Skip to content

Commit 361f4fb

Browse files
jerercjererc
committed
add strict referer security level
1 parent e53b203 commit 361f4fb

File tree

3 files changed

+14
-13
lines changed

3 files changed

+14
-13
lines changed

cloudkey-1.2.jar

67 Bytes
Binary file not shown.

src/net/dmcloud/cloudkey/Api.java

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -7,14 +7,15 @@
77

88
public class Api
99
{
10-
public static int SECLEVEL_NONE = 0;
11-
public static int SECLEVEL_DELEGATE = 1 << 0;
12-
public static int SECLEVEL_ASNUM = 1 << 1;
13-
public static int SECLEVEL_IP = 1 << 2;
10+
public static int SECLEVEL_NONE = 0;
11+
public static int SECLEVEL_DELEGATE = 1 << 0;
12+
public static int SECLEVEL_ASNUM = 1 << 1;
13+
public static int SECLEVEL_IP = 1 << 2;
1414
public static int SECLEVEL_USERAGENT = 1 << 3;
15-
public static int SECLEVEL_USEONCE = 1 << 4;
16-
public static int SECLEVEL_COUNTRY = 1 << 5;
17-
public static int SECLEVEL_REFERER = 1 << 6;
15+
public static int SECLEVEL_USEONCE = 1 << 4;
16+
public static int SECLEVEL_COUNTRY = 1 << 5;
17+
public static int SECLEVEL_REFERER = 1 << 6;
18+
public static int SECLEVEL_REFERER_STRICT = 1 << 15;
1819

1920
public static String API_URL = "http://api.dmcloud.net";
2021
public static String CDN_URL = "http://cdn.dmcloud.net";

src/net/dmcloud/cloudkey/Helpers.java

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -155,7 +155,7 @@ static public String sign_url(String url, String secret, int seclevel, String as
155155
}
156156
public_secparams.add("cc=" + implode(",", countries).toLowerCase());
157157
}
158-
if ((seclevel & CloudKey.SECLEVEL_REFERER) > 0)
158+
if ((seclevel & CloudKey.SECLEVEL_REFERER) > 0 || (seclevel & CloudKey.SECLEVEL_REFERER_STRICT) > 0)
159159
{
160160
if (referers == null || referers.length == 0)
161161
{
@@ -179,7 +179,7 @@ static public String sign_url(String url, String secret, int seclevel, String as
179179
}
180180
}
181181
String public_secparams_encoded = "";
182-
182+
183183
if (public_secparams.size() > 0)
184184
{
185185
try
@@ -245,7 +245,7 @@ public static String md5(String password)
245245
{
246246
throw new Error("No MD5 support in this VM.");
247247
}
248-
248+
249249
StringBuilder hashString = new StringBuilder();
250250
for (int i=0; i<hash.length; i++)
251251
{
@@ -258,7 +258,7 @@ public static String md5(String password)
258258
else
259259
{
260260
hashString.append(hex.substring(hex.length() - 2));
261-
}
261+
}
262262
}
263263
return hashString.toString();
264264
}
@@ -268,7 +268,7 @@ private static byte[] gzcompress(String inputString) throws Exception
268268
byte[] input = inputString.getBytes("UTF-8");
269269
Deflater compresser = new Deflater();
270270
compresser.setInput(input);
271-
compresser.finish();
271+
compresser.finish();
272272
ByteArrayOutputStream bos = new ByteArrayOutputStream(input.length);
273273
byte[] buf = new byte[1024];
274274
while (!compresser.finished())
@@ -277,7 +277,7 @@ private static byte[] gzcompress(String inputString) throws Exception
277277
bos.write(buf, 0, count);
278278
}
279279
bos.close();
280-
280+
281281
return bos.toByteArray();
282282
}
283283
}

0 commit comments

Comments
 (0)