src/webui/webapplication.h

   1 /*
   2  * Bittorrent Client using Qt and libtorrent.
   3  * Copyright (C) 2014, 2017  Vladimir Golovnev <glassez@yandex.ru>
   4  *
   5  * This program is free software; you can redistribute it and/or
   6  * modify it under the terms of the GNU General Public License
   7  * as published by the Free Software Foundation; either version 2
   8  * of the License, or (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program; if not, write to the Free Software
  17  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  18  *
  19  * In addition, as a special exception, the copyright holders give permission to
  20  * link this program with the OpenSSL project's "OpenSSL" library (or with
  21  * modified versions of it that use the same license as the "OpenSSL" library),
  22  * and distribute the linked executables. You must obey the GNU General Public
  23  * License in all respects for all of the code used other than "OpenSSL".  If you
  24  * modify file(s), you may extend this exception to your version of the file(s),
  25  * but you are not obligated to do so. If you do not wish to do so, delete this
  26  * exception statement from your version.
  27  */
  28
  29 #pragma once
  30
  31 #include <QDateTime>
  32 #include <QElapsedTimer>
  33 #include <QHash>
  34 #include <QObject>
  35 #include <QRegularExpression>
  36 #include <QSet>
  37 #include <QTranslator>
  38
  39 #include "api/isessionmanager.h"
  40 #include "base/http/irequesthandler.h"
  41 #include "base/http/responsebuilder.h"
  42 #include "base/http/types.h"
  43 #include "base/utils/net.h"
  44 #include "base/utils/version.h"
  45
  46 inline const Utils::Version<int, 3, 2> API_VERSION {2, 8, 4};
  47
  48 class APIController;
  49 class WebApplication;
  50
  51 class WebSession final : public ISession
  52 {
  53 public:
  54     explicit WebSession(const QString &sid);
  55
  56     QString id() const override;
  57
  58     bool hasExpired(qint64 seconds) const;
  59     void updateTimestamp();
  60
  61     QVariant getData(const QString &id) const override;
  62     void setData(const QString &id, const QVariant &data) override;
  63
  64 private:
  65     const QString m_sid;
  66     QElapsedTimer m_timer;  // timestamp
  67     QVariantHash m_data;
  68 };
  69
  70 class WebApplication final
  71         : public QObject, public Http::IRequestHandler, public ISessionManager
  72         , private Http::ResponseBuilder
  73 {
  74     Q_OBJECT
  75     Q_DISABLE_COPY_MOVE(WebApplication)
  76
  77 #ifndef Q_MOC_RUN
  78 #define WEBAPI_PUBLIC
  79 #define WEBAPI_PRIVATE
  80 #endif
  81
  82 public:
  83     explicit WebApplication(QObject *parent = nullptr);
  84     ~WebApplication() override;
  85
  86     Http::Response processRequest(const Http::Request &request, const Http::Environment &env) override;
  87
  88     QString clientId() const override;
  89     WebSession *session() override;
  90     void sessionStart() override;
  91     void sessionEnd() override;
  92
  93     const Http::Request &request() const;
  94     const Http::Environment &env() const;
  95
  96 private:
  97     void doProcessRequest();
  98     void configure();
  99
 100     void registerAPIController(const QString &scope, APIController *controller);
 101     void declarePublicAPI(const QString &apiPath);
 102
 103     void sendFile(const QString &path);
 104     void sendWebUIFile();
 105
 106     void translateDocument(QString &data) const;
 107
 108     // Session management
 109     QString generateSid() const;
 110     void sessionInitialize();
 111     bool isAuthNeeded();
 112     bool isPublicAPI(const QString &scope, const QString &action) const;
 113
 114     bool isCrossSiteRequest(const Http::Request &request) const;
 115     bool validateHostHeader(const QStringList &domains) const;
 116
 117     QHostAddress resolveClientAddress() const;
 118
 119     // Persistent data
 120     QHash<QString, WebSession *> m_sessions;
 121
 122     // Current data
 123     WebSession *m_currentSession = nullptr;
 124     Http::Request m_request;
 125     Http::Environment m_env;
 126     QHash<QString, QString> m_params;
 127     const QString m_cacheID;
 128
 129     const QRegularExpression m_apiPathPattern {QLatin1String("^/api/v2/(?<scope>[A-Za-z_][A-Za-z_0-9]*)/(?<action>[A-Za-z_][A-Za-z_0-9]*)$")};
 130
 131     QHash<QString, APIController *> m_apiControllers;
 132     QSet<QString> m_publicAPIs;
 133     bool m_isAltUIUsed = false;
 134     QString m_rootFolder;
 135
 136     struct TranslatedFile
 137     {
 138         QByteArray data;
 139         QString mimeType;
 140         QDateTime lastModified;
 141     };
 142     QHash<QString, TranslatedFile> m_translatedFiles;
 143     QString m_currentLocale;
 144     QTranslator m_translator;
 145     bool m_translationFileLoaded = false;
 146
 147     bool m_isLocalAuthEnabled;
 148     bool m_isAuthSubnetWhitelistEnabled;
 149     QVector<Utils::Net::Subnet> m_authSubnetWhitelist;
 150     int m_sessionTimeout;
 151
 152     // security related
 153     QStringList m_domainList;
 154     bool m_isCSRFProtectionEnabled;
 155     bool m_isSecureCookieEnabled;
 156     bool m_isHostHeaderValidationEnabled;
 157     bool m_isHttpsEnabled;
 158
 159     // Reverse proxy
 160     bool m_isReverseProxySupportEnabled;
 161     QVector<QHostAddress> m_trustedReverseProxyList;
 162     QHostAddress m_clientAddress;
 163
 164     QVector<Http::Header> m_prebuiltHeaders;
 165 };