Enable customizing the save statistics time interval
[qBittorrent.git] / src / base / http / server.cpp
blob19233dc2748b4948b997efee625c5fb38ada5e0b
1 /*
2 * Bittorrent Client using Qt and libtorrent.
3 * Copyright (C) 2014 Vladimir Golovnev <glassez@yandex.ru>
4 * Copyright (C) 2006 Christophe Dumez <chris@qbittorrent.org>
5 * Copyright (C) 2006 Ishan Arora <ishan@qbittorrent.org>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21 * In addition, as a special exception, the copyright holders give permission to
22 * link this program with the OpenSSL project's "OpenSSL" library (or with
23 * modified versions of it that use the same license as the "OpenSSL" library),
24 * and distribute the linked executables. You must obey the GNU General Public
25 * License in all respects for all of the code used other than "OpenSSL". If you
26 * modify file(s), you may extend this exception to your version of the file(s),
27 * but you are not obligated to do so. If you do not wish to do so, delete this
28 * exception statement from your version.
31 #include "server.h"
33 #include <algorithm>
34 #include <chrono>
35 #include <memory>
36 #include <new>
38 #include <QtLogging>
39 #include <QNetworkProxy>
40 #include <QSslCipher>
41 #include <QSslConfiguration>
42 #include <QSslSocket>
43 #include <QStringList>
44 #include <QTimer>
46 #include "base/global.h"
47 #include "base/utils/net.h"
48 #include "base/utils/sslkey.h"
49 #include "connection.h"
51 using namespace std::chrono_literals;
53 namespace
55 const int KEEP_ALIVE_DURATION = std::chrono::milliseconds(7s).count();
56 const int CONNECTIONS_LIMIT = 500;
57 const std::chrono::seconds CONNECTIONS_SCAN_INTERVAL {2};
59 QList<QSslCipher> safeCipherList()
61 const QStringList badCiphers {u"idea"_s, u"rc4"_s};
62 // Contains Ciphersuites that use RSA for the Key Exchange but they don't mention it in their name
63 const QStringList badRSAShorthandSuites {
64 u"AES256-GCM-SHA384"_s, u"AES128-GCM-SHA256"_s, u"AES256-SHA256"_s,
65 u"AES128-SHA256"_s, u"AES256-SHA"_s, u"AES128-SHA"_s};
66 // Contains Ciphersuites that use AES CBC mode but they don't mention it in their name
67 const QStringList badAESShorthandSuites {
68 u"ECDHE-ECDSA-AES256-SHA384"_s, u"ECDHE-RSA-AES256-SHA384"_s, u"DHE-RSA-AES256-SHA256"_s,
69 u"ECDHE-ECDSA-AES128-SHA256"_s, u"ECDHE-RSA-AES128-SHA256"_s, u"DHE-RSA-AES128-SHA256"_s,
70 u"ECDHE-ECDSA-AES256-SHA"_s, u"ECDHE-RSA-AES256-SHA"_s, u"DHE-RSA-AES256-SHA"_s,
71 u"ECDHE-ECDSA-AES128-SHA"_s, u"ECDHE-RSA-AES128-SHA"_s, u"DHE-RSA-AES128-SHA"_s};
72 const QList<QSslCipher> allCiphers {QSslConfiguration::supportedCiphers()};
73 QList<QSslCipher> safeCiphers;
74 std::copy_if(allCiphers.cbegin(), allCiphers.cend(), std::back_inserter(safeCiphers),
75 [&badCiphers, &badRSAShorthandSuites, &badAESShorthandSuites](const QSslCipher &cipher)
77 const QString name = cipher.name();
78 if (name.contains(u"-cbc-"_s, Qt::CaseInsensitive) // AES CBC mode is considered vulnerable to BEAST attack
79 || name.startsWith(u"adh-"_s, Qt::CaseInsensitive) // Key Exchange: Diffie-Hellman, doesn't support Perfect Forward Secrecy
80 || name.startsWith(u"aecdh-"_s, Qt::CaseInsensitive) // Key Exchange: Elliptic Curve Diffie-Hellman, doesn't support Perfect Forward Secrecy
81 || name.startsWith(u"psk-"_s, Qt::CaseInsensitive) // Key Exchange: Pre-Shared Key, doesn't support Perfect Forward Secrecy
82 || name.startsWith(u"rsa-"_s, Qt::CaseInsensitive) // Key Exchange: Rivest Shamir Adleman (RSA), doesn't support Perfect Forward Secrecy
83 || badRSAShorthandSuites.contains(name, Qt::CaseInsensitive)
84 || badAESShorthandSuites.contains(name, Qt::CaseInsensitive))
86 return false;
89 return std::none_of(badCiphers.cbegin(), badCiphers.cend(), [&cipher](const QString &badCipher)
91 return cipher.name().contains(badCipher, Qt::CaseInsensitive);
92 });
93 });
94 return safeCiphers;
98 using namespace Http;
100 Server::Server(IRequestHandler *requestHandler, QObject *parent)
101 : QTcpServer(parent)
102 , m_requestHandler(requestHandler)
104 setProxy(QNetworkProxy::NoProxy);
106 QSslConfiguration sslConf {QSslConfiguration::defaultConfiguration()};
107 sslConf.setProtocol(QSsl::TlsV1_2OrLater);
108 sslConf.setCiphers(safeCipherList());
109 QSslConfiguration::setDefaultConfiguration(sslConf);
111 auto *dropConnectionTimer = new QTimer(this);
112 connect(dropConnectionTimer, &QTimer::timeout, this, &Server::dropTimedOutConnection);
113 dropConnectionTimer->start(CONNECTIONS_SCAN_INTERVAL);
116 void Server::incomingConnection(const qintptr socketDescriptor)
118 std::unique_ptr<QTcpSocket> serverSocket = m_https ? std::make_unique<QSslSocket>(this) : std::make_unique<QTcpSocket>(this);
119 if (!serverSocket->setSocketDescriptor(socketDescriptor))
120 return;
122 if (m_connections.size() >= CONNECTIONS_LIMIT)
124 qWarning("Too many connections. Exceeded CONNECTIONS_LIMIT (%d). Connection closed.", CONNECTIONS_LIMIT);
125 return;
130 if (m_https)
132 auto *sslSocket = static_cast<QSslSocket *>(serverSocket.get());
133 sslSocket->setProtocol(QSsl::SecureProtocols);
134 sslSocket->setPrivateKey(m_key);
135 sslSocket->setLocalCertificateChain(m_certificates);
136 sslSocket->setPeerVerifyMode(QSslSocket::VerifyNone);
137 sslSocket->startServerEncryption();
140 auto *connection = new Connection(serverSocket.release(), m_requestHandler, this);
141 m_connections.insert(connection);
142 connect(connection, &Connection::closed, this, [this, connection] { removeConnection(connection); });
144 catch (const std::bad_alloc &exception)
146 // drop the connection instead of throwing exception and crash
147 qWarning("Failed to allocate memory for HTTP connection. Connection closed.");
148 return;
152 void Server::removeConnection(Connection *connection)
154 m_connections.remove(connection);
155 connection->deleteLater();
158 void Server::dropTimedOutConnection()
160 m_connections.removeIf([](Connection *connection)
162 if (!connection->hasExpired(KEEP_ALIVE_DURATION))
163 return false;
165 connection->deleteLater();
166 return true;
170 bool Server::setupHttps(const QByteArray &certificates, const QByteArray &privateKey)
172 const QList<QSslCertificate> certs {Utils::Net::loadSSLCertificate(certificates)};
173 const QSslKey key {Utils::SSLKey::load(privateKey)};
175 if (certs.isEmpty() || key.isNull())
177 disableHttps();
178 return false;
181 m_key = key;
182 m_certificates = certs;
183 m_https = true;
184 return true;
187 void Server::disableHttps()
189 m_https = false;
190 m_certificates.clear();
191 m_key.clear();
194 bool Server::isHttps() const
196 return m_https;