Implement hotlink protection

This commit is contained in:
andreimarcu 2015-09-29 19:28:10 -04:00
parent 02f86da3c7
commit 22818d86ce
2 changed files with 18 additions and 6 deletions

View File

@ -4,6 +4,7 @@ import (
"net/http" "net/http"
"os" "os"
"path" "path"
"strings"
"github.com/zenazn/goji/web" "github.com/zenazn/goji/web"
) )
@ -17,6 +18,14 @@ func fileServeHandler(c web.C, w http.ResponseWriter, r *http.Request) {
return return
} }
if !Config.allowHotlink {
referer := r.Header.Get("Referer")
if referer != "" && !strings.HasPrefix(referer, Config.siteURL) {
w.WriteHeader(403)
return
}
}
http.ServeFile(w, r, filePath) http.ServeFile(w, r, filePath)
} }

View File

@ -16,12 +16,13 @@ import (
) )
var Config struct { var Config struct {
bind string bind string
filesDir string filesDir string
metaDir string metaDir string
noLogs bool noLogs bool
siteName string allowHotlink bool
siteURL string siteName string
siteURL string
} }
var Templates = make(map[string]*pongo2.Template) var Templates = make(map[string]*pongo2.Template)
@ -95,6 +96,8 @@ func main() {
"path to metadata directory") "path to metadata directory")
flag.BoolVar(&Config.noLogs, "nologs", false, flag.BoolVar(&Config.noLogs, "nologs", false,
"remove stdout output for each request") "remove stdout output for each request")
flag.BoolVar(&Config.allowHotlink, "allowhotlink", false,
"Allow hotlinking of files")
flag.StringVar(&Config.siteName, "sitename", "linx", flag.StringVar(&Config.siteName, "sitename", "linx",
"name of the site") "name of the site")
flag.StringVar(&Config.siteURL, "siteurl", "http://"+Config.bind+"/", flag.StringVar(&Config.siteURL, "siteurl", "http://"+Config.bind+"/",