Move referrer check to before DB access and crypto for token check

This commit is contained in:
AviKav 2020-07-05 13:06:47 -04:00
parent 27bac2ef48
commit a20c759700
No known key found for this signature in database
GPG key ID: 7BC4B96BC8A7167D

View file

@ -88,6 +88,11 @@ class ImageServer(
"/data" "/data"
} + "/$chapterHash/$fileName" } + "/$chapterHash/$fileName"
if (!request.referrerMatches(ALLOWED_REFERER_DOMAINS)) {
LOGGER.info { "Request for $sanitizedUri rejected due to non-allowed referrer ${request.header("Referer")}" }
return@then Response(Status.FORBIDDEN)
}
if (tokenized || serverSettings.forceTokens) { if (tokenized || serverSettings.forceTokens) {
val tokenArr = Base64.getUrlDecoder().decode(Path.of("token")(request)) val tokenArr = Base64.getUrlDecoder().decode(Path.of("token")(request))
val token = try { val token = try {
@ -135,11 +140,7 @@ class ImageServer(
} }
} }
if (!request.referrerMatches(ALLOWED_REFERER_DOMAINS)) { if (snapshot != null && imageDatum != null) {
snapshot?.close()
LOGGER.info { "Request for $sanitizedUri rejected due to non-allowed referrer ${request.header("Referer")}" }
return@then Response(Status.FORBIDDEN)
} else if (snapshot != null && imageDatum != null) {
request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum) request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum)
} else { } else {
if (snapshot != null) { if (snapshot != null) {
@ -167,7 +168,6 @@ class ImageServer(
} }
} }
private fun Request.handleCacheHit(sanitizedUri: String, cipher: Cipher, snapshot: DiskLruCache.Snapshot, imageDatum: ImageDatum): Response { private fun Request.handleCacheHit(sanitizedUri: String, cipher: Cipher, snapshot: DiskLruCache.Snapshot, imageDatum: ImageDatum): Response {
// our files never change, so it's safe to use the browser cache // our files never change, so it's safe to use the browser cache
return if (this.header("If-Modified-Since") != null) { return if (this.header("If-Modified-Since") != null) {