1
0
mirror of https://git.ikl.sh/132ikl/liteshort.git synced 2023-08-10 21:13:04 +03:00

Add domain blacklisting

This commit is contained in:
eibex 2020-03-29 21:34:14 +02:00 committed by 132ikl
parent 717f8cc9e8
commit 6b511a0a31
2 changed files with 20 additions and 0 deletions

View File

@ -66,3 +66,11 @@ show_github_link: true
# Boolean: Allow short URLs linking to your site_domain URL # Boolean: Allow short URLs linking to your site_domain URL
# Default: false # Default: false
selflinks: false selflinks: false
# List: Prevent creation of URLs linking to domains in the blacklist
# Example of list formatting in yaml:
# blacklist:
# - blacklisted.com
# - subdomain.blacklisted.net
# Default: []
blacklist: []

View File

@ -38,6 +38,7 @@ def load_config():
"subdomain": "", "subdomain": "",
"latest": "l", "latest": "l",
"selflinks": False, "selflinks": False,
"blacklist": [],
} }
config_types = { config_types = {
@ -54,6 +55,7 @@ def load_config():
"subdomain": (str, type(None)), "subdomain": (str, type(None)),
"latest": (str, type(None)), "latest": (str, type(None)),
"selflinks": bool, "selflinks": bool,
"blacklist": list,
} }
for option in req_options.keys(): for option in req_options.keys():
@ -121,6 +123,14 @@ def check_self_link(long):
return False return False
def linking_to_blacklist(long):
# Removes protocol and other parts of the URL to extract the domain name
long = long.split("//")[-1].split("/")[0]
if long in current_app.config["blacklist"]:
return True
return False
def check_password(password, pass_config): def check_password(password, pass_config):
if pass_config["password_hashed"]: if pass_config["password_hashed"]:
return bcrypt.checkpw( return bcrypt.checkpw(
@ -333,6 +343,8 @@ def main_post():
and not current_app.config["selflinks"] and not current_app.config["selflinks"]
): ):
return response(request, None, "You cannot link to this site") return response(request, None, "You cannot link to this site")
if linking_to_blacklist(request.form["long"]):
return response(request, None, "You cannot link to this blacklisted site")
if long_exists and not request.form.get("short"): if long_exists and not request.form.get("short"):
set_latest(request.form["long"]) set_latest(request.form["long"])
get_db().commit() get_db().commit()