14 Commits

Author SHA1 Message Date
dependabot[bot]
81c9c23862 [upd] github-actions: Bump actions/setup-node from 6.4.0 to 7.0.0 (#6423)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.4.0 to 7.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](48b55a011b...8207627860)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-17 14:27:38 +02:00
dependabot[bot]
6913fba208 [upd] pypi: Bump the minor group with 2 updates (#6425)
Bumps the minor group with 2 updates: [typer](https://github.com/fastapi/typer) and [selenium](https://github.com/SeleniumHQ/Selenium).


Updates `typer` from 0.26.8 to 0.27.0
- [Release notes](https://github.com/fastapi/typer/releases)
- [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md)
- [Commits](https://github.com/fastapi/typer/compare/0.26.8...0.27.0)

Updates `selenium` from 4.45.0 to 4.46.0
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](https://github.com/SeleniumHQ/Selenium/compare/selenium-4.45.0...selenium-4.46.0)
2026-07-17 14:24:17 +02:00
Bnyro
2daa4d4815 [fix] qwant: can't fetch engine traits because engine.about is no longer a dict 2026-07-17 12:27:46 +02:00
Bnyro
de8f73f434 [fix] cache: maintenance period comment duration 2h instead of 1h 2026-07-17 12:24:47 +02:00
Bnyro
9f9c00819e [fix] tiger: remember auth cookie for 2 months, not 1 day 2026-07-16 23:31:59 +02:00
Bnyro
b72a87676f [fix] public domain image archive: crashes upon response
The code used here has always been "bad" because `about` shouldn't be used
as data source, but the engine probably broke when type checks / dataclasses
for the about parameter in engines has been added with
<https://github.com/searxng/searxng/pull/6258>.

Error log:
```
WARNING searx.engines.public domain im: ErrorContext('searx/engines/public_domain_image_archive.py', 143, '\'url\': _clean_url(f"{about[\'website\']}/images/{result[\'objectID\']}"),', 'TypeError', None, ("'EngineAbout' object is not subscriptable",)) False
ERROR   searx.engines.public domain im: exception : 'EngineAbout' object is not subscriptable
Traceback (most recent call last):
  File "/home/bnyro/Projects/searxng/searx/search/processors/online.py", line 253, in search
    search_results = self._search_basic(query, params)
  File "/home/bnyro/Projects/searxng/searx/search/processors/online.py", line 239, in _search_basic
    return self.engine.response(response)
           ~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^
  File "/home/bnyro/Projects/searxng/searx/engines/public_domain_image_archive.py", line 143, in response
    'url': _clean_url(f"{about['website']}/images/{result['objectID']}"),
                         ~~~~~^^^^^^^^^^^
TypeError: 'EngineAbout' object is not subscriptable
```
2026-07-16 15:50:58 +02:00
Bnyro
f2432e33d6 [fix] engine cache: return default value when cache entry expired
It's possible that it's expired but has not yet been automatically deleted
by the periodic maintenance because that, by default, runs only every 2 hours.

Related:
- see https://github.com/searxng/searxng/pull/6409#discussion_r3584712601
2026-07-16 12:37:26 +02:00
vojkovic
7b2199ecdf [fix] autocomplete suggestrelevance scores for chromium 2026-07-15 23:45:25 +08:00
Bnyro
4a9c19d7bf [mod] images.html: display all engines that found the result, not only the first one 2026-07-15 17:44:11 +02:00
Bnyro
5cb4cb2bc5 [fix] qwant: engine blocked with captcha
Qwant now requires a `datadome` cookie that it returns
in the first search response as a `Set-Cookie`.

This cookie has to be sent for all requests, otherwise they
will be blocked.

This means that now, the first search request is blocked (results in CAPTCHA),
and only the subsequent searches work (same happens on the Qwant website for me).

However, I don't think it's worth repeating the same
search request multiple times very quickly because
that also makes us more suspicious.
2026-07-15 17:39:10 +02:00
Bnyro
5a448596ab [feat] engines: add avalw.org (general)
The index is very small, so it often doesn't find anything.

It also has news support, but the results are unusable.
2026-07-15 17:38:46 +02:00
Bnyro
9c49b7e0d7 [fix] results: display internationalized domain names human-friendly
Some search engines encode domains that contain special characters
in the IDN format, i.e. by using Punycode (https://en.wikipedia.org/wiki/Punycode).

This means that domains formatted like that are not human readable
and thus very unintuive.

Also, as only some engines use Punycode, this often causes a result
to appear multiple times, once with a Punycode domain (e.g. xn--allestrungen-9ib.de),
and once with a normal domain (e.g. allestörungen.de).

Always formatting the domains nicely has the caveat that the official sites
are harder to distinguish from malicious clones that just swapped out some
characters by using Punycode, e.g. replaced `a` with `á`. I don't think
that will be much of an issue though - I don't think Punycode results
previously stopped users from clicking the link, and I also think that
most search engines filter out such bad results or don't even have them
indexed.
2026-07-15 17:38:04 +02:00
Bnyro
58e02a01ae [fix] tusksearch: fix engine blocked by bot protection
Changes:
- the `embed.js` request now requires a user agent header
- we include a user agent in the "actual" request (I dropped it by accident)
- we only send the first 4 decimal places of the location
  instead of 7+ (not required, but harder to detect)
2026-07-14 20:32:31 +02:00
Bnyro
7fa9f16225 [fix] heexy: blocked by cloudflare 2026-07-14 20:32:18 +02:00
14 changed files with 88 additions and 31 deletions

View File

@@ -67,7 +67,7 @@ jobs:
python-version: "${{ env.PYTHON_VERSION }}"
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
uses: actions/setup-node@820762786026740c76f36085b0efc47a31fe5020 # v7.0.0
with:
node-version: "26"
check-latest: "true"

View File

@@ -4,7 +4,7 @@ cov-core==1.15.0
black==25.9.0
pylint==4.0.6
splinter==0.21.0
selenium==4.45.0
selenium==4.46.0
Sphinx==8.2.3;python_version <= "3.11"
Sphinx==9.1.0; python_version > "3.11"
sphinx-issues==6.0.0

View File

@@ -13,7 +13,7 @@ sniffio==1.3.1
valkey==6.1.1
markdown-it-py==4.2.0
msgspec==0.21.1
typer==0.26.8
typer==0.27.0
isodate==0.7.2
whitenoise==6.12.0
typing-extensions==4.16.0

View File

@@ -48,7 +48,7 @@ class ExpireCacheCfg(msgspec.Struct): # pylint: disable=too-few-public-methods
MAXHOLD_TIME: int = 60 * 60 * 24 * 7 # 7 days
"""Hold time (default in sec.), after which a value is removed from the cache."""
MAINTENANCE_PERIOD: int = 60 * 60 # 2h
MAINTENANCE_PERIOD: int = 60 * 60 # 1h
"""Maintenance period in seconds / when :py:obj:`MAINTENANCE_MODE` is set to
``auto``."""
@@ -458,12 +458,22 @@ class ExpireCacheSQLite(sqlitedb.SQLiteAppl, ExpireCache):
# Before values are taken from the table, a maintenance interval may
# need to be carried out.
self.maintenance()
sql = f"SELECT value FROM {table} WHERE key = ?"
sql = f"SELECT value, expire FROM {table} WHERE key = ?"
row = self.DB.execute(sql, (key,)).fetchone()
if row is None:
return default
return self.deserialize(row[0])
# Check if value is expired. It's possible that it's expired but has not
# yet been automatically deleted by the periodic maintenance
(value, expire) = row
now = time.time()
if expire < now:
# The record is deleted during the maintenance interval. Deleting
# the record at this point offers no advantage, as a SELECT
# statement must be executed for every cache.get request anyways.
return default
return self.deserialize(value)
def pairs(self, ctx: str) -> Iterator[tuple[str, typing.Any]]:
"""Iterate over key/value pairs from table given by argument ``ctx``.

View File

@@ -47,7 +47,7 @@ ENGINES_CACHE: ExpireCacheSQLite = ExpireCacheSQLite.build_cache(
ExpireCacheCfg(
name="ENGINES_CACHE",
MAXHOLD_TIME=60 * 60 * 24 * 7, # 7 days
MAINTENANCE_PERIOD=60 * 60, # 2h
MAINTENANCE_PERIOD=60 * 60, # 1h
MAX_VALUE_LEN=1024 * 1024 * 1024, # 1MB
)
)

View File

@@ -68,7 +68,9 @@ def _get_api_token(query: str) -> str:
if cached_token:
return cached_token
resp = get(f"{base_url}/search?q={query}", headers={"User-Agent": gen_useragent()})
resp = get(
f"{base_url}/search?q={query}", headers={"User-Agent": gen_useragent(), "Accept-Language": "en-US,en:q=0.9"}
)
if not resp.ok:
raise SearxEngineAPIException("failed to obtain request token: invalid response code")
@@ -76,7 +78,7 @@ def _get_api_token(query: str) -> str:
if not token:
raise SearxEngineAPIException("failed to obtain request token: no token found")
CACHE.set("token", token)
CACHE.set("token", token, expire=3 * 60)
return token

View File

@@ -140,7 +140,7 @@ def response(resp):
results.append(
{
'template': 'images.html',
'url': _clean_url(f"{about['website']}/images/{result['objectID']}"),
'url': _clean_url(f"{pdia_base_url}/images/{result['objectID']}"),
'img_src': _clean_url(base_image_url),
'thumbnail_src': _clean_url(base_image_url + THUMBNAIL_SUFFIX),
'title': f"{result['title'].strip()} by {result['artist']} {result.get('displayYear', '')}",

View File

@@ -51,6 +51,7 @@ from urllib.parse import urlencode
import babel
from flask_babel import gettext # pyright: ignore[reportUnknownVariableType]
from searx.enginelib import EngineCache
from searx.enginelib.traits import EngineTraits
from searx.exceptions import (
SearxEngineAccessDeniedException,
@@ -105,9 +106,19 @@ qwant_news_locales = [
]
# fmt: on
base_url = "https://www.qwant.com"
api_url = "https://api.qwant.com/v3/search/"
"""URL of Qwant's API (JSON)"""
CACHE: EngineCache
"""Cache for storing the ``datadome`` cookie."""
def setup(engine_settings: dict[str, t.Any]) -> bool:
global CACHE # pylint: disable=global-statement
CACHE = EngineCache(engine_settings["name"])
return True
def request(query: str, params: "OnlineParams") -> None:
"""Qwant search request"""
@@ -129,24 +140,29 @@ def request(query: str, params: "OnlineParams") -> None:
"tgp": test_group_value,
"device": "desktop",
"safesearch": params["safesearch"],
"display": True,
"llm": True,
# True would be encoded to "True", instead of "true", which makes the request
# easier to detect and block
"displayed": "true",
"llm": "true",
}
# shuffle query parameters to be harder to fingerprint
args = list(args.items())
random.shuffle(args)
args = dict(args)
params["raise_for_httperror"] = False
params["url"] = f"{api_url}{qwant_categ}?{urlencode(args)}"
params["cookies"]["datadome"] = CACHE.get("datadome")
params["headers"].update({"Accept": "application/json", "Referer": f"{base_url}/", "Origin": base_url})
def response(resp: "SXNG_Response") -> EngineResults:
"""Parse results from Qwant's API"""
# pylint: disable=too-many-locals, too-many-branches, too-many-statements
# cache datadome cookie - changes on each request
datadome = resp.cookies.get("datadome")
if datadome:
CACHE.set("datadome", datadome)
res = EngineResults()
# Try to load JSON result
@@ -163,8 +179,8 @@ def response(resp: "SXNG_Response") -> EngineResults:
error_code = data.get("error_code")
if error_code == 24:
raise SearxEngineTooManyRequestsException()
if search_results.get("data", {}).get("error_data", {}).get("captchaUrl") is not None:
raise SearxEngineCaptchaException()
if search_results.get("url") is not None:
raise SearxEngineCaptchaException(suspended_time=0)
if resp.status_code == 403:
raise SearxEngineAccessDeniedException()
msg = ",".join(data.get("message", ["unknown"]))
@@ -302,7 +318,7 @@ def fetch_traits(engine_traits: EngineTraits):
from searx.utils import extr
resp = get(
about["website"], # pyright: ignore[reportArgumentType]
base_url, # pyright: ignore[reportArgumentType]
timeout=5,
)
if not resp.ok:

View File

@@ -117,7 +117,7 @@ def _obtain_session_code() -> str:
if not code:
raise SearxEngineAPIException("failed to obtain session code")
CACHE.set("session", code, expire=60 * 24 * 60) # cookie is valid for two months
CACHE.set("session", code, expire=60 * 24 * 60 * 60) # cookie is valid for two months
return code

View File

@@ -13,7 +13,7 @@ from dateutil import parser
from searx.exceptions import SearxEngineAPIException
from searx.network import get
from searx.utils import html_to_text
from searx.utils import gen_useragent, html_to_text
from searx.result_types import EngineResults
if t.TYPE_CHECKING:
@@ -52,7 +52,7 @@ def _obtain_x_sid() -> tuple[str, str]:
The header key is usually called `x-sid-{UUIDv4}`, and the value is
usually a plain UUIDv4 (but a different one than in the header key).
"""
resp = get(f"{api_url}/revcontent/embed.js")
resp = get(f"{api_url}/revcontent/embed.js", headers={"User-Agent": gen_useragent()})
if not resp.ok:
raise SearxEngineAPIException("failed to obtain request x-sid token")
@@ -89,12 +89,14 @@ def request(query: str, params: "OnlineParams") -> None:
params["url"] = f"{api_url}/Search/Web?{urlencode(args)}"
x_sid_header, x_sid_value = _obtain_x_sid()
params["headers"] = {
x_sid_header: x_sid_value,
# required - we send a random longitude and latitude instead of the actual user location
'x-lon': str(random.random() * 90),
'x-lat': str(random.random() * 90),
}
params["headers"].update(
{
x_sid_header: x_sid_value,
# required - we send a random longitude and latitude instead of the actual user location
"x-lon": str(round(random.random() * 90, 4)),
"x-lat": str(round(random.random() * 90, 4)),
}
)
def response(resp: "SXNG_Response"):

View File

@@ -52,6 +52,12 @@ def _normalize_url_fields(result: "Result | LegacyResult"):
result.parsed_url = urllib.parse.urlparse(result.url)
if result.parsed_url:
# properly format special characters (e.g. "ä", "ö") in IDN domains
# e.g. "xn--strung-xxa.de" becomes "störung.de"
if result.parsed_url.netloc.startswith("xn--"):
netloc = result.parsed_url.netloc.encode().decode("idna")
result.parsed_url = result.parsed_url._replace(netloc=netloc)
result.parsed_url = result.parsed_url._replace(
# if the result has no scheme, use http as default
scheme=result.parsed_url.scheme or "http",

View File

@@ -477,6 +477,24 @@ engines:
engine: arxiv
shortcut: arx
- name: avalw
engine: json_engine
shortcut: av
categories: general
paging: true
search_url: https://avalw.org/api/search?q={query}&page={pageno}&limit=10&tbm=all
results_query: results
url_query: url
title_query: title
content_query: snippet
thumbnail: image_url
disabled: true
inactive: true
about:
website: https://avalw.com
description: "Search engine from the Romanian news company AVALW S.R.L."
results: JSON
- name: ayo
engine: xpath
categories: general

View File

@@ -60,7 +60,7 @@
</p>
<p class="result-filesize">{{ _label(_("Filesize"), result.filesize) }}</p>
<p class="result-source">{{ _label(_("Source"), result.source) }}</p>
<p class="result-engine">{{ _label(_("Engine"), result.engine) }}</p>
<p class="result-engines">{{ _label(_("Engines"), ", ".join(result.engines)) }}</p>
<p class="result-url"><span>{{ _("View source") }}:</span>{{- "" -}}
<a {{ _target(results_on_new_tab) }} href="{{ result.url }}">{{ result.url }}</a>
</p>

View File

@@ -845,7 +845,10 @@ def autocompleter():
mimetype = 'application/json'
else:
# the suggestion request comes from browser's URL bar
suggestions = json.dumps([sug_prefix, results])
relevances = {
'google:suggestrelevance': [600 - i for i in range(len(results))]
} # chromium only shows 3 suggestions unless we attach relevances
suggestions = json.dumps([sug_prefix, results, [], [], relevances])
mimetype = 'application/x-suggestions+json'
suggestions = escape(suggestions, False)