hyperion.ng/libsrc/utils/NetOrigin.cpp

#include <utils/NetOrigin.h>

#include <QJsonObject>
#include <QNetworkInterface>

NetOrigin* NetOrigin::instance = nullptr;

NetOrigin::NetOrigin(QObject* parent, Logger* log)
	: QObject(parent)
	, _log(log)
	, _isInternetAccessAllowed(false)
	, _isInternetAccessRestricted(false)
	, _ipWhitelist()
{
	NetOrigin::instance = this;
}

bool NetOrigin::accessAllowed(const QHostAddress& address, const QHostAddress& local) const
{
	bool isAllowed {false};

	if(isLocalAddress(address, local))
	{
		isAllowed = true;
	}
	else
	{
		if(_isInternetAccessAllowed)
		{
			if (!_isInternetAccessRestricted)
			{
				isAllowed = true;
			}
			else
			{
				for (const QHostAddress &listAddress : _ipWhitelist)
				{
					if (address.isEqual(listAddress))
					{
						isAllowed = true;
						break;
					}
				}
				WarningIf(!isAllowed, _log,"Client connection from IP address '%s' has been rejected! It's not whitelisted.",QSTRING_CSTR(address.toString()));
			}
		}
	}
	return isAllowed;
}


bool NetOrigin::isLocalAddress(const QHostAddress& ipAddress, const QHostAddress& /*local*/) const
{
	QHostAddress address = ipAddress;

	if (address.isLoopback() || address.isLinkLocal())
	{
		return true;
	}

	//Convert to IPv4 to check, if an IPv6 address is an IPv4 mapped address
	QHostAddress ipv4Address(address.toIPv4Address());
	if (ipv4Address != QHostAddress::AnyIPv4) // ipv4Address is not "0.0.0.0"
	{
		address = ipv4Address;
	}

	QList<QNetworkInterface> allInterfaces = QNetworkInterface::allInterfaces();
	for (const QNetworkInterface &networkInterface : allInterfaces) {
		QList<QNetworkAddressEntry> addressEntries = networkInterface.addressEntries();
		for (const QNetworkAddressEntry &localNetworkAddressEntry : addressEntries) {
			QHostAddress localIP = localNetworkAddressEntry.ip();

			if(localIP.protocol() != QAbstractSocket::NetworkLayerProtocol::IPv4Protocol)
			{
				continue;
			}

			bool isInSubnet = address.isInSubnet(localIP, localNetworkAddressEntry.prefixLength());
			if (isInSubnet)
			{
				return true;
			}
		}
	}
	return false;
}

void NetOrigin::handleSettingsUpdate(settings::type type, const QJsonDocument& config)
{
	if(type == settings::NETWORK)
	{
		const QJsonObject& obj = config.object();
		_isInternetAccessAllowed = obj["internetAccessAPI"].toBool(false);
		_isInternetAccessRestricted = obj["restirctedInternetAccessAPI"].toBool(false);
		const QJsonArray arr = obj["ipWhitelist"].toArray();

        _ipWhitelist.clear();

        for(const auto& item : std::as_const(arr))
		{
			const QString& entry = item.toString("");
			if(entry.isEmpty())
			{
				continue;
			}

			QHostAddress host(entry);
			if(host.isNull())
			{
				Warning(_log,"The whitelisted IP address '%s' isn't valid! Skipped",QSTRING_CSTR(entry));
				continue;
			}
			_ipWhitelist << host;
		}
	}
}
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`#include <utils/NetOrigin.h>`

			`#include <QJsonObject>`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`#include <QNetworkInterface>`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00
			`NetOrigin* NetOrigin::instance = nullptr;`

			`NetOrigin::NetOrigin(QObject* parent, Logger* log)`
			`: QObject(parent)`
			`, _log(log)`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`, _isInternetAccessAllowed(false)`
			`, _isInternetAccessRestricted(false)`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`, _ipWhitelist()`
			`{`
			`NetOrigin::instance = this;`
			`}`

Const correctness, override keyword, a bunch of stuff.. 2020-08-08 23:12:43 +02:00			`bool NetOrigin::accessAllowed(const QHostAddress& address, const QHostAddress& local) const`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`{`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`bool isAllowed {false};`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`if(isLocalAddress(address, local))`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`{`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`isAllowed = true;`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`}`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`else`
			`{`
			`if(_isInternetAccessAllowed)`
			`{`
			`if (!_isInternetAccessRestricted)`
			`{`
			`isAllowed = true;`
			`}`
			`else`
			`{`
			`for (const QHostAddress &listAddress : _ipWhitelist)`
			`{`
			`if (address.isEqual(listAddress))`
			`{`
			`isAllowed = true;`
			`break;`
			`}`
			`}`
			`WarningIf(!isAllowed, _log,"Client connection from IP address '%s' has been rejected! It's not whitelisted.",QSTRING_CSTR(address.toString()));`
			`}`
			`}`
			`}`
			`return isAllowed;`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`}`

Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00
			`bool NetOrigin::isLocalAddress(const QHostAddress& ipAddress, const QHostAddress& /local/) const`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`{`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`QHostAddress address = ipAddress;`

			`if (address.isLoopback() \|\| address.isLinkLocal())`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`{`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`return true;`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`}`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00
			`//Convert to IPv4 to check, if an IPv6 address is an IPv4 mapped address`
			`QHostAddress ipv4Address(address.toIPv4Address());`
			`if (ipv4Address != QHostAddress::AnyIPv4) // ipv4Address is not "0.0.0.0"`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`{`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`address = ipv4Address;`
			`}`

			`QList<QNetworkInterface> allInterfaces = QNetworkInterface::allInterfaces();`
			`for (const QNetworkInterface &networkInterface : allInterfaces) {`
			`QList<QNetworkAddressEntry> addressEntries = networkInterface.addressEntries();`
			`for (const QNetworkAddressEntry &localNetworkAddressEntry : addressEntries) {`
			`QHostAddress localIP = localNetworkAddressEntry.ip();`

			`if(localIP.protocol() != QAbstractSocket::NetworkLayerProtocol::IPv4Protocol)`
			`{`
			`continue;`
			`}`

			`bool isInSubnet = address.isInSubnet(localIP, localNetworkAddressEntry.prefixLength());`
			`if (isInSubnet)`
			`{`
			`return true;`
			`}`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`}`
			`}`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`return false;`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`}`

Pass primitive types by value (#935) 2020-08-08 13:09:15 +02:00			`void NetOrigin::handleSettingsUpdate(settings::type type, const QJsonDocument& config)`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`{`
			`if(type == settings::NETWORK)`
			`{`
			`const QJsonObject& obj = config.object();`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`_isInternetAccessAllowed = obj["internetAccessAPI"].toBool(false);`
			`_isInternetAccessRestricted = obj["restirctedInternetAccessAPI"].toBool(false);`
			`const QJsonArray arr = obj["ipWhitelist"].toArray();`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`_ipWhitelist.clear();`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`for(const auto& item : std::as_const(arr))`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`{`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`const QString& entry = item.toString("");`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`if(entry.isEmpty())`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`{`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00			`continue;`
Refactor Hyperion JSON-API (#1727) 2024-05-08 22:06:32 +02:00			`}`
- The first part - Added CodeDocs config file for customization - Fixing LGTM alerts - LGTM bug fixed again - added token option to hyperion-remote - fix DBManager::getDB() - next bugfix - correct broken signal from SettingManager to Hyperion - Token list is created after the schema is fetched Signed-off-by: Paulchen-Panther <Paulchen-Panter@protonmail.com> 2019-07-12 16:54:26 +02:00
			`QHostAddress host(entry);`
			`if(host.isNull())`
			`{`
			`Warning(_log,"The whitelisted IP address '%s' isn't valid! Skipped",QSTRING_CSTR(entry));`
			`continue;`
			`}`
			`_ipWhitelist << host;`
			`}`
			`}`
			`}`