diff options
| author | Bobby <[email protected]> | 2024-12-21 13:22:03 -0500 |
|---|---|---|
| committer | Bobby <[email protected]> | 2024-12-21 13:22:03 -0500 |
| commit | 96f26bf37e72dd64fff10708fffe168a6ee10e18 (patch) | |
| tree | 7465824b569b0e124eb4e095d3171da68ad90865 /services | |
| parent | b453706835fcb5fe960375c7101074f3bb9c1c7a (diff) | |
| download | thatcomputerscientist-96f26bf37e72dd64fff10708fffe168a6ee10e18.tar.xz thatcomputerscientist-96f26bf37e72dd64fff10708fffe168a6ee10e18.zip | |
proteccc stream
Diffstat (limited to 'services')
| -rw-r--r-- | services/stream/views.py | 48 |
1 files changed, 38 insertions, 10 deletions
diff --git a/services/stream/views.py b/services/stream/views.py index da1ff6dc..21e15dc1 100644 --- a/services/stream/views.py +++ b/services/stream/views.py @@ -1,10 +1,12 @@ # views.py import os import random -from hashlib import md5 +from urllib.parse import urlparse + +from django.conf import settings from services.stream.songs import MUSIC_FILES import requests -from django.http import HttpResponse, JsonResponse +from django.http import HttpResponse, HttpResponseForbidden, JsonResponse CDN_URL = os.getenv("CDN_URL") MUSIC_FILES_COUNT = len(MUSIC_FILES) @@ -24,11 +26,37 @@ def random_song(request) -> JsonResponse: def stream_song(request, song_id: int) -> HttpResponse: - song = MUSIC_FILES[song_id - 1] - stream_url = get_stream_url(song["songName"]) - response = requests.get(stream_url, stream=True) - - return HttpResponse( - response.raw.read(), - content_type=response.headers.get("Content-Type", "audio/mpeg"), - ) + if not request.COOKIES.get("csrftoken"): + return HttpResponseForbidden("Invalid request") + + referrer = request.META.get("HTTP_REFERER") + if not referrer: + return HttpResponseForbidden("Direct access not allowed") + + parsed_uri = urlparse(referrer) + referrer_host = parsed_uri.netloc.split(":")[0] + + if referrer_host not in settings.ALLOWED_HOSTS: + return HttpResponseForbidden("Access not allowed") + + try: + song = MUSIC_FILES[song_id - 1] + stream_url = get_stream_url(song["songName"]) + response = requests.get(stream_url, stream=True) + + if response.status_code != 200: + return HttpResponse(status=response.status_code) + + return HttpResponse( + response.raw.read(), + content_type=response.headers.get("Content-Type", "audio/mpeg"), + headers={ + "Content-Disposition": f"attachment; filename={song['songName']}.mp3", + "X-Frame-Options": "DENY", + "X-Content-Type-Options": "nosniff", + }, + ) + except (IndexError, KeyError): + return HttpResponse(status=404) + except Exception: + return HttpResponse(status=500) |
