From 00e4ac20bb65e9bd06c51c035294488f7523598a Mon Sep 17 00:00:00 2001
From: Amos Ng <amosng1@gmail.com>
Date: Mon, 29 Jun 2020 06:08:00 +0800
Subject: [PATCH] Added rudimentary support of Referer checking to mitigate
 hotlinking

---
 CHANGELOG.md                                     | 1 +
 src/main/kotlin/mdnet/base/server/ImageServer.kt | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 39db16c..2d8c1ac 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - [2020-06-23] Added Gitlab CI integration by [@lflare].
 - [2020-06-28] Added `client_external_port setting` [@wedge1001].
+- [2020-06-29] Added rudimentary support of Referer checking to mitigate hotlinking by [@lflare].
 
 ### Changed
 
diff --git a/src/main/kotlin/mdnet/base/server/ImageServer.kt b/src/main/kotlin/mdnet/base/server/ImageServer.kt
index f1bb94e..13e1c88 100644
--- a/src/main/kotlin/mdnet/base/server/ImageServer.kt
+++ b/src/main/kotlin/mdnet/base/server/ImageServer.kt
@@ -101,8 +101,12 @@ class ImageServer(private val cache: DiskLruCache, private val statistics: Atomi
             }
         }
 
+        val referer = request.header("Referer")
+
         handled.set(true)
-        if (snapshot != null && imageDatum != null) {
+        if (referer != null && !referer.contains("mangadex.org")) {
+            Response(Status.FORBIDDEN)
+        } else if (snapshot != null && imageDatum != null) {
             request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum)
                 .header("X-Uri", sanitizedUri)
         } else {