allowed determines whether the specified request contains an allowed referrer, host, and signature. It returns an error if the request is not allowed.
(r *Request)
| 380 | // referrer, host, and signature. It returns an error if the request is not |
| 381 | // allowed. |
| 382 | func (p *Proxy) allowed(r *Request) error { |
| 383 | if len(p.Referrers) > 0 && !referrerMatches(p.Referrers, r.Original) { |
| 384 | return errReferrer |
| 385 | } |
| 386 | |
| 387 | if hostMatches(p.DenyHosts, r.URL) { |
| 388 | return errDeniedHost |
| 389 | } |
| 390 | |
| 391 | if len(p.AllowHosts) == 0 && len(p.SignatureKeys) == 0 { |
| 392 | return nil // no allowed hosts or signature key, all requests accepted |
| 393 | } |
| 394 | |
| 395 | if len(p.AllowHosts) > 0 && hostMatches(p.AllowHosts, r.URL) { |
| 396 | return nil |
| 397 | } |
| 398 | |
| 399 | for _, signatureKey := range p.SignatureKeys { |
| 400 | if len(signatureKey) > 0 && validSignature(signatureKey, r) { |
| 401 | return nil |
| 402 | } |
| 403 | } |
| 404 | |
| 405 | return errNotAllowed |
| 406 | } |
| 407 | |
| 408 | // contentTypeMatches returns whether contentType matches one of the allowed patterns. |
| 409 | func contentTypeMatches(patterns []string, contentType string) bool { |