torchttpserver.cpp

Go to the documentation of this file.

/* Class TorcHTTPServer
*
* This file is part of the Torc project.
*
* Copyright (C) Mark Kendall 2012-18
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
* USA.
*/

// Qt
#include <QUrl>
#include <QTcpSocket>
#include <QCoreApplication>

// Torc
#include "torccompat.h"
#include "torclocalcontext.h"
#include "torclanguage.h"
#include "torclogging.h"
#include "torcsetting.h"
#include "torcadminthread.h"
#include "torcnetwork.h"
#include "torchttprequest.h"
#include "torchtmlhandler.h"
#include "torchttphandler.h"
#include "torchttpservice.h"
#include "torchttpserver.h"
#include "torcbonjour.h"
#include "torcssdp.h"
#include "torcwebsockettoken.h"
#include "torchttpservernonce.h"

QMap<QString,TorcHTTPHandler*> gHandlers;
QReadWriteLock*                gHandlersLock = new QReadWriteLock(QReadWriteLock::Recursive);
QString                        gServicesDirectory(TORC_SERVICES_DIR);

TorcHTTPServer::Status::Status()
  : port(0),
    secure(false),
    ipv4(true),
    ipv6(true)
{
}

bool TorcHTTPServer::Status::operator ==(Status Other) const
{
    return port   == Other.port &&
           secure == Other.secure &&
           ipv4   == Other.ipv4 &&
           ipv6   == Other.ipv6;
}

void TorcHTTPServer::RegisterHandler(TorcHTTPHandler *Handler)
{
    bool changed = false;

    {
        QWriteLocker locker(gHandlersLock);

        if (!Handler)
            return;

        foreach (const QString &signature, Handler->Signature().split(','))
        {
            if (gHandlers.contains(signature))
            {
                LOG(VB_GENERAL, LOG_ERR, QStringLiteral("Handler '%1' for '%2' already registered - ignoring").arg(Handler->Name(), signature));
            }
            else if (!signature.isEmpty())
            {
                LOG(VB_GENERAL, LOG_DEBUG, QStringLiteral("Added handler '%1' for %2").arg(Handler->Name(), signature));
                gHandlers.insert(signature, Handler);
                changed = true;
            }
        }
    }

    {
        QMutexLocker locker(&gWebServerLock);
        if (changed && gWebServer)
            emit gWebServer->HandlersChanged();
    }
}

void TorcHTTPServer::DeregisterHandler(TorcHTTPHandler *Handler)
{
    bool changed = false;

    {
        QWriteLocker locker(gHandlersLock);

        if (!Handler)
            return;

        foreach (const QString &signature, Handler->Signature().split(','))
        {
            QMap<QString,TorcHTTPHandler*>::iterator it = gHandlers.find(signature);
            if (it != gHandlers.end())
            {
                LOG(VB_GENERAL, LOG_DEBUG, QStringLiteral("Removing handler '%1'").arg(it.key()));
                gHandlers.erase(it);
                changed = true;
            }
        }
    }

    {
        QMutexLocker locker(&gWebServerLock);
        if (changed && gWebServer)
            emit gWebServer->HandlersChanged();
    }
}

void TorcHTTPServer::HandleRequest(const QString &PeerAddress, int PeerPort, const QString &LocalAddress, int LocalPort,  TorcHTTPRequest &Request)
{
    // this should already have been checked - but better safe than sorry
    if (!Request.IsAuthorised())
        return;

    {
        QReadLocker locker(gHandlersLock);

        QString path = Request.GetPath();

        QMap<QString,TorcHTTPHandler*>::const_iterator it = gHandlers.constFind(path);
        if (it != gHandlers.constEnd())
        {
            // direct path match
            (*it)->ProcessHTTPRequest(PeerAddress, PeerPort, LocalAddress, LocalPort, Request);
        }
        else
        {
            // fully recursive handler
            it = gHandlers.constBegin();
            for ( ; it != gHandlers.constEnd(); ++it)
            {
                if ((*it)->GetRecursive() && path.startsWith(it.key()))
                {
                    (*it)->ProcessHTTPRequest(PeerAddress, PeerPort, LocalAddress, LocalPort, Request);
                    break;
                }
            }
        }
    }

    // verify cross domain requests
    TorcHTTPServer::ValidateOrigin(Request);
}

QVariantMap TorcHTTPServer::HandleRequest(const QString &Method, const QVariant &Parameters, QObject *Connection, bool Authenticated)
{
    QReadLocker locker(gHandlersLock);

    QString path = QStringLiteral("/");
    int index = Method.lastIndexOf(path);
    if (index > -1)
        path = Method.left(index + 1).trimmed();

    // ensure this is a services call
    if (path.startsWith(gServicesDirectory))
    {
        // NB no recursive path handling here
        QMap<QString,TorcHTTPHandler*>::const_iterator it = gHandlers.constFind(path);
        if (it != gHandlers.constEnd())
            return (*it)->ProcessRequest(Method, Parameters, Connection, Authenticated);
    }

    LOG(VB_GENERAL, LOG_ERR, QStringLiteral("Method '%1' not found in services").arg(Method));

    QVariantMap result;
    QVariantMap error;
    error.insert(QStringLiteral("code"), -32601);
    error.insert(QStringLiteral("message"), QStringLiteral("Method not found"));
    result.insert(QStringLiteral("error"), error);
    return result;
}

QVariantMap TorcHTTPServer::GetServiceHandlers(void)
{
    QReadLocker locker(gHandlersLock);

    QVariantMap result;

    QMap<QString,TorcHTTPHandler*>::const_iterator it = gHandlers.constBegin();
    for ( ; it != gHandlers.constEnd(); ++it)
    {
        TorcHTTPService *service = dynamic_cast<TorcHTTPService*>(it.value());
        if (service)
        {
            QVariantMap map;
            map.insert(QStringLiteral("path"), it.key());
            map.insert(QStringLiteral("name"), service->GetUIName());
            result.insert(it.value()->Name(), map);
        }
    }
    return result;
}

QVariantMap TorcHTTPServer::GetServiceDescription(const QString &Service)
{
    QReadLocker locker(gHandlersLock);

    QMap<QString,TorcHTTPHandler*>::const_iterator it = gHandlers.constBegin();
    for ( ; it != gHandlers.constEnd(); ++it)
    {
        if (it.value()->Name() == Service)
        {
            TorcHTTPService *service = dynamic_cast<TorcHTTPService*>(it.value());
            if (service)
                return service->GetServiceDetails();
        }
    }

    return QVariantMap();
}

TorcHTTPServer::Status TorcHTTPServer::GetStatus(void)
{
    QMutexLocker locker(&gWebServerLock);
    Status result = gWebServerStatus;
    return result;
}

QString TorcHTTPServer::PlatformName(void)
{
    return gPlatform;
}

TorcHTTPServer* TorcHTTPServer::gWebServer = nullptr;
TorcHTTPServer::Status TorcHTTPServer::gWebServerStatus = TorcHTTPServer::Status();
QMutex          TorcHTTPServer::gWebServerLock(QMutex::Recursive);
QString         TorcHTTPServer::gPlatform = QStringLiteral("");
QString         TorcHTTPServer::gOriginWhitelist = QStringLiteral("");
QReadWriteLock  TorcHTTPServer::gOriginWhitelistLock(QReadWriteLock::Recursive);

TorcHTTPServer::TorcHTTPServer()
  : QObject(),
    m_serverSettings(nullptr),
    m_port(nullptr),
    m_secure(nullptr),
    m_upnp(nullptr),
    m_upnpSearch(nullptr),
    m_upnpAdvertise(nullptr),
    m_bonjour(nullptr),
    m_bonjourSearch(nullptr),
    m_bonjourAdvert(nullptr),
    m_ipv6(nullptr),
    m_listener(nullptr),
    m_user(),
    m_defaultHandler(QStringLiteral(""), TORC_TORC), // default top level handler
    m_servicesHandler(this),         // services 'helper' service for '/services'
    m_staticContent(),               // static files - for /css /fonts /js /img etc
    m_dynamicContent(),              // dynamic files - for config files etc (typically served from ~/.torc/content)
    m_upnpContent(),                 // upnp - device description
    m_ssdpThread(nullptr),
    m_bonjourBrowserReference(0),
    m_httpBonjourReference(0),
    m_torcBonjourReference(0),
    m_webSocketPool()
{
    // if app is running with root privilges (e.g. Raspberry Pi) then try and default to sensible port settings
    // when first run. No point in trying 443 for secure sockets as SSL is not enabled by default (would require
    // additional setup step).
    m_serverSettings = new TorcSettingGroup(gLocalContext->GetRootSetting(), tr("Server"));
    bool root = !geteuid();
    m_port   = new TorcSetting(m_serverSettings, TORC_PORT_SERVICE, tr("Port"), TorcSetting::Integer,
                               TorcSetting::Persistent | TorcSetting::Public, QVariant((int)(root ? 80 : 4840)));
    m_port->SetRange(root ? 1 : 1024, 65535, 1);
    m_port->SetActive(true);
    connect(m_port, static_cast<void (TorcSetting::*)(int)>(&TorcSetting::ValueChanged), this, &TorcHTTPServer::PortChanged);
    m_port->SetHelpText(tr("The port the server will listen on for incoming connections"));

    m_secure = new TorcSetting(m_serverSettings, TORC_SSL_SERVICE, tr("Secure sockets"), TorcSetting::Bool,
                               TorcSetting::Persistent | TorcSetting::Public, QVariant((bool)false));
    m_secure->SetHelpText(tr("Use encrypted (SSL/TLS) connections to the server"));
    m_secure->SetActive(true);
    connect(m_secure, static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), this, &TorcHTTPServer::SecureChanged);

    m_upnp =  new TorcSetting(m_serverSettings, QStringLiteral("ServerUPnP"), tr("UPnP"), TorcSetting::Bool,
                              TorcSetting::Persistent | TorcSetting::Public, QVariant((bool)true));
    m_upnp->SetActive(true);
    connect(m_upnp, static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), this, &TorcHTTPServer::UPnPChanged);

    m_upnpSearch = new TorcSetting(m_upnp, QStringLiteral("ServerUPnPSearch"), tr("UPnP Search"), TorcSetting::Bool,
                                   TorcSetting::Persistent | TorcSetting::Public, QVariant((bool)true));
    m_upnpSearch->SetHelpText(tr("Use UPnP to search for other devices"));
    m_upnpSearch->SetActive(m_upnp->GetValue().toBool());
    connect(m_upnpSearch, static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), this, &TorcHTTPServer::UPnPSearchChanged);
    connect(m_upnp,       static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), m_upnpSearch, &TorcSetting::SetActive);

    m_upnpAdvertise = new TorcSetting(m_upnp, QStringLiteral("ServerUPnpAdvert"), tr("UPnP Advertisement"), TorcSetting::Bool,
                                      TorcSetting::Persistent | TorcSetting::Public, QVariant((bool)true));
    m_upnpAdvertise->SetHelpText(tr("Use UPnP to advertise this device"));
    m_upnpAdvertise->SetActive(m_upnp->GetValue().toBool());
    connect(m_upnpAdvertise, static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), this, &TorcHTTPServer::UPnPAdvertChanged);
    connect(m_upnp,          static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), m_upnpAdvertise, &TorcSetting::SetActive);

    m_ipv6 = new TorcSetting(m_serverSettings, QStringLiteral("ServerIPv6"), tr("IPv6"), TorcSetting::Bool,
                             TorcSetting::Persistent | TorcSetting::Public, QVariant((bool)true));
    m_ipv6->SetHelpText(tr("Enable IPv6"));
    m_ipv6->SetActive(true);
    connect(m_ipv6, static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), this, &TorcHTTPServer::IPv6Changed);

    m_bonjour = new TorcSetting(m_ipv6, QStringLiteral("ServerBonjour"), tr("Bonjour"), TorcSetting::Bool,
                                TorcSetting::Persistent | TorcSetting::Public, QVariant((bool)true));
    m_bonjour->SetActive(m_ipv6->GetValue().toBool());
    connect(m_bonjour, static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), this, &TorcHTTPServer::BonjourChanged);
    connect(m_ipv6,    static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), m_bonjour, &TorcSetting::SetActive);

    m_bonjourSearch = new TorcSetting(m_bonjour, QStringLiteral("ServerBonjourSearch"), tr("Bonjour search"), TorcSetting::Bool,
                                      TorcSetting::Persistent | TorcSetting::Public, QVariant((bool)true));
    m_bonjourSearch->SetHelpText(tr("Use Bonjour to search for other devices"));
    m_bonjourSearch->SetActiveThreshold(2);
    m_bonjourSearch->SetActive(m_bonjour->GetValue().toBool());
    m_bonjourSearch->SetActive(m_ipv6->GetValue().toBool());
    connect(m_bonjourSearch, static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), this, &TorcHTTPServer::BonjourSearchChanged);
    connect(m_bonjour,       static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), m_bonjourSearch, &TorcSetting::SetActive);
    connect(m_ipv6,          static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), m_bonjourSearch, &TorcSetting::SetActive);

    m_bonjourAdvert = new TorcSetting(m_bonjour, QStringLiteral("ServerBonjourAdvert"), tr("Bonjour Advertisement"), TorcSetting::Bool,
                                      TorcSetting::Persistent | TorcSetting::Public, QVariant((bool)true));
    m_bonjourAdvert->SetHelpText(tr("Use Bonjour to advertise this device"));
    m_bonjourAdvert->SetActiveThreshold(2);
    m_bonjourAdvert->SetActive(m_bonjour->GetValue().toBool());
    m_bonjourAdvert->SetActive(m_ipv6->GetValue().toBool());
    connect(m_bonjourAdvert, static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), this, &TorcHTTPServer::BonjourAdvertChanged);
    connect(m_bonjour,       static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), m_bonjourAdvert, &TorcSetting::SetActive);
    connect(m_ipv6,          static_cast<void (TorcSetting::*)(bool)>(&TorcSetting::ValueChanged), m_bonjourAdvert, &TorcSetting::SetActive);

    // initialise external status
    {
        QMutexLocker locker(&gWebServerLock);
        gWebServerStatus.secure = m_secure->GetValue().toBool();
        gWebServerStatus.port   = m_port->GetValue().toInt();
        gWebServerStatus.ipv6   = m_ipv6->GetValue().toBool();
    }

    // initialise platform name
    static bool initialised = false;
    if (!initialised)
    {
        initialised = true;
        gPlatform = QStringLiteral("%1, Version: %2 ").arg(TORC_TORC, QStringLiteral(GIT_VERSION));
#ifdef Q_OS_WIN
        gPlatform += QStringLiteral("(Windows %1.%2)").arg(LOBYTE(LOWORD(GetVersion()))).arg(HIBYTE(LOWORD(GetVersion())));
#else
#if (QT_VERSION >= QT_VERSION_CHECK(5, 4, 0))
        gPlatform += QStringLiteral("(%1 %2)").arg(QSysInfo::kernelType(), QSysInfo::kernelVersion());
#else
        gPlatform += QStringLiteral("(OldTorc OldVersion)");
#endif
#endif
    }

    // listen for host name updates
    gLocalContext->AddObserver(this);

    // and start
    Open();
}

TorcHTTPServer::~TorcHTTPServer()
{
    disconnect();

    gLocalContext->RemoveObserver(this);

    Close();

    if (m_bonjourAdvert)
    {
        m_bonjourAdvert->Remove();
        m_bonjourAdvert->DownRef();
        m_bonjourAdvert = nullptr;
    }

    if (m_bonjourSearch)
    {
        m_bonjourSearch->Remove();
        m_bonjourSearch->DownRef();
        m_bonjourSearch = nullptr;
    }

    if (m_bonjour)
    {
        m_bonjour->Remove();
        m_bonjour->DownRef();
        m_bonjour = nullptr;
    }

    if (m_ipv6)
    {
        m_ipv6->Remove();
        m_ipv6->DownRef();
        m_ipv6 = nullptr;
    }

    if (m_upnpAdvertise)
    {
        m_upnpAdvertise->Remove();
        m_upnpAdvertise->DownRef();
        m_upnpAdvertise = nullptr;
    }

    if (m_upnpSearch)
    {
        m_upnpSearch->Remove();
        m_upnpSearch->DownRef();
        m_upnpSearch = nullptr;
    }

    if (m_upnp)
    {
        m_upnp->Remove();
        m_upnp->DownRef();
        m_upnp = nullptr;
    }

    if (m_port)
    {
        m_port->Remove();
        m_port->DownRef();
        m_port = nullptr;
    }

    if (m_secure)
    {
        m_secure->Remove();
        m_secure->DownRef();
        m_secure = nullptr;
    }

    if (m_serverSettings)
    {
        m_serverSettings->Remove();
        m_serverSettings->DownRef();
        m_serverSettings = nullptr;
    }

    TorcBonjour::TearDown();
}

TorcWebSocketThread* TorcHTTPServer::TakeSocket(TorcWebSocketThread *Socket)
{
    QMutexLocker locker(&gWebServerLock);
    if (gWebServer)
        return gWebServer->TakeSocketPriv(Socket);
    return nullptr;
}

void TorcHTTPServer::Authorise(const QString &Host, TorcHTTPRequest &Request, bool ForceCheck)
{
    // N.B. the order of the following checks is critical. Always check the Authorization header
    // first and accesstokens before PreAuthorisations as PreAuthorisations are not checked again.

    // explicit authorization header
    // N.B. This will also authorise websocket clients who send authorisation headers with
    // the upgrade request i.e. there is no need to use the accesstoken route IF the correct headers
    // are sent. Use GetWebSocketToken, which requires authorisation, to force
    // clients to authenticate (i.e. browsers).
    TorcHTTPServer::AuthenticateUser(Request);
    if (Request.IsAuthorised() == HTTPAuthorised)
        return;

    if (Request.IsAuthorised() == HTTPAuthorisedStale)
    {
        AddAuthenticationHeader(Request);
        return;
    }

    // authentication token supplied in the url (WebSocket)
    // do this before 'standard' authentication to ensure token is checked and expired
    // NB ensure method is empty to stop attempts to access other resources - although
    // upgrade requests are handled before anything else, so the method should be ignored
    if (Request.Queries().contains(QStringLiteral("accesstoken")) && Request.GetMethod().isEmpty())
    {
        QString token = Request.Queries().value(QStringLiteral("accesstoken"));
        if (token == TorcWebSocketToken::GetWebSocketToken(Host, token))
        {
            Request.Authorise(HTTPAuthorised);
            return;
        }
    }

    // We allow unauthenticated access to anything that doesn't alter state unless auth is specifically
    // requested in the service (see TorcHTTPServices::GetWebSocketToken).
    // N.B. If a rogue peer posts to a 'setter' type function using a GET type request, the request
    // will fail during processing - so don't validate the method here as it may lead to false positives.
    // ForceCheck is used to process any authentication headers for WebSocket upgrade requests.
    HTTPRequestType type = Request.GetHTTPRequestType();
    bool authenticate = type == HTTPPost || type == HTTPPut || type == HTTPDelete || type == HTTPUnknownType;

    if (!authenticate && !ForceCheck)
    {
        Request.Authorise(HTTPPreAuthorised);
        return;
    }

    AddAuthenticationHeader(Request);
}

void TorcHTTPServer::AddAuthenticationHeader(TorcHTTPRequest &Request)
{
    Request.SetResponseType(HTTPResponseNone);
    Request.SetStatus(HTTP_Unauthorized);

    // HTTP 1.1 should support Digest
    if (true /*Request.GetHTTPProtocol() > HTTPOneDotZero*/)
    {
        TorcHTTPServerNonce::ProcessDigestAuth(Request);
    }
    else // otherwise fallback to Basic
    {
        Request.SetResponseHeader(QStringLiteral("WWW-Authenticate"), QStringLiteral("Basic realm=\"%1\"").arg(TORC_REALM));
    }
}

void TorcHTTPServer::ValidateOrigin(TorcHTTPRequest &Request)
{
    gOriginWhitelistLock.lockForRead();
    bool origin = gOriginWhitelist.contains(Request.Headers().value(QStringLiteral("Origin")), Qt::CaseInsensitive);
    gOriginWhitelistLock.unlock();

    if (Request.Headers().contains(QStringLiteral("Origin")) && (origin || Request.GetAllowCORS()))
    {
        Request.SetResponseHeader(QStringLiteral("Access-Control-Allow-Origin"), Request.Headers().value(QStringLiteral("Origin")));
        if (Request.Headers().contains(QStringLiteral("Access-Control-Allow-Credentials")))
            Request.SetResponseHeader(QStringLiteral("Access-Control-Allow-Credentials"), QStringLiteral("true"));
        if (Request.Headers().contains(QStringLiteral("Access-Control-Request-Headers")))
            Request.SetResponseHeader(QStringLiteral("Access-Control-Request-Headers"), QStringLiteral("Origin, X-Requested-With, Content-Type, Accept, Range"));
        if (Request.Headers().contains(QStringLiteral("Access-Control-Request-Method")))
            Request.SetResponseHeader(QStringLiteral("Access-Control-Request-Method"), TorcHTTPRequest::AllowedToString(HTTPGet | HTTPOptions | HTTPHead));
        Request.SetResponseHeader(QStringLiteral("Access-Control-Max-Age"), QString::number(86400));
    }
}

void TorcHTTPServer::AuthenticateUser(TorcHTTPRequest &Request)
{
    if (!Request.Headers().contains(QStringLiteral("Authorization")))
        return;

    QString header = Request.Headers().value(QStringLiteral("Authorization"));

    // most clients will support Digest Access Authentication, so try that first
    if (header.startsWith(QStringLiteral("Digest"), Qt::CaseInsensitive))
    {
        TorcHTTPServerNonce::ProcessDigestAuth(Request, true);
    }
    /* Don't use Basic. It is utterly insecure, everyone supports Digest and we store the username/password as a Digest compatible hash.
    else if (header.startsWith("Basic", Qt::CaseInsensitive))
    {
        // only accept Basic authentication if using < HTTP 1.1
        if (Request.GetHTTPProtocol() > HTTPOneDotZero)
        {
            LOG(VB_GENERAL, LOG_WARNING, QStringLiteral("Disallowing basic authentication for HTTP 1.1 client"));
        }
        else
        {
            // remove leading 'Basic' and split off token
            QString authentication = header.mid(5).trimmed();
            QStringList userinfo   = QStringLiteral(QByteArray::fromBase64(authentication.toUtf8())).split(':');
            if ((userinfo.size() == 2) && (userinfo[0] == username) && (userinfo[1] == password))
                Request.Authorise(HTTPAuthorised);
        }
    }
    */
}

void TorcHTTPServer::UpdateOriginWhitelist(TorcHTTPServer::Status Status)
{
    QWriteLocker locker(&gOriginWhitelistLock);

    QString protocol = Status.secure ? QStringLiteral("https://") : QStringLiteral("http://");

    // localhost first
    gOriginWhitelist = QStringLiteral("%1localhost:%2 ").arg(protocol).arg(Status.port);

    // all known raw IP addresses
    QList<QHostAddress> addresses = QNetworkInterface::allAddresses();
    for (int i = 0; i < addresses.size(); ++i)
        gOriginWhitelist += QStringLiteral("%1%2 ").arg(protocol, TorcNetwork::IPAddressToLiteral(addresses[i], Status.port, false));

    // and any known host names
    QStringList hosts = TorcNetwork::GetHostNames();
    foreach (const QString &host, hosts)
    {
        QString newhost = QStringLiteral("%1%2:%3 ").arg(protocol, host).arg(Status.port);
        if (!host.isEmpty() && !gOriginWhitelist.contains(newhost))
            gOriginWhitelist += newhost;
    }

    LOG(VB_NETWORK, LOG_INFO, QStringLiteral("Origin whitelist: %1").arg(gOriginWhitelist));
}

void TorcHTTPServer::StartBonjour(void)
{
    if (!m_bonjour->GetValue().toBool())
        return;

    if (!m_ipv6->GetValue().toBool())
    {
        LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Not using Bonjour while IPv6 is disabled"));
        StopBonjour();
        return;
    }

    if (!m_bonjourBrowserReference && m_bonjourSearch->GetValue().toBool())
        m_bonjourBrowserReference = TorcBonjour::Instance()->Browse("_torc._tcp.");

    if ((!m_httpBonjourReference || !m_torcBonjourReference) && m_bonjourAdvert->GetValue().toBool())
    {
        int port = m_port->GetValue().toInt();
        QMap<QByteArray,QByteArray> map;
        map.insert(TORC_UUID_B,       gLocalContext->GetUuid().toLatin1());
        map.insert(TORC_APIVERSION_B, TorcHTTPServices::GetVersion().toLocal8Bit().constData());
        map.insert(TORC_PRIORITY_B,   QByteArray::number(gLocalContext->GetPriority()));
        map.insert(TORC_STARTTIME_B,  QByteArray::number(gLocalContext->GetStartTime()));
        if (m_secure->GetValue().toBool())
            map.insert(TORC_SECURE_B, QByteArrayLiteral("yes"));

        QString name = ServerDescription();

        if (!m_httpBonjourReference)
            m_httpBonjourReference = TorcBonjour::Instance()->Register(port, m_secure->GetValue().toBool() ? QByteArrayLiteral("_https._tcp") : QByteArrayLiteral("_http._tcp"), name.toLocal8Bit().constData(), map);

        if (!m_torcBonjourReference)
            m_torcBonjourReference = TorcBonjour::Instance()->Register(port, QByteArrayLiteral("_torc._tcp"), name.toLocal8Bit().constData(), map);
    }
}

void TorcHTTPServer::StopBonjour(void)
{
    StopBonjourAdvert();
    StopBonjourBrowse();
}

void TorcHTTPServer::StopBonjourBrowse(void)
{
    if (m_bonjourBrowserReference)
    {
        TorcBonjour::Instance()->Deregister(m_bonjourBrowserReference);
        m_bonjourBrowserReference = 0;
    }
}

void TorcHTTPServer::StopBonjourAdvert(void)
{
    if (m_httpBonjourReference)
    {
        TorcBonjour::Instance()->Deregister(m_httpBonjourReference);
        m_httpBonjourReference = 0;
    }

    if (m_torcBonjourReference)
    {
        TorcBonjour::Instance()->Deregister(m_torcBonjourReference);
        m_torcBonjourReference = 0;
    }
}

#define en QStringLiteral("en")
#define dis QStringLiteral("dis")

void TorcHTTPServer::BonjourChanged(bool Bonjour)
{
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Bonjour %1abled").arg(Bonjour ? en : dis));

    if (Bonjour)
        StartBonjour();
    else
        StopBonjour();
}

void TorcHTTPServer::BonjourAdvertChanged(bool Advert)
{
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Bonjour advertisement %1abled").arg(Advert ? en : dis));
    if (Advert)
        StartBonjour();
    else
        StopBonjourAdvert();
}

void TorcHTTPServer::BonjourSearchChanged(bool Search)
{
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Bonjour search %1abled").arg(Search ? en : dis));
    if (Search)
        StartBonjour();
    else
        StopBonjourBrowse();
}

void TorcHTTPServer::IPv6Changed(bool IPv6)
{
    {
        QMutexLocker lock(&gWebServerLock);
        gWebServerStatus.ipv6 = IPv6;
    }

    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("IPv6 %1abled - restarting").arg(IPv6 ? en : dis));
    QTimer::singleShot(10, this, &TorcHTTPServer::Restart);
}

bool TorcHTTPServer::Open(void)
{
    if (m_listener)
    {
        LOG(VB_GENERAL, LOG_ERR, QStringLiteral("HTTP server alreay listening - closing"));
        Close();
    }

    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("SSL is %1abled").arg(m_secure->GetValue().toBool() ? en : dis));
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("IPv6 is %1abled").arg(m_ipv6->GetValue().toBool() ? en : dis));
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Bonjour is %1abled").arg(m_bonjour->GetValue().toBool() ? en : dis));
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Bonjour search is %1abled").arg(m_bonjourSearch->GetValue().toBool() ? en : dis));
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Bonjour advertisement is %1abled").arg(m_bonjourAdvert->GetValue().toBool() ? en : dis));
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("SSDP is %1abled").arg(m_upnp->GetValue().toBool() ? en : dis));
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("SSDP search is %1abled").arg(m_upnpSearch->GetValue().toBool() ? en : dis));
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("SSDP advertisement is %1abled").arg(m_upnpAdvertise->GetValue().toBool() ? en : dis));
    int port = m_port->GetValue().toInt();
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Attempting to listen on port %1").arg(port));

    m_listener = new TorcHTTPServerListener(this, m_ipv6->GetValue().toBool() ? QHostAddress::Any : QHostAddress::AnyIPv4, port);
    if (!m_listener->isListening() && !m_listener->Listen(m_ipv6->GetValue().toBool() ? QHostAddress::Any : QHostAddress::AnyIPv4))
    {
        LOG(VB_GENERAL, LOG_ERR, QStringLiteral("Failed to open web server port"));
        Close();
        return false;
    }

    // try to use the same port
    if (port != m_listener->serverPort())
    {
        QMutexLocker locker(&gWebServerLock);
        port = m_listener->serverPort();
        m_port->SetValue(QVariant((int)port));
        gWebServerStatus.port = port;
    }

    // advertise and search
    StartBonjour();
    StartUPnP();

    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Web server listening for %1secure connections on port %2").arg(m_secure->GetValue().toBool() ? QStringLiteral("") : QStringLiteral("in")).arg(port));
    UpdateOriginWhitelist(TorcHTTPServer::GetStatus());
    return true;
}

QString TorcHTTPServer::ServerDescription(void)
{
    QString host = QHostInfo::localHostName();
    if (host.isEmpty())
        host = tr("Unknown");
    return QStringLiteral("%1@%2").arg(QCoreApplication::applicationName(), host);
}

void TorcHTTPServer::Close(void)
{
    // stop advertising and searching
    StopBonjour();
    StopUPnP();

    // close connections
    m_webSocketPool.CloseSockets();

    // actually close
    if (m_listener)
        delete m_listener;
    m_listener = nullptr;

    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Webserver closed"));
}

void TorcHTTPServer::PortChanged(int Port)
{
    {
        QMutexLocker lock(&gWebServerLock);
        gWebServerStatus.port = Port;
    }

    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Port changed to %1 - restarting").arg(Port));
    QTimer::singleShot(10, this, &TorcHTTPServer::Restart);
}

void TorcHTTPServer::SecureChanged(bool Secure)
{
    {
        QMutexLocker lock(&gWebServerLock);
        gWebServerStatus.secure = m_secure->GetValue().toBool();
    }

    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("Secure %1abled - restarting").arg(Secure ? en : dis));
    QTimer::singleShot(10, this, &TorcHTTPServer::Restart);
}

void TorcHTTPServer::StartUPnP(void)
{
    if (m_upnp->GetValue().toBool())
    {
        bool search = m_upnpSearch->GetValue().toBool();
        bool advert = m_upnpAdvertise->GetValue().toBool();

        if (!m_ssdpThread && (search || advert))
        {
            m_ssdpThread = new TorcSSDPThread();
            m_ssdpThread->start();
        }

        if (search)
            TorcSSDP::Search(TorcHTTPServer::GetStatus());
        if (advert)
            TorcSSDP::Announce(TorcHTTPServer::GetStatus());
    }
}

void TorcHTTPServer::StopUPnP(void)
{
    TorcSSDP::CancelAnnounce();
    TorcSSDP::CancelSearch();

    if (m_ssdpThread)
    {
        m_ssdpThread->quit();
        m_ssdpThread->wait();
        delete m_ssdpThread;
        m_ssdpThread = nullptr;
    }
}

void TorcHTTPServer::UPnPChanged(bool UPnP)
{
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("SSDP %1abled").arg(UPnP ? en : dis));

    if (UPnP)
        StartUPnP();
    else
        StopUPnP();
}

void TorcHTTPServer::UPnPAdvertChanged(bool Advert)
{
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("SSDP advertisement %1abled").arg(Advert ? en : dis));
    if (Advert)
    {
        StartUPnP();
    }
    else
    {
        if (m_upnpSearch->GetValue().toBool())
            TorcSSDP::CancelAnnounce();
        else
            StopUPnP();
    }
}

void TorcHTTPServer::UPnPSearchChanged(bool Search)
{
    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("SSDP search %1abled").arg(Search ? en : dis));
    if (Search)
    {
        StartUPnP();
    }
    else
    {
        if (m_upnpAdvertise->GetValue().toBool())
            TorcSSDP::CancelSearch();
        else
            StopUPnP();
    }
}

void TorcHTTPServer::Restart(void)
{
    Close();
    Open();
}

bool TorcHTTPServer::event(QEvent *Event)
{
    if (Event->type() == TorcEvent::TorcEventType)
    {
        TorcEvent* torcevent = dynamic_cast<TorcEvent*>(Event);
        if (torcevent)
        {
            switch (torcevent->GetEvent())
            {
                // these events all notify that the list of interfaces and addresses the server is
                // listening on will have been updated
                case Torc::NetworkAvailable:
                case Torc::NetworkUnavailable:
                case Torc::NetworkChanged:
                case Torc::NetworkHostNamesChanged:
                    UpdateOriginWhitelist(TorcHTTPServer::GetStatus());
                    return true;
                    break;
                case Torc::UserChanged:
                    LOG(VB_GENERAL, LOG_INFO, QStringLiteral("User name/credentials changed - restarting webserver"));
                    Restart();
                    return true;
                    break;
                default:
                    break;
            }
        }
    }

    return QObject::event(Event);
}

TorcWebSocketThread* TorcHTTPServer::TakeSocketPriv(TorcWebSocketThread *Socket)
{
    return m_webSocketPool.TakeSocket(Socket);
}

void TorcHTTPServer::NewConnection(qintptr SocketDescriptor)
{
    m_webSocketPool.IncomingConnection(SocketDescriptor, m_secure->GetValue().toBool());
}

class TorcHTTPServerObject : public TorcAdminObject, public TorcStringFactory
{
  public:
    TorcHTTPServerObject()
      : TorcAdminObject(TORC_ADMIN_HIGH_PRIORITY)
    {
        qRegisterMetaType<TorcHTTPRequest*>();
        qRegisterMetaType<TorcHTTPService*>();
        qRegisterMetaType<QTcpSocket*>();
        qRegisterMetaType<QHostAddress>();
    }

    void GetStrings(QVariantMap &Strings)
    {
        Strings.insert(QStringLiteral("ServerApplication"),       QCoreApplication::applicationName());
        Strings.insert(QStringLiteral("SocketNotConnected"),      QCoreApplication::translate("TorcHTTPServer", "Not connected"));
        Strings.insert(QStringLiteral("SocketConnecting"),        QCoreApplication::translate("TorcHTTPServer", "Connecting"));
        Strings.insert(QStringLiteral("SocketConnected"),         QCoreApplication::translate("TorcHTTPServer", "Connected"));
        Strings.insert(QStringLiteral("SocketReady"),             QCoreApplication::translate("TorcHTTPServer", "Ready"));
        Strings.insert(QStringLiteral("SocketDisconnecting"),     QCoreApplication::translate("TorcHTTPServer", "Disconnecting"));
        Strings.insert(QStringLiteral("ConnectedTo"),             QCoreApplication::translate("TorcHTTPServer", "Connected to"));
        Strings.insert(QStringLiteral("ConnectedSecureTo"),       QCoreApplication::translate("TorcHTTPServer", "Connected securely to"));
        Strings.insert(QStringLiteral("ConnectTo"),               QCoreApplication::translate("TorcHTTPServer", "Connect to"));

        Strings.insert(QStringLiteral("SocketReconnectAfterMs"),  10000); // try and reconnect every 10 seconds
    }

    void Create(void)
    {
        Destroy();

        QMutexLocker locker(&TorcHTTPServer::gWebServerLock);
        TorcHTTPServer::gWebServer = new TorcHTTPServer();
    }

    void Destroy(void)
    {
        QMutexLocker locker(&TorcHTTPServer::gWebServerLock);

        // this may need to use deleteLater but this causes issues with setting deletion
        // as the object is actually destroyed after the parent (network) setting
        if (TorcHTTPServer::gWebServer)
            delete TorcHTTPServer::gWebServer;

        TorcHTTPServer::gWebServer = nullptr;
    }
} TorcHTTPServerObject;