From 22818d86cedd007a1d7f47ccc82d88c817f64a8e Mon Sep 17 00:00:00 2001
From: andreimarcu <andrei@marcu.net>
Date: Tue, 29 Sep 2015 19:28:10 -0400
Subject: [PATCH] Implement hotlink protection

---
 fileserve.go |  9 +++++++++
 server.go    | 15 +++++++++------
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/fileserve.go b/fileserve.go
index 542f4a8..4e9e1da 100644
--- a/fileserve.go
+++ b/fileserve.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 	"os"
 	"path"
+	"strings"
 
 	"github.com/zenazn/goji/web"
 )
@@ -17,6 +18,14 @@ func fileServeHandler(c web.C, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if !Config.allowHotlink {
+		referer := r.Header.Get("Referer")
+		if referer != "" && !strings.HasPrefix(referer, Config.siteURL) {
+			w.WriteHeader(403)
+			return
+		}
+	}
+
 	http.ServeFile(w, r, filePath)
 }
 
diff --git a/server.go b/server.go
index efd4c83..1927cc2 100644
--- a/server.go
+++ b/server.go
@@ -16,12 +16,13 @@ import (
 )
 
 var Config struct {
-	bind     string
-	filesDir string
-	metaDir  string
-	noLogs   bool
-	siteName string
-	siteURL  string
+	bind         string
+	filesDir     string
+	metaDir      string
+	noLogs       bool
+	allowHotlink bool
+	siteName     string
+	siteURL      string
 }
 
 var Templates = make(map[string]*pongo2.Template)
@@ -95,6 +96,8 @@ func main() {
 		"path to metadata directory")
 	flag.BoolVar(&Config.noLogs, "nologs", false,
 		"remove stdout output for each request")
+	flag.BoolVar(&Config.allowHotlink, "allowhotlink", false,
+		"Allow hotlinking of files")
 	flag.StringVar(&Config.siteName, "sitename", "linx",
 		"name of the site")
 	flag.StringVar(&Config.siteURL, "siteurl", "http://"+Config.bind+"/",