From 827679721e1506716bb6874e4ba6029cc51fdce1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Thu, 22 Sep 2022 16:33:53 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E9=98=B2=E7=9B=97=E9=93=BE?=
 =?UTF-8?q?=E5=8A=9F=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/nodes/http_request.go          | 13 +++++++
 internal/nodes/http_request_referers.go | 45 +++++++++++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 internal/nodes/http_request_referers.go

diff --git a/internal/nodes/http_request.go b/internal/nodes/http_request.go
index bea8cbb..9094601 100644
--- a/internal/nodes/http_request.go
+++ b/internal/nodes/http_request.go
@@ -229,6 +229,14 @@ func (this *HTTPRequest) Do() {
 			}
 		}
 
+		// 防盗链
+		if !this.isSubRequest && this.web.Referers != nil && this.web.Referers.IsOn {
+			if this.doCheckReferers() {
+				this.doEnd()
+				return
+			}
+		}
+
 		// 访问控制
 		if !this.isSubRequest && this.web.Auth != nil && this.web.Auth.IsOn {
 			if this.doAuth() {
@@ -513,6 +521,11 @@ func (this *HTTPRequest) configureWeb(web *serverconfigs.HTTPWebConfig, isTop bo
 		this.web.Auth = web.Auth
 	}
 
+	// referers
+	if web.Referers != nil && (web.Referers.IsPrior || isTop) {
+		this.web.Referers = web.Referers
+	}
+
 	// request limit
 	if web.RequestLimit != nil && (web.RequestLimit.IsPrior || isTop) {
 		this.web.RequestLimit = web.RequestLimit
diff --git a/internal/nodes/http_request_referers.go b/internal/nodes/http_request_referers.go
new file mode 100644
index 0000000..143312e
--- /dev/null
+++ b/internal/nodes/http_request_referers.go
@@ -0,0 +1,45 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package nodes
+
+import (
+	"net/http"
+	"net/url"
+)
+
+func (this *HTTPRequest) doCheckReferers() (shouldStop bool) {
+	if this.web.Referers == nil {
+		return
+	}
+
+	var refererURL = this.RawReq.Header.Get("Referer")
+	if len(refererURL) == 0 {
+		if this.web.Referers.MatchDomain(this.ReqHost, "") {
+			return
+		}
+
+		this.tags = append(this.tags, "refererCheck")
+		this.writer.WriteHeader(http.StatusForbidden)
+
+		return true
+	}
+
+	u, err := url.Parse(refererURL)
+	if err != nil {
+		if this.web.Referers.MatchDomain(this.ReqHost, "") {
+			return
+		}
+
+		this.tags = append(this.tags, "refererCheck")
+		this.writer.WriteHeader(http.StatusForbidden)
+
+		return true
+	}
+
+	if !this.web.Referers.MatchDomain(this.ReqHost, u.Host) {
+		this.tags = append(this.tags, "refererCheck")
+		this.writer.WriteHeader(http.StatusForbidden)
+		return true
+	}
+	return
+}