jonathan/hostr
jonathan/hostr
1
0
Fork 0
Code Issues Pull requests 4 Projects Releases Packages 1 Wiki Activity Actions

Block hotlinking of non-image files.

Browse source
This commit is contained in:
Jonathan Cremin 2015-08-09 01:11:48 +01:00
parent 313747b72f
commit 0d762bb416
1 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
web/routes/file.js
View file

@ -16,10 +16,17 @@ const userAgentCheck = function(userAgent) {
return userAgent.match(/^(wget|curl|vagrant)/i);
};
const hotlinkCheck = function(file, userAgent, referrer) {
debug(file, userAgent, referrer);
return !userAgentCheck(userAgent) && !file.width && !(referrer.match(/^https:\/\/hostr.co/) || referrer.match(/^http:\/\/localhost:4040/))
};
export function* get(id, name, size) {
debug('%s, %s, %s', id, name, size);
const file = yield this.db.Files.findOne({_id: id, 'file_name': name, 'status': 'active'});
this.assert(file, 404);
if (hotlinkCheck(file, this.headers['user-agent'], this.headers['referer'])) {
this.redirect('/' + id);
}
let localPath = path.join(storePath, file._id[0], file._id + '_' + file.file_name);
let remotePath = path.join(file._id[0], file._id + '_' + file.file_name);
if (size > 0) {
@ -50,7 +57,7 @@ export function* landing(id, next) {
const file = yield this.db.Files.findOne({_id: id});
this.assert(file, 404);
if(userAgentCheck(this.headers['user-agent'])) {
return direct(file._id, file.file_name);
return yield get.call(this, file._id, file.file_name);
}
const formattedFile = formatFile(file);