mirror of
https://github.com/searxng/searxng.git
synced 2025-08-16 08:46:43 +02:00
ce8929cabe
Replaces `x_for` functionality with `trusted_proxies`. This allows defining which IP / ranges to trust extracting the client IP address from X-Forwarded-For and X-Real-IP headers. We don't know if the proxy chain will give us the proper client address (REMOTE_ADDR in the WSGI environment), so we rely on reading the headers of the proxy before SearXNG (if there is one, in that case it must be added to trusted_proxies) hoping it has done the proper checks. In case a proxy in the chain does not check the client address correctly, integrity is compromised and this should be fixed by whoever manages the proxy, not us. Closes: - https://github.com/searxng/searxng/issues/4940 - https://github.com/searxng/searxng/issues/4939 - https://github.com/searxng/searxng/issues/4907 - https://github.com/searxng/searxng/issues/3632 - https://github.com/searxng/searxng/issues/3191 - https://github.com/searxng/searxng/issues/1237 Related: - https://github.com/searxng/searxng-docker/issues/386 - https://github.com/inetol-infrastructure/searxng-container/issues/81
22 lines
617 B
Python
22 lines
617 B
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""Providing a Valkey database for the botdetection methods."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import valkey
|
|
|
|
__all__ = ["set_valkey_client", "get_valkey_client"]
|
|
|
|
CLIENT: valkey.Valkey | None = None
|
|
"""Global Valkey DB connection (Valkey client object)."""
|
|
|
|
|
|
def set_valkey_client(valkey_client: valkey.Valkey):
|
|
global CLIENT # pylint: disable=global-statement
|
|
CLIENT = valkey_client
|
|
|
|
|
|
def get_valkey_client() -> valkey.Valkey:
|
|
if CLIENT is None:
|
|
raise ValueError("No connection to the Valkey database has been established.")
|
|
return CLIENT
|