github.com/TeaOSLab/EdgeNode@v1.3.8/internal/nodes/http_request_referers.go

github.com/TeaOSLab/EdgeNode@v1.3.8/internal/nodes/http_request_referers.go (about)

     1  // Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
     2  
     3  package nodes
     4  
     5  import (
     6  	"net/http"
     7  	"net/url"
     8  )
     9  
    10  func (this *HTTPRequest) doCheckReferers() (shouldStop bool) {
    11  	if this.web.Referers == nil {
    12  		return
    13  	}
    14  
    15  	// 检查URL
    16  	if !this.web.Referers.MatchURL(this.URL()) {
    17  		return
    18  	}
    19  
    20  	var origin = this.RawReq.Header.Get("Origin")
    21  
    22  	const cacheSeconds = "3600" // 时间不能过长，防止修改设置后长期无法生效
    23  
    24  	// 处理用到Origin的特殊功能
    25  	if this.web.Referers.CheckOrigin && len(origin) > 0 {
    26  		// 处理Websocket
    27  		if this.web.Websocket != nil && this.web.Websocket.IsOn && this.RawReq.Header.Get("Upgrade") == "websocket" {
    28  			originHost, _ := httpParseHost(origin)
    29  			if len(originHost) > 0 && this.web.Websocket.MatchOrigin(originHost) {
    30  				return
    31  			}
    32  		}
    33  	}
    34  
    35  	var refererURL = this.RawReq.Header.Get("Referer")
    36  	if len(refererURL) == 0 && this.web.Referers.CheckOrigin {
    37  		if len(origin) > 0 && origin != "null" {
    38  			if urlSchemeRegexp.MatchString(origin) {
    39  				refererURL = origin
    40  			} else {
    41  				refererURL = "https://" + origin
    42  			}
    43  		}
    44  	}
    45  
    46  	if len(refererURL) == 0 {
    47  		if this.web.Referers.MatchDomain(this.ReqHost, "") {
    48  			return
    49  		}
    50  
    51  		this.tags = append(this.tags, "refererCheck")
    52  		this.writer.Header().Set("Cache-Control", "max-age="+cacheSeconds)
    53  		this.writeCode(http.StatusForbidden, "The referer has been blocked.", "当前访问已被防盗链系统拦截。")
    54  
    55  		return true
    56  	}
    57  
    58  	u, err := url.Parse(refererURL)
    59  	if err != nil {
    60  		if this.web.Referers.MatchDomain(this.ReqHost, "") {
    61  			return
    62  		}
    63  
    64  		this.tags = append(this.tags, "refererCheck")
    65  		this.writer.Header().Set("Cache-Control", "max-age="+cacheSeconds)
    66  		this.writeCode(http.StatusForbidden, "The referer has been blocked.", "当前访问已被防盗链系统拦截。")
    67  
    68  		return true
    69  	}
    70  
    71  	if !this.web.Referers.MatchDomain(this.ReqHost, u.Host) {
    72  		this.tags = append(this.tags, "refererCheck")
    73  		this.writer.Header().Set("Cache-Control", "max-age="+cacheSeconds)
    74  		this.writeCode(http.StatusForbidden, "The referer has been blocked.", "当前访问已被防盗链系统拦截。")
    75  		return true
    76  	}
    77  	return
    78  }