Google Git
Sign in
third-party-mirror / orbit / b80a455c0268d549edd5f71d1094a89297b72f72 / . / qt-everywhere-src-5.14.1 / qtwebsockets / src / websockets / qwebsockethandshakerequest.cpp
blob: bfc8a3d2958db50665eaf9636e05a9d442040935 [file] [log] [blame]
/****************************************************************************
**
** Copyright (C) 2016 Kurt Pattyn <pattyn.kurt@gmail.com>.
** Contact: https://www.qt.io/licensing/
**
** This file is part of the QtWebSockets module of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:LGPL$
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and The Qt Company. For licensing terms
** and conditions see https://www.qt.io/terms-conditions. For further
** information use the contact form at https://www.qt.io/contact-us.
**
** GNU Lesser General Public License Usage
** Alternatively, this file may be used under the terms of the GNU Lesser
** General Public License version 3 as published by the Free Software
** Foundation and appearing in the file LICENSE.LGPL3 included in the
** packaging of this file. Please review the following information to
** ensure the GNU Lesser General Public License version 3 requirements
** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
**
** GNU General Public License Usage
** Alternatively, this file may be used under the terms of the GNU
** General Public License version 2.0 or (at your option) the GNU General
** Public license version 3 or any later version approved by the KDE Free
** Qt Foundation. The licenses are as published by the Free Software
** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
** included in the packaging of this file. Please review the following
** information to ensure the GNU General Public License requirements will
** be met: https://www.gnu.org/licenses/gpl-2.0.html and
** https://www.gnu.org/licenses/gpl-3.0.html.
**
** $QT_END_LICENSE$
**
****************************************************************************/
#include "qwebsockethandshakerequest_p.h"
#include "qwebsocketprotocol.h"
#include "qwebsocketprotocol_p.h"
#include <QtCore/QString>
#include <QtCore/QMap>
#include <QtCore/QTextStream>
#include <QtCore/QUrl>
#include <QtCore/QList>
#include <QtCore/QStringList>
#include <functional> //for std::greater
QT_BEGIN_NAMESPACE
/*!
\brief Constructs a new QWebSocketHandshakeRequest given \a port and \a isSecure
\internal
*/
QWebSocketHandshakeRequest::QWebSocketHandshakeRequest(int port, bool isSecure) :
m_port(port),
m_isSecure(isSecure),
m_isValid(false),
m_headers(),
m_versions(),
m_key(),
m_origin(),
m_protocols(),
m_extensions(),
m_requestUrl()
{
}
/*!
\internal
*/
QWebSocketHandshakeRequest::~QWebSocketHandshakeRequest()
{
}
/*!
\brief Clears the request
\internal
*/
void QWebSocketHandshakeRequest::clear()
{
m_isValid = false;
m_headers.clear();
m_versions.clear();
m_key.clear();
m_origin.clear();
m_protocols.clear();
m_extensions.clear();
m_requestUrl.clear();
}
/*!
\internal
*/
int QWebSocketHandshakeRequest::port() const
{
return m_requestUrl.port(m_port);
}
/*!
\internal
*/
bool QWebSocketHandshakeRequest::isSecure() const
{
return m_isSecure;
}
/*!
\internal
*/
bool QWebSocketHandshakeRequest::isValid() const
{
return m_isValid;
}
/*!
\internal
*/
QMap<QString, QString> QWebSocketHandshakeRequest::headers() const
{
return m_headers;
}
/*!
\internal
*/
QList<QWebSocketProtocol::Version> QWebSocketHandshakeRequest::versions() const
{
return m_versions;
}
/*!
\internal
*/
QString QWebSocketHandshakeRequest::resourceName() const
{
return m_requestUrl.path();
}
/*!
\internal
*/
QString QWebSocketHandshakeRequest::key() const
{
return m_key;
}
/*!
\internal
*/
QString QWebSocketHandshakeRequest::host() const
{
return m_requestUrl.host();
}
/*!
\internal
*/
QString QWebSocketHandshakeRequest::origin() const
{
return m_origin;
}
/*!
\internal
*/
QList<QString> QWebSocketHandshakeRequest::protocols() const
{
return m_protocols;
}
/*!
\internal
*/
QList<QString> QWebSocketHandshakeRequest::extensions() const
{
return m_extensions;
}
/*!
\internal
*/
QUrl QWebSocketHandshakeRequest::requestUrl() const
{
return m_requestUrl;
}
/*!
Reads a line of text from the given textstream (terminated by CR/LF).
If an empty line was detected, an empty string is returned.
When an error occurs, a null string is returned.
\internal
*/
static QString readLine(QTextStream &stream, int maxHeaderLineLength)
{
QString line;
char c;
while (!stream.atEnd()) {
stream >> c;
if (stream.status() != QTextStream::Ok)
return QString();
if (c == char('\r')) {
//eat the \n character
stream >> c;
line.append(QStringLiteral(""));
break;
} else {
line.append(QChar::fromLatin1(c));
if (line.length() > maxHeaderLineLength)
return QString();
}
}
return line;
}
/*!
\internal
*/
void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream, int maxHeaderLineLength,
int maxHeaders)
{
clear();
if (Q_UNLIKELY(textStream.status() != QTextStream::Ok))
return;
const QString requestLine = readLine(textStream, maxHeaderLineLength);
if (requestLine.isNull()) {
clear();
return;
}
const QStringList tokens = requestLine.split(' ', QString::SkipEmptyParts);
if (Q_UNLIKELY(tokens.length() < 3)) {
clear();
return;
}
const QString verb(tokens.at(0));
const QString resourceName(tokens.at(1));
const QString httpProtocol(tokens.at(2));
bool conversionOk = false;
const float httpVersion = httpProtocol.midRef(5).toFloat(&conversionOk);
if (Q_UNLIKELY(!conversionOk)) {
clear();
return;
}
QString headerLine = readLine(textStream, maxHeaderLineLength);
if (headerLine.isNull()) {
clear();
return;
}
m_headers.clear();
// TODO: this should really use the existing code from QHttpNetworkReplyPrivate::parseHeader
auto lastHeader = m_headers.end();
while (!headerLine.isEmpty()) {
if (headerLine.startsWith(QLatin1Char(' ')) || headerLine.startsWith(QLatin1Char('\t'))) {
// continuation line -- add this to the last header field
if (Q_UNLIKELY(lastHeader == m_headers.end())) {
clear();
return;
}
lastHeader.value().append(QLatin1Char(' '));
lastHeader.value().append(headerLine.trimmed());
} else {
int colonPos = headerLine.indexOf(QLatin1Char(':'));
if (Q_UNLIKELY(colonPos <= 0)) {
clear();
return;
}
lastHeader = m_headers.insertMulti(headerLine.left(colonPos).trimmed().toLower(),
headerLine.mid(colonPos + 1).trimmed());
}
if (m_headers.size() > maxHeaders) {
clear();
return;
}
headerLine = readLine(textStream, maxHeaderLineLength);
if (headerLine.isNull()) {
clear();
return;
}
}
m_requestUrl = QUrl::fromEncoded(resourceName.toLatin1());
QString host = m_headers.value(QStringLiteral("host"), QString());
if (m_requestUrl.isRelative()) {
// see http://tools.ietf.org/html/rfc6455#page-17
// No. 4 item in "The requirements for this handshake"
m_requestUrl.setAuthority(host);
if (!m_requestUrl.userName().isNull()) { // If the username is null, the password must be too.
m_isValid = false;
clear();
return;
}
}
if (m_requestUrl.scheme().isEmpty()) {
const QString scheme = isSecure() ? QStringLiteral("wss") : QStringLiteral("ws");
m_requestUrl.setScheme(scheme);
}
const QStringList versionLines = m_headers.values(QStringLiteral("sec-websocket-version"));
for (QStringList::const_iterator v = versionLines.begin(); v != versionLines.end(); ++v) {
const QStringList versions = (*v).split(QStringLiteral(","), QString::SkipEmptyParts);
for (QStringList::const_iterator i = versions.begin(); i != versions.end(); ++i) {
bool ok = false;
(void)(*i).toUInt(&ok);
if (!ok) {
clear();
return;
}
const QWebSocketProtocol::Version ver =
QWebSocketProtocol::versionFromString((*i).trimmed());
m_versions << ver;
}
}
//sort in descending order
std::sort(m_versions.begin(), m_versions.end(), std::greater<QWebSocketProtocol::Version>());
m_key = m_headers.value(QStringLiteral("sec-websocket-key"), QString());
//must contain "Upgrade", case-insensitive
const QString upgrade = m_headers.value(QStringLiteral("upgrade"), QString());
//must be equal to "websocket", case-insensitive
const QString connection = m_headers.value(QStringLiteral("connection"), QString());
const QStringList connectionLine = connection.split(QStringLiteral(","),
QString::SkipEmptyParts);
QStringList connectionValues;
for (QStringList::const_iterator c = connectionLine.begin(); c != connectionLine.end(); ++c)
connectionValues << (*c).trimmed();
//optional headers
m_origin = m_headers.value(QStringLiteral("origin"), QString());
const QStringList protocolLines = m_headers.values(QStringLiteral("sec-websocket-protocol"));
for (const QString& pl : protocolLines) {
const QStringList protocols = pl.split(QStringLiteral(","), QString::SkipEmptyParts);
for (const QString& p : protocols)
m_protocols << p.trimmed();
}
const QStringList extensionLines = m_headers.values(QStringLiteral("sec-websocket-extensions"));
for (const QString& el : extensionLines) {
const QStringList extensions = el.split(QStringLiteral(","), QString::SkipEmptyParts);
for (const QString& e : extensions)
m_extensions << e.trimmed();
}
//TODO: authentication field
m_isValid = !(m_requestUrl.host().isEmpty() ||
resourceName.isEmpty() ||
m_versions.isEmpty() ||
m_key.isEmpty() ||
(verb != QStringLiteral("GET")) ||
(!conversionOk || (httpVersion < 1.1f)) ||
(upgrade.toLower() != QStringLiteral("websocket")) ||
(!connectionValues.contains(QStringLiteral("upgrade"), Qt::CaseInsensitive)));
if (Q_UNLIKELY(!m_isValid))
clear();
}
QT_END_NAMESPACE