mirror of
https://github.com/searxng/searxng.git
synced 2025-10-31 10:37:06 -04:00
ce8929cabe
Replaces `x_for` functionality with `trusted_proxies`. This allows defining which IP / ranges to trust extracting the client IP address from X-Forwarded-For and X-Real-IP headers. We don't know if the proxy chain will give us the proper client address (REMOTE_ADDR in the WSGI environment), so we rely on reading the headers of the proxy before SearXNG (if there is one, in that case it must be added to trusted_proxies) hoping it has done the proper checks. In case a proxy in the chain does not check the client address correctly, integrity is compromised and this should be fixed by whoever manages the proxy, not us. Closes: - https://github.com/searxng/searxng/issues/4940 - https://github.com/searxng/searxng/issues/4939 - https://github.com/searxng/searxng/issues/4907 - https://github.com/searxng/searxng/issues/3632 - https://github.com/searxng/searxng/issues/3191 - https://github.com/searxng/searxng/issues/1237 Related: - https://github.com/searxng/searxng-docker/issues/386 - https://github.com/inetol-infrastructure/searxng-container/issues/81
67 lines
1.9 KiB
Python
67 lines
1.9 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""Implementation of the valkey client (valkey-py_).
|
|
|
|
.. _valkey-py: https://github.com/valkey-io/valkey-py
|
|
|
|
This implementation uses the :ref:`settings valkey` setup from ``settings.yml``.
|
|
A valkey DB connect can be tested by::
|
|
|
|
>>> from searx import valkeydb
|
|
>>> valkeydb.initialize()
|
|
True
|
|
>>> db = valkeydb.client()
|
|
>>> db.set("foo", "bar")
|
|
True
|
|
>>> db.get("foo")
|
|
b'bar'
|
|
>>>
|
|
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
import pwd
|
|
import logging
|
|
import warnings
|
|
|
|
import valkey
|
|
from searx import get_setting
|
|
|
|
_CLIENT: valkey.Valkey | None = None
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
def client() -> valkey.Valkey | None:
|
|
"""Returns SearXNG's global Valkey DB connector (Valkey client object)."""
|
|
return _CLIENT
|
|
|
|
|
|
def initialize():
|
|
global _CLIENT # pylint: disable=global-statement
|
|
if get_setting('redis.url'):
|
|
warnings.warn("setting redis.url is deprecated, use valkey.url", DeprecationWarning)
|
|
valkey_url = get_setting('valkey.url') or get_setting('redis.url')
|
|
if not valkey_url:
|
|
return False
|
|
try:
|
|
# create a client, but no connection is done
|
|
_CLIENT = valkey.Valkey.from_url(valkey_url)
|
|
|
|
# log the parameters as seen by the valkey lib, without the password
|
|
kwargs = _CLIENT.get_connection_kwargs().copy()
|
|
kwargs.pop('password', None)
|
|
kwargs = ' '.join([f'{k}={v!r}' for k, v in kwargs.items()])
|
|
logger.info("connecting to Valkey %s", kwargs)
|
|
|
|
# check the connection
|
|
_CLIENT.ping()
|
|
|
|
# no error: the valkey connection is working
|
|
logger.info("connected to Valkey")
|
|
return True
|
|
except valkey.exceptions.ValkeyError:
|
|
_CLIENT = None
|
|
_pw = pwd.getpwuid(os.getuid())
|
|
logger.exception("[%s (%s)] can't connect valkey DB ...", _pw.pw_name, _pw.pw_uid)
|
|
return False
|