From eb2764e8e5ba2ae32bbb9edd2db551fa5530d440 Mon Sep 17 00:00:00 2001
From: hsueh chiahao <hsuehchiahao@gmail.com>
Date: Wed, 29 Oct 2025 12:07:45 +0800
Subject: [PATCH] add simple refer check

---
 src/app.ts                  | 17 +++++++++++++++++
 src/routes/licenseRoutes.ts |  5 ++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/app.ts b/src/app.ts
index e7df41d..9965f05 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -6,6 +6,23 @@ const app = express();
 // 中间件
 app.use(express.json());
 
+app.use((req, res, next) => {
+  const origin = req.headers.origin || '';
+  const referer = req.headers.referer || '';
+
+  // 判断是否来自 kintone 页面
+  const isFromKintone =
+    origin.includes('.kintone.com') ||
+    origin.includes('.cybozu.com') ||
+    referer.includes('.kintone.com') ||
+    referer.includes('.cybozu.com');
+
+  if (!isFromKintone) {
+    return res.status(403).json({ error: 'Forbidden: only allow kintone.proxy access' });
+  }
+  next();
+});
+
 // 设置路由
 setupLicenseRoutes(app);
 
diff --git a/src/routes/licenseRoutes.ts b/src/routes/licenseRoutes.ts
index ffb7edf..8464047 100644
--- a/src/routes/licenseRoutes.ts
+++ b/src/routes/licenseRoutes.ts
@@ -23,5 +23,8 @@ async function handleLicenseCheck(req: Request, res: Response): Promise<void> {
 }
 
 function handleHealthCheck(req: Request, res: Response): void {
-  res.json({ status: 'OK' });
+  res.json({
+    status: 'OK',
+    timestamp: new Date().toISOString(),
+  });
 }