575 lines
20 KiB
Python
575 lines
20 KiB
Python
from copy import deepcopy
|
|
|
|
from django.conf import settings
|
|
from opensearchpy import OpenSearch
|
|
from opensearchpy.exceptions import NotFoundError, RequestError
|
|
|
|
from core.lib.threshold import annotate_num_chans, annotate_num_users, annotate_online
|
|
from core.views.helpers import (
|
|
LookupDenied,
|
|
SearchDenied,
|
|
dedup_list,
|
|
encrypt_list,
|
|
hash_list,
|
|
hash_lookup,
|
|
obfuscate_list,
|
|
)
|
|
|
|
# from json import dumps
|
|
# pp = lambda x: print(dumps(x, indent=2))
|
|
|
|
|
|
def initialise_opensearch():
|
|
"""
|
|
Inititialise the OpenSearch API endpoint.
|
|
"""
|
|
auth = (settings.OPENSEARCH_USERNAME, settings.OPENSEARCH_PASSWORD)
|
|
client = OpenSearch(
|
|
# fmt: off
|
|
hosts=[{"host": settings.OPENSEARCH_URL,
|
|
"port": settings.OPENSEARCH_PORT}],
|
|
http_compress=False, # enables gzip compression for request bodies
|
|
http_auth=auth,
|
|
# client_cert = client_cert_path,
|
|
# client_key = client_key_path,
|
|
use_ssl=settings.OPENSEARCH_TLS,
|
|
verify_certs=False,
|
|
ssl_assert_hostname=False,
|
|
ssl_show_warn=False,
|
|
# a_certs=ca_certs_path,
|
|
)
|
|
return client
|
|
|
|
|
|
client = initialise_opensearch()
|
|
|
|
|
|
def annotate_results(results_parsed):
|
|
"""
|
|
Accept a list of dict objects, search for the number of channels and users.
|
|
Add them to the object.
|
|
Mutate it in place. Does not return anything.
|
|
"""
|
|
# Figure out items with net (not discord)
|
|
nets = set()
|
|
for x in results_parsed:
|
|
if "net" in x:
|
|
nets.add(x["net"])
|
|
|
|
for net in nets:
|
|
# Annotate the online attribute from Threshold
|
|
nicks = list(
|
|
set(
|
|
[
|
|
x["nick"]
|
|
for x in results_parsed
|
|
if {"nick", "src", "net"}.issubset(x)
|
|
and x["src"] == "irc"
|
|
and x["net"] == net
|
|
]
|
|
)
|
|
)
|
|
channels = list(
|
|
set(
|
|
[
|
|
x["channel"]
|
|
for x in results_parsed
|
|
if {"channel", "src", "net"}.issubset(x)
|
|
and x["src"] == "irc"
|
|
and x["net"] == net
|
|
]
|
|
)
|
|
)
|
|
online_info = annotate_online(net, nicks)
|
|
# Annotate the number of users in the channel
|
|
num_users = annotate_num_users(net, channels)
|
|
# Annotate the number channels the user is on
|
|
num_chans = annotate_num_chans(net, nicks)
|
|
for item in results_parsed:
|
|
if "net" in item:
|
|
if item["net"] == net:
|
|
if "nick" in item:
|
|
if item["nick"] in online_info:
|
|
item["online"] = online_info[item["nick"]]
|
|
if "channel" in item:
|
|
if item["channel"] in num_users:
|
|
item["num_users"] = num_users[item["channel"]]
|
|
if "nick" in item:
|
|
if item["nick"] in num_chans:
|
|
item["num_chans"] = num_chans[item["nick"]]
|
|
|
|
|
|
def filter_blacklisted(user, response):
|
|
"""
|
|
Low level filter to take the raw OpenSearch response and remove
|
|
objects from it we want to keep secret.
|
|
Does not return, the object is mutated in place.
|
|
"""
|
|
response["redacted"] = 0
|
|
response["exemption"] = None
|
|
if user.is_superuser:
|
|
response["exemption"] = True
|
|
# is_anonymous = isinstance(user, AnonymousUser)
|
|
# For every hit from ES
|
|
for index, item in enumerate(list(response["hits"]["hits"])):
|
|
# For every blacklisted type
|
|
for blacklisted_type in settings.OPENSEARCH_BLACKLISTED.keys():
|
|
# Check this field we are matching exists
|
|
if "_source" in item.keys():
|
|
data_index = "_source"
|
|
elif "fields" in item.keys():
|
|
data_index = "fields"
|
|
else:
|
|
return False
|
|
if blacklisted_type in item[data_index].keys():
|
|
content = item[data_index][blacklisted_type]
|
|
# For every item in the blacklisted array for the type
|
|
for blacklisted_item in settings.OPENSEARCH_BLACKLISTED[
|
|
blacklisted_type
|
|
]:
|
|
if blacklisted_item == str(content):
|
|
# Remove the item
|
|
if item in response["hits"]["hits"]:
|
|
# Let the UI know something was redacted
|
|
if (
|
|
"exemption"
|
|
not in response["hits"]["hits"][index][data_index]
|
|
):
|
|
response["redacted"] += 1
|
|
# Anonymous
|
|
if user.is_anonymous:
|
|
# Just set it to none so the index is not off
|
|
response["hits"]["hits"][index] = None
|
|
else:
|
|
if not user.has_perm("core.bypass_blacklist"):
|
|
response["hits"]["hits"][index] = None
|
|
else:
|
|
response["hits"]["hits"][index][data_index][
|
|
"exemption"
|
|
] = True
|
|
|
|
# Actually get rid of all the things we set to None
|
|
response["hits"]["hits"] = [hit for hit in response["hits"]["hits"] if hit]
|
|
|
|
|
|
def construct_query(query, size, use_query_string=True, tokens=False):
|
|
"""
|
|
Accept some query parameters and construct an OpenSearch query.
|
|
"""
|
|
if not size:
|
|
size = 5
|
|
query_base = {
|
|
"size": size,
|
|
"query": {"bool": {"must": []}},
|
|
}
|
|
query_string = {
|
|
"query_string": {
|
|
"query": query,
|
|
# "fields": fields,
|
|
# "default_field": "msg",
|
|
# "type": "best_fields",
|
|
"fuzziness": "AUTO",
|
|
"fuzzy_transpositions": True,
|
|
"fuzzy_max_expansions": 50,
|
|
"fuzzy_prefix_length": 0,
|
|
# "minimum_should_match": 1,
|
|
"default_operator": "or",
|
|
"analyzer": "standard",
|
|
"lenient": True,
|
|
"boost": 1,
|
|
"allow_leading_wildcard": True,
|
|
# "enable_position_increments": False,
|
|
"phrase_slop": 3,
|
|
# "max_determinized_states": 10000,
|
|
"quote_field_suffix": "",
|
|
"quote_analyzer": "standard",
|
|
"analyze_wildcard": False,
|
|
"auto_generate_synonyms_phrase_query": True,
|
|
}
|
|
}
|
|
query_tokens = {
|
|
"simple_query_string": {
|
|
# "tokens": query,
|
|
"query": query,
|
|
"fields": ["tokens"],
|
|
"flags": "ALL",
|
|
"fuzzy_transpositions": True,
|
|
"fuzzy_max_expansions": 50,
|
|
"fuzzy_prefix_length": 0,
|
|
"default_operator": "and",
|
|
"analyzer": "standard",
|
|
"lenient": True,
|
|
"boost": 1,
|
|
"quote_field_suffix": "",
|
|
"analyze_wildcard": False,
|
|
"auto_generate_synonyms_phrase_query": False,
|
|
}
|
|
}
|
|
if tokens:
|
|
query_base["query"]["bool"]["must"].append(query_tokens)
|
|
# query["query"]["bool"]["must"].append(query_string)
|
|
# query["query"]["bool"]["must"][0]["query_string"]["fields"] = ["tokens"]
|
|
elif use_query_string:
|
|
query_base["query"]["bool"]["must"].append(query_string)
|
|
return query_base
|
|
|
|
|
|
def run_main_query(client, user, query, custom_query=False, index=None, size=None):
|
|
"""
|
|
Low level helper to run an ES query.
|
|
Accept a user to pass it to the filter, so we can
|
|
avoid filtering for superusers.
|
|
Accept fields and size, for the fields we want to match and the
|
|
number of results to return.
|
|
"""
|
|
if not index:
|
|
index = settings.OPENSEARCH_INDEX_MAIN
|
|
if custom_query:
|
|
search_query = query
|
|
else:
|
|
search_query = construct_query(query, size)
|
|
try:
|
|
response = client.search(body=search_query, index=index)
|
|
except RequestError as err:
|
|
print("OpenSearch error", err)
|
|
return err
|
|
except NotFoundError as err:
|
|
print("OpenSearch error", err)
|
|
return err
|
|
filter_blacklisted(user, response)
|
|
return response
|
|
|
|
|
|
def parse_results(results):
|
|
results_parsed = []
|
|
if "hits" in results.keys():
|
|
if "hits" in results["hits"]:
|
|
for item in results["hits"]["hits"]:
|
|
if "_source" in item.keys():
|
|
data_index = "_source"
|
|
elif "fields" in item.keys():
|
|
data_index = "fields"
|
|
else:
|
|
return False
|
|
element = item[data_index]
|
|
# Why are fields in lists...
|
|
if data_index == "fields":
|
|
element = {k: v[0] for k, v in element.items() if len(v)}
|
|
element["id"] = item["_id"]
|
|
|
|
# Split the timestamp into date and time
|
|
if "ts" not in element:
|
|
if "time" in element: # will fix data later
|
|
ts = element["time"]
|
|
del element["time"]
|
|
element["ts"] = ts
|
|
if "ts" in element:
|
|
ts = element["ts"]
|
|
ts_spl = ts.split("T")
|
|
date = ts_spl[0]
|
|
time = ts_spl[1]
|
|
element["date"] = date
|
|
if "." in time:
|
|
time_spl = time.split(".")
|
|
if len(time_spl) == 2:
|
|
element["time"] = time.split(".")[0]
|
|
else:
|
|
element["time"] = time
|
|
else:
|
|
element["time"] = time
|
|
results_parsed.append(element)
|
|
return results_parsed
|
|
|
|
|
|
def query_results(
|
|
request,
|
|
query_params,
|
|
size=None,
|
|
annotate=True,
|
|
custom_query=False,
|
|
reverse=False,
|
|
dedup=False,
|
|
dedup_fields=None,
|
|
lookup_hashes=True,
|
|
tags=None,
|
|
):
|
|
"""
|
|
API helper to alter the OpenSearch return format into something
|
|
a bit better to parse.
|
|
Accept a HTTP request object. Run the query, and annotate the
|
|
results with the other data we have.
|
|
"""
|
|
# is_anonymous = isinstance(request.user, AnonymousUser)
|
|
query = None
|
|
message = None
|
|
message_class = None
|
|
add_bool = []
|
|
add_top = []
|
|
add_top_negative = []
|
|
sort = None
|
|
query_created = False
|
|
|
|
# Lookup the hash values but don't disclose them to the user
|
|
denied = []
|
|
if lookup_hashes:
|
|
if settings.HASHING:
|
|
query_params = deepcopy(query_params)
|
|
denied_q = hash_lookup(request.user, query_params)
|
|
denied.extend(denied_q)
|
|
if tags:
|
|
denied_t = hash_lookup(request.user, tags)
|
|
denied.extend(denied_t)
|
|
|
|
message = []
|
|
for x in denied:
|
|
if isinstance(x, SearchDenied):
|
|
message.append(f"Permission denied to search by {x.key}: {x.value}")
|
|
elif isinstance(x, LookupDenied):
|
|
message.append(f"Tag {x.key}: {x.value} not expected here. Nice try.")
|
|
if denied:
|
|
print("DENIED DICT", message)
|
|
message = [f"{i}" for i in message]
|
|
message = "\n".join(message)
|
|
message_class = "danger"
|
|
return {"message": message, "class": message_class}
|
|
|
|
if request.user.is_anonymous:
|
|
sizes = settings.OPENSEARCH_MAIN_SIZES_ANON
|
|
else:
|
|
sizes = settings.OPENSEARCH_MAIN_SIZES
|
|
if not size:
|
|
if "size" in query_params:
|
|
size = query_params["size"]
|
|
if size not in sizes:
|
|
message = "Size is not permitted"
|
|
message_class = "danger"
|
|
return {"message": message, "class": message_class}
|
|
else:
|
|
size = 20
|
|
if "source" in query_params:
|
|
source = query_params["source"]
|
|
if source not in settings.OPENSEARCH_MAIN_SOURCES:
|
|
message = "Invalid source"
|
|
message_class = "danger"
|
|
return {"message": message, "class": message_class}
|
|
if source != "all":
|
|
add_bool.append({"src": source})
|
|
if set({"from_date", "to_date", "from_time", "to_time"}).issubset(
|
|
query_params.keys()
|
|
):
|
|
from_ts = f"{query_params['from_date']}T{query_params['from_time']}Z"
|
|
to_ts = f"{query_params['to_date']}T{query_params['to_time']}Z"
|
|
range_query = {
|
|
"range": {
|
|
"ts": {
|
|
"gt": from_ts,
|
|
"lt": to_ts,
|
|
}
|
|
}
|
|
}
|
|
add_top.append(range_query)
|
|
if "sorting" in query_params:
|
|
sorting = query_params["sorting"]
|
|
if sorting not in ("asc", "desc", "none"):
|
|
message = "Invalid sort"
|
|
message_class = "danger"
|
|
return {"message": message, "class": message_class}
|
|
if sorting in ("asc", "desc"):
|
|
sort = [
|
|
{
|
|
"ts": {
|
|
"order": sorting,
|
|
}
|
|
}
|
|
]
|
|
|
|
if "check_sentiment" in query_params:
|
|
if "sentiment_method" not in query_params:
|
|
message = "No sentiment method"
|
|
message_class = "danger"
|
|
return {"message": message, "class": message_class}
|
|
if "sentiment" in query_params:
|
|
sentiment = query_params["sentiment"]
|
|
try:
|
|
sentiment = float(sentiment)
|
|
except ValueError:
|
|
message = "Sentiment is not a float"
|
|
message_class = "danger"
|
|
return {"message": message, "class": message_class}
|
|
sentiment_method = query_params["sentiment_method"]
|
|
range_query_compare = {"range": {"sentiment": {}}}
|
|
range_query_precise = {
|
|
"match": {
|
|
"sentiment": None,
|
|
}
|
|
}
|
|
if sentiment_method == "below":
|
|
range_query_compare["range"]["sentiment"]["lt"] = sentiment
|
|
add_top.append(range_query_compare)
|
|
elif sentiment_method == "above":
|
|
range_query_compare["range"]["sentiment"]["gt"] = sentiment
|
|
add_top.append(range_query_compare)
|
|
elif sentiment_method == "exact":
|
|
range_query_precise["match"]["sentiment"] = sentiment
|
|
add_top.append(range_query_precise)
|
|
elif sentiment_method == "nonzero":
|
|
range_query_precise["match"]["sentiment"] = 0
|
|
add_top_negative.append(range_query_precise)
|
|
|
|
# Only one of query or query_full can be active at once
|
|
# We prefer query because it's simpler
|
|
if "query" in query_params:
|
|
query = query_params["query"]
|
|
search_query = construct_query(query, size, tokens=True)
|
|
query_created = True
|
|
elif "query_full" in query_params:
|
|
query_full = query_params["query_full"]
|
|
if request.user.has_perm("query_search"):
|
|
search_query = construct_query(query_full, size)
|
|
query_created = True
|
|
else:
|
|
message = "You cannot search by query string"
|
|
message_class = "danger"
|
|
return {"message": message, "class": message_class}
|
|
else:
|
|
if custom_query:
|
|
search_query = custom_query
|
|
|
|
if tags:
|
|
# Get a blank search query
|
|
if not query_created:
|
|
search_query = construct_query(None, size, use_query_string=False)
|
|
query_created = True
|
|
for tagname, tagvalue in tags.items():
|
|
add_bool.append({tagname: tagvalue})
|
|
|
|
required_any = ["query_full", "query", "tags"]
|
|
if not any([field in query_params.keys() for field in required_any]):
|
|
if not custom_query:
|
|
message = "Empty query!"
|
|
message_class = "warning"
|
|
return {"message": message, "class": message_class}
|
|
|
|
if add_bool:
|
|
# if "bool" not in search_query["query"]:
|
|
# search_query["query"]["bool"] = {}
|
|
# if "must" not in search_query["query"]["bool"]:
|
|
# search_query["query"]["bool"] = {"must": []}
|
|
|
|
for item in add_bool:
|
|
search_query["query"]["bool"]["must"].append({"match_phrase": item})
|
|
if add_top:
|
|
for item in add_top:
|
|
search_query["query"]["bool"]["must"].append(item)
|
|
if add_top_negative:
|
|
for item in add_top_negative:
|
|
if "must_not" in search_query["query"]["bool"]:
|
|
search_query["query"]["bool"]["must_not"].append(item)
|
|
else:
|
|
search_query["query"]["bool"]["must_not"] = [item]
|
|
if sort:
|
|
search_query["sort"] = sort
|
|
|
|
if "index" in query_params:
|
|
index = query_params["index"]
|
|
if index == "main":
|
|
index = settings.OPENSEARCH_INDEX_MAIN
|
|
else:
|
|
if not request.user.has_perm(f"index_{index}"):
|
|
message = "Not permitted to search by this index"
|
|
message_class = "danger"
|
|
return {
|
|
"message": message,
|
|
"class": message_class,
|
|
}
|
|
if index == "meta":
|
|
index = settings.OPENSEARCH_INDEX_META
|
|
elif index == "int":
|
|
index = settings.OPENSEARCH_INDEX_INT
|
|
else:
|
|
message = "Index is not valid."
|
|
message_class = "danger"
|
|
return {
|
|
"message": message,
|
|
"class": message_class,
|
|
}
|
|
|
|
else:
|
|
index = settings.OPENSEARCH_INDEX_MAIN
|
|
|
|
results = run_main_query(
|
|
client,
|
|
request.user, # passed through run_main_query to filter_blacklisted
|
|
search_query,
|
|
custom_query=True,
|
|
index=index,
|
|
size=size,
|
|
)
|
|
if not results:
|
|
return False
|
|
if isinstance(results, Exception):
|
|
message = f"Error: {results.info['error']['root_cause'][0]['type']}"
|
|
message_class = "danger"
|
|
return {"message": message, "class": message_class}
|
|
if len(results["hits"]["hits"]) == 0:
|
|
message = "No results."
|
|
message_class = "danger"
|
|
return {"message": message, "class": message_class}
|
|
|
|
results_parsed = parse_results(results)
|
|
|
|
if annotate:
|
|
annotate_results(results_parsed)
|
|
if "dedup" in query_params:
|
|
if query_params["dedup"] == "on":
|
|
dedup = True
|
|
else:
|
|
dedup = False
|
|
else:
|
|
dedup = False
|
|
|
|
if reverse:
|
|
results_parsed = results_parsed[::-1]
|
|
|
|
if dedup:
|
|
if not dedup_fields:
|
|
dedup_fields = ["msg", "nick", "ident", "host", "net", "channel"]
|
|
results_parsed = dedup_list(results_parsed, dedup_fields)
|
|
|
|
if settings.ENCRYPTION:
|
|
encrypt_list(request.user, results_parsed, settings.ENCRYPTION_KEY)
|
|
|
|
if settings.HASHING:
|
|
hash_list(request.user, results_parsed)
|
|
|
|
if settings.OBFUSCATION:
|
|
obfuscate_list(request.user, results_parsed)
|
|
|
|
# process_list(reqults)
|
|
|
|
# IMPORTANT! - DO NOT PASS query_params to the user!
|
|
context = {
|
|
"object_list": results_parsed,
|
|
"card": results["hits"]["total"]["value"],
|
|
"took": results["took"],
|
|
"redacted": results["redacted"],
|
|
"exemption": results["exemption"],
|
|
}
|
|
if query:
|
|
context["query"] = query
|
|
return context
|
|
|
|
|
|
def query_single_result(request, query_params):
|
|
context = query_results(request, query_params, size=100)
|
|
|
|
if not context:
|
|
return {"message": "Failed to run query", "message_class": "danger"}
|
|
if "message" in context:
|
|
return context
|
|
dedup_set = {item["nick"] for item in context["object_list"]}
|
|
if dedup_set:
|
|
context["item"] = context["object_list"][0]
|
|
|
|
return context
|