防盗链功能增加禁止的来源域名

2025-11-04 05:00:24 +08:00 · 2022-10-24 10:21:13 +08:00
parent b6e0740b27
commit 156172dacf
3 changed files with 61 additions and 2 deletions
--- a/pkg/serverconfigs/http_websocket_config.go
+++ b/pkg/serverconfigs/http_websocket_config.go
@@ -6,7 +6,7 @@ import (
 	"time"
 )

-// websocket设置
+// HTTPWebsocketConfig websocket设置
 type HTTPWebsocketConfig struct {
 	Id   int64 `yaml:"id" json:"id"`     // ID
 	IsOn bool  `yaml:"isOn" json:"isOn"` // 是否开启
--- a/pkg/serverconfigs/referers_config.go
+++ b/pkg/serverconfigs/referers_config.go
@@ -11,6 +11,7 @@ type ReferersConfig struct {
 	AllowEmpty      bool     `yaml:"allowEmpty" json:"allowEmpty"`           // 来源域名允许为空
 	AllowSameDomain bool     `yaml:"allowSameDomain" json:"allowSameDomain"` // 允许来源域名和当前访问的域名一致，相当于在站内访问
 	AllowDomains    []string `yaml:"allowDomains" json:"allowDomains"`       // 允许的来源域名列表
+	DenyDomains     []string `yaml:"denyDomains" json:"denyDomains"`         // 禁止的来源域名列表
 }

 func (this *ReferersConfig) Init() error {
@@ -30,8 +31,18 @@ func (this *ReferersConfig) MatchDomain(requestDomain string, refererDomain stri
 	}

 	if len(this.AllowDomains) == 0 {
+		if len(this.DenyDomains) > 0 {
+			return !configutils.MatchDomains(this.DenyDomains, refererDomain)
+		}
 		return false
 	}

-	return configutils.MatchDomains(this.AllowDomains, refererDomain)
+	if configutils.MatchDomains(this.AllowDomains, refererDomain) {
+		if len(this.DenyDomains) > 0 && configutils.MatchDomains(this.DenyDomains, refererDomain) {
+			return false
+		}
+		return true
+	}
+
+	return false
 }
--- a/pkg/serverconfigs/referers_config_test.go
+++ b/pkg/serverconfigs/referers_config_test.go
@@ -0,0 +1,48 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package serverconfigs_test
+
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/assert"
+	"testing"
+)
+
+func TestReferersConfig_MatchDomain(t *testing.T) {
+	var a = assert.NewAssertion(t)
+
+	{
+		var config = &serverconfigs.ReferersConfig{
+			IsOn:         true,
+			AllowDomains: []string{},
+			DenyDomains:  []string{"a.com", "b.com"},
+		}
+		a.IsTrue(config.MatchDomain("example.com", "c.com"))
+		a.IsTrue(config.MatchDomain("example.com", "d.com"))
+		a.IsFalse(config.MatchDomain("example.com", "a.com"))
+	}
+
+	{
+		var config = &serverconfigs.ReferersConfig{
+			IsOn:         true,
+			AllowDomains: []string{"c.com", "e.com"},
+			DenyDomains:  []string{"a.com", "b.com", "e.com"},
+		}
+		a.IsTrue(config.MatchDomain("example.com", "c.com"))
+		a.IsFalse(config.MatchDomain("example.com", "d.com"))
+		a.IsFalse(config.MatchDomain("example.com", "e.com"))
+		a.IsFalse(config.MatchDomain("example.com", "a.com"))
+	}
+
+	{
+		var config = &serverconfigs.ReferersConfig{
+			IsOn:         true,
+			AllowDomains: []string{"c.com", "e.com"},
+			DenyDomains:  []string{},
+		}
+		a.IsTrue(config.MatchDomain("example.com", "c.com"))
+		a.IsFalse(config.MatchDomain("example.com", "d.com"))
+		a.IsTrue(config.MatchDomain("example.com", "e.com"))
+		a.IsFalse(config.MatchDomain("example.com", "a.com"))
+	}
+}