Browse Source

Rewrite RequestParser

* Add more checks and also more strict checks for invalid conditions
* Add http version field
* Raise max request size to 64 MB
* Add author in license
* Use Qt5 new connect syntax
adaptive-webui-19844
Chocobo1 8 years ago
parent
commit
cec68c3fd7
No known key found for this signature in database
GPG Key ID: 210D9C873253A68C
  1. 83
      src/base/http/connection.cpp
  2. 2
      src/base/http/connection.h
  3. 433
      src/base/http/requestparser.cpp
  4. 36
      src/base/http/requestparser.h
  5. 18
      src/base/http/types.h

83
src/base/http/connection.cpp

@ -1,5 +1,6 @@
/* /*
* Bittorrent Client using Qt and libtorrent. * Bittorrent Client using Qt and libtorrent.
* Copyright (C) 2018 Mike Tzou (Chocobo1)
* Copyright (C) 2014 Vladimir Golovnev <glassez@yandex.ru> * Copyright (C) 2014 Vladimir Golovnev <glassez@yandex.ru>
* Copyright (C) 2006 Ishan Arora and Christophe Dumez * Copyright (C) 2006 Ishan Arora and Christophe Dumez
* *
@ -34,6 +35,7 @@
#include <QRegExp> #include <QRegExp>
#include <QTcpSocket> #include <QTcpSocket>
#include "base/logger.h"
#include "irequesthandler.h" #include "irequesthandler.h"
#include "requestparser.h" #include "requestparser.h"
#include "responsegenerator.h" #include "responsegenerator.h"
@ -47,7 +49,7 @@ Connection::Connection(QTcpSocket *socket, IRequestHandler *requestHandler, QObj
{ {
m_socket->setParent(this); m_socket->setParent(this);
m_idleTimer.start(); m_idleTimer.start();
connect(m_socket, SIGNAL(readyRead()), SLOT(read())); connect(m_socket, &QTcpSocket::readyRead, this, &Connection::read);
} }
Connection::~Connection() Connection::~Connection()
@ -58,37 +60,66 @@ Connection::~Connection()
void Connection::read() void Connection::read()
{ {
m_idleTimer.restart(); m_idleTimer.restart();
m_receivedData.append(m_socket->readAll()); m_receivedData.append(m_socket->readAll());
Request request;
RequestParser::ErrorCode err = RequestParser::parse(m_receivedData, request); // TODO: transform request headers to lowercase while (!m_receivedData.isEmpty()) {
const RequestParser::ParseResult result = RequestParser::parse(m_receivedData);
switch (err) {
case RequestParser::IncompleteRequest: switch (result.status) {
// Partial request waiting for the rest case RequestParser::ParseStatus::Incomplete: {
break; const long bufferLimit = RequestParser::MAX_CONTENT_SIZE * 1.1; // some margin for headers
if (m_receivedData.size() > bufferLimit) {
case RequestParser::BadRequest: Logger::instance()->addMessage(tr("Http request size exceeds limiation, closing socket. Limit: %ld, IP: %s")
sendResponse(Response(400, "Bad Request")); .arg(bufferLimit).arg(m_socket->peerAddress().toString()), Log::WARNING);
m_receivedData.clear();
break; Response resp(413, "Payload Too Large");
resp.headers[HEADER_CONNECTION] = "close";
case RequestParser::NoError:
const Environment env {m_socket->localAddress(), m_socket->localPort(), m_socket->peerAddress(), m_socket->peerPort()}; sendResponse(resp);
m_socket->close();
Response response = m_requestHandler->processRequest(request, env); }
if (acceptsGzipEncoding(request.headers["accept-encoding"])) }
response.headers[HEADER_CONTENT_ENCODING] = "gzip"; return;
sendResponse(response);
m_receivedData.clear(); case RequestParser::ParseStatus::BadRequest: {
break; Logger::instance()->addMessage(tr("Bad Http request, closing socket. IP: %s")
.arg(m_socket->peerAddress().toString()), Log::WARNING);
Response resp(400, "Bad Request");
resp.headers[HEADER_CONNECTION] = "close";
sendResponse(resp);
m_socket->close();
}
return;
case RequestParser::ParseStatus::OK: {
const Environment env {m_socket->localAddress(), m_socket->localPort(), m_socket->peerAddress(), m_socket->peerPort()};
Response resp = m_requestHandler->processRequest(result.request, env);
if (acceptsGzipEncoding(result.request.headers["accept-encoding"]))
resp.headers[HEADER_CONTENT_ENCODING] = "gzip";
resp.headers[HEADER_CONNECTION] = "close";
sendResponse(resp);
m_receivedData = m_receivedData.mid(result.frameSize);
m_socket->close();
}
break;
default:
Q_ASSERT(false);
return;
}
} }
} }
void Connection::sendResponse(const Response &response) void Connection::sendResponse(const Response &response) const
{ {
m_socket->write(toByteArray(response)); m_socket->write(toByteArray(response));
m_socket->close(); // TODO: remove when HTTP pipelining is supported
} }
bool Connection::hasExpired(const qint64 timeout) const bool Connection::hasExpired(const qint64 timeout) const

2
src/base/http/connection.h

@ -61,7 +61,7 @@ namespace Http
private: private:
static bool acceptsGzipEncoding(QString codings); static bool acceptsGzipEncoding(QString codings);
void sendResponse(const Response &response); void sendResponse(const Response &response) const;
QTcpSocket *m_socket; QTcpSocket *m_socket;
IRequestHandler *m_requestHandler; IRequestHandler *m_requestHandler;

433
src/base/http/requestparser.cpp

@ -1,5 +1,6 @@
/* /*
* Bittorrent Client using Qt and libtorrent. * Bittorrent Client using Qt and libtorrent.
* Copyright (C) 2018 Mike Tzou (Chocobo1)
* Copyright (C) 2014 Vladimir Golovnev <glassez@yandex.ru> * Copyright (C) 2014 Vladimir Golovnev <glassez@yandex.ru>
* Copyright (C) 2006 Ishan Arora and Christophe Dumez <chris@qbittorrent.org> * Copyright (C) 2006 Ishan Arora and Christophe Dumez <chris@qbittorrent.org>
* *
@ -30,242 +31,257 @@
#include "requestparser.h" #include "requestparser.h"
#include <QDebug> #include <QDebug>
#include <QDir> #include <QRegularExpression>
#include <QStringList> #include <QStringList>
#include <QUrl> #include <QUrl>
#include <QUrlQuery> #include <QUrlQuery>
const QByteArray EOL("\r\n"); #include "base/utils/string.h"
const QByteArray EOH("\r\n\r\n");
inline QString unquoted(const QString &str) using namespace Http;
using QStringPair = QPair<QString, QString>;
namespace
{ {
if ((str[0] == '\"') && (str[str.length() - 1] == '\"')) const QByteArray EOH = QByteArray(CRLF).repeated(2);
return str.mid(1, str.length() - 2);
return str; const QByteArray viewWithoutEndingWith(const QByteArray &in, const QByteArray &str)
} {
if (in.endsWith(str))
return QByteArray::fromRawData(in.constData(), (in.size() - str.size()));
return in;
}
using namespace Http; QList<QByteArray> splitToViews(const QByteArray &in, const QByteArray &sep, const QString::SplitBehavior behavior = QString::KeepEmptyParts)
{
// mimic QString::split(sep, behavior)
RequestParser::ErrorCode RequestParser::parse(const QByteArray &data, Request &request, uint maxContentLength) if (sep.isEmpty())
{ return {in};
return RequestParser(maxContentLength).parseHttpRequest(data, request);
}
RequestParser::RequestParser(uint maxContentLength) QList<QByteArray> ret;
: m_maxContentLength(maxContentLength)
{
}
RequestParser::ErrorCode RequestParser::parseHttpRequest(const QByteArray &data, Request &request) int head = 0;
{ while (head < in.size()) {
m_request = Request(); int end = in.indexOf(sep, head);
if (end < 0)
end = in.size();
// Parse HTTP request header // omit empty parts
const int headerEnd = data.indexOf(EOH); const QByteArray part = QByteArray::fromRawData((in.constData() + head), (end - head));
if (headerEnd < 0) { if (!part.isEmpty() || (behavior == QString::KeepEmptyParts))
qDebug() << Q_FUNC_INFO << "incomplete request"; ret += part;
return IncompleteRequest;
}
if (!parseHttpHeader(data.left(headerEnd))) { head = end + sep.size();
qWarning() << Q_FUNC_INFO << "header parsing error"; }
return BadRequest;
return ret;
} }
// Parse HTTP request message const QByteArray viewMid(const QByteArray &in, const int pos, const int len = -1)
if (m_request.headers.contains("content-length")) { {
int contentLength = m_request.headers["content-length"].toInt(); // mimic QByteArray::mid(pos, len) but instead of returning a full-copy,
if (contentLength < 0) { // we only return a partial view
qWarning() << Q_FUNC_INFO << "bad request: content-length is negative";
return BadRequest;
}
if (contentLength > static_cast<int>(m_maxContentLength)) { if ((pos < 0) || (pos >= in.size()) || (len == 0))
qWarning() << Q_FUNC_INFO << "bad request: message too long"; return {};
return BadRequest;
}
QByteArray content = data.mid(headerEnd + EOH.length(), contentLength); const int validLen = ((len < 0) || (pos + len) >= in.size())
if (content.length() < contentLength) { ? in.size() - pos
qDebug() << Q_FUNC_INFO << "incomplete request"; : len;
return IncompleteRequest; return QByteArray::fromRawData(in.constData() + pos, validLen);
} }
if ((contentLength > 0) && !parseContent(content)) { bool parseHeaderLine(const QString &line, QStringMap &out)
qWarning() << Q_FUNC_INFO << "message parsing error"; {
return BadRequest; // [rfc7230] 3.2. Header Fields
const int i = line.indexOf(':');
if (i <= 0) {
qWarning() << Q_FUNC_INFO << "invalid http header:" << line;
return false;
} }
}
// qDebug() << Q_FUNC_INFO; const QString name = line.leftRef(i).trimmed().toString().toLower();
// qDebug() << "HTTP Request header:"; const QString value = line.midRef(i + 1).trimmed().toString();
// qDebug() << data.left(headerEnd) << "\n"; out[name] = value;
request = m_request; return true;
return NoError; }
} }
bool RequestParser::parseStartingLine(const QString &line) RequestParser::RequestParser()
{ {
const QRegExp rx("^([A-Z]+)\\s+(\\S+)\\s+HTTP/\\d\\.\\d$"); }
if (rx.indexIn(line.trimmed()) >= 0) { RequestParser::ParseResult RequestParser::parse(const QByteArray &data)
m_request.method = rx.cap(1); {
// Warning! Header names are converted to lowercase
return RequestParser().doParse(data);
}
QUrl url = QUrl::fromEncoded(rx.cap(2).toLatin1()); RequestParser::ParseResult RequestParser::doParse(const QByteArray &data)
m_request.path = url.path(); // Path {
// we don't handle malformed requests which use double `LF` as delimiter
const int headerEnd = data.indexOf(EOH);
if (headerEnd < 0) {
qDebug() << Q_FUNC_INFO << "incomplete request";
return {ParseStatus::Incomplete, Request(), 0};
}
// Parse GET parameters const QString httpHeaders = QString::fromLatin1(data.constData(), headerEnd);
QListIterator<QPair<QString, QString> > i(QUrlQuery(url).queryItems()); if (!parseStartLines(httpHeaders)) {
while (i.hasNext()) { qWarning() << Q_FUNC_INFO << "header parsing error";
QPair<QString, QString> pair = i.next(); return {ParseStatus::BadRequest, Request(), 0};
m_request.gets[pair.first] = pair.second; }
const int headerLength = headerEnd + EOH.length();
// handle supported methods
if ((m_request.method == HEADER_REQUEST_METHOD_GET) || (m_request.method == HEADER_REQUEST_METHOD_HEAD))
return {ParseStatus::OK, m_request, headerLength};
if (m_request.method == HEADER_REQUEST_METHOD_POST) {
bool ok = false;
const int contentLength = m_request.headers[HEADER_CONTENT_LENGTH].toInt(&ok);
if (!ok || (contentLength < 0)) {
qWarning() << Q_FUNC_INFO << "bad request: content-length invalid";
return {ParseStatus::BadRequest, Request(), 0};
}
if (contentLength > MAX_CONTENT_SIZE) {
qWarning() << Q_FUNC_INFO << "bad request: message too long";
return {ParseStatus::BadRequest, Request(), 0};
} }
return true; if (contentLength > 0) {
} const QByteArray httpBodyView = viewMid(data, headerLength, contentLength);
if (httpBodyView.length() < contentLength) {
qDebug() << Q_FUNC_INFO << "incomplete request";
return {ParseStatus::Incomplete, Request(), 0};
}
qWarning() << Q_FUNC_INFO << "invalid http header:" << line; if (!parsePostMessage(httpBodyView)) {
return false; qWarning() << Q_FUNC_INFO << "message body parsing error";
} return {ParseStatus::BadRequest, Request(), 0};
}
}
bool RequestParser::parseHeaderLine(const QString &line, QPair<QString, QString> &out) return {ParseStatus::OK, m_request, (headerLength + contentLength)};
{
int i = line.indexOf(QLatin1Char(':'));
if (i == -1) {
qWarning() << Q_FUNC_INFO << "invalid http header:" << line;
return false;
} }
out = qMakePair(line.left(i).trimmed().toLower(), line.mid(i + 1).trimmed()); qWarning() << Q_FUNC_INFO << "unsupported request method: " << m_request.method;
return true; return {ParseStatus::BadRequest, Request(), 0}; // TODO: SHOULD respond "501 Not Implemented"
} }
bool RequestParser::parseHttpHeader(const QByteArray &data) bool RequestParser::parseStartLines(const QString &data)
{ {
QString str = QString::fromUtf8(data); // we don't handle malformed request which uses `LF` for newline
QStringList lines = str.trimmed().split(EOL); const QVector<QStringRef> lines = data.splitRef(CRLF, QString::SkipEmptyParts);
QStringList headerLines; // [rfc7230] 3.2.2. Field Order
foreach (const QString &line, lines) { QStringList requestLines;
if (line[0].isSpace()) { // header line continuation for (const auto &line : lines) {
if (!headerLines.isEmpty()) { // really continuation if (line.at(0).isSpace() && !requestLines.isEmpty()) {
headerLines.last() += QLatin1Char(' '); // continuation of previous line
headerLines.last() += line.trimmed(); requestLines.last() += line.toString();
}
} }
else { else {
headerLines.append(line); requestLines += line.toString();
} }
} }
if (headerLines.isEmpty()) if (requestLines.isEmpty())
return false; // Empty header return false;
QStringList::Iterator it = headerLines.begin(); if (!parseRequestLine(requestLines[0]))
if (!parseStartingLine(*it))
return false; return false;
++it; for (auto i = ++(requestLines.begin()); i != requestLines.end(); ++i) {
for (; it != headerLines.end(); ++it) { if (!parseHeaderLine(*i, m_request.headers))
QPair<QString, QString> header;
if (!parseHeaderLine(*it, header))
return false; return false;
m_request.headers[header.first] = header.second;
} }
return true; return true;
} }
QList<QByteArray> RequestParser::splitMultipartData(const QByteArray &data, const QByteArray &boundary) bool RequestParser::parseRequestLine(const QString &line)
{ {
QList<QByteArray> ret; // [rfc7230] 3.1.1. Request Line
QByteArray sep = boundary + EOL;
const int sepLength = sep.size();
int start = 0, end = 0; const QRegularExpression re(QLatin1String("^([A-Z]+)\\s+(\\S+)\\s+HTTP\\/(\\d\\.\\d)$"));
if ((end = data.indexOf(sep, start)) >= 0) { const QRegularExpressionMatch match = re.match(line);
start = end + sepLength; // skip first boundary
while ((end = data.indexOf(sep, start)) >= 0) { if (!match.hasMatch()) {
ret << data.mid(start, end - EOL.length() - start); qWarning() << Q_FUNC_INFO << "invalid http header:" << line;
start = end + sepLength; return false;
} }
// Request Methods
m_request.method = match.captured(1);
// last or single part // Request Target
sep = boundary + "--" + EOL; const QUrl url = QUrl::fromEncoded(match.captured(2).toLatin1());
if ((end = data.indexOf(sep, start)) >= 0) m_request.path = url.path();
ret << data.mid(start, end - EOL.length() - start);
// parse queries
QListIterator<QStringPair> i(QUrlQuery(url).queryItems());
while (i.hasNext()) {
const QStringPair pair = i.next();
m_request.gets[pair.first] = pair.second;
} }
return ret; // HTTP-version
m_request.version = match.captured(3);
return true;
} }
bool RequestParser::parseContent(const QByteArray &data) bool RequestParser::parsePostMessage(const QByteArray &data)
{ {
// Parse message content // parse POST message-body
qDebug() << Q_FUNC_INFO << "Content-Length: " << m_request.headers["content-length"]; const QString contentType = m_request.headers[HEADER_CONTENT_TYPE];
qDebug() << Q_FUNC_INFO << "data.size(): " << data.size(); const QString contentTypeLower = contentType.toLower();
// Parse url-encoded POST data // application/x-www-form-urlencoded
if (m_request.headers["content-type"].startsWith("application/x-www-form-urlencoded")) { if (contentTypeLower.startsWith(CONTENT_TYPE_FORM_ENCODED)) {
QUrl url; QListIterator<QStringPair> i(QUrlQuery(data).queryItems(QUrl::FullyDecoded));
url.setQuery(data);
QListIterator<QPair<QString, QString> > i(QUrlQuery(url).queryItems(QUrl::FullyDecoded));
while (i.hasNext()) { while (i.hasNext()) {
QPair<QString, QString> pair = i.next(); const QStringPair pair = i.next();
m_request.posts[pair.first] = pair.second; m_request.posts[pair.first] = pair.second;
} }
return true; return true;
} }
// Parse multipart/form data (torrent file) // multipart/form-data
/** if (contentTypeLower.startsWith(CONTENT_TYPE_FORM_DATA)) {
data has the following format (if boundary is "cH2ae0GI3KM7GI3Ij5ae0ei4Ij5Ij5") // [rfc2046] 5.1.1. Common Syntax
--cH2ae0GI3KM7GI3Ij5ae0ei4Ij5Ij5 // find boundary delimiter
Content-Disposition: form-data; name=\"Filename\" const QLatin1String boundaryFieldName("boundary=");
const int idx = contentType.indexOf(boundaryFieldName);
PB020344.torrent if (idx < 0) {
--cH2ae0GI3KM7GI3Ij5ae0ei4Ij5Ij5 qWarning() << Q_FUNC_INFO << "Could not find boundary in multipart/form-data header!";
Content-Disposition: form-data; name=\"torrentfile"; filename=\"PB020344.torrent\" return false;
Content-Type: application/x-bittorrent
BINARY DATA IS HERE
--cH2ae0GI3KM7GI3Ij5ae0ei4Ij5Ij5
Content-Disposition: form-data; name=\"Upload\"
Submit Query
--cH2ae0GI3KM7GI3Ij5ae0ei4Ij5Ij5--
**/
QString contentType = m_request.headers["content-type"];
if (contentType.startsWith("multipart/form-data")) {
const QRegExp boundaryRegexQuoted("boundary=\"([ \\w'()+,-\\./:=\\?]+)\"");
const QRegExp boundaryRegexNotQuoted("boundary=([\\w'()+,-\\./:=\\?]+)");
QByteArray boundary;
if (boundaryRegexQuoted.indexIn(contentType) < 0) {
if (boundaryRegexNotQuoted.indexIn(contentType) < 0) {
qWarning() << "Could not find boundary in multipart/form-data header!";
return false;
}
else {
boundary = "--" + boundaryRegexNotQuoted.cap(1).toLatin1();
}
} }
else {
boundary = "--" + boundaryRegexQuoted.cap(1).toLatin1(); const QByteArray delimiter = Utils::String::unquote(contentType.midRef(idx + boundaryFieldName.size())).toLatin1();
if (delimiter.isEmpty()) {
qWarning() << Q_FUNC_INFO << "boundary delimiter field emtpy!";
return false;
}
// split data by "dash-boundary"
const QByteArray dashDelimiter = QByteArray("--") + delimiter + CRLF;
QList<QByteArray> multipart = splitToViews(data, dashDelimiter, QString::SkipEmptyParts);
if (multipart.isEmpty()) {
qWarning() << Q_FUNC_INFO << "multipart empty";
return false;
} }
qDebug() << "Boundary is " << boundary; // remove the ending delimiter
QList<QByteArray> parts = splitMultipartData(data, boundary); const QByteArray endDelimiter = QByteArray("--") + delimiter + QByteArray("--") + CRLF;
qDebug() << parts.size() << "parts in data"; multipart.push_back(viewWithoutEndingWith(multipart.takeLast(), endDelimiter));
foreach (const QByteArray& part, parts) { for (const auto &part : multipart) {
if (!parseFormData(part)) if (!parseFormData(part))
return false; return false;
} }
@ -273,71 +289,60 @@ Submit Query
return true; return true;
} }
qWarning() << Q_FUNC_INFO << "unknown content type:" << qPrintable(contentType); qWarning() << Q_FUNC_INFO << "unknown content type:" << contentType;
return false; return false;
} }
bool RequestParser::parseFormData(const QByteArray &data) bool RequestParser::parseFormData(const QByteArray &data)
{ {
// Parse form data header const QList<QByteArray> list = splitToViews(data, EOH, QString::KeepEmptyParts);
const int headerEnd = data.indexOf(EOH);
if (headerEnd < 0) {
qDebug() << "Invalid form data: \n" << data;
return false;
}
QString headerStr = QString::fromUtf8(data.left(headerEnd));
QStringList lines = headerStr.trimmed().split(EOL);
QStringMap headers;
foreach (const QString& line, lines) {
QPair<QString, QString> header;
if (!parseHeaderLine(line, header))
return false;
headers[header.first] = header.second; if (list.size() != 2) {
} qWarning() << Q_FUNC_INFO << "multipart/form-data format error";
QStringMap disposition;
if (!headers.contains("content-disposition")
|| !parseHeaderValue(headers["content-disposition"], disposition)
|| !disposition.contains("name")) {
qDebug() << "Invalid form data header: \n" << headerStr;
return false; return false;
} }
if (disposition.contains("filename")) { const QString headers = QString::fromLatin1(list[0]);
UploadedFile ufile; const QByteArray payload = viewWithoutEndingWith(list[1], CRLF);
ufile.filename = disposition["filename"];
ufile.type = disposition["content-type"];
ufile.data = data.mid(headerEnd + EOH.length());
m_request.files.append(ufile); QStringMap headersMap;
} const QVector<QStringRef> headerLines = headers.splitRef(CRLF, QString::SkipEmptyParts);
else { for (const auto &line : headerLines) {
m_request.posts[disposition["name"]] = QString::fromUtf8(data.mid(headerEnd + EOH.length())); if (line.trimmed().startsWith(HEADER_CONTENT_DISPOSITION, Qt::CaseInsensitive)) {
} // extract out filename & name
const QVector<QStringRef> directives = line.split(';', QString::SkipEmptyParts);
return true; for (const auto &directive : directives) {
} const int idx = directive.indexOf('=');
if (idx < 0)
continue;
bool RequestParser::parseHeaderValue(const QString &value, QStringMap &out) const QString name = directive.left(idx).trimmed().toString().toLower();
{ const QString value = Utils::String::unquote(directive.mid(idx + 1).trimmed()).toString();
int pos = value.indexOf(QLatin1Char(';')); headersMap[name] = value;
if (pos == -1) { }
out[""] = value.trimmed(); }
return true; else {
if (!parseHeaderLine(line.toString(), headersMap))
return false;
}
} }
out[""] = value.left(pos).trimmed(); // pick data
const QLatin1String filename("filename");
const QLatin1String name("name");
QRegExp rx(";\\s*([^=;\"]+)\\s*=\\s*(\"[^\"]*\"|[^\";\\s]+)\\s*"); if (headersMap.contains(filename)) {
while (rx.indexIn(value, pos) == pos) { m_request.files.append({filename, headersMap[HEADER_CONTENT_TYPE], payload});
out[rx.cap(1).trimmed()] = unquoted(rx.cap(2));
pos += rx.cap(0).length();
} }
else if (headersMap.contains(name)) {
if (pos != value.length()) m_request.posts[headersMap[name]] = payload;
}
else {
// malformed
qWarning() << Q_FUNC_INFO << "multipart/form-data header error";
return false; return false;
}
return true; return true;
} }

36
src/base/http/requestparser.h

@ -1,5 +1,6 @@
/* /*
* Bittorrent Client using Qt and libtorrent. * Bittorrent Client using Qt and libtorrent.
* Copyright (C) 2018 Mike Tzou (Chocobo1)
* Copyright (C) 2014 Vladimir Golovnev <glassez@yandex.ru> * Copyright (C) 2014 Vladimir Golovnev <glassez@yandex.ru>
* Copyright (C) 2006 Ishan Arora and Christophe Dumez <chris@qbittorrent.org> * Copyright (C) 2006 Ishan Arora and Christophe Dumez <chris@qbittorrent.org>
* *
@ -37,32 +38,35 @@ namespace Http
class RequestParser class RequestParser
{ {
public: public:
enum ErrorCode enum class ParseStatus
{ {
NoError = 0, OK,
IncompleteRequest, Incomplete,
BadRequest BadRequest
}; };
// when result != NoError parsed request is undefined struct ParseResult
// Warning! Header names are converted to lower-case. {
static ErrorCode parse(const QByteArray &data, Request &request, uint maxContentLength = 10000000 /* ~10MB */); // when `status != ParseStatus::OK`, `request` & `frameSize` are undefined
ParseStatus status;
Request request;
long frameSize; // http request frame size (bytes)
};
static ParseResult parse(const QByteArray &data);
static const long MAX_CONTENT_SIZE = 64 * 1024 * 1024; // 64 MB
private: private:
RequestParser(uint maxContentLength); RequestParser();
ErrorCode parseHttpRequest(const QByteArray &data, Request &request); ParseResult doParse(const QByteArray &data);
bool parseStartLines(const QString &data);
bool parseRequestLine(const QString &line);
bool parseHttpHeader(const QByteArray &data); bool parsePostMessage(const QByteArray &data);
bool parseStartingLine(const QString &line);
bool parseContent(const QByteArray &data);
bool parseFormData(const QByteArray &data); bool parseFormData(const QByteArray &data);
QList<QByteArray> splitMultipartData(const QByteArray &data, const QByteArray &boundary);
static bool parseHeaderLine(const QString &line, QPair<QString, QString> &out);
static bool parseHeaderValue(const QString &value, QStringMap &out);
const uint m_maxContentLength;
Request m_request; Request m_request;
}; };
} }

18
src/base/http/types.h

@ -1,5 +1,6 @@
/* /*
* Bittorrent Client using Qt and libtorrent. * Bittorrent Client using Qt and libtorrent.
* Copyright (C) 2018 Mike Tzou (Chocobo1)
* Copyright (C) 2014 Vladimir Golovnev <glassez@yandex.ru> * Copyright (C) 2014 Vladimir Golovnev <glassez@yandex.ru>
* *
* This program is free software; you can redistribute it and/or * This program is free software; you can redistribute it and/or
@ -41,6 +42,8 @@ namespace Http
const char METHOD_POST[] = "POST"; const char METHOD_POST[] = "POST";
const char HEADER_CACHE_CONTROL[] = "cache-control"; const char HEADER_CACHE_CONTROL[] = "cache-control";
const char HEADER_CONNECTION[] = "connection";
const char HEADER_CONTENT_DISPOSITION[] = "content-disposition";
const char HEADER_CONTENT_ENCODING[] = "content-encoding"; const char HEADER_CONTENT_ENCODING[] = "content-encoding";
const char HEADER_CONTENT_LENGTH[] = "content-length"; const char HEADER_CONTENT_LENGTH[] = "content-length";
const char HEADER_CONTENT_SECURITY_POLICY[] = "content-security-policy"; const char HEADER_CONTENT_SECURITY_POLICY[] = "content-security-policy";
@ -55,6 +58,10 @@ namespace Http
const char HEADER_X_FRAME_OPTIONS[] = "x-frame-options"; const char HEADER_X_FRAME_OPTIONS[] = "x-frame-options";
const char HEADER_X_XSS_PROTECTION[] = "x-xss-protection"; const char HEADER_X_XSS_PROTECTION[] = "x-xss-protection";
const char HEADER_REQUEST_METHOD_GET[] = "GET";
const char HEADER_REQUEST_METHOD_HEAD[] = "HEAD";
const char HEADER_REQUEST_METHOD_POST[] = "POST";
const char CONTENT_TYPE_HTML[] = "text/html"; const char CONTENT_TYPE_HTML[] = "text/html";
const char CONTENT_TYPE_JS[] = "application/javascript"; const char CONTENT_TYPE_JS[] = "application/javascript";
const char CONTENT_TYPE_JSON[] = "application/json"; const char CONTENT_TYPE_JSON[] = "application/json";
@ -64,8 +71,10 @@ namespace Http
const char CONTENT_TYPE_PNG[] = "image/png"; const char CONTENT_TYPE_PNG[] = "image/png";
const char CONTENT_TYPE_TXT[] = "text/plain"; const char CONTENT_TYPE_TXT[] = "text/plain";
const char CONTENT_TYPE_SVG[] = "image/svg+xml"; const char CONTENT_TYPE_SVG[] = "image/svg+xml";
const char CONTENT_TYPE_FORM_ENCODED[] = "application/x-www-form-urlencoded";
const char CONTENT_TYPE_FORM_DATA[] = "multipart/form-data";
// portability: "\r\n" doesn't guarantee mapping to the correct value // portability: "\r\n" doesn't guarantee mapping to the correct symbol
const char CRLF[] = {0x0D, 0x0A, '\0'}; const char CRLF[] = {0x0D, 0x0A, '\0'};
struct Environment struct Environment
@ -79,13 +88,14 @@ namespace Http
struct UploadedFile struct UploadedFile
{ {
QString filename; // original filename QString filename;
QString type; // MIME type QString type; // MIME type
QByteArray data; // File data QByteArray data;
}; };
struct Request struct Request
{ {
QString version;
QString method; QString method;
QString path; QString path;
QStringMap headers; QStringMap headers;

Loading…
Cancel
Save