2021-10-19 11:38:46 +08:00
|
|
|
|
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
|
|
|
|
|
|
|
|
|
|
|
|
package checkpoints
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
|
|
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
2023-10-11 12:21:10 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/waf/utils"
|
2021-10-19 11:38:46 +08:00
|
|
|
|
"github.com/iwind/TeaGo/maps"
|
|
|
|
|
|
"github.com/iwind/TeaGo/types"
|
|
|
|
|
|
"net/url"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
// RequestRefererBlockCheckpoint 防盗链
|
|
|
|
|
|
type RequestRefererBlockCheckpoint struct {
|
|
|
|
|
|
Checkpoint
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// RequestValue 计算checkpoint值
|
|
|
|
|
|
// 选项:allowEmpty, allowSameDomain, allowDomains
|
2023-10-11 12:21:10 +08:00
|
|
|
|
func (this *RequestRefererBlockCheckpoint) RequestValue(req requests.Request, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {
|
2023-05-02 17:06:24 +08:00
|
|
|
|
var checkOrigin = options.GetBool("checkOrigin")
|
2021-10-19 11:38:46 +08:00
|
|
|
|
var referer = req.WAFRaw().Referer()
|
2023-05-02 17:06:24 +08:00
|
|
|
|
if len(referer) == 0 && checkOrigin {
|
|
|
|
|
|
var origin = req.WAFRaw().Header.Get("Origin")
|
|
|
|
|
|
if len(origin) > 0 && origin != "null" {
|
|
|
|
|
|
referer = "https://" + origin // 因为Origin都只有域名部分,所以为了下面的URL 分析需要加上https://
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-10-19 11:38:46 +08:00
|
|
|
|
|
|
|
|
|
|
if len(referer) == 0 {
|
|
|
|
|
|
if options.GetBool("allowEmpty") {
|
|
|
|
|
|
value = 1
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
value = 0
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
u, err := url.Parse(referer)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
value = 0
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
var host = u.Host
|
|
|
|
|
|
|
|
|
|
|
|
if options.GetBool("allowSameDomain") && host == req.WAFRaw().Host {
|
|
|
|
|
|
value = 1
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-10-24 10:21:23 +08:00
|
|
|
|
// allow domains
|
|
|
|
|
|
var allowDomains = options.GetSlice("allowDomains")
|
|
|
|
|
|
var allowDomainStrings = []string{}
|
|
|
|
|
|
for _, domain := range allowDomains {
|
|
|
|
|
|
allowDomainStrings = append(allowDomainStrings, types.String(domain))
|
2021-10-19 11:38:46 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-10-24 10:21:23 +08:00
|
|
|
|
// deny domains
|
|
|
|
|
|
var denyDomains = options.GetSlice("denyDomains")
|
|
|
|
|
|
var denyDomainStrings = []string{}
|
|
|
|
|
|
for _, domain := range denyDomains {
|
|
|
|
|
|
denyDomainStrings = append(denyDomainStrings, types.String(domain))
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if len(allowDomainStrings) == 0 {
|
|
|
|
|
|
if len(denyDomainStrings) > 0 {
|
|
|
|
|
|
if configutils.MatchDomains(denyDomainStrings, host) {
|
|
|
|
|
|
value = 0
|
|
|
|
|
|
} else {
|
|
|
|
|
|
value = 1
|
|
|
|
|
|
}
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-19 11:38:46 +08:00
|
|
|
|
value = 0
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-10-24 10:21:23 +08:00
|
|
|
|
if configutils.MatchDomains(allowDomainStrings, host) {
|
|
|
|
|
|
if len(denyDomainStrings) > 0 {
|
|
|
|
|
|
if configutils.MatchDomains(denyDomainStrings, host) {
|
|
|
|
|
|
value = 0
|
|
|
|
|
|
} else {
|
|
|
|
|
|
value = 1
|
|
|
|
|
|
}
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
2021-10-19 11:38:46 +08:00
|
|
|
|
value = 1
|
2022-10-24 10:21:23 +08:00
|
|
|
|
return
|
2021-10-19 11:38:46 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
value = 0
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-10-11 12:21:10 +08:00
|
|
|
|
func (this *RequestRefererBlockCheckpoint) ResponseValue(req requests.Request, resp *requests.Response, param string, options maps.Map, ruleId int64) (value any, hasRequestBody bool, sysErr error, userErr error) {
|
2021-10-19 11:38:46 +08:00
|
|
|
|
return
|
|
|
|
|
|
}
|
2023-10-11 12:21:10 +08:00
|
|
|
|
|
|
|
|
|
|
func (this *RequestRefererBlockCheckpoint) CacheLife() utils.CacheLife {
|
|
|
|
|
|
return utils.CacheLongLife
|
|
|
|
|
|
}
|
