searxng/searxng/pull/634#issuecomment-1004757502
- [#690] https://github.com/searxng/searxng/issues/690
- https://github.com/searxng/searxng/issues/1604
- https://github.com/searxng/searxng/pull/1545

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-04-07 12:56:45 +02:00
Markus Heiser 6e5f22e558 [mod] replace engines_languages.json by engines_traits.json
Implementations of the *traits* of the engines.

Engine's traits are fetched from the origin engine and stored in a JSON file in
the *data folder*.  Most often traits are languages and region codes and their
mapping from SearXNG's representation to the representation in the origin search
engine.

To load traits from the persistence::

    searx.enginelib.traits.EngineTraitsMap.from_data()

For new traits new properties can be added to the class::

    searx.enginelib.traits.EngineTraits

.. hint::

   Implementation is downward compatible to the deprecated *supported_languages
   method* from the vintage implementation.

   The vintage code is tagged as *deprecated* an can be removed when all engines
   has been ported to the *traits method*.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-03-24 10:37:42 +01:00
Markus Heiser 5820dc78ce [doc] slight improvements to the doc of the settings (base_url)
Closes: https://github.com/searxng/searxng/issues/2190

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-02-17 12:08:58 +01:00
blob42 27809c84f8 [doc] add example for enabling an engine disabled by default 2023-02-12 18:33:38 +01:00
Markus Heiser 031162be04 [doc] settings.py document search.suspended_times
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-01-29 19:26:16 +00:00
Alexandre Flament 3050e2b6e8 [fix] documentation about update-searxng.rst 2022-12-10 10:06:54 +01:00
Alexandre Flament b971167ced move searx.shared.redisdb to searx.redisdb 2022-12-10 09:26:38 +01:00
Alexandre FLAMENT e92755d358 Initialize Redis in searx/webapp.py
settings.yml:
* The default URL was unix:///usr/local/searxng-redis/run/redis.sock?db=0
* The default URL is now "false"

The default URL makes the log difficult to deal with:
if the admin didn't install a Redis instance, the logs record a false error.

It worked before because SearXNG initialized the Redis connection when the limiter started.

In this commit, SearXNG initializes Redis in searx/webapp.py
so various components can use Redis without taking care of the initialization step.
2022-11-05 17:45:52 +01:00
Alexandre Flament 32e8c2cf09 searx.network: add "verify" option to the networks
Each network can define a verify option:
* false to disable certificate verification
* a path to existing certificate.

SearXNG uses SSL_CERT_FILE and SSL_CERT_DIR when they are defined
see https://www.python-httpx.org/environment_variables/#ssl_cert_file
2022-10-14 13:59:22 +00:00
Markus Heiser ba8959ad7c [fix] typos / reported by @kianmeng in searx PR-3366
[PR-3366] https://github.com/searx/searx/pull/3366

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2022-09-27 18:32:14 +02:00
Markus Heiser ad8ffd222c [mod] option 'ui: cache_url:' to configure internet cache or archive
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2022-09-04 09:42:20 +02:00
Markus Heiser 8df1f0c47e [mod] add 'Accept-Language' HTTP header to online processores
Most engines that support languages (and regions) use the Accept-Language from
the WEB browser to build a response that fits to the language (and region).

- add new engine option: send_accept_language_header

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2022-08-01 17:01:59 +02:00
Markus Heiser 48968bf46a [doc] list of changes that affect the infrastructure
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2022-07-31 13:08:06 +02:00
Markus Heiser bded8750d5 [mod] fix minor leftovers from PR #1332
Related: https://github.com/searxng/searxng/pull/1332
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2022-07-30 16:13:47 +02:00
Léon Tiekötter e5323b8aa2 [docs] corrections from @tiekoetter's review 2022-07-30 13:39:35 +02:00