aboutsummaryrefslogtreecommitdiff
path: root/services
diff options
context:
space:
mode:
authorBobby <[email protected]>2024-12-21 13:22:03 -0500
committerBobby <[email protected]>2024-12-21 13:22:03 -0500
commit96f26bf37e72dd64fff10708fffe168a6ee10e18 (patch)
tree7465824b569b0e124eb4e095d3171da68ad90865 /services
parentb453706835fcb5fe960375c7101074f3bb9c1c7a (diff)
downloadthatcomputerscientist-96f26bf37e72dd64fff10708fffe168a6ee10e18.tar.xz
thatcomputerscientist-96f26bf37e72dd64fff10708fffe168a6ee10e18.zip
proteccc stream
Diffstat (limited to 'services')
-rw-r--r--services/stream/views.py48
1 files changed, 38 insertions, 10 deletions
diff --git a/services/stream/views.py b/services/stream/views.py
index da1ff6dc..21e15dc1 100644
--- a/services/stream/views.py
+++ b/services/stream/views.py
@@ -1,10 +1,12 @@
# views.py
import os
import random
-from hashlib import md5
+from urllib.parse import urlparse
+
+from django.conf import settings
from services.stream.songs import MUSIC_FILES
import requests
-from django.http import HttpResponse, JsonResponse
+from django.http import HttpResponse, HttpResponseForbidden, JsonResponse
CDN_URL = os.getenv("CDN_URL")
MUSIC_FILES_COUNT = len(MUSIC_FILES)
@@ -24,11 +26,37 @@ def random_song(request) -> JsonResponse:
def stream_song(request, song_id: int) -> HttpResponse:
- song = MUSIC_FILES[song_id - 1]
- stream_url = get_stream_url(song["songName"])
- response = requests.get(stream_url, stream=True)
-
- return HttpResponse(
- response.raw.read(),
- content_type=response.headers.get("Content-Type", "audio/mpeg"),
- )
+ if not request.COOKIES.get("csrftoken"):
+ return HttpResponseForbidden("Invalid request")
+
+ referrer = request.META.get("HTTP_REFERER")
+ if not referrer:
+ return HttpResponseForbidden("Direct access not allowed")
+
+ parsed_uri = urlparse(referrer)
+ referrer_host = parsed_uri.netloc.split(":")[0]
+
+ if referrer_host not in settings.ALLOWED_HOSTS:
+ return HttpResponseForbidden("Access not allowed")
+
+ try:
+ song = MUSIC_FILES[song_id - 1]
+ stream_url = get_stream_url(song["songName"])
+ response = requests.get(stream_url, stream=True)
+
+ if response.status_code != 200:
+ return HttpResponse(status=response.status_code)
+
+ return HttpResponse(
+ response.raw.read(),
+ content_type=response.headers.get("Content-Type", "audio/mpeg"),
+ headers={
+ "Content-Disposition": f"attachment; filename={song['songName']}.mp3",
+ "X-Frame-Options": "DENY",
+ "X-Content-Type-Options": "nosniff",
+ },
+ )
+ except (IndexError, KeyError):
+ return HttpResponse(status=404)
+ except Exception:
+ return HttpResponse(status=500)