WebUI: Add Base Path Configuration

Adds a base path configuration option to the WebUI. WebApplication injects base path into content paths on initial configuration. Requires a restart to update. Internally, the path is stripped from the request to maintain the existing api/file structure. Requests without the path trigger a 303 redirect response. Closes qbittorrent#5693
kharenis · Apr 14, 2021 · 6300da0 · 6300da0
1 parent cad01cb
commit 6300da0
Show file tree

Hide file tree

Showing 53 changed files with 307 additions and 240 deletions.
diff --git a/src/.vs/slnx.sqlite b/src/.vs/slnx.sqlite
diff --git a/src/base/http/httperror.cpp b/src/base/http/httperror.cpp
@@ -84,3 +84,7 @@ InternalServerErrorHTTPError::InternalServerErrorHTTPError(const QString &messag
     : HTTPError(500, QLatin1String("Internal Server Error"), message)
 {
 }
+SeeOtherHTTPError::SeeOtherHTTPError(const QString &message)
+    : HTTPError(303, QLatin1String("See Other"), message)
+{
+}
diff --git a/src/base/http/httperror.h b/src/base/http/httperror.h
@@ -90,3 +90,9 @@ class InternalServerErrorHTTPError : public HTTPError
 public:
     explicit InternalServerErrorHTTPError(const QString &message = {});
 };
+
+class SeeOtherHTTPError : public HTTPError
+{
+public:
+    explicit SeeOtherHTTPError(const QString &message = {});
+};
diff --git a/src/base/http/types.h b/src/base/http/types.h
@@ -55,6 +55,7 @@ namespace Http
     const char HEADER_X_FORWARDED_HOST[] = "x-forwarded-host";
     const char HEADER_X_FRAME_OPTIONS[] = "x-frame-options";
     const char HEADER_X_XSS_PROTECTION[] = "x-xss-protection";
+    const char HEADER_LOCATION[] = "location";
 
     const char HEADER_REQUEST_METHOD_GET[] = "GET";
     const char HEADER_REQUEST_METHOD_HEAD[] = "HEAD";

diff --git a/src/base/preferences.cpp b/src/base/preferences.cpp
@@ -777,7 +777,7 @@ QString Preferences::getWebUIBasePath() const
     return value("Preferences/WebUI/BasePath").toString();
 }
 
-void Preferences::setWebUIBasePath(const Qstring &path)
+void Preferences::setWebUIBasePath(const QString &path)
 {
     setValue("Preferences/WebUI/BasePath", path);
 }

diff --git a/src/gui/optionsdialog.cpp b/src/gui/optionsdialog.cpp
@@ -489,6 +489,7 @@ OptionsDialog::OptionsDialog(QWidget *parent)
     connect(m_ui->textWebUIHttpsKey, &FileSystemPathLineEdit::selectedPathChanged, this, [this](const QString &s) { webUIHttpsKeyChanged(s, ShowError::Show); });
     connect(m_ui->textWebUiUsername, &QLineEdit::textChanged, this, &ThisType::enableApplyButton);
     connect(m_ui->textWebUiPassword, &QLineEdit::textChanged, this, &ThisType::enableApplyButton);
+    connect(m_ui->textWebUIBasePath, &QLineEdit::textChanged, this, &ThisType::enableApplyButton);
     connect(m_ui->checkBypassLocalAuth, &QAbstractButton::toggled, this, &ThisType::enableApplyButton);
     connect(m_ui->checkBypassAuthSubnetWhitelist, &QAbstractButton::toggled, this, &ThisType::enableApplyButton);
     connect(m_ui->checkBypassAuthSubnetWhitelist, &QAbstractButton::toggled, m_ui->IPSubnetWhitelistButton, &QPushButton::setEnabled);
@@ -848,6 +849,7 @@ void OptionsDialog::saveOptions()
         pref->setWebUIMaxAuthFailCount(m_ui->spinBanCounter->value());
         pref->setWebUIBanDuration(std::chrono::seconds {m_ui->spinBanDuration->value()});
         pref->setWebUISessionTimeout(m_ui->spinSessionTimeout->value());
+        pref->setWebUIBasePath(m_ui->textWebUIBasePath->text());
         // Authentication
         pref->setWebUiUsername(webUiUsername());
         if (!webUiPassword().isEmpty())
@@ -1255,6 +1257,7 @@ void OptionsDialog::loadOptions()
     m_ui->spinBanCounter->setValue(pref->getWebUIMaxAuthFailCount());
     m_ui->spinBanDuration->setValue(pref->getWebUIBanDuration().count());
     m_ui->spinSessionTimeout->setValue(pref->getWebUISessionTimeout());
+    m_ui->textWebUIBasePath->setText(pref->getWebUIBasePath());
 
     // Security
     m_ui->checkClickjacking->setChecked(pref->isWebUiClickjackingProtectionEnabled());

diff --git a/src/gui/optionsdialog.ui b/src/gui/optionsdialog.ui
@@ -2945,6 +2945,22 @@ Specify an IPv4 or IPv6 address. You can specify &quot;0.0.0.0&quot; for any IPv
                  </item>
                 </layout>
                </item>
+                  <item>
+                      <widget class="QLabel" name="lblWebUiBasePath">
+                          <property name="text">
+                              <string>Base Path:</string>
+                          </property>
+                      </widget>
+                  </item>
+                  <item>
+                      <widget class="QLineEdit" name="textWebUIBasePath">
+                          <property name="toolTip">
+                              <string>
+                                  URL path root for the WebUI. Requires a WebUI restart to take effect.
+                              </string>
+                          </property>
+                      </widget>
+                  </item>
                <item>
                 <widget class="QCheckBox" name="checkWebUIUPnP">
                  <property name="text">

diff --git a/src/webui/api/appcontroller.cpp b/src/webui/api/appcontroller.cpp
@@ -228,6 +228,7 @@ void AppController::preferencesAction()
     data["use_https"] = pref->isWebUiHttpsEnabled();
     data["web_ui_https_cert_path"] = pref->getWebUIHttpsCertificatePath();
     data["web_ui_https_key_path"] = pref->getWebUIHttpsKeyPath();
+    data["web_ui_base_path"] = pref->getWebUIBasePath();
     // Authentication
     data["web_ui_username"] = pref->getWebUiUsername();
     data["bypass_local_auth"] = !pref->isWebUiLocalAuthEnabled();
@@ -640,6 +641,8 @@ void AppController::setPreferencesAction()
         pref->setWebUIBanDuration(std::chrono::seconds {it.value().toInt()});
     if (hasKey("web_ui_session_timeout"))
         pref->setWebUISessionTimeout(it.value().toInt());
+    if (hasKey("web_ui_base_path"))
+        pref->setWebUIBasePath(it.value().toString());
     // Use alternative Web UI
     if (hasKey("alternative_webui_enabled"))
         pref->setAltWebUiEnabled(it.value().toBool());

diff --git a/src/webui/webapplication.cpp b/src/webui/webapplication.cpp
@@ -130,6 +130,7 @@ WebApplication::WebApplication(QObject *parent)
 
     declarePublicAPI(QLatin1String("auth/login"));
 
+    fireOnceConfigure();
     configure();
     connect(Preferences::instance(), &Preferences::changed, this, &WebApplication::configure);
 }
@@ -238,6 +239,7 @@ void WebApplication::translateDocument(QString &data) const
 
         data.replace(QLatin1String("${LANG}"), m_currentLocale.left(2));
         data.replace(QLatin1String("${CACHEID}"), m_cacheID);
+        data.replace(QLatin1String("${BASEPATH}"), m_basePath);
     }
 }
 
@@ -256,6 +258,24 @@ const Http::Environment &WebApplication::env() const
     return m_env;
 }
 
+void WebApplication::doProcessPath()
+{
+    if(!m_basePath.isEmpty())
+    {
+        if(m_request.path.indexOf(m_basePath) == 0)
+        {
+            m_request.path.remove(0, m_basePath.length());
+        }
+        else
+        {
+            //Set location header for redirect
+            setHeader({Http::HEADER_LOCATION, m_basePath + m_request.path});
+
+            throw SeeOtherHTTPError(m_basePath + m_request.path);
+        }
+    }
+}
+
 void WebApplication::doProcessRequest()
 {
     const QRegularExpressionMatch match = m_apiPathPattern.match(request().path);
@@ -314,6 +334,13 @@ void WebApplication::doProcessRequest()
     }
 }
 
+//For configurations that require a restart to take effect
+void WebApplication::fireOnceConfigure()
+{
+    const auto *pref = Preferences::instance();
+    m_basePath = pref->getWebUIBasePath();
+}
+
 void WebApplication::configure()
 {
     const auto *pref = Preferences::instance();
@@ -362,7 +389,6 @@ void WebApplication::configure()
     m_isSecureCookieEnabled = pref->isWebUiSecureCookieEnabled();
     m_isHostHeaderValidationEnabled = pref->isWebUIHostHeaderValidationEnabled();
     m_isHttpsEnabled = pref->isWebUiHttpsEnabled();
-    m_basePath = pref->getWebUIBasePath();
 
     m_prebuiltHeaders.clear();
     m_prebuiltHeaders.push_back({QLatin1String(Http::HEADER_X_XSS_PROTECTION), QLatin1String("1; mode=block")});
@@ -496,11 +522,7 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons
         }
 
         sessionInitialize();
-
-        //Replace base path prefix with a '/'
-        if(!m_basePath.isEmpty() && m_request.path.indexOf(m_basePath == 0))
-            m_request.path.replace(0, m_basePath.length, QChar('/'));
-
+        doProcessPath();
         doProcessRequest();
     }
     catch (const HTTPError &error)

diff --git a/src/webui/webapplication.h b/src/webui/webapplication.h
@@ -97,7 +97,9 @@ class WebApplication final
 
 private:
     void doProcessRequest();
+    void doProcessPath();
     void configure();
+    void fireOnceConfigure();
 
     void registerAPIController(const QString &scope, APIController *controller);
     void declarePublicAPI(const QString &apiPath);

diff --git a/src/webui/www/package.json b/src/webui/www/package.json
@@ -5,7 +5,7 @@
     "type": "git",
     "url": "https://github.com/qbittorrent/qBittorrent.git"
   },
-  "scripts": {
+  "${BASEPATH}/scripts": {
     "format": "js-beautify private/*.html private/scripts/*.js private/views/*.html public/*.html public/scripts/*.js",
     "lint": "eslint private/*.html private/scripts/*.js private/views/*.html public/*.html public/scripts/*.js"
   },

diff --git a/src/webui/www/private/addpeers.html b/src/webui/www/private/addpeers.html
@@ -1,12 +1,12 @@
-<!DOCTYPE html>
+<!DOCTYPE html>
 <html lang="${LANG}">
 
 <head>
     <meta charset="UTF-8" />
     <title>QBT_TR(Add Peers)QBT_TR[CONTEXT=PeersAdditionDialog]</title>
-    <link rel="stylesheet" href="css/style.css?v=${CACHEID}" type="text/css" />
-    <script src="scripts/lib/mootools-1.2-core-yc.js"></script>
-    <script src="scripts/lib/mootools-1.2-more.js"></script>
+    <link rel="stylesheet" href="${BASEPATH}/css/style.css?v=${CACHEID}" type="text/css" />
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-core-yc.js"></script>
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-more.js"></script>
     <script>
         'use strict';
 
@@ -39,7 +39,7 @@
                     return
 
                 new Request({
-                    url: 'api/v2/torrents/addPeers',
+                    url: '${BASEPATH}/api/v2/torrents/addPeers',
                     method: 'post',
                     data: {
                         hashes: hash,

diff --git a/src/webui/www/private/addtrackers.html b/src/webui/www/private/addtrackers.html
@@ -4,9 +4,9 @@
 <head>
     <meta charset="UTF-8" />
     <title>QBT_TR(Trackers addition dialog)QBT_TR[CONTEXT=TrackersAdditionDialog]</title>
-    <link rel="stylesheet" href="css/style.css?v=${CACHEID}" type="text/css" />
-    <script src="scripts/lib/mootools-1.2-core-yc.js"></script>
-    <script src="scripts/lib/mootools-1.2-more.js"></script>
+    <link rel="stylesheet" href="${BASEPATH}/css/style.css?v=${CACHEID}" type="text/css" />
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-core-yc.js"></script>
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-more.js"></script>
     <script>
         'use strict';
 
@@ -30,7 +30,7 @@
                 new Event(e).stop();
                 const hash = new URI().getData('hash');
                 new Request({
-                    url: 'api/v2/torrents/addTrackers',
+                    url: '${BASEPATH}/api/v2/torrents/addTrackers',
                     method: 'post',
                     data: {
                         hash: hash,

diff --git a/src/webui/www/private/confirmdeletion.html b/src/webui/www/private/confirmdeletion.html
@@ -4,9 +4,9 @@
 <head>
     <meta charset="UTF-8" />
     <title>QBT_TR(Deletion confirmation - qBittorrent)QBT_TR[CONTEXT=confirmDeletionDlg]</title>
-    <link rel="stylesheet" href="css/style.css?v=${CACHEID}" type="text/css" />
-    <script src="scripts/lib/mootools-1.2-core-yc.js"></script>
-    <script src="scripts/lib/mootools-1.2-more.js"></script>
+    <link rel="stylesheet" href="${BASEPATH}/css/style.css?v=${CACHEID}" type="text/css" />
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-core-yc.js"></script>
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-more.js"></script>
     <script>
         'use strict';
 
@@ -23,7 +23,7 @@
             $('confirmBtn').addEvent('click', function(e) {
                 parent.torrentsTable.deselectAll();
                 new Event(e).stop();
-                const cmd = 'api/v2/torrents/delete';
+                const cmd = '${BASEPATH}/api/v2/torrents/delete';
                 const deleteFiles = $('deleteFromDiskCB').get('checked');
                 new Request({
                     url: cmd,

diff --git a/src/webui/www/private/confirmfeeddeletion.html b/src/webui/www/private/confirmfeeddeletion.html
@@ -1,12 +1,12 @@
-<!DOCTYPE html>
+<!DOCTYPE html>
 <html lang="${LANG}">
 
 <head>
     <meta charset="UTF-8" />
     <title>QBT_TR(Deletion confirmation)QBT_TR[CONTEXT=RSSWidget]</title>
-    <link rel="stylesheet" href="css/style.css?v=${CACHEID}" type="text/css" />
-    <script src="scripts/lib/mootools-1.2-core-yc.js"></script>
-    <script src="scripts/lib/mootools-1.2-more.js"></script>
+    <link rel="stylesheet" href="${BASEPATH}/css/style.css?v=${CACHEID}" type="text/css" />
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-core-yc.js"></script>
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-more.js"></script>
     <script>
         'use strict';
 
@@ -22,7 +22,7 @@
                 let completionCount = 0;
                 paths.forEach((path) => {
                     new Request({
-                        url: 'api/v2/rss/removeItem',
+                        url: '${BASEPATH}/api/v2/rss/removeItem',
                         noCache: true,
                         method: 'post',
                         data: {

diff --git a/src/webui/www/private/confirmruleclear.html b/src/webui/www/private/confirmruleclear.html
@@ -4,9 +4,9 @@
 <head>
     <meta charset="UTF-8" />
     <title>QBT_TR(Clear downloaded episodes)QBT_TR[CONTEXT=AutomatedRssDownloader]</title>
-    <link rel="stylesheet" href="css/style.css?v=${CACHEID}" type="text/css" />
-    <script src="scripts/lib/mootools-1.2-core-yc.js"></script>
-    <script src="scripts/lib/mootools-1.2-more.js"></script>
+    <link rel="stylesheet" href="${BASEPATH}/css/style.css?v=${CACHEID}" type="text/css" />
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-core-yc.js"></script>
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-more.js"></script>
     <script>
         'use strict';
 

diff --git a/src/webui/www/private/confirmruledeletion.html b/src/webui/www/private/confirmruledeletion.html
@@ -4,9 +4,9 @@
 <head>
     <meta charset="UTF-8" />
     <title>QBT_TR(Rule deletion confirmation)QBT_TR[CONTEXT=AutomatedRssDownloader]</title>
-    <link rel="stylesheet" href="css/style.css?v=${CACHEID}" type="text/css" />
-    <script src="scripts/lib/mootools-1.2-core-yc.js"></script>
-    <script src="scripts/lib/mootools-1.2-more.js"></script>
+    <link rel="stylesheet" href="${BASEPATH}/css/style.css?v=${CACHEID}" type="text/css" />
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-core-yc.js"></script>
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-more.js"></script>
     <script>
         'use strict';
 
@@ -23,7 +23,7 @@
                 let completionCount = 0;
                 rules.forEach((rule) => {
                     new Request({
-                        url: 'api/v2/rss/removeRule',
+                        url: '${BASEPATH}/api/v2/rss/removeRule',
                         noCache: true,
                         method: 'post',
                         data: {

diff --git a/src/webui/www/private/download.html b/src/webui/www/private/download.html
@@ -4,17 +4,17 @@
 <head>
     <meta charset="UTF-8" />
     <title>QBT_TR(Add Torrent Links)QBT_TR[CONTEXT=downloadFromURL]</title>
-    <link rel="stylesheet" href="css/style.css?v=${CACHEID}" type="text/css" />
-    <link rel="stylesheet" href="css/Window.css?v=${CACHEID}" type="text/css" />
-    <script src="scripts/lib/mootools-1.2-core-yc.js"></script>
-    <script src="scripts/lib/mootools-1.2-more.js"></script>
-    <script src="scripts/download.js?v=${CACHEID}"></script>
-    <script src="scripts/misc.js?locale=${LANG}&v=${CACHEID}"></script>
+    <link rel="stylesheet" href="${BASEPATH}/css/style.css?v=${CACHEID}" type="text/css" />
+    <link rel="stylesheet" href="${BASEPATH}/css/Window.css?v=${CACHEID}" type="text/css" />
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-core-yc.js"></script>
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-more.js"></script>
+    <script src="${BASEPATH}/scripts/download.js?v=${CACHEID}"></script>
+    <script src="${BASEPATH}/scripts/misc.js?locale=${LANG}&v=${CACHEID}"></script>
 </head>
 
 <body>
     <iframe id="download_frame" name="download_frame" class="invisible" src="about:blank"></iframe>
-    <form action="api/v2/torrents/add" enctype="multipart/form-data" method="post" id="downloadForm" style="text-align: center;" target="download_frame" autocorrect="off" autocapitalize="none">
+    <form action="${BASEPATH}/api/v2/torrents/add" enctype="multipart/form-data" method="post" id="downloadForm" style="text-align: center;" target="download_frame" autocorrect="off" autocapitalize="none">
         <div style="text-align: center;">
             <br />
             <h2 class="vcenter">QBT_TR(Download Torrents from their URLs or Magnet links)QBT_TR[CONTEXT=HttpServer]</h2>

diff --git a/src/webui/www/private/downloadlimit.html b/src/webui/www/private/downloadlimit.html
@@ -1,14 +1,14 @@
-<!DOCTYPE html>
+<!DOCTYPE html>
 <html lang="${LANG}">
 
 <head>
     <meta charset="UTF-8" />
     <title>QBT_TR(Torrent Download Speed Limiting)QBT_TR[CONTEXT=TransferListWidget]</title>
-    <link rel="stylesheet" href="css/style.css?v=${CACHEID}" type="text/css" />
-    <script src="scripts/lib/mootools-1.2-core-yc.js"></script>
-    <script src="scripts/lib/mootools-1.2-more.js"></script>
-    <script src="scripts/lib/mocha-0.9.6-yc.js"></script>
-    <script src="scripts/speedslider.js?v=${CACHEID}"></script>
+    <link rel="stylesheet" href="${BASEPATH}/css/style.css?v=${CACHEID}" type="text/css" />
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-core-yc.js"></script>
+    <script src="${BASEPATH}/scripts/lib/mootools-1.2-more.js"></script>
+    <script src="${BASEPATH}/scripts/lib/mocha-0.9.6-yc.js"></script>
+    <script src="${BASEPATH}/scripts/speedslider.js?v=${CACHEID}"></script>
 </head>
 
 <body>
@@ -29,7 +29,7 @@
                 const limit = $("dllimitUpdatevalue").value.toInt() * 1024;
                 if (hashes[0] == "global") {
                     new Request({
-                        url: 'api/v2/transfer/setDownloadLimit',
+                        url: '${BASEPATH}/api/v2/transfer/setDownloadLimit',
                         method: 'post',
                         data: {
                             'limit': limit
@@ -42,7 +42,7 @@
                 }
                 else {
                     new Request({
-                        url: 'api/v2/torrents/setDownloadLimit',
+                        url: '${BASEPATH}/api/v2/torrents/setDownloadLimit',
                         method: 'post',
                         data: {
                             'hashes': hashes.join('|'),