From 22818d86cedd007a1d7f47ccc82d88c817f64a8e Mon Sep 17 00:00:00 2001 From: andreimarcu Date: Tue, 29 Sep 2015 19:28:10 -0400 Subject: [PATCH] Implement hotlink protection --- fileserve.go | 9 +++++++++ server.go | 15 +++++++++------ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/fileserve.go b/fileserve.go index 542f4a8..4e9e1da 100644 --- a/fileserve.go +++ b/fileserve.go @@ -4,6 +4,7 @@ import ( "net/http" "os" "path" + "strings" "github.com/zenazn/goji/web" ) @@ -17,6 +18,14 @@ func fileServeHandler(c web.C, w http.ResponseWriter, r *http.Request) { return } + if !Config.allowHotlink { + referer := r.Header.Get("Referer") + if referer != "" && !strings.HasPrefix(referer, Config.siteURL) { + w.WriteHeader(403) + return + } + } + http.ServeFile(w, r, filePath) } diff --git a/server.go b/server.go index efd4c83..1927cc2 100644 --- a/server.go +++ b/server.go @@ -16,12 +16,13 @@ import ( ) var Config struct { - bind string - filesDir string - metaDir string - noLogs bool - siteName string - siteURL string + bind string + filesDir string + metaDir string + noLogs bool + allowHotlink bool + siteName string + siteURL string } var Templates = make(map[string]*pongo2.Template) @@ -95,6 +96,8 @@ func main() { "path to metadata directory") flag.BoolVar(&Config.noLogs, "nologs", false, "remove stdout output for each request") + flag.BoolVar(&Config.allowHotlink, "allowhotlink", false, + "Allow hotlinking of files") flag.StringVar(&Config.siteName, "sitename", "linx", "name of the site") flag.StringVar(&Config.siteURL, "siteurl", "http://"+Config.bind+"/",