Merge branch 'prevent-hotlinking' into 'master'

Added rudimentary support of Referer checking to mitigate hotlinking

See merge request mangadex-pub/mangadex_at_home!41
This commit is contained in:
carbotaniuman 2020-06-29 02:46:11 +00:00
commit 63c810815f
2 changed files with 10 additions and 1 deletions

View file

@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Added ### Added
- [2020-06-23] Added Gitlab CI integration by [@lflare]. - [2020-06-23] Added Gitlab CI integration by [@lflare].
- [2020-06-28] Added `client_external_port setting` [@wedge1001]. - [2020-06-28] Added `client_external_port setting` [@wedge1001].
- [2020-06-29] Added rudimentary support of Referer checking to mitigate hotlinking by [@lflare].
### Changed ### Changed

View file

@ -101,8 +101,16 @@ class ImageServer(private val cache: DiskLruCache, private val statistics: Atomi
} }
} }
val referer = request.header("Referer")
handled.set(true) handled.set(true)
if (snapshot != null && imageDatum != null) { if (referer != null && !referer.startsWith("https://mangadex.org")) {
if (snapshot != null) {
snapshot.close()
}
Response(Status.FORBIDDEN)
} else if (snapshot != null && imageDatum != null) {
request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum) request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum)
.header("X-Uri", sanitizedUri) .header("X-Uri", sanitizedUri)
} else { } else {