Added domain whitelisting

har-nick · Dec 1, 2024 · db74645 · db74645
1 parent aec9496
commit db74645
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/library/src/commonMain/kotlin/uk/co/harnick/bandkit/core/BandKit.kt b/library/src/commonMain/kotlin/uk/co/harnick/bandkit/core/BandKit.kt
@@ -7,6 +7,7 @@ import io.ktor.client.plugins.plugin
 public class BandKit(internal val client: HttpClient) {
     public companion object {
         public const val BASE_URL: String = "https://bandcamp.com"
+        internal val hosts = listOf("bandcamp.com", "popplers5.bandcamp.com")
     }
 
     public object Account {
@@ -21,7 +22,9 @@ public class BandKit(internal val client: HttpClient) {
         public const val DOWNLOADING: String = "https://popplers5.bandcamp.com/download/album"
     }
 
+
     init {
+        // Check required plugins are installed to passed client.
         client.plugin(BandKitPlugin)
         client.plugin(ContentNegotiation)
     }

diff --git a/library/src/commonMain/kotlin/uk/co/harnick/bandkit/core/BandKitPlugin.kt b/library/src/commonMain/kotlin/uk/co/harnick/bandkit/core/BandKitPlugin.kt
@@ -2,6 +2,7 @@ package uk.co.harnick.bandkit.core
 
 import io.ktor.client.plugins.api.ClientPlugin
 import io.ktor.client.plugins.api.createClientPlugin
+import io.ktor.client.request.host
 import io.ktor.http.URLProtocol.Companion.HTTPS
 import io.ktor.http.userAgent
 import uk.co.harnick.bandkit.core.BandKitException.SslRequiredException
@@ -13,6 +14,8 @@ public val BandKitPlugin: ClientPlugin<BandKitPluginConfig> =
 
         onRequest { request, _ ->
             if (request.url.protocol != HTTPS) throw SslRequiredException("${request.url}")
+            if (!BandKit.hosts.contains(request.host)) return@onRequest
+
             request.userAgent(ua)
             request.headers.append("Cookie", "identity=$token")
         }