1.4.5.2

2026-02-04 20:27:13 +08:00
commit 3b042d1dad
9410 changed files with 1488147 additions and 0 deletions
--- a/EdgeNode/internal/nodes/http_request_referers.go
+++ b/EdgeNode/internal/nodes/http_request_referers.go
@@ -0,0 +1,78 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package nodes
+
+import (
+	"net/http"
+	"net/url"
+)
+
+func (this *HTTPRequest) doCheckReferers() (shouldStop bool) {
+	if this.web.Referers == nil {
+		return
+	}
+
+	// 检查URL
+	if !this.web.Referers.MatchURL(this.URL()) {
+		return
+	}
+
+	var origin = this.RawReq.Header.Get("Origin")
+
+	const cacheSeconds = "3600" // 时间不能过长，防止修改设置后长期无法生效
+
+	// 处理用到Origin的特殊功能
+	if this.web.Referers.CheckOrigin && len(origin) > 0 {
+		// 处理Websocket
+		if this.web.Websocket != nil && this.web.Websocket.IsOn && this.RawReq.Header.Get("Upgrade") == "websocket" {
+			originHost, _ := httpParseHost(origin)
+			if len(originHost) > 0 && this.web.Websocket.MatchOrigin(originHost) {
+				return
+			}
+		}
+	}
+
+	var refererURL = this.RawReq.Header.Get("Referer")
+	if len(refererURL) == 0 && this.web.Referers.CheckOrigin {
+		if len(origin) > 0 && origin != "null" {
+			if urlSchemeRegexp.MatchString(origin) {
+				refererURL = origin
+			} else {
+				refererURL = "https://" + origin
+			}
+		}
+	}
+
+	if len(refererURL) == 0 {
+		if this.web.Referers.MatchDomain(this.ReqHost, "") {
+			return
+		}
+
+		this.tags = append(this.tags, "refererCheck")
+		this.writer.Header().Set("Cache-Control", "max-age="+cacheSeconds)
+		this.writeCode(http.StatusForbidden, "The referer has been blocked.", "当前访问已被防盗链系统拦截。")
+
+		return true
+	}
+
+	u, err := url.Parse(refererURL)
+	if err != nil {
+		if this.web.Referers.MatchDomain(this.ReqHost, "") {
+			return
+		}
+
+		this.tags = append(this.tags, "refererCheck")
+		this.writer.Header().Set("Cache-Control", "max-age="+cacheSeconds)
+		this.writeCode(http.StatusForbidden, "The referer has been blocked.", "当前访问已被防盗链系统拦截。")
+
+		return true
+	}
+
+	if !this.web.Referers.MatchDomain(this.ReqHost, u.Host) {
+		this.tags = append(this.tags, "refererCheck")
+		this.writer.Header().Set("Cache-Control", "max-age="+cacheSeconds)
+		this.writeCode(http.StatusForbidden, "The referer has been blocked.", "当前访问已被防盗链系统拦截。")
+		return true
+	}
+	return
+}