forked from Kieran/void.cat
prevent hot-linking viruses
This commit is contained in:
parent
995e80cb77
commit
408697accb
@ -10,18 +10,20 @@ namespace VoidCat.Controllers;
|
|||||||
[Route("d")]
|
[Route("d")]
|
||||||
public class DownloadController : Controller
|
public class DownloadController : Controller
|
||||||
{
|
{
|
||||||
|
private readonly VoidSettings _settings;
|
||||||
private readonly FileStoreFactory _storage;
|
private readonly FileStoreFactory _storage;
|
||||||
private readonly FileInfoManager _fileInfo;
|
private readonly FileInfoManager _fileInfo;
|
||||||
private readonly IPaymentOrderStore _paymentOrders;
|
private readonly IPaymentOrderStore _paymentOrders;
|
||||||
private readonly ILogger<DownloadController> _logger;
|
private readonly ILogger<DownloadController> _logger;
|
||||||
|
|
||||||
public DownloadController(FileStoreFactory storage, ILogger<DownloadController> logger, FileInfoManager fileInfo,
|
public DownloadController(FileStoreFactory storage, ILogger<DownloadController> logger, FileInfoManager fileInfo,
|
||||||
IPaymentOrderStore paymentOrderStore)
|
IPaymentOrderStore paymentOrderStore, VoidSettings settings)
|
||||||
{
|
{
|
||||||
_storage = storage;
|
_storage = storage;
|
||||||
_logger = logger;
|
_logger = logger;
|
||||||
_fileInfo = fileInfo;
|
_fileInfo = fileInfo;
|
||||||
_paymentOrders = paymentOrderStore;
|
_paymentOrders = paymentOrderStore;
|
||||||
|
_settings = settings;
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpOptions]
|
[HttpOptions]
|
||||||
@ -110,6 +112,17 @@ public class DownloadController : Controller
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// prevent hot-linking viruses
|
||||||
|
var origin = Request.Headers.Origin.Count > 0 ? new Uri(Request.Headers.Origin.First()) : null;
|
||||||
|
var originWrong = !origin?.Host.Equals(_settings.SiteUrl.Host, StringComparison.InvariantCultureIgnoreCase) ??
|
||||||
|
false;
|
||||||
|
if (meta.VirusScan?.IsVirus == true && originWrong)
|
||||||
|
{
|
||||||
|
Response.StatusCode = (int) HttpStatusCode.Redirect;
|
||||||
|
Response.Headers.Location = $"/{id.ToBase58()}";
|
||||||
|
return default;
|
||||||
|
}
|
||||||
|
|
||||||
Response.Headers.XFrameOptions = "SAMEORIGIN";
|
Response.Headers.XFrameOptions = "SAMEORIGIN";
|
||||||
Response.Headers.ContentDisposition = $"inline; filename=\"{meta?.Metadata?.Name}\"";
|
Response.Headers.ContentDisposition = $"inline; filename=\"{meta?.Metadata?.Name}\"";
|
||||||
Response.ContentType = meta?.Metadata?.MimeType ?? "application/octet-stream";
|
Response.ContentType = meta?.Metadata?.MimeType ?? "application/octet-stream";
|
||||||
|
Loading…
Reference in New Issue
Block a user