diff options
Diffstat (limited to 'src/websockets/qcorsauthenticator.cpp')
-rw-r--r-- | src/websockets/qcorsauthenticator.cpp | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/src/websockets/qcorsauthenticator.cpp b/src/websockets/qcorsauthenticator.cpp new file mode 100644 index 0000000..5c7e581 --- /dev/null +++ b/src/websockets/qcorsauthenticator.cpp @@ -0,0 +1,132 @@ +/* +QWebSockets implements the WebSocket protocol as defined in RFC 6455. +Copyright (C) 2013 Kurt Pattyn (pattyn.kurt@gmail.com) + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. + +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +/*! + \class QCorsAuthenticator + + \inmodule QWebSockets + \brief The QCorsAuthenticator class provides an authenticator object for Cross Origin Requests (CORS). + + The QCorsAuthenticator class is used in the \l{QWebSocketServer::}{originAuthenticationRequired()} signal. + The class provides a way to pass back the required information to the QWebSocketServer. + It provides applications with fine-grained control over which origin URLs are allowed and which aren't. + By default, every origin is accepted. + To get fine grained control, an application connects the \l{QWebSocketServer::}{originAuthenticationRequired()} signal to + a slot. When the origin (QCorsAuthenticator::origin()) is accepted, it calls QCorsAuthenticator::setAllowed(true) + + \note Checking on the origin does not make much sense when the server is accessed + via a non-browser client, as that client can set whatever origin header it likes. + In case of a browser client, the server SHOULD check the validity of the origin. + \sa http://tools.ietf.org/html/rfc6455#section-10 + + \sa QWebSocketServer +*/ + +#include "qcorsauthenticator.h" +#include "qcorsauthenticator_p.h" + +QT_BEGIN_NAMESPACE + +/*! + \internal + */ +QCorsAuthenticatorPrivate::QCorsAuthenticatorPrivate(const QString &origin, bool allowed) : + m_origin(origin), + m_isAllowed(allowed) +{} + +/*! + \internal + */ +QCorsAuthenticatorPrivate::~QCorsAuthenticatorPrivate() +{} + +/*! + Constructs a new QCorsAuthencator object with the given \a origin. + \note By default, allowed() returns true. This means that per default every origin is accepted. + */ +QCorsAuthenticator::QCorsAuthenticator(const QString &origin) : + d_ptr(new QCorsAuthenticatorPrivate(origin, true)) //all origins are per default allowed +{ +} + +/*! + Destructs the object + */ +QCorsAuthenticator::~QCorsAuthenticator() +{ + if (d_ptr) + { + delete d_ptr; + } +} + +/*! + Constructs a coy of \a other + */ +QCorsAuthenticator::QCorsAuthenticator(const QCorsAuthenticator &other) : + d_ptr(new QCorsAuthenticatorPrivate(other.d_ptr->m_origin, other.d_ptr->m_isAllowed)) +{ +} + +/*! + Assigns \a other to this authenticator object + */ +QCorsAuthenticator &QCorsAuthenticator::operator =(const QCorsAuthenticator &other) +{ + Q_D(QCorsAuthenticator); + if (this != &other) + { + d->m_origin = other.d_ptr->m_origin; + d->m_isAllowed = other.d_ptr->m_isAllowed; + } + return *this; +} + +/*! + Returns the origin this autenticator is handling about. + */ +QString QCorsAuthenticator::origin() const +{ + Q_D(const QCorsAuthenticator); + return d->m_origin; +} + +/*! + Allows or disallows the origin. Setting \a allowed to true, will accept the connection request for the given origin. + Setting \a allowed to false, will reject the connection request. + + \note By default, all origins are accepted. + */ +void QCorsAuthenticator::setAllowed(bool allowed) +{ + Q_D(QCorsAuthenticator); + d->m_isAllowed = allowed; +} + +/*! + Returns true if the origin is allowed, otherwise returns false. + + \note By default, all origins are accepted. + */ +bool QCorsAuthenticator::allowed() const +{ + Q_D(const QCorsAuthenticator); + return d->m_isAllowed; +} |