The inspiration
I wanted a website for my sharex files, that displayed the images embedded within a normal webpage using a uniform template, but prevented them from being embedded in an unauthorised site.The tech stack
I am already very familiar with Flask & python, so I used this for the backend. I used templating with Jinja to embed the images into the wrapper webpage. This will all be running behind an NGINX reverse proxy that will handle the SSL/TLS certs and stuff.Discord Embeds
An issue I ran into was that images would no longer embed into discord. One major thing I wanted from this site was the function of embedding images as if it was a raw file link. To do this, I needed to check if the request was from discord or not. The quickest method to determine if a request is from the discord cache layer was to check the User-Agent request header. While looking through the request headers in my server’s logs, I determined they cycle between two specific User-Agent headers. Using these headers I modified the server response, so that if any User-Agent other than the discord ones requested the file, it would respond with the wrapper page with the image embedded.Link Obfuscation
The next hurdle I ran into was with embedding the file into the site. Originally I considered embedding the images inline using base64 image conversion, but came to the conclusion that it was too difficult to implement and it wouldn’t be good for larger files.I then chose instead to create an sqllite database using Flask-SQLAlchemy and create a loader URL that would be destroyed after a request was made to it. Basically obfuscation The site would use the jinja template to embed the proper temporary file link associated with the file requested. The temp link was designed so that when the browser requests for the file, it receives the file, embeds it, and then the web server instantly deletes the reference to the file from the database, rendering the temp link unsuable. This forces users to use the normal link, and thus everyone will see the wrapper site.