From 1c0e63e125e17416616ac0cb2c49a23f53d49b79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ferdinand=20M=C3=BCtsch?= Date: Sat, 12 Sep 2020 16:58:19 +0200 Subject: [PATCH] chore: restrict badge access by user agent --- routes/compat/shields/v1/badge.go | 6 ++++++ version.txt | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/routes/compat/shields/v1/badge.go b/routes/compat/shields/v1/badge.go index 99499f7..27517d6 100644 --- a/routes/compat/shields/v1/badge.go +++ b/routes/compat/shields/v1/badge.go @@ -8,6 +8,7 @@ import ( "github.com/muety/wakapi/utils" "net/http" "regexp" + "strings" ) const ( @@ -33,6 +34,11 @@ func (h *BadgeHandler) ApiGet(w http.ResponseWriter, r *http.Request) { intervalReg := regexp.MustCompile(intervalPattern) entityFilterReg := regexp.MustCompile(entityFilterPattern) + if userAgent := r.Header.Get("user-agent"); !strings.HasPrefix(userAgent, "Shields.io/") && !h.config.IsDev() { + w.WriteHeader(http.StatusForbidden) + return + } + requestedUserId := mux.Vars(r)["user"] user, err := h.userSrvc.GetUserById(requestedUserId) if err != nil || !user.BadgesEnabled { diff --git a/version.txt b/version.txt index b0f61c5..0c9cb69 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -1.11.1 \ No newline at end of file +1.11.2 \ No newline at end of file