Merge branch 'master' into 'master'
Fix referrer check See merge request mangadex-pub/mangadex_at_home!53
This commit is contained in:
commit
7fde2b5e53
|
@ -88,6 +88,11 @@ class ImageServer(
|
||||||
"/data"
|
"/data"
|
||||||
} + "/$chapterHash/$fileName"
|
} + "/$chapterHash/$fileName"
|
||||||
|
|
||||||
|
if (!request.referrerMatches(ALLOWED_REFERER_DOMAINS)) {
|
||||||
|
LOGGER.info { "Request for $sanitizedUri rejected due to non-allowed referrer ${request.header("Referer")}" }
|
||||||
|
return@then Response(Status.FORBIDDEN)
|
||||||
|
}
|
||||||
|
|
||||||
if (tokenized || serverSettings.forceTokens) {
|
if (tokenized || serverSettings.forceTokens) {
|
||||||
val tokenArr = Base64.getUrlDecoder().decode(Path.of("token")(request))
|
val tokenArr = Base64.getUrlDecoder().decode(Path.of("token")(request))
|
||||||
val token = try {
|
val token = try {
|
||||||
|
@ -135,10 +140,7 @@ class ImageServer(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (request.header("Referer")?.startsWith("https://mangadex.org") == false) {
|
if (snapshot != null && imageDatum != null) {
|
||||||
snapshot?.close()
|
|
||||||
Response(Status.FORBIDDEN)
|
|
||||||
} else if (snapshot != null && imageDatum != null) {
|
|
||||||
request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum)
|
request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum)
|
||||||
} else {
|
} else {
|
||||||
if (snapshot != null) {
|
if (snapshot != null) {
|
||||||
|
@ -152,6 +154,20 @@ class ImageServer(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Filters referrers based on passed (sub)domains. Ignores `scheme` (protocol) in URL
|
||||||
|
*/
|
||||||
|
private fun Request.referrerMatches(allowedDomains: List<String>, permitBlank: Boolean = true): Boolean {
|
||||||
|
val referer = this.header("Referer") ?: return permitBlank // Referrer was misspelled as "Referer" and now we're stuck with it -_-
|
||||||
|
if (referer == "") return permitBlank
|
||||||
|
|
||||||
|
return allowedDomains.any {
|
||||||
|
referer.substringAfter("//") // Ignore scheme
|
||||||
|
.substringBefore("/") // Ignore path
|
||||||
|
.endsWith(it)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private fun Request.handleCacheHit(sanitizedUri: String, cipher: Cipher, snapshot: DiskLruCache.Snapshot, imageDatum: ImageDatum): Response {
|
private fun Request.handleCacheHit(sanitizedUri: String, cipher: Cipher, snapshot: DiskLruCache.Snapshot, imageDatum: ImageDatum): Response {
|
||||||
// our files never change, so it's safe to use the browser cache
|
// our files never change, so it's safe to use the browser cache
|
||||||
return if (this.header("If-Modified-Since") != null) {
|
return if (this.header("If-Modified-Since") != null) {
|
||||||
|
@ -274,6 +290,7 @@ class ImageServer(
|
||||||
private val JACKSON: ObjectMapper = jacksonObjectMapper()
|
private val JACKSON: ObjectMapper = jacksonObjectMapper()
|
||||||
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
|
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
|
||||||
.registerModule(JavaTimeModule())
|
.registerModule(JavaTimeModule())
|
||||||
|
private val ALLOWED_REFERER_DOMAINS = listOf("mangadex.org", "mangadex.network") // TODO: Factor out hardcoded domains?
|
||||||
|
|
||||||
private fun baseHandler(): Filter =
|
private fun baseHandler(): Filter =
|
||||||
CachingFilters.Response.MaxAge(Clock.systemUTC(), Constants.MAX_AGE_CACHE)
|
CachingFilters.Response.MaxAge(Clock.systemUTC(), Constants.MAX_AGE_CACHE)
|
||||||
|
|
Loading…
Reference in a new issue