mirror/wakapi
1
0
Fork 0
mirror of https://github.com/muety/wakapi.git synced 2023-08-10 21:12:56 +03:00
Code Issues Projects Releases Wiki Activity

chore: restrict badge access by user agent

Browse Source
This commit is contained in:
Ferdinand Mütsch 2020-09-12 16:58:19 +02:00
parent 6e2f3e6731
commit 1c0e63e125
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
routes/compat/shields/v1/badge.go
View File

@ -8,6 +8,7 @@ import (
"github.com/muety/wakapi/utils" "github.com/muety/wakapi/utils"
"net/http" "net/http"
"regexp" "regexp"
"strings"
) )
const ( const (
@ -33,6 +34,11 @@ func (h *BadgeHandler) ApiGet(w http.ResponseWriter, r *http.Request) {
intervalReg := regexp.MustCompile(intervalPattern) intervalReg := regexp.MustCompile(intervalPattern)
entityFilterReg := regexp.MustCompile(entityFilterPattern) entityFilterReg := regexp.MustCompile(entityFilterPattern)
if userAgent := r.Header.Get("user-agent"); !strings.HasPrefix(userAgent, "Shields.io/") && !h.config.IsDev() {
w.WriteHeader(http.StatusForbidden)
return
}
requestedUserId := mux.Vars(r)["user"] requestedUserId := mux.Vars(r)["user"]
user, err := h.userSrvc.GetUserById(requestedUserId) user, err := h.userSrvc.GetUserById(requestedUserId)
if err != nil || !user.BadgesEnabled { if err != nil || !user.BadgesEnabled {

2
version.txt
View File

@ -1 +1 @@
1.11.1 1.11.2