From 67274e1566f08e8a62275eb7c5ac75a7769024d1 Mon Sep 17 00:00:00 2001
From: Joseph Nuthalapati <njoseph@thoughtworks.com>
Date: Tue, 20 Feb 2018 14:41:26 +0530
Subject: [PATCH] searx: Changes from code review

- Use 32-bit key for HMAC-256
- Use secrets library instead of os.urandom
- uwsgi enable/disable along with webserver enable/disable
- Text changes

Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
---
 actions/searx                                 | 23 +++++++++++++------
 ...earx-plinth.conf => searx-freedombox.conf} |  0
 plinth/modules/searx/__init__.py              | 18 +++++++--------
 plinth/modules/searx/manifest.py              |  2 +-
 plinth/modules/searx/urls.py                  |  2 +-
 plinth/utils.py                               |  8 +++----
 6 files changed, 31 insertions(+), 22 deletions(-)
 rename data/etc/apache2/conf-available/{searx-plinth.conf => searx-freedombox.conf} (100%)

diff --git a/actions/searx b/actions/searx
index 25fc2f07d..4ef0a1c69 100755
--- a/actions/searx
+++ b/actions/searx
@@ -22,6 +22,8 @@ Configuration helper for searx.
 
 import argparse
 import os
+import secrets
+import shutil
 
 from plinth import action_utils
 from plinth.utils import YAMLFile, gunzip
@@ -42,14 +44,17 @@ def parse_arguments():
 
 
 def _copy_uwsgi_configuration():
-    """Copy the example uwsgi configuration shipped with Searx to the
-    appropriate uwsgi directory."""
+    """Copy example uwsgi configuration
+
+    Copy the example uwsgi configuration shipped with Searx documentation to
+    the appropriate uwsgi directory.
+    """
     example_config = ('/usr/share/doc/searx/examples/'
                       'uwsgi/apps-available/searx.ini')
-    destination = '/etc/uwsgi/apps-enabled/searx.ini'
+    destination = '/etc/uwsgi/apps-available/'
 
     if not os.path.exists(destination):
-        os.symlink(example_config, destination)
+        shutil.copy(example_config, destination)
         action_utils.webserver_enable('uwsgi', kind='module')
 
 
@@ -64,7 +69,7 @@ def _generate_secret_key():
 
     # Generate and set a secret key
     with YAMLFile(settings_file) as settings:
-        secret_key = os.urandom(16).hex()
+        secret_key = secrets.token_hex(32)
         settings['server']['secret_key'] = secret_key
 
     action_utils.service_restart('uwsgi')
@@ -78,12 +83,16 @@ def subcommand_setup(_):
 
 def subcommand_enable(_):
     """Enable web configuration and reload."""
-    action_utils.webserver_enable('searx-plinth')
+    # TODO Write action_utils functions for enable/disable uwsgi
+    os.symlink('/etc/uwsgi/apps-available/searx.ini',
+               '/etc/uwsgi/apps-enabled/')
+    action_utils.webserver_enable('searx-freedombox')
 
 
 def subcommand_disable(_):
     """Disable web configuration and reload."""
-    action_utils.webserver_disable('searx-plinth')
+    action_utils.webserver_disable('searx-freedombox')
+    os.unlink('/etc/uwsgi/apps-enabled/searx.ini')
 
 
 def main():
diff --git a/data/etc/apache2/conf-available/searx-plinth.conf b/data/etc/apache2/conf-available/searx-freedombox.conf
similarity index 100%
rename from data/etc/apache2/conf-available/searx-plinth.conf
rename to data/etc/apache2/conf-available/searx-freedombox.conf
diff --git a/plinth/modules/searx/__init__.py b/plinth/modules/searx/__init__.py
index 6577a7bf9..ca2f9c303 100644
--- a/plinth/modules/searx/__init__.py
+++ b/plinth/modules/searx/__init__.py
@@ -1,5 +1,5 @@
 #
-# This file is part of Plinth.
+# This file is part of FreedomBox.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
@@ -15,9 +15,11 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 """
-Plinth module to configure Searx
+FreedomBox module to configure Searx
 """
 
+import os
+
 from django.utils.translation import ugettext_lazy as _
 
 from plinth import service as service_module
@@ -33,7 +35,7 @@ version = 1
 managed_services = ['searx']
 
 managed_packages = [
-    'searx', 'uwsgi', 'uwsgi-plugin-python3', 'libapache2-mod-uwsgi'
+    'searx', 'uwsgi', 'uwsgi-plugin-python3', 'libapache2-mod-proxy-uwsgi'
 ]
 
 name = _('Searx')
@@ -44,10 +46,7 @@ description = [
     _('Searx is a privacy-respecting internet metasearch engine. '
       'It aggregrates and displays results from multiple search engines.'),
     _('Searx can be used to avoid tracking and profiling by search engines. '
-      'It stores no cookies by default. Additionally, Searx can be used over '
-      'Tor for online anonymity.'),
-    _('When enabled, Searx\'s web interface will be available from '
-      '<a href="/searx">/searx</a>.'),
+      'It stores no cookies by default.')
 ]
 
 service = None
@@ -74,7 +73,7 @@ def init():
 def setup(helper, old_version=None):
     """Install and configure the module."""
     helper.install(managed_packages)
-    helper.call('setup', actions.superuser_run, 'searx', ['setup'])
+    helper.call('post', actions.superuser_run, 'searx', ['setup'])
     helper.call('post', actions.superuser_run, 'searx', ['enable'])
     global service
     if service is None:
@@ -93,7 +92,8 @@ def add_shortcut():
 
 def is_enabled():
     """Return whether the module is enabled."""
-    return action_utils.webserver_is_enabled('searx-plinth')
+    return (action_utils.webserver_is_enabled('searx-freedombox')
+            and os.path.exists('/etc/uwsgi/apps-enabled/searx.ini'))
 
 
 def enable():
diff --git a/plinth/modules/searx/manifest.py b/plinth/modules/searx/manifest.py
index 8cffa5df2..e4be60535 100644
--- a/plinth/modules/searx/manifest.py
+++ b/plinth/modules/searx/manifest.py
@@ -1,5 +1,5 @@
 #
-# This file is part of Plinth.
+# This file is part of FreedomBox.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
diff --git a/plinth/modules/searx/urls.py b/plinth/modules/searx/urls.py
index a8bcc4f9b..42ce837e8 100644
--- a/plinth/modules/searx/urls.py
+++ b/plinth/modules/searx/urls.py
@@ -1,5 +1,5 @@
 #
-# This file is part of Plinth.
+# This file is part of FreedomBox.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
diff --git a/plinth/utils.py b/plinth/utils.py
index 918548457..cc68178f7 100644
--- a/plinth/utils.py
+++ b/plinth/utils.py
@@ -150,8 +150,8 @@ def gunzip(gzip_file, output_file):
     if not os.path.exists(output_dir):
         os.makedirs(output_dir, mode=0o755)
 
-    with gzip.open(gzip_file, 'rb') as f:
-        contents = f.read()
-    with open(output_file, 'wb') as f:
-        f.write(contents)
+    with gzip.open(gzip_file, 'rb') as file_handle:
+        contents = file_handle.read()
+    with open(output_file, 'wb') as file_handle:
+        file_handle.write(contents)
     os.chmod(output_file, 0o644)