Commit 4905a464 authored by Dominik Hebeler's avatar Dominik Hebeler

Merge branch '1004-browserverification' into 'development'

Resolve "Browserverification"

Closes #1004

See merge request !1659
parents 4548b098 17030114
...@@ -286,7 +286,7 @@ class HumanVerification extends Controller ...@@ -286,7 +286,7 @@ class HumanVerification extends Controller
$redis->expire($key, 30); $redis->expire($key, 30);
}); });
return response("", 200)->header("Content-Type", "text/css"); return response(view('layouts.resultpage.verificationCss'), 200)->header("Content-Type", "text/css");
} }
public static function block(Request $request) public static function block(Request $request)
......
...@@ -3,9 +3,7 @@ ...@@ -3,9 +3,7 @@
namespace App\Http\Middleware; namespace App\Http\Middleware;
use Closure; use Closure;
use GrahamCampbell\Throttle\Facades\Throttle;
use Illuminate\Support\Facades\Redis; use Illuminate\Support\Facades\Redis;
use \App\Http\Controllers\HumanVerification;
class BrowserVerification class BrowserVerification
{ {
...@@ -23,12 +21,20 @@ class BrowserVerification ...@@ -23,12 +21,20 @@ class BrowserVerification
return $next($request); return $next($request);
} }
// Check if throttled $mgv = $request->input('mgv', "");
$accept = Throttle::check($request, 8, 1); if (!empty($mgv)) {
if (!$accept) { // Verify that key is a md5 checksum
Throttle::hit($request, 8, 1); if (!preg_match("/^[a-f0-9]{32}$/", $mgv)) {
abort(429); abort(404);
}
$result = boolval(Redis::connection("cache")->blpop($mgv, 5));
if ($result === true) {
return $next($request);
} else {
return redirect("/");
}
} }
header('Content-type: text/html; charset=utf-8'); header('Content-type: text/html; charset=utf-8');
header('X-Accel-Buffering: no'); header('X-Accel-Buffering: no');
ini_set('zlib.output_compression', 'Off'); ini_set('zlib.output_compression', 'Off');
...@@ -42,21 +48,19 @@ class BrowserVerification ...@@ -42,21 +48,19 @@ class BrowserVerification
echo (view('layouts.resultpage.verificationHeader')->with('key', $key)->render()); echo (view('layouts.resultpage.verificationHeader')->with('key', $key)->render());
flush(); flush();
$answer = boolval(Redis::connection("cache")->blpop($key, 5)); $answer = boolval(Redis::connection("cache")->blpop($key, 2));
if ($answer === true) { if ($answer === true) {
return $next($request); return $next($request);
} else {
$accept = Throttle::attempt($request, 8, 1);
if (!$accept) {
abort(429);
}
# Lockout
$ids = HumanVerification::block($request);
} }
return redirect()->route('captcha', ["id" => $ids[0], "uid" => $ids[1], "url" => url()->full()]); $params = $request->all();
$params["mgv"] = $key;
$url = route("resultpage", $params);
echo (view('layouts.resultpage.unverifiedResultPage')
->with('url', $url)
->render());
} }
} }
...@@ -723,8 +723,8 @@ class MetaGer ...@@ -723,8 +723,8 @@ class MetaGer
if (!empty($filter->sumas->$engineName)) { if (!empty($filter->sumas->$engineName)) {
if (empty($availableFilter[$filterName])) { if (empty($availableFilter[$filterName])) {
$availableFilter[$filterName] = $filter; $availableFilter[$filterName] = $filter;
foreach($availableFilter[$filterName]->values as $key => $value){ foreach ($availableFilter[$filterName]->values as $key => $value) {
if($key !== "nofilter"){ if ($key !== "nofilter") {
unset($availableFilter[$filterName]->values->{$key}); unset($availableFilter[$filterName]->values->{$key});
} }
} }
...@@ -749,8 +749,8 @@ class MetaGer ...@@ -749,8 +749,8 @@ class MetaGer
} }
if (empty($availableFilter[$filterName])) { if (empty($availableFilter[$filterName])) {
$availableFilter[$filterName] = $filter; $availableFilter[$filterName] = $filter;
foreach($availableFilter[$filterName]->values as $key => $value){ foreach ($availableFilter[$filterName]->values as $key => $value) {
if($key !== "nofilter"){ if ($key !== "nofilter") {
unset($availableFilter[$filterName]->values->{$key}); unset($availableFilter[$filterName]->values->{$key});
} }
} }
...@@ -928,6 +928,13 @@ class MetaGer ...@@ -928,6 +928,13 @@ class MetaGer
# Sucheingabe # Sucheingabe
$this->eingabe = trim($request->input('eingabe', '')); $this->eingabe = trim($request->input('eingabe', ''));
$this->q = $this->eingabe; $this->q = $this->eingabe;
if ($request->filled("mgv")) {
$this->framed = true;
} else {
$this->framed = false;
}
# IP # IP
$this->ip = $this->anonymizeIp($request->ip()); $this->ip = $this->anonymizeIp($request->ip());
...@@ -953,16 +960,18 @@ class MetaGer ...@@ -953,16 +960,18 @@ class MetaGer
# Sprüche # Sprüche
if (!App::isLocale("de") || (\Cookie::has($this->getFokus() . '_setting_zitate') && \Cookie::get($this->getFokus() . '_setting_zitate') === "off")) { if (!App::isLocale("de") || (\Cookie::has($this->getFokus() . '_setting_zitate') && \Cookie::get($this->getFokus() . '_setting_zitate') === "off")) {
$this->sprueche = "off"; $this->sprueche = "off";
}else{ } else {
$this->sprueche = "on"; $this->sprueche = "on";
} }
if($request->filled("zitate") && $request->input('zitate') === "on" || $request->input('zitate') === "off"){ if ($request->filled("zitate") && $request->input('zitate') === "on" || $request->input('zitate') === "off") {
$this->sprueche = $request->input('quotes'); $this->sprueche = $request->input('quotes');
} }
$this->newtab = $request->input('newtab', 'on'); $this->newtab = $request->input('newtab', 'on');
if ($this->newtab === "on") { if ($this->newtab === "on") {
$this->newtab = "_blank"; $this->newtab = "_blank";
} else if ($this->framed) {
$this->newtab = "_top";
} else { } else {
$this->newtab = "_self"; $this->newtab = "_self";
} }
...@@ -1020,19 +1029,19 @@ class MetaGer ...@@ -1020,19 +1029,19 @@ class MetaGer
$this->request = $request->replace($request->except(['verification_id', 'uid', 'verification_count'])); $this->request = $request->replace($request->except(['verification_id', 'uid', 'verification_count']));
// Disable freshness filter if custom freshness filter isset // Disable freshness filter if custom freshness filter isset
if($this->request->filled("ff") && $this->request->filled("f")){ if ($this->request->filled("ff") && $this->request->filled("f")) {
$this->request = $this->request->replace($this->request->except(["f"])); $this->request = $this->request->replace($this->request->except(["f"]));
} }
// Remove custom time filter if either of the dates isn't set or is not a date // Remove custom time filter if either of the dates isn't set or is not a date
if($this->request->input("fc") === "on"){ if ($this->request->input("fc") === "on") {
if(!$this->request->filled("ff") || !$this->request->filled("ft")){ if (!$this->request->filled("ff") || !$this->request->filled("ft")) {
$this->request = $this->request->replace($this->request->except(["fc", "ff", "ft"])); $this->request = $this->request->replace($this->request->except(["fc", "ff", "ft"]));
}else{ } else {
$ff = $this->request->input("ff"); $ff = $this->request->input("ff");
$ft = $this->request->input("ft"); $ft = $this->request->input("ft");
if(!preg_match("/^\d{4}-\d{2}-\d{2}$/", $ff) || !preg_match("/^\d{4}-\d{2}-\d{2}$/", $ft)){ if (!preg_match("/^\d{4}-\d{2}-\d{2}$/", $ff) || !preg_match("/^\d{4}-\d{2}-\d{2}$/", $ft)) {
$this->request = $this->request->replace($this->request->except(["fc", "ff", "ft"])); $this->request = $this->request->replace($this->request->except(["fc", "ff", "ft"]));
}else{ } else {
// Now Check if there is something wrong with the dates // Now Check if there is something wrong with the dates
$from = $this->request->input("ff"); $from = $this->request->input("ff");
$to = $this->request->input("ft"); $to = $this->request->input("ft");
...@@ -1040,21 +1049,21 @@ class MetaGer ...@@ -1040,21 +1049,21 @@ class MetaGer
$from = Carbon::createFromFormat("Y-m-d H:i:s", $from . " 00:00:00"); $from = Carbon::createFromFormat("Y-m-d H:i:s", $from . " 00:00:00");
$to = Carbon::createFromFormat("Y-m-d H:i:s", $to . " 00:00:00"); $to = Carbon::createFromFormat("Y-m-d H:i:s", $to . " 00:00:00");
if($from > Carbon::now()){ if ($from > Carbon::now()) {
$from = Carbon::now(); $from = Carbon::now();
$changed = true; $changed = true;
} }
if($to > Carbon::now()){ if ($to > Carbon::now()) {
$to = Carbon::now(); $to = Carbon::now();
$changed = true; $changed = true;
} }
if($from > $to){ if ($from > $to) {
$tmp = $to; $tmp = $to;
$to = $from; $to = $from;
$from = $tmp; $from = $tmp;
$changed = true; $changed = true;
} }
if($changed){ if ($changed) {
$oldParameters = $this->request->all(); $oldParameters = $this->request->all();
$oldParameters["ff"] = $from->format("Y-m-d"); $oldParameters["ff"] = $from->format("Y-m-d");
$oldParameters["ft"] = $to->format("Y-m-d"); $oldParameters["ft"] = $to->format("Y-m-d");
...@@ -1062,7 +1071,7 @@ class MetaGer ...@@ -1062,7 +1071,7 @@ class MetaGer
} }
} }
} }
}else if($this->request->filled("ff") || $this->request->filled("ft")){ } else if ($this->request->filled("ff") || $this->request->filled("ft")) {
$this->request = $this->request->replace($this->request->except(["fc", "ff", "ft"])); $this->request = $this->request->replace($this->request->except(["fc", "ff", "ft"]));
} }
...@@ -1170,7 +1179,7 @@ class MetaGer ...@@ -1170,7 +1179,7 @@ class MetaGer
if (($request->filled($filter->{"get-parameter"}) && $request->input($filter->{"get-parameter"}) !== "off") || if (($request->filled($filter->{"get-parameter"}) && $request->input($filter->{"get-parameter"}) !== "off") ||
\Cookie::get($this->getFokus() . "_setting_" . $filter->{"get-parameter"}) !== null \Cookie::get($this->getFokus() . "_setting_" . $filter->{"get-parameter"}) !== null
) { # If the filter is set via Cookie ) { # If the filter is set via Cookie
$this->parameterFilter[$filterName] = $filter; $this->parameterFilter[$filterName] = $filter;
$this->parameterFilter[$filterName]->value = $request->input($filter->{"get-parameter"}, ''); $this->parameterFilter[$filterName]->value = $request->input($filter->{"get-parameter"}, '');
if (empty($this->parameterFilter[$filterName]->value)) { if (empty($this->parameterFilter[$filterName]->value)) {
$this->parameterFilter[$filterName]->value = \Cookie::get($this->getFokus() . "_setting_" . $filter->{"get-parameter"}); $this->parameterFilter[$filterName]->value = \Cookie::get($this->getFokus() . "_setting_" . $filter->{"get-parameter"});
...@@ -1349,7 +1358,7 @@ class MetaGer ...@@ -1349,7 +1358,7 @@ class MetaGer
public function nextSearchLink() public function nextSearchLink()
{ {
if (isset($this->next) && isset($this->next['engines']) && count($this->next['engines']) > 0) { if (isset($this->next) && isset($this->next['engines']) && count($this->next['engines']) > 0) {
$requestData = $this->request->except(['page', 'out']); $requestData = $this->request->except(['page', 'out', 'submit-query', 'mgv']);
if ($this->request->input('out', '') !== "results" && $this->request->input('out', '') !== '') { if ($this->request->input('out', '') !== "results" && $this->request->input('out', '') !== '') {
$requestData["out"] = $this->request->input('out'); $requestData["out"] = $this->request->input('out');
} }
...@@ -1495,7 +1504,7 @@ class MetaGer ...@@ -1495,7 +1504,7 @@ class MetaGer
public function generateSearchLink($fokus, $results = true) public function generateSearchLink($fokus, $results = true)
{ {
$except = ['page', 'next', 'out']; $except = ['page', 'next', 'out', 'submit-query', 'mgv'];
# Remove every Filter # Remove every Filter
foreach ($this->sumaFile->filter->{"parameter-filter"} as $filterName => $filter) { foreach ($this->sumaFile->filter->{"parameter-filter"} as $filterName => $filter) {
$except[] = $filter->{"get-parameter"}; $except[] = $filter->{"get-parameter"};
...@@ -1509,7 +1518,7 @@ class MetaGer ...@@ -1509,7 +1518,7 @@ class MetaGer
public function generateEingabeLink($eingabe) public function generateEingabeLink($eingabe)
{ {
$except = ['page', 'next', 'out', 'eingabe']; $except = ['page', 'next', 'out', 'eingabe', 'submit-query', 'mgv'];
$requestData = $this->request->except($except); $requestData = $this->request->except($except);
$requestData['eingabe'] = $eingabe; $requestData['eingabe'] = $eingabe;
...@@ -1528,7 +1537,7 @@ class MetaGer ...@@ -1528,7 +1537,7 @@ class MetaGer
public function generateSiteSearchLink($host) public function generateSiteSearchLink($host)
{ {
$host = urlencode($host); $host = urlencode($host);
$requestData = $this->request->except(['page', 'out', 'next']); $requestData = $this->request->except(['page', 'out', 'next', 'submit-query', 'mgv']);
$requestData['eingabe'] .= " site:$host"; $requestData['eingabe'] .= " site:$host";
$requestData['focus'] = "web"; $requestData['focus'] = "web";
$link = action('MetaGerSearch@search', $requestData); $link = action('MetaGerSearch@search', $requestData);
...@@ -1538,7 +1547,7 @@ class MetaGer ...@@ -1538,7 +1547,7 @@ class MetaGer
public function generateRemovedHostLink($host) public function generateRemovedHostLink($host)
{ {
$host = urlencode($host); $host = urlencode($host);
$requestData = $this->request->except(['page', 'out', 'next']); $requestData = $this->request->except(['page', 'out', 'next', 'submit-query', 'mgv']);
$requestData['eingabe'] .= " -site:$host"; $requestData['eingabe'] .= " -site:$host";
$link = action('MetaGerSearch@search', $requestData); $link = action('MetaGerSearch@search', $requestData);
return $link; return $link;
...@@ -1547,7 +1556,7 @@ class MetaGer ...@@ -1547,7 +1556,7 @@ class MetaGer
public function generateRemovedDomainLink($domain) public function generateRemovedDomainLink($domain)
{ {
$domain = urlencode($domain); $domain = urlencode($domain);
$requestData = $this->request->except(['page', 'out', 'next']); $requestData = $this->request->except(['page', 'out', 'next', 'submit-query', 'mgv']);
$requestData['eingabe'] .= " -site:*.$domain"; $requestData['eingabe'] .= " -site:*.$domain";
$link = action('MetaGerSearch@search', $requestData); $link = action('MetaGerSearch@search', $requestData);
return $link; return $link;
...@@ -1812,6 +1821,12 @@ class MetaGer ...@@ -1812,6 +1821,12 @@ class MetaGer
{ {
return $this->engines; return $this->engines;
} }
public function isFramed()
{
return $this->framed;
}
/** /**
* Used by JS result loader to restore MetaGer Object of previous request * Used by JS result loader to restore MetaGer Object of previous request
*/ */
......
...@@ -12,7 +12,6 @@ ...@@ -12,7 +12,6 @@
"endclothing/prometheus_client_php": "^1.0", "endclothing/prometheus_client_php": "^1.0",
"fideloper/proxy": "^4.0", "fideloper/proxy": "^4.0",
"globalcitizen/php-iban": "^2.6", "globalcitizen/php-iban": "^2.6",
"graham-campbell/throttle": "^7.5",
"jenssegers/agent": "^2.6", "jenssegers/agent": "^2.6",
"laravel/framework": "5.8.*", "laravel/framework": "5.8.*",
"laravel/tinker": "^1.0", "laravel/tinker": "^1.0",
...@@ -70,4 +69,4 @@ ...@@ -70,4 +69,4 @@
"@php artisan key:generate --ansi" "@php artisan key:generate --ansi"
] ]
} }
} }
\ No newline at end of file
...@@ -8,9 +8,13 @@ function botProtection() { ...@@ -8,9 +8,13 @@ function botProtection() {
$('.result').find('a').click(function () { $('.result').find('a').click(function () {
var link = $(this).attr('href'); var link = $(this).attr('href');
var newtab = false; var newtab = false;
var top = false;
if ($(this).attr('target') == '_blank') { if ($(this).attr('target') == '_blank') {
newtab = true; newtab = true;
} else if ($(this).attr('target') == "_top") {
top = true;
} }
$.ajax({ $.ajax({
url: '/img/cat.jpg', url: '/img/cat.jpg',
type: 'post', type: 'post',
...@@ -20,8 +24,13 @@ function botProtection() { ...@@ -20,8 +24,13 @@ function botProtection() {
timeout: 2000 timeout: 2000
}) })
.always(function () { .always(function () {
if (!newtab) if (!newtab) {
document.location.href = link; if (top) {
window.top.location.href = link;
} else {
document.location.href = link;
}
}
}); });
if (!newtab) if (!newtab)
return false; return false;
......
...@@ -59,6 +59,7 @@ ...@@ -59,6 +59,7 @@
.result-subheadline { .result-subheadline {
width: 100%; width: 100%;
display: flex; display: flex;
align-items: center;
line-height: 1.3; line-height: 1.3;
.result-link { .result-link {
.overflow-ellipsis; .overflow-ellipsis;
...@@ -90,7 +91,8 @@ ...@@ -90,7 +91,8 @@
top: -2px; top: -2px;
} }
} }
span.partnershop-info { a.partnershop-info {
display: block;
background-color: white; background-color: white;
color: #333; color: #333;
text-shadow: none; text-shadow: none;
...@@ -100,8 +102,6 @@ ...@@ -100,8 +102,6 @@
margin-left: 8px; margin-left: 8px;
border-radius: 4px; border-radius: 4px;
font-size: .6em; font-size: .6em;
position: relative;
top: -2px;
} }
} }
} }
......
...@@ -173,4 +173,8 @@ ...@@ -173,4 +173,8 @@
width: 100%; width: 100%;
max-width: 760px; max-width: 760px;
height: 51px; height: 51px;
}
#searchForm {
margin: 0;
} }
\ No newline at end of file
...@@ -3,10 +3,10 @@ ...@@ -3,10 +3,10 @@
<div id="research-bar-container"> <div id="research-bar-container">
<div id="research-bar"> <div id="research-bar">
<div id="header-logo"> <div id="header-logo">
<a class="screen-large" href="{{ LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), "/") }}" tabindex="4"> <a class="screen-large" href="{{ LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), "/") }}" @if(!empty($metager) && $metager->isFramed())target="_top" @endif tabindex="4">
<h1><img src="/img/metager.svg" alt="MetaGer" /></h1> <h1><img src="/img/metager.svg" alt="MetaGer" /></h1>
</a> </a>
<a class="screen-small" href="{{ LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), "/") }}"> <a class="screen-small" href="{{ LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), "/") }}" @if(!empty($metager) && $metager->isFramed())target="_top" @endif>
<h1><img src="/img/metager-schloss-orange.svg" alt="MetaGer" /></h1> <h1><img src="/img/metager-schloss-orange.svg" alt="MetaGer" /></h1>
</a> </a>
</div> </div>
......
...@@ -16,8 +16,8 @@ ...@@ -16,8 +16,8 @@
{{ $result->anzeigeLink }} {{ $result->anzeigeLink }}
</a> </a>
@if( isset($result->partnershop) && $result->partnershop === TRUE) @if( isset($result->partnershop) && $result->partnershop === TRUE)
<a href="{{ LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), "/partnershops") }}" target="_blank" rel="noopener"> <a href="{{ LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), "/partnershops") }}" target="_blank" class="partnershop-info" rel="noopener">
<span class="partnershop-info">{!! trans('result.options.4') !!}</span> <span>{!! trans('result.options.4') !!}</span>
</a> </a>
@endif @endif
</div> </div>
...@@ -49,7 +49,7 @@ ...@@ -49,7 +49,7 @@
</div> </div>
<input type="checkbox" id="result-toggle-{{$result->hash}}" class="result-toggle" style="display: none"> <input type="checkbox" id="result-toggle-{{$result->hash}}" class="result-toggle" style="display: none">
<div class="result-footer"> <div class="result-footer">
<a class="result-open" href="{{ $result->link }}" target="_self" rel="noopener"> <a class="result-open" href="{{ $result->link }}" @if($metager->isFramed())target="_top"@else target="_self"@endif rel="noopener">
{!! trans('result.options.7') !!} {!! trans('result.options.7') !!}
</a> </a>
<a class="result-open-newtab" href="{{ $result->link }}" target="_blank" rel="noopener"> <a class="result-open-newtab" href="{{ $result->link }}" target="_blank" rel="noopener">
...@@ -75,19 +75,19 @@ ...@@ -75,19 +75,19 @@
</li> </li>
@if(strlen($metager->getSite()) === 0) @if(strlen($metager->getSite()) === 0)
<li> <li>
<a href="{{ $metager->generateSiteSearchLink($result->strippedHost) }}"> <a href="{{ $metager->generateSiteSearchLink($result->strippedHost) }}" @if($metager->isFramed())target="_top"@else target="_self"@endif>
<nobr>{!! trans('result.options.1') !!}</nobr> <nobr>{!! trans('result.options.1') !!}</nobr>
</a> </a>
</li> </li>
@endif @endif
<li> <li>
<a href="{{ $metager->generateRemovedHostLink($result->strippedHost) }}"> <a href="{{ $metager->generateRemovedHostLink($result->strippedHost) }}" @if($metager->isFramed())target="_top"@else target="_self"@endif>
<nobr>{!! trans('result.options.2', ['host' => $result->strippedHost]) !!}</nobr> <nobr>{!! trans('result.options.2', ['host' => $result->strippedHost]) !!}</nobr>
</a> </a>
</li> </li>
@if( $result->strippedHost !== $result->strippedDomain ) @if( $result->strippedHost !== $result->strippedDomain )
<li> <li>
<a href="{{ $metager->generateRemovedDomainLink($result->strippedDomain) }}"> <a href="{{ $metager->generateRemovedDomainLink($result->strippedDomain) }}" @if($metager->isFramed())target="_top"@else target="_self"@endif>
<nobr>{!! trans('result.options.3', ['domain' => $result->strippedDomain]) !!}</nobr> <nobr>{!! trans('result.options.3', ['domain' => $result->strippedDomain]) !!}</nobr>
</a> </a>
</li> </li>
......
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
</head>
<body>
<iframe id="mg-framed" src="{{ $url }}" autofocus="true" onload="this.contentWindow.focus();"></iframe>
</body>
html {
height: 100%;
}
body {
margin: 0;
height: 100%;
}
iframe#mg-framed {
display: block;
width: 100%;
border: 0;
height: 100%;
height: 100vh;
}
\ No newline at end of file
<div id="options"> <div id="options">
<div id="toggle-box"> <div id="toggle-box">
<div id="settings"> <div id="settings">
<a href="{{ LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), route('settings', ["fokus" => $metager->getFokus(), "url" => url()->full()])) }}"> <a href="{{ LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), route('settings', ["fokus" => $metager->getFokus(), "url" => $metager->generateSearchLink($metager->getFokus())])) }}" @if(!empty($metager) && $metager->isFramed())target="_top" @endif>
<i class="fas fa-cogs"></i>