mirror of
https://github.com/d47081/qBittorrent.git
synced 2025-01-26 22:44:36 +00:00
0532d546d7
This filtering is required to defend against DNS rebinding attack.
117 lines
3.8 KiB
C++
117 lines
3.8 KiB
C++
/*
|
|
* Bittorrent Client using Qt and libtorrent.
|
|
* Copyright (C) 2014 Vladimir Golovnev <glassez@yandex.ru>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
*
|
|
* In addition, as a special exception, the copyright holders give permission to
|
|
* link this program with the OpenSSL project's "OpenSSL" library (or with
|
|
* modified versions of it that use the same license as the "OpenSSL" library),
|
|
* and distribute the linked executables. You must obey the GNU General Public
|
|
* License in all respects for all of the code used other than "OpenSSL". If you
|
|
* modify file(s), you may extend this exception to your version of the file(s),
|
|
* but you are not obligated to do so. If you do not wish to do so, delete this
|
|
* exception statement from your version.
|
|
*/
|
|
|
|
#ifndef ABSTRACTWEBAPPLICATION_H
|
|
#define ABSTRACTWEBAPPLICATION_H
|
|
|
|
#include <QHash>
|
|
#include <QMap>
|
|
#include <QObject>
|
|
|
|
#include "base/http/irequesthandler.h"
|
|
#include "base/http/responsebuilder.h"
|
|
#include "base/http/types.h"
|
|
|
|
struct WebSession;
|
|
struct WebSessionData;
|
|
|
|
const char C_SID[] = "SID"; // name of session id cookie
|
|
const int BAN_TIME = 3600000; // 1 hour
|
|
const int INACTIVE_TIME = 900; // Session inactive time (in secs = 15 min.)
|
|
const int MAX_AUTH_FAILED_ATTEMPTS = 5;
|
|
|
|
class AbstractWebApplication : public Http::ResponseBuilder, public Http::IRequestHandler
|
|
{
|
|
Q_OBJECT
|
|
Q_DISABLE_COPY(AbstractWebApplication)
|
|
|
|
public:
|
|
explicit AbstractWebApplication(QObject *parent = 0);
|
|
virtual ~AbstractWebApplication();
|
|
|
|
Http::Response processRequest(const Http::Request &request, const Http::Environment &env) final;
|
|
|
|
protected:
|
|
virtual void doProcessRequest() = 0;
|
|
|
|
bool isBanned() const;
|
|
int failedAttempts() const;
|
|
void resetFailedAttempts();
|
|
void increaseFailedAttempts();
|
|
|
|
void printFile(const QString &path);
|
|
|
|
// Session management
|
|
bool sessionActive() const { return session_ != 0; }
|
|
bool sessionStart();
|
|
bool sessionEnd();
|
|
|
|
bool isAuthNeeded();
|
|
|
|
bool readFile(const QString &path, QByteArray &data, QString &type);
|
|
|
|
// save data to temporary file on disk and return its name (or empty string if fails)
|
|
static QString saveTmpFile(const QByteArray &data);
|
|
|
|
WebSessionData *session();
|
|
Http::Request request() const { return request_; }
|
|
Http::Environment env() const { return env_; }
|
|
|
|
private slots:
|
|
void UnbanTimerEvent();
|
|
void removeInactiveSessions();
|
|
|
|
void reloadDomainList();
|
|
|
|
private:
|
|
// Persistent data
|
|
QMap<QString, WebSession *> sessions_;
|
|
QHash<QHostAddress, int> clientFailedAttempts_;
|
|
QMap<QString, QByteArray> translatedFiles_;
|
|
|
|
// Current data
|
|
WebSession *session_;
|
|
Http::Request request_;
|
|
Http::Environment env_;
|
|
|
|
QStringList domainList;
|
|
|
|
QString generateSid();
|
|
bool sessionInitialize();
|
|
|
|
QStringMap parseCookie(const Http::Request &request) const;
|
|
bool isCrossSiteRequest(const Http::Request &request) const;
|
|
bool validateHostHeader(const Http::Request &request, const Http::Environment &env, const QStringList &domains) const;
|
|
|
|
static void translateDocument(QString &data);
|
|
|
|
static const QStringMap CONTENT_TYPE_BY_EXT;
|
|
};
|
|
|
|
#endif // ABSTRACTWEBAPPLICATION_H
|