Implement hotlink protection

fileserve.go

@@ -4,6 +4,7 @@ import (
 	"net/http"
 	"os"
 	"path"
+	"strings"
 
 	"github.com/zenazn/goji/web"
 )
@@ -17,6 +18,14 @@ func fileServeHandler(c web.C, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if !Config.allowHotlink {
+		referer := r.Header.Get("Referer")
+		if referer != "" && !strings.HasPrefix(referer, Config.siteURL) {
+			w.WriteHeader(403)
+			return
+		}
+	}
+
 	http.ServeFile(w, r, filePath)
 }
 

server.go

@@ -16,12 +16,13 @@ import (
 )
 
 var Config struct {
-	bind     string
+	bind         string
-	filesDir string
+	filesDir     string
-	metaDir  string
+	metaDir      string
-	noLogs   bool
+	noLogs       bool
-	siteName string
+	allowHotlink bool
-	siteURL  string
+	siteName     string
+	siteURL      string
 }
 
 var Templates = make(map[string]*pongo2.Template)
@@ -95,6 +96,8 @@ func main() {
 		"path to metadata directory")
 	flag.BoolVar(&Config.noLogs, "nologs", false,
 		"remove stdout output for each request")
+	flag.BoolVar(&Config.allowHotlink, "allowhotlink", false,
+		"Allow hotlinking of files")
 	flag.StringVar(&Config.siteName, "sitename", "linx",
 		"name of the site")
 	flag.StringVar(&Config.siteURL, "siteurl", "http://"+Config.bind+"/",