增加防盗链功能

internal/nodes/http_request.go

@@ -229,6 +229,14 @@ func (this *HTTPRequest) Do() {
 			}
 		}
 
+		// 防盗链
+		if !this.isSubRequest && this.web.Referers != nil && this.web.Referers.IsOn {
+			if this.doCheckReferers() {
+				this.doEnd()
+				return
+			}
+		}
+
 		// 访问控制
 		if !this.isSubRequest && this.web.Auth != nil && this.web.Auth.IsOn {
 			if this.doAuth() {
@@ -513,6 +521,11 @@ func (this *HTTPRequest) configureWeb(web *serverconfigs.HTTPWebConfig, isTop bo
 		this.web.Auth = web.Auth
 	}
 
+	// referers
+	if web.Referers != nil && (web.Referers.IsPrior || isTop) {
+		this.web.Referers = web.Referers
+	}
+
 	// request limit
 	if web.RequestLimit != nil && (web.RequestLimit.IsPrior || isTop) {
 		this.web.RequestLimit = web.RequestLimit

internal/nodes/http_request_referers.go

@@ -0,0 +1,45 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package nodes
+
+import (
+	"net/http"
+	"net/url"
+)
+
+func (this *HTTPRequest) doCheckReferers() (shouldStop bool) {
+	if this.web.Referers == nil {
+		return
+	}
+
+	var refererURL = this.RawReq.Header.Get("Referer")
+	if len(refererURL) == 0 {
+		if this.web.Referers.MatchDomain(this.ReqHost, "") {
+			return
+		}
+
+		this.tags = append(this.tags, "refererCheck")
+		this.writer.WriteHeader(http.StatusForbidden)
+
+		return true
+	}
+
+	u, err := url.Parse(refererURL)
+	if err != nil {
+		if this.web.Referers.MatchDomain(this.ReqHost, "") {
+			return
+		}
+
+		this.tags = append(this.tags, "refererCheck")
+		this.writer.WriteHeader(http.StatusForbidden)
+
+		return true
+	}
+
+	if !this.web.Referers.MatchDomain(this.ReqHost, u.Host) {
+		this.tags = append(this.tags, "refererCheck")
+		this.writer.WriteHeader(http.StatusForbidden)
+		return true
+	}
+	return
+}