From a20c759700965134909284fc7f26ce086e7f73d0 Mon Sep 17 00:00:00 2001 From: AviKav Date: Sun, 5 Jul 2020 13:06:47 -0400 Subject: [PATCH] Move referrer check to before DB access and crypto for token check --- src/main/kotlin/mdnet/base/server/ImageServer.kt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/kotlin/mdnet/base/server/ImageServer.kt b/src/main/kotlin/mdnet/base/server/ImageServer.kt index 0e09f73..06520fa 100644 --- a/src/main/kotlin/mdnet/base/server/ImageServer.kt +++ b/src/main/kotlin/mdnet/base/server/ImageServer.kt @@ -88,6 +88,11 @@ class ImageServer( "/data" } + "/$chapterHash/$fileName" + if (!request.referrerMatches(ALLOWED_REFERER_DOMAINS)) { + LOGGER.info { "Request for $sanitizedUri rejected due to non-allowed referrer ${request.header("Referer")}" } + return@then Response(Status.FORBIDDEN) + } + if (tokenized || serverSettings.forceTokens) { val tokenArr = Base64.getUrlDecoder().decode(Path.of("token")(request)) val token = try { @@ -135,11 +140,7 @@ class ImageServer( } } - if (!request.referrerMatches(ALLOWED_REFERER_DOMAINS)) { - snapshot?.close() - LOGGER.info { "Request for $sanitizedUri rejected due to non-allowed referrer ${request.header("Referer")}" } - return@then Response(Status.FORBIDDEN) - } else if (snapshot != null && imageDatum != null) { + if (snapshot != null && imageDatum != null) { request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum) } else { if (snapshot != null) { @@ -167,7 +168,6 @@ class ImageServer( } } - private fun Request.handleCacheHit(sanitizedUri: String, cipher: Cipher, snapshot: DiskLruCache.Snapshot, imageDatum: ImageDatum): Response { // our files never change, so it's safe to use the browser cache return if (this.header("If-Modified-Since") != null) {