bool HttpServer::checkLogin(const QHttpRequestHeader & hdr,const QByteArray & data)
{
// Authentication is disabled
if (!WebInterfacePluginSettings::authentication())
{
session.logged_in = true;
session.sessionId = rand();
session.last_access = QTime::currentTime();
Out(SYS_WEB|LOG_NOTICE) << "Webgui login successful ! (auth disable)" << endl;
challenge = QString();
return true;
}
if (hdr.contentType() != "application/x-www-form-urlencoded")
{
Out(SYS_WEB|LOG_NOTICE) << "Webgui login failed ! 1" << endl;
challenge = QString();
return false;
}
QString username;
QString challenge_hash;
QStringList params = QString(data).split("&");
for (QStringList::iterator i = params.begin();i != params.end();i++)
{
QString t = *i;
if (t.section("=",0,0) == "username")
username = t.section("=",1,1);
else if (t.section("=",0,0) == "challenge")
challenge_hash = t.section("=",1,1);
}
if (username.isNull() || challenge.isNull() || username != WebInterfacePluginSettings::username())
{
Out(SYS_WEB|LOG_NOTICE) << "Webgui login failed ! 2" << endl;
challenge = QString();
return false;
}
QByteArray s = (QString(challenge + WebInterfacePluginSettings::password())).toUtf8();
bt::SHA1Hash hash = bt::SHA1Hash::generate((const bt::Uint8*)s.data(),s.length());
if (hash.toString() == challenge_hash)
{
session.logged_in = true;
session.sessionId=rand();
session.last_access=QTime::currentTime();
Out(SYS_WEB|LOG_NOTICE) << "Webgui login successful !" << endl;
challenge = QString();
return true;
}
challenge = QString();
Out(SYS_WEB|LOG_NOTICE) << "Webgui login failed ! 3" << endl;
return false;
}
bool HttpServer::checkLogin(const QHttpRequestHeader & hdr,const QByteArray & data)
{
if (hdr.contentType() != "application/x-www-form-urlencoded")
return false;
QString username;
QString password;
QStringList params = QStringList::split("&",QString(data));
for (QStringList::iterator i = params.begin();i != params.end();i++)
{
QString t = *i;
if (t.section("=",0,0) == "username")
username = t.section("=",1,1);
else if (t.section("=",0,0) == "password")
password = t.section("=",1,1);
// check for passwords with url encoded stuff in them and decode them if necessary
int idx = 0;
while ((idx = password.find('%',idx)) > 0)
{
if (idx + 2 < password.length())
{
idx = DecodeEscapedChar(password,idx);
}
else
break;
}
}
if (!username.isNull() && !password.isNull())
{
KMD5 context(password.utf8());
if(username == WebInterfacePluginSettings::username() &&
context.hexDigest().data() == WebInterfacePluginSettings::password())
{
session.logged_in = true;
session.sessionId=rand();
session.last_access=QTime::currentTime();
Out(SYS_WEB|LOG_NOTICE) << "Webgui login succesfull !" << endl;
return true;
}
}
return false;
}
/*!
* Handles incoming HTTP requests and dispatches them to the appropriate service.
*
* The \a requestID is an opaque value generated by the connector.
*
* Subclasses may override this function to perform preprocessing on each
* request, but they must call the base class implementation in order to
* generate and dispatch the appropriate events.
*
* To facilitate use with multi-threaded applications, the event will remain
* valid until a response is posted.
*/
void QxtHttpSessionManager::incomingRequest(quint32 requestID, const QHttpRequestHeader& header, QxtWebContent* content)
{
QMultiHash<QString, QString> cookies;
foreach(const QString& cookie, header.allValues("cookie")) // QHttpHeader is case-insensitive, thankfully
{
foreach(const QString& kv, cookie.split("; "))
{
int pos = kv.indexOf('=');
if (pos == -1) continue;
cookies.insert(kv.left(pos), kv.mid(pos + 1));
}
}
int sessionID;
QString sessionCookie = cookies.value(qxt_d().sessionCookieName);
qxt_d().sessionLock.lock();
if (qxt_d().sessionKeys.contains(sessionCookie))
{
sessionID = qxt_d().sessionKeys[sessionCookie];
if(!sessionID && header.majorVersion() > 0 && qxt_d().autoCreateSession)
sessionID = newSession();
}
else if (header.majorVersion() > 0 && qxt_d().autoCreateSession)
{
sessionID = newSession();
}
else
{
sessionID = 0;
}
QIODevice* device = connector()->getRequestConnection(requestID);
QxtHttpSessionManagerPrivate::ConnectionState& state = qxt_d().connectionState[device];
state.sessionID = sessionID;
state.httpMajorVersion = header.majorVersion();
state.httpMinorVersion = header.minorVersion();
if (state.httpMajorVersion == 0 || (state.httpMajorVersion == 1 && state.httpMinorVersion == 0) || header.value("connection").toLower() == "close")
state.keepAlive = false;
else
state.keepAlive = true;
qxt_d().sessionLock.unlock();
QxtWebRequestEvent* event = new QxtWebRequestEvent(sessionID, requestID, QUrl::fromEncoded(header.path().toUtf8()));
qxt_d().eventLock.lock();
qxt_d().pendingRequests.insert(QPair<int,int>(sessionID, requestID), event);
qxt_d().eventLock.unlock();
QTcpSocket* socket = qobject_cast<QTcpSocket*>(device);
if (socket)
{
event->remoteAddress = socket->peerAddress();
#if defined(QT_SECURETRANSPORT) || !defined(QT_NO_OPENSSL)
QSslSocket* sslSocket = qobject_cast<QSslSocket*>(socket);
if(sslSocket) {
event->isSecure = true;
event->clientCertificate = sslSocket->peerCertificate();
}
#endif
}
event->method = header.method();
event->cookies = cookies;
event->url.setScheme("http");
if (event->url.host().isEmpty())
event->url.setHost(header.value("host"));
if (event->url.port() == -1)
event->url.setPort(port());
event->contentType = header.contentType();
event->content = content;
typedef QPair<QString, QString> StringPair;
foreach(const StringPair& line, header.values())
{
if (line.first.toLower() == "cookie") continue;
event->headers.insert(line.first, line.second);
}
event->headers.insert("X-Request-Protocol", "HTTP/" + QString::number(state.httpMajorVersion) + '.' + QString::number(state.httpMinorVersion));
if (sessionID && session(sessionID))
{
QxtAbstractWebService *service = session(sessionID);
if(content)
content->setParent(service); // Set content ownership to the service
service->pageRequestedEvent(event);
}
else if (qxt_d().staticService)
{
qxt_d().staticService->pageRequestedEvent(event);
}
else
{
postEvent(new QxtWebErrorEvent(0, requestID, 500, "Internal Configuration Error"));
}
}
void InspectorServerRequestHandlerQt::tcpReadyRead()
{
QHttpRequestHeader header;
bool isWebSocket = false;
if (!m_tcpConnection)
return;
if (!m_endOfHeaders) {
while (m_tcpConnection->bytesAvailable() && !m_endOfHeaders) {
QByteArray line = m_tcpConnection->readLine();
m_data.append(line);
if (line == "\r\n")
m_endOfHeaders = true;
}
if (m_endOfHeaders) {
header = QHttpRequestHeader(QString::fromLatin1(m_data));
if (header.isValid()) {
m_path = header.path();
m_contentType = header.contentType().toLatin1();
m_contentLength = header.contentLength();
if (header.hasKey("Upgrade") && (header.value("Upgrade") == QLatin1String("WebSocket")))
isWebSocket = true;
m_data.clear();
}
}
}
if (m_endOfHeaders) {
QStringList pathAndQuery = m_path.split("?");
m_path = pathAndQuery[0];
QStringList words = m_path.split(QString::fromLatin1("/"));
if (isWebSocket) {
// switch to websocket-style WebSocketService messaging
if (m_tcpConnection) {
m_tcpConnection->disconnect(SIGNAL(readyRead()));
connect(m_tcpConnection, SIGNAL(readyRead()), SLOT(webSocketReadyRead()));
QByteArray key3 = m_tcpConnection->read(8);
quint32 number1 = parseWebSocketChallengeNumber(header.value("Sec-WebSocket-Key1"));
quint32 number2 = parseWebSocketChallengeNumber(header.value("Sec-WebSocket-Key2"));
char responseData[16];
generateWebSocketChallengeResponse(number1, number2, (unsigned char*)key3.data(), (unsigned char*)responseData);
QByteArray response(responseData, sizeof(responseData));
QHttpResponseHeader responseHeader(101, "WebSocket Protocol Handshake", 1, 1);
responseHeader.setValue("Upgrade", header.value("Upgrade"));
responseHeader.setValue("Connection", header.value("Connection"));
responseHeader.setValue("Sec-WebSocket-Origin", header.value("Origin"));
responseHeader.setValue("Sec-WebSocket-Location", ("ws://" + header.value("Host") + m_path));
responseHeader.setContentLength(response.size());
m_tcpConnection->write(responseHeader.toString().toLatin1());
m_tcpConnection->write(response);
m_tcpConnection->flush();
if ((words.size() == 4)
&& (words[1] == QString::fromLatin1("devtools"))
&& (words[2] == QString::fromLatin1("page"))) {
int pageNum = words[3].toInt();
m_inspectorClient = m_server->inspectorClientForPage(pageNum);
// Attach remoteFrontendChannel to inspector, also transferring ownership.
if (m_inspectorClient)
m_inspectorClient->attachAndReplaceRemoteFrontend(new RemoteFrontendChannel(this));
}
}
return;
}
if (m_contentLength && (m_tcpConnection->bytesAvailable() < m_contentLength))
return;
QByteArray content = m_tcpConnection->read(m_contentLength);
m_endOfHeaders = false;
QByteArray response;
int code = 200;
QString text = QString::fromLatin1("OK");
// If no path is specified, generate an index page.
if ((m_path == "") || (m_path == "/")) {
QString indexHtml = "<html><head><title>Remote Web Inspector</title></head><body><ul>\n";
for (QMap<int, InspectorClientQt* >::const_iterator it = m_server->m_inspectorClients.begin();
it != m_server->m_inspectorClients.end();
++it) {
indexHtml.append(QString("<li><a href=\"/webkit/inspector/inspector.html?page=%1\">%2</li>\n")
.arg(it.key())
.arg(it.value()->m_inspectedWebPage->mainFrame()->url().toString()));
}
indexHtml.append("</ul></body></html>");
response = indexHtml.toLatin1();
} else {
QString path = QString(":%1").arg(m_path);
QFile file(path);
// It seems that there should be an enum or define for these status codes somewhere in Qt or WebKit,
// but grep fails to turn one up.
// QNetwork uses the numeric values directly.
if (file.exists()) {
file.open(QIODevice::ReadOnly);
response = file.readAll();
} else {
code = 404;
text = QString::fromLatin1("Not OK");
}
}
QHttpResponseHeader responseHeader(code, text, 1, 0);
responseHeader.setContentLength(response.size());
if (!m_contentType.isEmpty())
responseHeader.setContentType(QString::fromLatin1(m_contentType));
QByteArray asciiHeader = responseHeader.toString().toAscii();
m_tcpConnection->write(asciiHeader);
m_tcpConnection->write(response);
m_tcpConnection->flush();
m_tcpConnection->close();
return;
}
}