project Websites / videos.bentasker.co.uk avatar

Websites / videos.bentasker.co.uk: 5f5d82d0

VID-11 Introduce referrer check

VID-11 Introduce referrer check

The domain specified as the referrer in the query string will be compared to those specified in {{permitted_referrers}}

If there's a match, the token will be issued. If not, it won't.

{{permitted_referrers}} will also accept wildcards (like SSL certs, they only run one label deep), so *.bentasker.co.uk can be whitelisted to apply to snippets.bentasker.co.uk, but not to foo.snippets.bentasker.co.uk

Commit 5f5d82d0.

Authored 2019-04-16T18:00:36.000+01:00 by B Tasker in project Websites / videos.bentasker.co.uk

+31 lines -3 lines

Changes

diff --git a/resources/tokenisation/minter/token_gen.lua b/resources/tokenisation/minter/token_gen.lua
--- a/resources/tokenisation/minter/token_gen.lua
+++ b/resources/tokenisation/minter/token_gen.lua
# @@ -27,7 +27,7 @@ local excluded_ips = {"127.0.0.1"}
# local permitted_referrers = {"*.bentasker.co.uk"}
#
# -- Blacklisted clients
# -local blacklisted_ips = {'127.0.1.1'}
# +local blacklisted_ips = {'127.0.2.1'}
#
#
#
# @@ -106,8 +106,36 @@ local function check_referrer(referrer,httpref,permitted)
# end
# end
#
# + local first
# + local splitd
# + -- Next, check whether the domain exists in permitted_referrers
# + for key,allowed in pairs(permitted_referrers)
# + do
# + print("Test " .. allowed)
# + -- Check whether the whitelist uses a wild card
# + first = string.sub(allowed, 1, 1)
# + if first == "*"
# + then
# + -- remove the first label from the referring domain, and then do a comparison
# + splitd = strSplit(".",refdomain)
# + splitd[1] = '*'
# + print("Checking against " .. table.concat(splitd,"."))
# + if table.concat(splitd,".") == allowed
# + then
# + -- print("Matched wildcard")
# + return true
# + end
# + end
# +
# + -- Otherwise, we just need to check for a direct match
# + if refdomain == allowed
# + then
# + return true
# + end
# +
# + end
#
# - return true
# + return false
# end
#
# -- Function main
# @@ -147,7 +175,7 @@ then
# return
# end
#
# -if check_referrer(referer,httpref,permitted_referrers) ~= True
# +if check_referrer(referer,httpref,permitted_referrers) ~= true
# then
# sendFailed("Referred from unauthorised source")
# return
#