Update QtWebApp to v1.8.6

third_party/QtWebApp/httpserver/httpconnectionhandler.h

@@ -44,7 +44,10 @@ namespace stefanfrings {
   </pre></code>
   <p>
   The readTimeout value defines the maximum time to wait for a complete HTTP request.
-  @see HttpRequest for description of config settings maxRequestSize and maxMultiPartSize.
+  <p>
+  MaxRequestSize is the maximum size of a HTTP request. In case of
+  multipart/form-data requests (also known as file-upload), the maximum
+  size of the body must not exceed maxMultiPartSize.
 */
 class DECLSPEC HttpConnectionHandler : public QObject {
     Q_OBJECT

third_party/QtWebApp/httpserver/httpconnectionhandlerpool.cpp

@@ -92,6 +92,9 @@ void HttpConnectionHandlerPool::loadSslConfig()
     // If certificate and key files are configured, then load them
     QString sslKeyFileName=settings->value("sslKeyFile","").toString();
     QString sslCertFileName=settings->value("sslCertFile","").toString();
+    QString caCertFileName=settings->value("caCertFile","").toString();
+    bool verifyPeer=settings->value("verifyPeer","false").toBool();
+
     if (!sslKeyFileName.isEmpty() && !sslCertFileName.isEmpty())
     {
         #ifdef QT_NO_SSL
@@ -107,6 +110,7 @@ void HttpConnectionHandlerPool::loadSslConfig()
             {
                 sslKeyFileName=QFileInfo(configFile.absolutePath(),sslKeyFileName).absoluteFilePath();
             }
+
             #ifdef Q_OS_WIN32
                 if (QDir::isRelativePath(sslCertFileName) && settings->format()!=QSettings::NativeFormat)
             #else
@@ -138,10 +142,51 @@ void HttpConnectionHandlerPool::loadSslConfig()
 
             // Create the SSL configuration
             sslConfiguration=new QSslConfiguration();
+            sslConfiguration->setProtocol(QSsl::AnyProtocol);
             sslConfiguration->setLocalCertificate(certificate);
             sslConfiguration->setPrivateKey(sslKey);
-            sslConfiguration->setPeerVerifyMode(QSslSocket::VerifyNone);
-            sslConfiguration->setProtocol(QSsl::AnyProtocol);
+
+            // We can optionally use a CA certificate to validate the HTTP clients
+            if (!caCertFileName.isEmpty())
+            {
+                #if QT_VERSION < QT_VERSION_CHECK(5, 15, 0)
+                    qCritical("HttpConnectionHandlerPool: Using a caCertFile requires Qt 5.15 or newer");
+                #else
+
+                    // Convert relative fileName to absolute, based on the directory of the config file.
+                    #ifdef Q_OS_WIN32
+                        if (QDir::isRelativePath(caCertFileName) && settings->format()!=QSettings::NativeFormat)
+                    #else
+                        if (QDir::isRelativePath(caCertFileName))
+                    #endif
+                    {
+                        caCertFileName=QFileInfo(configFile.absolutePath(),caCertFileName).absoluteFilePath();
+                    }
+
+                    // Load the CA cert file
+                    QFile caCertFile(caCertFileName);
+                    if (!caCertFile.open(QIODevice::ReadOnly))
+                    {
+                        qCritical("HttpConnectionHandlerPool: cannot open caCertFile %s", qPrintable(caCertFileName));
+                        return;
+                    }
+                    QSslCertificate caCertificate(&caCertFile, QSsl::Pem);
+                    caCertFile.close();
+
+                    // Configure SSL
+                    sslConfiguration->addCaCertificate(caCertificate);
+                #endif
+            }
+
+            // Enable or disable verification of the HTTP client
+            if (verifyPeer)
+            {
+                sslConfiguration->setPeerVerifyMode(QSslSocket::VerifyPeer);
+            }
+            else
+            {
+                sslConfiguration->setPeerVerifyMode(QSslSocket::VerifyNone);
+            }
 
             qDebug("HttpConnectionHandlerPool: SSL settings loaded");
          #endif

third_party/QtWebApp/httpserver/httpconnectionhandlerpool.h

@@ -16,33 +16,69 @@ namespace stefanfrings {
   <p>
   Example for the required configuration settings:
   <code><pre>
-  minThreads=4
-  maxThreads=100
-  cleanupInterval=60000
   readTimeout=60000
-  ;sslKeyFile=ssl/my.key
-  ;sslCertFile=ssl/my.cert
   maxRequestSize=16000
   maxMultiPartSize=1000000
+
+  minThreads=4
+  maxThreads=100
+  cleanupInterval=60000  
   </pre></code>
+  <p>
+  The readTimeout value defines the maximum time to wait for a complete HTTP request.
+  <p>
+  MaxRequestSize is the maximum size of a HTTP request. In case of
+  multipart/form-data requests (also known as file-upload), the maximum
+  size of the body must not exceed maxMultiPartSize.
+  <p>
   After server start, the size of the thread pool is always 0. Threads
   are started on demand when requests come in. The cleanup timer reduces
   the number of idle threads slowly by closing one thread in each interval.
   But the configured minimum number of threads are kept running.
   <p>
-  For SSL support, you need an OpenSSL certificate file and a key file.
-  Both can be created with the command
+  Additional settings for SSL (HTTPS):
   <code><pre>
-      openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout my.key -out my.cert
+  sslKeyFile=ssl/server.key
+  sslCertFile=ssl/server.crt
+  ;caCertFile=ssl/ca.crt
+  verifyPeer=false
+  </pre></code>
+  For SSL support, you need at least a pair of OpenSSL x509 certificate and an RSA key,
+  both files in PEM format. To enable verification of the peer (the calling web browser),
+  you can either use the central certificate store of the operating system, or provide
+  a CA certificate file in PEM format. The certificates of the peers must have been
+  derived from the CA certificate.
+  <p>
+  Example commands to create these files:
+  <code><pre>
+  # Generate CA key
+  openssl genrsa 2048 > ca.key
+
+  # Generate CA certificate
+  openssl req -new -x509 -nodes -days 365000 -key ca.key -out ca.crt
+
+  # Generate a server key and certificate request
+  openssl req -newkey rsa:2048 -nodes -days 365000 -keyout server.key -out server.req
+
+  # Generate a signed server certificate
+  openssl x509 -req -days 365000 -set_serial 01 -in server.req -out server.crt -CA ca.crt -CAkey ca.key
+
+  # Generate a client key and certificate request
+  openssl req -newkey rsa:2048 -nodes -days 365000 -keyout client.key -out client.req
+
+  # Generate a signed client certificate
+  openssl x509 -req -days 365000 -set_serial 01 -in client.req -out client.crt  -CA ca.crt -CAkey ca.key
+
+  # Combine client key and certificate into one PKCS12 file
+  openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -certfile ca.crt
+
+  # Remove temporary files
+  rm *.req
   </pre></code>
   <p>
-  Visit http://slproweb.com/products/Win32OpenSSL.html to download the Light version of OpenSSL for Windows.
-  <p>
-  Please note that a listener with SSL settings can only handle HTTPS protocol. To
-  support both HTTP and HTTPS simultaneously, you need to start two listeners on different ports -
-  one with SLL and one without SSL.
-  @see HttpConnectionHandler for description of the readTimeout
-  @see HttpRequest for description of config settings maxRequestSize and maxMultiPartSize
+  Please note that a listener with SSL can only handle HTTPS protocol. To support both
+  HTTP and HTTPS simultaneously, you need to start <b>two</b> listeners on different ports
+  one with SLL and one without SSL (usually on public ports 80 and 443, or locally on 8080 and 8443).
 */
 
 class DECLSPEC HttpConnectionHandlerPool : public QObject {
@@ -54,7 +90,6 @@ public:
       Constructor.
       @param settings Configuration settings for the HTTP server. Must not be 0.
       @param requestHandler The handler that will process each received HTTP request.
-      @warning The requestMapper gets deleted by the destructor of this pool
     */
     HttpConnectionHandlerPool(const QSettings* settings, HttpRequestHandler *requestHandler);
 

third_party/QtWebApp/httpserver/httpglobal.cpp

@@ -2,6 +2,6 @@
 
 const char* getQtWebAppLibVersion()
 {
-    return "1.8.3";
+    return "1.8.6";
 }
 

third_party/QtWebApp/httpserver/httpglobal.h

@@ -23,5 +23,9 @@
 /** Get the library version number */
 DECLSPEC const char* getQtWebAppLibVersion();
 
+#if __cplusplus < 201103L
+    #define nullptr 0
+#endif
+
 #endif // HTTPGLOBAL_H
 

third_party/QtWebApp/httpserver/httplistener.h

@@ -24,21 +24,34 @@ namespace stefanfrings {
   <code><pre>
   ;host=192.168.0.100
   port=8080
+
+  readTimeout=60000
+  maxRequestSize=16000
+  maxMultiPartSize=1000000
+
   minThreads=1
   maxThreads=10
   cleanupInterval=1000
-  readTimeout=60000
-  ;sslKeyFile=ssl/my.key
-  ;sslCertFile=ssl/my.cert
-  maxRequestSize=16000
-  maxMultiPartSize=1000000
+
+  ;sslKeyFile=ssl/server.key
+  ;sslCertFile=ssl/server.crt
+  ;caCertFile=ssl/ca.crt
+  ;verifyPeer=false
   </pre></code>
-  The optional host parameter binds the listener to one network interface.
-  The listener handles all network interfaces if no host is configured.
-  The port number specifies the incoming TCP port that this listener listens to.
-  @see HttpConnectionHandlerPool for description of config settings minThreads, maxThreads, cleanupInterval and ssl settings
-  @see HttpConnectionHandler for description of the readTimeout
-  @see HttpRequest for description of config settings maxRequestSize and maxMultiPartSize
+  The optional host parameter binds the listener to a specific network interface,
+  otherwise the server accepts connections from any network interface on the given port.
+  <p>
+  The readTimeout value defines the maximum time to wait for a complete HTTP request.
+  <p>
+  MaxRequestSize is the maximum size of a HTTP request. In case of
+  multipart/form-data requests (also known as file-upload), the maximum
+  size of the body must not exceed maxMultiPartSize.
+  <p>
+  After server start, the size of the thread pool is always 0. Threads
+  are started on demand when requests come in. The cleanup timer reduces
+  the number of idle threads slowly by closing one thread in each interval.
+  But the configured minimum number of threads are kept running.
+  @see HttpConnectionHandlerPool for description of the optional ssl settings
 */
 
 class DECLSPEC HttpListener : public QTcpServer {

third_party/QtWebApp/httpserver/httprequest.h

@@ -23,7 +23,7 @@ namespace stefanfrings {
   from a TCP socket and provides getters for the individual parts
   of the request.
   <p>
-  The follwing config settings are required:
+  The following config settings are required:
   <code><pre>
   maxRequestSize=16000
   maxMultiPartSize=1000000
@@ -32,7 +32,6 @@ namespace stefanfrings {
   MaxRequestSize is the maximum size of a HTTP request. In case of
   multipart/form-data requests (also known as file-upload), the maximum
   size of the body must not exceed maxMultiPartSize.
-  The body is always a little larger than the file itself.
 */
 
 class DECLSPEC HttpRequest {

third_party/QtWebApp/httpserver/staticfilecontroller.cpp

@@ -53,7 +53,7 @@ void StaticFileController::service(HttpRequest &request, HttpResponse &response)
         qDebug("StaticFileController: Cache hit for %s",path.data());
         setContentType(filename,response);
         response.setHeader("Cache-Control","max-age="+QByteArray::number(maxAge/1000));
-        response.write(document);
+        response.write(document,true);
     }
     else
     {
@@ -80,6 +80,7 @@ void StaticFileController::service(HttpRequest &request, HttpResponse &response)
         {
             setContentType(path,response);
             response.setHeader("Cache-Control","max-age="+QByteArray::number(maxAge/1000));
+            response.setHeader("Content-Length",QByteArray::number(file.size()));
             if (file.size()<=maxCachedFileSize)
             {
                 // Return the file content and store it also in the cache