smallsolar
/
libkiwix
mirror of https://github.com/kiwix/libkiwix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add external links blocking in serve 

In many use cases, it is not wanted to have user accidentaly click on external links
and leave the served ZIM content.
This could be because the result is unpredictible (reader not implementing this properly)
or because the serve user knows there's no backup internet connexion or because there is
an induced cost behind external links that doesn't affect served content.

using a new flag (`blockExternalLinks`) on `Response`/`setTaskBar`, a piece of JS code
is injected into the taskbar code.
This code adds a JS handler on all link click events and verifies the destination.
If the destination appears to be an external link (1), the link target is changed to
a specific URL:

```
/external?source=<original_uri>
```

(1) external is a link that's not on the same origin and starts with either `http:` `https:` or `//`.

Server implements a new handler on `/external` that displays a new page (`captured_external.html`)
which returns a generic message explaining the situation and offering to click on the link
again should the user really want to.
This is done by specifically asking `set_taskbar` to not block external requests on that page.

This approach allows integrators using a reverse proxy to handle that endpoint differently (rebrand it)

1. `Server` now has an `m_blockExternalLinks` defaulting to `false`
1. `Server.setTaskbar` is extended to support an additional bool to set the variable.
1. `Response` now has an `m_blockExternalLinks`
1. `Response` constr expects an additional bool for `blockExternalLinks`.
1. `Response.set_taskbar` is extended to support an additional bool to set the variable.
1. JNI/Java Wrapper reflects the extensions.
1. New resource file `templates/block_external.js` (included in head_part). Should it be in skin?
1. New resource file `templates/captured_external.html` for `handle_captured_external()`
1. Added a comment on `head_part.html` to help with JS insertion at the right place
1. `introduce_taskbar()` conditionnaly inserts the JS inside the taskbar
This commit is contained in:
renaud gaudin 2020-03-26 12:06:36 +00:00
parent 3ab3ffe3ea
commit 0ad8bf45fc
10 changed files with 104 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/server.h
View File

@ -56,7 +56,9 @@ namespace kiwix
void setNbThreads(int threads) { m_nbThreads = threads; } void setNbThreads(int threads) { m_nbThreads = threads; }
void setVerbose(bool verbose) { m_verbose = verbose; } void setVerbose(bool verbose) { m_verbose = verbose; }
void setTaskbar(bool withTaskbar, bool withLibraryButton) void setTaskbar(bool withTaskbar, bool withLibraryButton)
{ m_withTaskbar = withTaskbar; m_withLibraryButton = withLibraryButton; } { setTaskbar(withTaskbar, withLibraryButton, m_blockExternalLinks); }
void setTaskbar(bool withTaskbar, bool withLibraryButton, bool blockExternalLinks)
{ m_withTaskbar = withTaskbar; m_withLibraryButton = withLibraryButton; m_blockExternalLinks = blockExternalLinks; }
protected: protected:
Library* mp_library; Library* mp_library;
@ -68,6 +70,7 @@ namespace kiwix
bool m_verbose = false; bool m_verbose = false;
bool m_withTaskbar = true; bool m_withTaskbar = true;
bool m_withLibraryButton = true; bool m_withLibraryButton = true;
bool m_blockExternalLinks = false;
std::unique_ptr<InternalServer> mp_server; std::unique_ptr<InternalServer> mp_server;
}; };
} }

39
src/server.cpp
View File

@ -95,7 +95,8 @@ class InternalServer {
int nbThreads, int nbThreads,
bool verbose, bool verbose,
bool withTaskbar, bool withTaskbar,
bool withLibraryButton); bool withLibraryButton,
bool blockExternalLinks);
virtual ~InternalServer() = default; virtual ~InternalServer() = default;
int handlerCallback(struct MHD_Connection* connection, int handlerCallback(struct MHD_Connection* connection,
@ -119,6 +120,7 @@ class InternalServer {
Response handle_search(const RequestContext& request); Response handle_search(const RequestContext& request);
Response handle_suggest(const RequestContext& request); Response handle_suggest(const RequestContext& request);
Response handle_random(const RequestContext& request); Response handle_random(const RequestContext& request);
Response handle_captured_external(const RequestContext& request);
Response handle_content(const RequestContext& request); Response handle_content(const RequestContext& request);
kainjow::mustache::data get_default_data(); kainjow::mustache::data get_default_data();
@ -131,6 +133,7 @@ class InternalServer {
std::atomic_bool m_verbose; std::atomic_bool m_verbose;
bool m_withTaskbar; bool m_withTaskbar;
bool m_withLibraryButton; bool m_withLibraryButton;
bool m_blockExternalLinks;
struct MHD_Daemon* mp_daemon; struct MHD_Daemon* mp_daemon;
Library* mp_library; Library* mp_library;
@ -157,7 +160,8 @@ bool Server::start() {
m_nbThreads, m_nbThreads,
m_verbose, m_verbose,
m_withTaskbar, m_withTaskbar,
m_withLibraryButton)); m_withLibraryButton,
m_blockExternalLinks));
return mp_server->start(); return mp_server->start();
} }
@ -186,7 +190,8 @@ InternalServer::InternalServer(Library* library,
int nbThreads, int nbThreads,
bool verbose, bool verbose,
bool withTaskbar, bool withTaskbar,
bool withLibraryButton) : bool withLibraryButton,
bool blockExternalLinks) :
m_addr(addr), m_addr(addr),
m_port(port), m_port(port),
m_root(root), m_root(root),
@ -194,6 +199,7 @@ InternalServer::InternalServer(Library* library,
m_verbose(verbose), m_verbose(verbose),
m_withTaskbar(withTaskbar), m_withTaskbar(withTaskbar),
m_withLibraryButton(withLibraryButton), m_withLibraryButton(withLibraryButton),
m_blockExternalLinks(blockExternalLinks),
mp_daemon(nullptr), mp_daemon(nullptr),
mp_library(library), mp_library(library),
mp_nameMapper(nameMapper ? nameMapper : &defaultNameMapper) mp_nameMapper(nameMapper ? nameMapper : &defaultNameMapper)
@ -340,6 +346,9 @@ Response InternalServer::handle_request(const RequestContext& request)
if (request.get_url() == "/random") if (request.get_url() == "/random")
return handle_random(request); return handle_random(request);
if (request.get_url() == "/external")
return handle_captured_external(request);
return handle_content(request); return handle_content(request);
} catch (std::exception& e) { } catch (std::exception& e) {
fprintf(stderr, "===== Unhandled error : %s\n", e.what()); fprintf(stderr, "===== Unhandled error : %s\n", e.what());
@ -359,7 +368,7 @@ kainjow::mustache::data InternalServer::get_default_data()
Response InternalServer::get_default_response() Response InternalServer::get_default_response()
{ {
return Response(m_root, m_verbose.load(), m_withTaskbar, m_withLibraryButton); return Response(m_root, m_verbose.load(), m_withTaskbar, m_withLibraryButton, m_blockExternalLinks);
} }
@ -383,7 +392,7 @@ Response InternalServer::build_500(const std::string& msg)
{ {
kainjow::mustache::data data; kainjow::mustache::data data;
data.set("error", msg); data.set("error", msg);
Response response(m_root, true, false, false); Response response(m_root, true, false, false, false);
response.set_template(RESOURCE::templates::_500_html, data); response.set_template(RESOURCE::templates::_500_html, data);
response.set_mimeType("text/html"); response.set_mimeType("text/html");
response.set_code(MHD_HTTP_INTERNAL_SERVER_ERROR); response.set_code(MHD_HTTP_INTERNAL_SERVER_ERROR);
@ -711,6 +720,26 @@ Response InternalServer::handle_random(const RequestContext& request)
} }
} }
Response InternalServer::handle_captured_external(const RequestContext& request)
{
std::string source = "";
try {
source = kiwix::urlDecode(request.get_argument("source"));
} catch (const std::out_of_range& e) {}
if (source.empty())
return build_404(request, "");
auto data = get_default_data();
data.set("source", source);
auto response = get_default_response();
response.set_template(RESOURCE::templates::captured_external_html, data);
response.set_mimeType("text/html; charset=utf-8");
response.set_compress(true);
response.set_taskbar("", "", false);
return response;
}
Response InternalServer::handle_catalog(const RequestContext& request) Response InternalServer::handle_catalog(const RequestContext& request)
{ {
if (m_verbose.load()) { if (m_verbose.load()) {

14
src/server/response.cpp
View File

@ -17,7 +17,7 @@
namespace kiwix { namespace kiwix {
Response::Response(const std::string& root, bool verbose, bool withTaskbar, bool withLibraryButton) Response::Response(const std::string& root, bool verbose, bool withTaskbar, bool withLibraryButton, bool blockExternalLinks)
: m_verbose(verbose), : m_verbose(verbose),
m_root(root), m_root(root),
m_content(""), m_content(""),
@ -25,6 +25,7 @@ Response::Response(const std::string& root, bool verbose, bool withTaskbar, bool
m_returnCode(MHD_HTTP_OK), m_returnCode(MHD_HTTP_OK),
m_withTaskbar(withTaskbar), m_withTaskbar(withTaskbar),
m_withLibraryButton(withLibraryButton), m_withLibraryButton(withLibraryButton),
m_blockExternalLinks(blockExternalLinks),
m_useCache(false), m_useCache(false),
m_addTaskbar(false), m_addTaskbar(false),
m_bookName(""), m_bookName(""),
@ -124,6 +125,14 @@ void Response::introduce_taskbar()
m_content, m_content,
"<body[^>]*>", "<body[^>]*>",
taskbar_part); taskbar_part);
if ( m_blockExternalLinks ) {
const std::string capture_external_part = getResource("templates/block_external.js");
m_content = appendToFirstOccurence(
m_content,
"block external links\n",
capture_external_part);
}
} }
@ -239,11 +248,12 @@ void Response::set_entry(const Entry& entry) {
m_mode = ResponseMode::ENTRY; m_mode = ResponseMode::ENTRY;
} }
void Response::set_taskbar(const std::string& bookName, const std::string& bookTitle) void Response::set_taskbar(const std::string& bookName, const std::string& bookTitle, bool blockExternalLinks)
{ {
m_addTaskbar = true; m_addTaskbar = true;
m_bookName = bookName; m_bookName = bookName;
m_bookTitle = bookTitle; m_bookTitle = bookTitle;
m_blockExternalLinks = blockExternalLinks;
} }

6
src/server/response.h
View File

@ -42,7 +42,7 @@ class RequestContext;
class Response { class Response {
public: public:
Response(const std::string& root, bool verbose, bool withTaskbar, bool withLibraryButton); Response(const std::string& root, bool verbose, bool withTaskbar, bool withLibraryButton, bool blockExternalLinks);
~Response() = default; ~Response() = default;
int send(const RequestContext& request, MHD_Connection* connection); int send(const RequestContext& request, MHD_Connection* connection);
@ -57,7 +57,8 @@ class Response {
void set_code(int code) { m_returnCode = code; } void set_code(int code) { m_returnCode = code; }
void set_cache(bool cache) { m_useCache = cache; } void set_cache(bool cache) { m_useCache = cache; }
void set_compress(bool compress) { m_compress = compress; } void set_compress(bool compress) { m_compress = compress; }
void set_taskbar(const std::string& bookName, const std::string& bookTitle); void set_taskbar(const std::string& bookName, const std::string& bookTitle) { return set_taskbar(bookName, bookTitle, m_blockExternalLinks); }
void set_taskbar(const std::string& bookName, const std::string& bookTitle, bool blockExternalLinks);
void set_range_first(uint64_t start) { m_startRange = start; } void set_range_first(uint64_t start) { m_startRange = start; }
void set_range_len(uint64_t len) { m_lenRange = len; } void set_range_len(uint64_t len) { m_lenRange = len; }
@ -75,6 +76,7 @@ class Response {
int m_returnCode; int m_returnCode;
bool m_withTaskbar; bool m_withTaskbar;
bool m_withLibraryButton; bool m_withLibraryButton;
bool m_blockExternalLinks;
bool m_useCache; bool m_useCache;
bool m_compress; bool m_compress;
bool m_addTaskbar; bool m_addTaskbar;

6
src/wrapper/java/kiwixserver.cpp
View File

@ -85,6 +85,12 @@ Java_org_kiwix_kiwixlib_JNIKiwixServer_setTaskbar(JNIEnv* env, jobject obj, jboo
SERVER->setTaskbar(withTaskbar, withLibraryButton); SERVER->setTaskbar(withTaskbar, withLibraryButton);
} }
JNIEXPORT void JNICALL
Java_org_kiwix_kiwixlib_JNIKiwixServer_setTaskbar(JNIEnv* env, jobject obj, jboolean withTaskbar, jboolean withLibraryButton, jboolean blockExternalLinks)
{
SERVER->setTaskbar(withTaskbar, withLibraryButton, blockExternalLinks);
}
JNIEXPORT jboolean JNICALL JNIEXPORT jboolean JNICALL
Java_org_kiwix_kiwixlib_JNIKiwixServer_start(JNIEnv* env, jobject obj) Java_org_kiwix_kiwixlib_JNIKiwixServer_start(JNIEnv* env, jobject obj)
{ {

1
src/wrapper/java/org/kiwix/kiwixlib/JNIKiwixServer.java
View File

@ -33,6 +33,7 @@ public class JNIKiwixServer
public native void setNbThreads(int nbTreads); public native void setNbThreads(int nbTreads);
public native void setTaskbar(boolean withTaskBar, boolean witLibraryButton); public native void setTaskbar(boolean withTaskBar, boolean witLibraryButton);
public native void setTaskbar(boolean withTaskBar, boolean witLibraryButton, boolean blockExternalLinks);
public native boolean start(); public native boolean start();

2
static/resources_list.txt
View File

@ -28,4 +28,6 @@ templates/index.html
templates/suggestion.json templates/suggestion.json
templates/head_part.html templates/head_part.html
templates/taskbar_part.html templates/taskbar_part.html
templates/captured_external.html
templates/block_external.js
opensearchdescription.xml opensearchdescription.xml

17
static/templates/block_external.js Normal file
View File

@ -0,0 +1,17 @@
function capture(e) { $(e.target).attr("href", encodeURI("/external?source=" + e.target.href)); }
jk( document ).ready(function() {
jk("a").on({click: function(e) {
if ("target" in e && "href" in e.target) {
var href = e.target.href;
if (href.indexOf(window.location.origin) == 0)
return;
if (href.substr(0, 2) == "//")
return capture(e);
if (href.substr(0, 5) == "http:")
return capture(e);
if (href.substr(0, 6) == "https:")
return capture(e);
return;
}
}});
});

23
static/templates/captured_external.html Normal file
View File

@ -0,0 +1,23 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="UTF-8" />
<title>Welcome to Kiwix Server</title>
<script type="text/javascript" src="{{root}}/skin/jquery-ui/external/jquery/jquery.js"></script>
<script type="text/javascript" src="{{root}}/skin/jquery-ui/jquery-ui.min.js"></script>
<link type="text/css" href="{{root}}/skin/jquery-ui/jquery-ui.min.css" rel="Stylesheet" />
<link type="text/css" href="{{root}}/skin/jquery-ui/jquery-ui.theme.min.css" rel="Stylesheet" />
<script type="text/javascript" src="{{root}}/skin/taskbar.js" async></script>
</head>
<body class="kiwix">
<h1>External link blocked</h1>
<p>This instance of Kiwix protects you from accidentaly going to external (out-of ZIM) links.</p>
<p>If you intend to go to such locations, please click the link bellow.</p>
<p><a href="{{ source }}">Go to {{ source }}</a></p>
<div id="kiwixfooter">
Powered by <a href="https://kiwix.org">Kiwix</a>
</div>
</body>
</html>

1
static/templates/head_part.html
View File

@ -5,6 +5,7 @@
<script type="text/javascript" src="{{root}}/skin/jquery-ui/jquery-ui.min.js"></script> <script type="text/javascript" src="{{root}}/skin/jquery-ui/jquery-ui.min.js"></script>
<script> <script>
var jk = jQuery.noConflict(); var jk = jQuery.noConflict();
// block external links
jk(function() { jk(function() {
jk( "#kiwixsearchbox" ).autocomplete({ jk( "#kiwixsearchbox" ).autocomplete({