From b1dbfca94dbcc3d2b0a8f19664bcdd490237bd0c Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Thu, 26 Sep 2024 11:17:42 +0800
Subject: [PATCH] check referer

---
 cve-vulner-manager/routers/middleware.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/cve-vulner-manager/routers/middleware.go b/cve-vulner-manager/routers/middleware.go
index cafb6b3..41d5d0b 100644
--- a/cve-vulner-manager/routers/middleware.go
+++ b/cve-vulner-manager/routers/middleware.go
@@ -1,15 +1,37 @@
 package routers
 
 import (
+	"net/url"
+
 	"github.com/astaxie/beego"
 	"github.com/astaxie/beego/context"
 )
 
+var officialSite = map[string]struct{}{
+	"opengauss.org":             {},
+	"opengauss.test.osinfra.cn": {},
+}
+
 func initMiddleware() {
 	beego.InsertFilter("/v1/gauss/*", beego.BeforeRouter, addHeader)
+	beego.InsertFilter("/v1/gauss/*", beego.BeforeRouter, checkReferer)
 
 }
 
 func addHeader(ctx *context.Context) {
 	ctx.ResponseWriter.Header().Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
 }
+
+func checkReferer(ctx *context.Context) {
+	r, err := url.Parse(ctx.Request.Referer())
+	if err != nil {
+		ctx.WriteString("illegal referer")
+		return
+	}
+
+	if _, ok := officialSite[r.Host]; !ok {
+		ctx.WriteString("illegal referer")
+		return
+	}
+
+}
-- 
Gitee