boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

added a warning message in ConfigBasic in case that the default password

Browse Source 
was not changed.
pull/603/head
Michael Peter Christen 1 year ago
parent 7830268be1
commit 4da320bebf
4 changed files with 218 additions and 198 deletions
Show Stats Download Patch File Download Diff File

32
htroot/ConfigBasic.html
Unescape View File

@ -24,10 +24,16 @@
#(reconnect)#::
<p><strong>Your port has changed. Please wait 10 seconds.</strong></p>
#(/reconnect)#
#(changedfltpw)#::
<div class="alert alert-danger" role="alert">
<b>WARNING</b> This YaCy instance can be administered with the account "admin" and the default password "yacy".
Open the <a href="ConfigAccounts_p.html" class="alert-link">User Administration</a> and change the password as soon as possible!
</div>
#(/changedfltpw)#
<p>
Your YaCy Peer needs some basic information to operate properly
</p>
<form action="ConfigBasic.html" method="post" accept-charset="UTF-8">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<ol>
@ -44,16 +50,16 @@
<input type="radio" name="language" value="hi" id="lang_hi" onchange="this.form.submit()" #(lang_hi)#::checked="checked"#(/lang_hi)# /><label for="lang_hi" #(active_hi)#::title="Click to generate translated pages"::class="label-success" title="Active : translated pages are available"#(/active_hi)#>&#2361;&#2367;&#2344;&#2381;&#2342;&#2368;</label>
<input type="radio" name="language" value="ja" id="lang_ja" onchange="this.form.submit()" #(lang_ja)#::checked="checked"#(/lang_ja)# /><label for="lang_ja" #(active_ja)#::title="Click to generate translated pages"::class="label-success" title="Active : translated pages are available"#(/active_ja)#>&#26085;&#26412;&#35486;</label>
<input type="radio" name="language" value="el" id="lang_el" onchange="this.form.submit()" #(lang_el)#::checked="checked"#(/lang_el)# /><label for="lang_el" #(active_el)#::title="Click to generate translated pages"::class="label-success" title="Active : translated pages are available"#(/active_el)#>Greek</label>
<input type="radio" name="language" value="it" id="lang_it" onchange="this.form.submit()" #(lang_it)#::checked="checked"#(/lang_it)# /><label for="lang_it" #(active_el)#::title="Click to generate translated pages"::class="label-success" title="Active : translated pages are available"#(/active_el)#>Italiano</label>
<input type="radio" name="language" value="es" id="lang_es" onchange="this.form.submit()" #(lang_es)#::checked="checked"#(/lang_es)# /><label for="lang_es" #(active_es)#::title="Click to generate translated pages"::class="label-success" title="Active : translated pages are available"#(/active_es)#>Español</label>
</fieldset>
<input type="radio" name="language" value="it" id="lang_it" onchange="this.form.submit()" #(lang_it)#::checked="checked"#(/lang_it)# /><label for="lang_it" #(active_el)#::title="Click to generate translated pages"::class="label-success" title="Active : translated pages are available"#(/active_el)#>Italiano</label>
<input type="radio" name="language" value="es" id="lang_es" onchange="this.form.submit()" #(lang_es)#::checked="checked"#(/lang_es)# /><label for="lang_es" #(active_es)#::title="Click to generate translated pages"::class="label-success" title="Active : translated pages are available"#(/active_es)#>Español</label>
</fieldset>
</li>
<!-- take care that no other items are changed, but also change the former if no js is enabled -->
<script type="text/javascript"> document.write('</form><form action="ConfigBasic.html" method="post" accept-charset="UTF-8"><input type="hidden" name="transactionToken" value="#[transactionToken]#"/>');</script>
#(setUseCase)#::
<li>
#(setUseCase)#::
<li>
<img src="env/grafics/ok.png" height="16" width="16" alt="ok" />&nbsp;Use Case: what do you want to do with YaCy:<br />
<fieldset>
#(switchError)#::<div class="alert alert-danger" role="alert"><p>Can not leave from Intranet Indexing : one or more remote Solr instances are attached and may contain private documents indexed.</p>
@ -67,8 +73,8 @@
<table border="0">
<tr>
<td style="width: 256px;"><input type="radio" name="usecase" value="freeworld" id="usecaseFreeworld" #(freeworldChecked)#::checked="checked"#(/freeworldChecked)# /><label for="usecaseFreeworld">Community-based web search</label></td>
<td style="width: 256px;"><input type="radio" name="usecase" value="portal" id="usecasePortal" #(portalChecked)#::checked="checked"#(/portalChecked)# /><label for="usecasePortal">Search portal for your own web pages</label></td>
<td><input type="radio" name="usecase" value="intranet" id="usecaseIntranet" #(intranetChecked)#::checked="checked"#(/intranetChecked)# /><label for="usecaseIntranet">Intranet Indexing</label></td>
<td style="width: 256px;"><input type="radio" name="usecase" value="portal" id="usecasePortal" #(portalChecked)#::checked="checked"#(/portalChecked)# /><label for="usecasePortal">Search portal for your own web pages</label></td>
<td><input type="radio" name="usecase" value="intranet" id="usecaseIntranet" #(intranetChecked)#::checked="checked"#(/intranetChecked)# /><label for="usecaseIntranet">Intranet Indexing</label></td>
</tr>
<tr>
<td><label for="usecaseFreeworld"><img src="env/grafics/usecase_freeworld.png" alt="Usecase Freeworld" /></label></td>
@ -85,7 +91,7 @@
</fieldset>
</li>
#(/setUseCase)#
<li>
#(statusName)#<img src="env/grafics/bad.png" height="16" width="16" alt="warning" />&nbsp;Your peer name has not been customized; please set your own peer name::<img src="env/grafics/ok.png" height="16" width="16" alt="ok" />&nbsp;You may change your peer name#(/statusName)#<br />
<fieldset>
@ -97,7 +103,7 @@
</dl>
</fieldset>
</li>
<li>
#(statusPort)#<img src="env/grafics/bad.png" height="16" width="16" alt="warning" />&nbsp;Your peer cannot be reached from outside (which is not fatal, but would be good for the YaCy network); please open your firewall for this port and/or set a virtual server option in your router to allow connections on this port. Opening a router port is <i>not</i> a YaCy-specific task; you can see instruction videos everywhere in the internet, just search for <a href="http://www.youtube.com/results?search_query=Open+Ports+on+a+Router">Open Ports on a &lt;our-router-type&gt; Router</a> and add your router type as search term. However: if you fail to open a router port, you can nevertheless use YaCy with full functionality, the only function that is missing is on the side of the other YaCy users because they cannot see your peer.::<img src="env/grafics/ok.png" height="16" width="16" alt="ok" />&nbsp;Your peer can be reached by other peers#(/statusPort)#<br />
<fieldset>
@ -118,9 +124,9 @@
</fieldset>
</li>
<fieldset>&nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" name="set" value="Set Configuration" class="btn btn-primary"/></fieldset>
#(reconnect)#::<div class="alert alert-danger" role="alert">Your Browser will reload the YaCy UI with the new port in 5 seconds...</div>#(/reconnect)#
</ol>
</form>
<p><strong>What you should do next:</strong></p>

203
source/net/yacy/data/TransactionManager.java
Unescape View File

@ -42,25 +42,25 @@ import net.yacy.server.serverObjects;
* These tokens should be designed to be hard to forge by an unauthenticated user.
*/
public class TransactionManager {
/** Parameter name of the transaction token */
public static final String TRANSACTION_TOKEN_PARAM = "transactionToken";
/** Secret signing key valid until next server restart */
/** Parameter name of the transaction token */
public static final String TRANSACTION_TOKEN_PARAM = "transactionToken";
/** Secret signing key valid until next server restart */
private static final String SIGNING_KEY = UUID.randomUUID().toString();
/** Random token seed valid until next server restart */
private static final String TOKEN_SEED = UUID.randomUUID().toString();
/**
* @param header
* current request header. Must not be null.
* @return the name of the currently authenticated user (administrator user
* name when the request comes from local host and unauthenticated local
* access as administrator is enabled), or null when no authenticated.
* @throws NullPointerException
* when header parameter is null.
*/
/**
* @param header
* current request header. Must not be null.
* @return the name of the currently authenticated user (administrator user
* name when the request comes from local host and unauthenticated local
* access as administrator is enabled), or null when no authenticated.
* @throws NullPointerException
* when header parameter is null.
*/
private static String getUserName(final RequestHeader header) {
String userName = header.getRemoteUser();
Switchboard sb = Switchboard.getSwitchboard();
@ -70,85 +70,84 @@ public class TransactionManager {
final String adminAccountUserName = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
if (adminAccountBase64MD5.equals(sb.emptyPasswordAdminAccount)) {
// admin users with empty passwords do not need to authentify, thus do not have
// this header present. We just consoder the name is "admin"
// this header present. We just consider the name is "admin"
userName = adminAccountUserName;
}
if (userName == null && header.accessFromLocalhost()) {
if (sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) {
/* Unauthenticated local access as administrator can be enabled */
userName = adminAccountUserName;
} else {
/* authorization by encoded password, only for localhost access (used by bash scripts)*/
String pass = Base64Order.standardCoder.encodeString(adminAccountUserName + ":" + adminAccountBase64MD5);
/* get the authorization string from the header */
final String realmProp = (header.get(RequestHeader.AUTHORIZATION, "")).trim();
final String realmValue = realmProp.isEmpty() ? null : realmProp.substring(6); // take out "BASIC "
if (pass.equals(realmValue)) { // assume realmValue as is in cfg
userName = adminAccountUserName;
}
}
}
if (userName == null && header.accessFromLocalhost()) {
if (sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) {
/* Unauthenticated local access as administrator can be enabled */
userName = adminAccountUserName;
} else {
/* authorization by encoded password, only for localhost access (used by bash scripts)*/
String pass = Base64Order.standardCoder.encodeString(adminAccountUserName + ":" + adminAccountBase64MD5);
/* get the authorization string from the header */
final String realmProp = (header.get(RequestHeader.AUTHORIZATION, "")).trim();
final String realmValue = realmProp.isEmpty() ? null : realmProp.substring(6); // take out "BASIC "
if (pass.equals(realmValue)) { // assume realmValue as is in cfg
userName = adminAccountUserName;
}
}
}
}
return userName;
return userName;
}
/**
* Get a transaction token to be used later on a protected HTTP post method
* call on the same path with the currently authenticated user.
*
* @param header
* current request header
* @return a transaction token
* @throws IllegalArgumentException
* when header parameter is null or when the user is not authenticated.
*/
/**
* Get a transaction token to be used later on a protected HTTP post method
* call on the same path with the currently authenticated user.
*
* @param header
* current request header
* @return a transaction token
* @throws IllegalArgumentException
* when header parameter is null or when the user is not authenticated.
*/
public static String getTransactionToken(final RequestHeader header) {
if (header == null) {
throw new IllegalArgumentException("Missing required header parameter");
throw new IllegalArgumentException("Missing required header parameter");
}
return getTransactionToken(header, header.getPathInfo());
}
/**
* Get a transaction token to be used later on a protected HTTP post method
* call on the specified path with the currently authenticated user.
*
* @param header
* current request header
* @param path the relative path for which the token will be valid
* @return a transaction token for the specified path
* @throws IllegalArgumentException
* when a parameter is null or when the user is not authenticated.
*/
/**
* Get a transaction token to be used later on a protected HTTP post method
* call on the specified path with the currently authenticated user.
*
* @param header
* current request header
* @param path the relative path for which the token will be valid
* @return a transaction token for the specified path
* @throws IllegalArgumentException
* when a parameter is null or when the user is not authenticated.
*/
public static String getTransactionToken(final RequestHeader header, final String path) {
if (header == null) {
throw new IllegalArgumentException("Missing required header parameter");
throw new IllegalArgumentException("Missing required header parameter");
}
/* Check this comes from an authenticated user */
final String userName = getUserName(header);
if (userName == null) {
throw new IllegalArgumentException("User is not authenticated");
}
/* Produce a token by signing a message with the server secret key :
* The token is not unique per request and thus keeps the service stateless
* (no need to store tokens until they are consumed).
* On the other hand, it is supposed to remain hard enough to forge because the secret key and token seed
* are initialized with a random value at each server startup */
final String token = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, SIGNING_KEY)
.hmacHex(TOKEN_SEED + userName + path);
if (userName == null) {
throw new IllegalArgumentException("User is not authenticated");
}
/* Produce a token by signing a message with the server secret key :
* The token is not unique per request and thus keeps the service stateless
* (no need to store tokens until they are consumed).
* On the other hand, it is supposed to remain hard enough to forge because the secret key and token seed
* are initialized with a random value at each server startup */
final String token = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, SIGNING_KEY)
.hmacHex(TOKEN_SEED + userName + path);
return token;
}
/**
* Check the current request is a valid HTTP POST transaction : the current user is authenticated,
* and the request post parameters contain a valid transaction token.
@ -159,34 +158,34 @@ public class TransactionManager {
* @throws TemplateMissingParameterException when the transaction token is missing
* @throws BadTransactionException when a condition for valid transaction is not met.
*/
public static void checkPostTransaction(final RequestHeader header, final serverObjects post) {
public static void checkPostTransaction(final RequestHeader header, final serverObjects post) {
if (header == null)
throw new IllegalArgumentException("Missing required header parameters.");
throw new IllegalArgumentException("Missing required header parameters.");
if (header.accessFromLocalhost()) return; // this is one exception that we accept if basc authentication is gven
if (post == null) // non-local requests must use POST parameters
throw new IllegalArgumentException("Missing required post parameters.");
if (!HeaderFramework.METHOD_POST.equals(header.getMethod())) // non-local users must use POST protocol
throw new DisallowedMethodException("HTTP POST method is the only one authorized.");
if (!HeaderFramework.METHOD_POST.equals(header.getMethod())) // non-local users must use POST protocol
throw new DisallowedMethodException("HTTP POST method is the only one authorized.");
String userName = getUserName(header);
if (userName == null)
throw new BadTransactionException("User is not authenticated.");
final String transactionToken = post.get(TRANSACTION_TOKEN_PARAM);
if (transactionToken == null)
throw new TemplateMissingParameterException("Missing transaction token.");
final String token = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, SIGNING_KEY)
.hmacHex(TOKEN_SEED + userName + header.getPathInfo());
/* Compare the server generated token with the one received in the post parameters,
* using a time constant function */
if(!MessageDigest.isEqual(token.getBytes(StandardCharsets.UTF_8), transactionToken.getBytes(StandardCharsets.UTF_8))) {
throw new BadTransactionException("Invalid transaction token.");
}
}
if (userName == null)
throw new BadTransactionException("User is not authenticated.");
final String transactionToken = post.get(TRANSACTION_TOKEN_PARAM);
if (transactionToken == null)
throw new TemplateMissingParameterException("Missing transaction token.");
final String token = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, SIGNING_KEY)
.hmacHex(TOKEN_SEED + userName + header.getPathInfo());
/* Compare the server generated token with the one received in the post parameters,
* using a time constant function */
if(!MessageDigest.isEqual(token.getBytes(StandardCharsets.UTF_8), transactionToken.getBytes(StandardCharsets.UTF_8))) {
throw new BadTransactionException("Invalid transaction token.");
}
}
}

176
source/net/yacy/htroot/ConfigBasic.java
Unescape View File

@ -69,13 +69,6 @@ public class ConfigBasic {
final File langPath = new File(sb.getAppPath("locale.source", "locales").getAbsolutePath());
String lang = env.getConfig("locale.language", "browser");
final int authentication = sb.adminAuthenticated(header);
if (authentication < 2) {
// must authenticate
prop.authenticationRequired();
return prop;
}
/* For authenticated users only : acquire a transaction token for the next POST form submission */
try {
prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
@ -87,7 +80,7 @@ public class ConfigBasic {
}
if ((sb.peers.mySeed().isVirgin()) || (sb.peers.mySeed().isJunior())) {
new OnePeerPingBusyThread(sb.yc).start();
new OnePeerPingBusyThread(sb.yc).start();
}
String peerName = sb.peers.mySeed().getName();
@ -95,32 +88,40 @@ public class ConfigBasic {
boolean ssl = env.getConfigBool("server.https", false);
boolean upnp = false;
if (post != null) {
/* Settings will be modified : check this is a valid transaction using HTTP POST method */
TransactionManager.checkPostTransaction(header, post);
final int authentication = sb.adminAuthenticated(header);
if (authentication < 2) {
// must authenticate
prop.authenticationRequired();
return prop;
}
/* Settings will be modified : check this is a valid transaction using HTTP POST method */
TransactionManager.checkPostTransaction(header, post);
// store this call as api call
if(post.containsKey("set")) {
sb.tables.recordAPICall(post, "ConfigBasic.html", WorkTables.TABLE_API_TYPE_CONFIGURATION, "basic settings");
}
// language settings
if(post.containsKey("language") && !lang.equals(post.get("language", "default"))) {
if(new TranslatorXliff().changeLang(env, langPath, post.get("language", "default") + ".lng")) {
prop.put("changedLanguage", "1");
}
}
// port settings
if(post.getInt("port", 0) > 1023) {
if(post.containsKey("set")) {
sb.tables.recordAPICall(post, "ConfigBasic.html", WorkTables.TABLE_API_TYPE_CONFIGURATION, "basic settings");
}
// language settings
if(post.containsKey("language") && !lang.equals(post.get("language", "default"))) {
if(new TranslatorXliff().changeLang(env, langPath, post.get("language", "default") + ".lng")) {
prop.put("changedLanguage", "1");
}
}
// port settings
if(post.getInt("port", 0) > 1023) {
port = post.getLong("port", 8090);
ssl = post.getBoolean("withssl");
}
}
// peer name settings
peerName = post.get("peername", "");
// peer name settings
peerName = post.get("peername", "");
// UPnP config
if(post.containsKey("port")) { // hack to allow checkbox
// UPnP config
if(post.containsKey("port")) { // hack to allow checkbox
upnp = post.containsKey("enableUpnp");
if (upnp && !sb.getConfigBool(SwitchboardConstants.UPNP_ENABLED, false)) {
UPnP.addPortMappings();
@ -129,15 +130,15 @@ public class ConfigBasic {
if (!upnp) {
UPnP.deletePortMappings();
}
}
}
}
if (ssl) {
prop.put("withsslenabled_sslport", env.getHttpServer().getSslPort());
prop.put("withsslenabled_sslport", env.getHttpServer().getSslPort());
}
if (peerName != null && peerName.length() > 0) {
peerName = peerName.replace(' ', '-');
peerName = peerName.replace(' ', '-');
}
// check if peer name already exists
@ -189,64 +190,77 @@ public class ConfigBasic {
prop.put("reconnect", "0");
}
// set a warning in case that the default password was not changed
String currpw = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
String dfltpw = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5_DEFAULT, "");
prop.put("changedfltpw", currpw.equals(dfltpw) ? "1" : "0");
// set a use case
prop.put("setUseCase_switchError", 0);
prop.put("setUseCase_switchWarning", 0);
String networkName = sb.getConfig(SwitchboardConstants.NETWORK_NAME, "");
if (post != null && post.containsKey("usecase")) {
/* Settings will be modified : check this is a valid transaction using HTTP POST method */
TransactionManager.checkPostTransaction(header, post);
final boolean hasNonEmptyRemoteSolr = sb.index.fulltext().connectedRemoteSolr()
&& (sb.index.fulltext().collectionSize() > 0 || sb.index.fulltext().webgraphSize() > 0);
final int authentication = sb.adminAuthenticated(header);
if (authentication < 2) {
// must authenticate
prop.authenticationRequired();
return prop;
}
/* Settings will be modified : check this is a valid transaction using HTTP POST method */
TransactionManager.checkPostTransaction(header, post);
final boolean hasNonEmptyRemoteSolr = sb.index.fulltext().connectedRemoteSolr()
&& (sb.index.fulltext().collectionSize() > 0 || sb.index.fulltext().webgraphSize() > 0);
if ("freeworld".equals(post.get("usecase", "")) && !"freeworld".equals(networkName)) {
if("intranet".equals(networkName) && hasNonEmptyRemoteSolr) {
/* One or more non empty remote Solr(s) attached : disallow switching from intranet to another network to prevent disclosure of indexed private documents */
prop.put("setUseCase_switchError", 1);
} else {
if(hasNonEmptyRemoteSolr) {
/* One or more non empty remote Solr(s) attached : warn the user even if not coming from intranet as indexed documents may be irrelevant for the new mode */
prop.put("setUseCase_switchWarning", 2);
}
// switch to freeworld network
sb.setConfig(SwitchboardConstants.CORE_SERVICE_RWI, true);
sb.switchNetwork("defaults/yacy.network.freeworld.unit");
// switch to p2p mode
sb.setConfig(SwitchboardConstants.INDEX_DIST_ALLOW, true);
sb.setConfig(SwitchboardConstants.INDEX_RECEIVE_ALLOW, true);
sb.setConfig(SwitchboardConstants.INDEX_RECEIVE_ALLOW_SEARCH, true);
// set default behavior for search verification
sb.setConfig(SwitchboardConstants.SEARCH_VERIFY, "iffresh"); // nocache,iffresh,ifexist,cacheonly,false
sb.setConfig(SwitchboardConstants.SEARCH_VERIFY_DELETE, "true");
}
if("intranet".equals(networkName) && hasNonEmptyRemoteSolr) {
/* One or more non empty remote Solr(s) attached : disallow switching from intranet to another network to prevent disclosure of indexed private documents */
prop.put("setUseCase_switchError", 1);
} else {
if(hasNonEmptyRemoteSolr) {
/* One or more non empty remote Solr(s) attached : warn the user even if not coming from intranet as indexed documents may be irrelevant for the new mode */
prop.put("setUseCase_switchWarning", 2);
}
// switch to freeworld network
sb.setConfig(SwitchboardConstants.CORE_SERVICE_RWI, true);
sb.switchNetwork("defaults/yacy.network.freeworld.unit");
// switch to p2p mode
sb.setConfig(SwitchboardConstants.INDEX_DIST_ALLOW, true);
sb.setConfig(SwitchboardConstants.INDEX_RECEIVE_ALLOW, true);
sb.setConfig(SwitchboardConstants.INDEX_RECEIVE_ALLOW_SEARCH, true);
// set default behavior for search verification
sb.setConfig(SwitchboardConstants.SEARCH_VERIFY, "iffresh"); // nocache,iffresh,ifexist,cacheonly,false
sb.setConfig(SwitchboardConstants.SEARCH_VERIFY_DELETE, "true");
}
}
if ("portal".equals(post.get("usecase", "")) && !"webportal".equals(networkName)) {
if("intranet".equals(networkName) && hasNonEmptyRemoteSolr) {
/* One or more non empty remote Solr(s) attached : disallow switching from intranet to another network to prevent disclosure of indexed private documents */
prop.put("setUseCase_switchError", 1);
} else {
if(hasNonEmptyRemoteSolr) {
/* One or more non empty remote Solr(s) attached : warn the user even if not coming from intranet as indexed documents may be irrelevant for the new mode */
prop.put("setUseCase_switchWarning", 2);
}
// switch to webportal network
sb.setConfig(SwitchboardConstants.CORE_SERVICE_RWI, false);
sb.switchNetwork("defaults/yacy.network.webportal.unit");
// switch to robinson mode
sb.setConfig(SwitchboardConstants.INDEX_DIST_ALLOW, false);
sb.setConfig(SwitchboardConstants.INDEX_RECEIVE_ALLOW, false);
sb.setConfig(SwitchboardConstants.INDEX_RECEIVE_ALLOW_SEARCH, false);
// set default behavior for search verification
sb.setConfig(SwitchboardConstants.SEARCH_VERIFY, "ifexist"); // nocache,iffresh,ifexist,cacheonly,false
sb.setConfig(SwitchboardConstants.SEARCH_VERIFY_DELETE, "false");
}
if("intranet".equals(networkName) && hasNonEmptyRemoteSolr) {
/* One or more non empty remote Solr(s) attached : disallow switching from intranet to another network to prevent disclosure of indexed private documents */
prop.put("setUseCase_switchError", 1);
} else {
if(hasNonEmptyRemoteSolr) {
/* One or more non empty remote Solr(s) attached : warn the user even if not coming from intranet as indexed documents may be irrelevant for the new mode */
prop.put("setUseCase_switchWarning", 2);
}
// switch to webportal network
sb.setConfig(SwitchboardConstants.CORE_SERVICE_RWI, false);
sb.switchNetwork("defaults/yacy.network.webportal.unit");
// switch to robinson mode
sb.setConfig(SwitchboardConstants.INDEX_DIST_ALLOW, false);
sb.setConfig(SwitchboardConstants.INDEX_RECEIVE_ALLOW, false);
sb.setConfig(SwitchboardConstants.INDEX_RECEIVE_ALLOW_SEARCH, false);
// set default behavior for search verification
sb.setConfig(SwitchboardConstants.SEARCH_VERIFY, "ifexist"); // nocache,iffresh,ifexist,cacheonly,false
sb.setConfig(SwitchboardConstants.SEARCH_VERIFY_DELETE, "false");
}
}
if ("intranet".equals(post.get("usecase", "")) && !"intranet".equals(networkName)) {
if(hasNonEmptyRemoteSolr) {
/* One or more non empty remote Solr(s) attached : warn the user as the indexed documents may be public external resources out of scope for intranet/localhost domain. */
prop.put("setUseCase_switchWarning", 1);
}
if(hasNonEmptyRemoteSolr) {
/* One or more non empty remote Solr(s) attached : warn the user as the indexed documents may be public external resources out of scope for intranet/localhost domain. */
prop.put("setUseCase_switchWarning", 1);
}
// switch to intranet network
sb.setConfig(SwitchboardConstants.CORE_SERVICE_RWI, false);
sb.switchNetwork("defaults/yacy.network.intranet.unit");
@ -325,7 +339,7 @@ public class ConfigBasic {
prop.put("lang_ja", "0");
prop.put("lang_el", "0");
prop.put("lang_it", "0");
prop.put("lang_es", "0");
prop.put("lang_es", "0");
if ("default".equals(lang)) {
prop.put("lang_en", "1");
} else {
@ -343,7 +357,7 @@ public class ConfigBasic {
prop.put("active_it", l.contains("it") ? "2" : "1");
prop.put("active_ru", l.contains("ru") ? "2" : "1");
prop.put("active_uk", l.contains("uk") ? "2" : "1");
prop.put("active_es", l.contains("es") ? "2" : "1");
prop.put("active_es", l.contains("es") ? "2" : "1");
prop.put("active_en", "2");
} else {
@ -357,7 +371,7 @@ public class ConfigBasic {
prop.put("active_ja", "0");
prop.put("active_el", "0");
prop.put("active_it", "0");
prop.put("active_es", "0");
prop.put("active_es", "0");
}
return prop;
}

5
source/net/yacy/search/SwitchboardConstants.java
Unescape View File

@ -50,8 +50,9 @@ public final class SwitchboardConstants {
// this holds the credential "MD5:" + Digest.encodeMD5Hex(adminAccountUserName + ":" + adminRealm + ":" + password)
// or the depreciated old style MapTools.encodeMD5Hex( Base64Order.standardCoder.encode(adminAccountUserName + ":" + password) )
public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5";
public static final String ADMIN_ACCOUNT_USER_NAME = "adminAccountUserName"; // by default 'admin'
public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5"; // by default the encoding of 'yacy' (MD5:8cffbc0d66567a0987a4aba1ec46d63c)
public static final String ADMIN_ACCOUNT_B64MD5_DEFAULT = "MD5:8cffbc0d66567a0987a4aba1ec46d63c"; // use this to check if the default setting was overwritten
public static final String ADMIN_ACCOUNT_FOR_LOCALHOST = "adminAccountForLocalhost";
public static final String ADMIN_ACCOUNT_All_PAGES = "adminAccountAllPages";
public static final String ADMIN_REALM = "adminRealm";
@ -64,7 +65,7 @@ public final class SwitchboardConstants {
public static final String SERVER_PUBLICPORT = "publicPort";
public static final String PUBLIC_SEARCHPAGE = "publicSearchpage";
public static final int CRAWLJOB_SYNC = 0;
public static final int CRAWLJOB_STATUS = 1;
// 20_dhtdistribution

Write Preview
Loading…
Cancel
Save