d4708/qBittorrent
1
0
Fork 0
mirror of https://github.com/d47081/qBittorrent.git synced 2025-01-14 16:57:55 +00:00
Code Issues Projects Releases Wiki Activity

Allow to use subnet notation in reverse proxy list

Browse Source 
Closes #17475.
This commit is contained in:
Chocobo1 2022-09-07 13:29:46 +08:00
parent 851374e517
commit 109c45bb95
No known key found for this signature in database
GPG Key ID: 210D9C873253A68C
2 changed files with 24 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/webui/webapplication.cpp
View File

@ -42,7 +42,6 @@
#include <QUrl> #include <QUrl>
#include "base/algorithm.h" #include "base/algorithm.h"
#include "base/global.h"
#include "base/http/httperror.h" #include "base/http/httperror.h"
#include "base/logger.h" #include "base/logger.h"
#include "base/preferences.h" #include "base/preferences.h"
@ -402,15 +401,29 @@ void WebApplication::configure()
m_isReverseProxySupportEnabled = pref->isWebUIReverseProxySupportEnabled(); m_isReverseProxySupportEnabled = pref->isWebUIReverseProxySupportEnabled();
if (m_isReverseProxySupportEnabled) if (m_isReverseProxySupportEnabled)
{ {
m_trustedReverseProxyList.clear();
const QStringList proxyList = pref->getWebUITrustedReverseProxiesList().split(u';', Qt::SkipEmptyParts); const QStringList proxyList = pref->getWebUITrustedReverseProxiesList().split(u';', Qt::SkipEmptyParts);
for (const QString &proxy : proxyList) m_trustedReverseProxyList.clear();
m_trustedReverseProxyList.reserve(proxyList.size());
for (QString proxy : proxyList)
{ {
QHostAddress ip; if (!proxy.contains(u'/'))
if (ip.setAddress(proxy)) {
m_trustedReverseProxyList.push_back(ip); const QAbstractSocket::NetworkLayerProtocol protocol = QHostAddress(proxy).protocol();
if (protocol == QAbstractSocket::IPv4Protocol)
{
proxy.append(u"/32");
}
else if (protocol == QAbstractSocket::IPv6Protocol)
{
proxy.append(u"/128");
}
}
const std::optional<Utils::Net::Subnet> subnet = Utils::Net::parseSubnet(proxy);
if (subnet)
m_trustedReverseProxyList.push_back(subnet.value());
} }
if (m_trustedReverseProxyList.isEmpty()) if (m_trustedReverseProxyList.isEmpty())
@ -728,7 +741,7 @@ QHostAddress WebApplication::resolveClientAddress() const
return m_env.clientAddress; return m_env.clientAddress;
// Only reverse proxy can overwrite client address // Only reverse proxy can overwrite client address
if (!m_trustedReverseProxyList.contains(m_env.clientAddress)) if (!Utils::Net::isIPInSubnets(m_env.clientAddress, m_trustedReverseProxyList))
return m_env.clientAddress; return m_env.clientAddress;
const QString forwardedFor = m_request.headers.value(Http::HEADER_X_FORWARDED_FOR); const QString forwardedFor = m_request.headers.value(Http::HEADER_X_FORWARDED_FOR);

4
src/webui/webapplication.h
View File

@ -34,11 +34,13 @@
#include <QDateTime> #include <QDateTime>
#include <QElapsedTimer> #include <QElapsedTimer>
#include <QHash> #include <QHash>
#include <QHostAddress>
#include <QMap> #include <QMap>
#include <QObject> #include <QObject>
#include <QRegularExpression> #include <QRegularExpression>
#include <QSet> #include <QSet>
#include <QTranslator> #include <QTranslator>
#include <QVector>
#include "base/applicationcomponent.h" #include "base/applicationcomponent.h"
#include "base/global.h" #include "base/global.h"
@ -233,7 +235,7 @@ private:
// Reverse proxy // Reverse proxy
bool m_isReverseProxySupportEnabled; bool m_isReverseProxySupportEnabled;
QVector<QHostAddress> m_trustedReverseProxyList; QVector<Utils::Net::Subnet> m_trustedReverseProxyList;
QHostAddress m_clientAddress; QHostAddress m_clientAddress;
QVector<Http::Header> m_prebuiltHeaders; QVector<Http::Header> m_prebuiltHeaders;