MCPcopy
hub / github.com/willnorris/imageproxy / allowed

Method allowed

imageproxy.go:382–406  ·  view source on GitHub ↗

allowed determines whether the specified request contains an allowed referrer, host, and signature. It returns an error if the request is not allowed.

(r *Request)

Source from the content-addressed store, hash-verified

380// referrer, host, and signature. It returns an error if the request is not
381// allowed.
382func (p *Proxy) allowed(r *Request) error {
383 if len(p.Referrers) > 0 && !referrerMatches(p.Referrers, r.Original) {
384 return errReferrer
385 }
386
387 if hostMatches(p.DenyHosts, r.URL) {
388 return errDeniedHost
389 }
390
391 if len(p.AllowHosts) == 0 && len(p.SignatureKeys) == 0 {
392 return nil // no allowed hosts or signature key, all requests accepted
393 }
394
395 if len(p.AllowHosts) > 0 && hostMatches(p.AllowHosts, r.URL) {
396 return nil
397 }
398
399 for _, signatureKey := range p.SignatureKeys {
400 if len(signatureKey) > 0 && validSignature(signatureKey, r) {
401 return nil
402 }
403 }
404
405 return errNotAllowed
406}
407
408// contentTypeMatches returns whether contentType matches one of the allowed patterns.
409func contentTypeMatches(patterns []string, contentType string) bool {

Callers 2

TestAllowedFunction · 0.95
serveImageMethod · 0.95

Calls 3

referrerMatchesFunction · 0.85
hostMatchesFunction · 0.85
validSignatureFunction · 0.85

Tested by 1

TestAllowedFunction · 0.76