Implement support for the HAProxy proxy protocol

[quassel.git] / src / common / remotepeer.cpp

diff --git a/src/common/remotepeer.cpp b/src/common/remotepeer.cpp
index 9b02ed2..d234a73 100644 (file)
--- a/src/common/remotepeer.cpp
+++ b/src/common/remotepeer.cpp
@@ -18,9 +18,12 @@
  *   51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.         *
  ***************************************************************************/
 
+#include <utility>
+
+#include <QtEndian>
+
 #include <QHostAddress>
 #include <QTimer>
-#include <QtEndian>
 
 #ifdef HAVE_SSL
 #    include <QSslSocket>
@@ -28,6 +31,7 @@
 #    include <QTcpSocket>
 #endif
 
+#include "proxyline.h"
 #include "remotepeer.h"
 #include "util.h"
 
@@ -41,6 +45,8 @@ RemotePeer::RemotePeer(::AuthHandler* authHandler, QTcpSocket* socket, Compresso
     , _socket(socket)
     , _compressor(new Compressor(socket, level, this))
     , _signalProxy(nullptr)
+    , _proxyLine({})
+    , _useProxyLine(false)
     , _heartBeatTimer(new QTimer(this))
     , _heartBeatCount(0)
     , _lag(0)
@@ -83,24 +89,40 @@ void RemotePeer::onCompressionError(Compressor::Error error)
 
 QString RemotePeer::description() const
 {
-    if (socket())
-        return socket()->peerAddress().toString();
+    return address();
+}
 
-    return QString();
+QHostAddress RemotePeer::hostAddress() const
+{
+    if (_useProxyLine) {
+        return _proxyLine.sourceHost;
+    }
+    else if (socket()) {
+        return socket()->peerAddress();
+    }
+
+    return {};
 }
 
 QString RemotePeer::address() const
 {
-    if (socket())
-        return socket()->peerAddress().toString();
-
-    return QString();
+    QHostAddress address = hostAddress();
+    if (address.isNull()) {
+        return {};
+    }
+    else {
+        return address.toString();
+    }
 }
 
 quint16 RemotePeer::port() const
 {
-    if (socket())
+    if (_useProxyLine) {
+        return _proxyLine.sourcePort;
+    }
+    else if (socket()) {
         return socket()->peerPort();
+    }
 
     return 0;
 }
@@ -170,11 +192,8 @@ bool RemotePeer::isSecure() const
 
 bool RemotePeer::isLocal() const
 {
-    if (socket()) {
-        if (socket()->peerAddress() == QHostAddress::LocalHost || socket()->peerAddress() == QHostAddress::LocalHostIPv6)
-            return true;
-    }
-    return false;
+    return hostAddress() == QHostAddress::LocalHost ||
+           hostAddress() == QHostAddress::LocalHostIPv6;
 }
 
 bool RemotePeer::isOpen() const
@@ -212,7 +231,7 @@ bool RemotePeer::readMessage(QByteArray& msg)
     if (_msgSize == 0) {
         if (_compressor->bytesAvailable() < 4)
             return false;
-        _compressor->read((char*)&_msgSize, 4);
+        _compressor->read((char*) &_msgSize, 4);
         _msgSize = qFromBigEndian<quint32>(_msgSize);
 
         if (_msgSize > maxMessageSize) {
@@ -280,3 +299,21 @@ void RemotePeer::sendHeartBeat()
     dispatch(HeartBeat(QDateTime::currentDateTime().toUTC()));
     ++_heartBeatCount;
 }
+
+void RemotePeer::setProxyLine(ProxyLine proxyLine)
+{
+    _proxyLine = std::move(proxyLine);
+
+    if (socket()) {
+        if (_proxyLine.protocol != QAbstractSocket::UnknownNetworkLayerProtocol) {
+            QList<QString> subnets = Quassel::optionValue("proxy-cidr").split(",");
+            for (const QString& subnet : subnets) {
+                if (socket()->peerAddress().isInSubnet(QHostAddress::parseSubnet(subnet))) {
+                    _useProxyLine = true;
+                    return;
+                }
+            }
+        }
+    }
+    _useProxyLine = false;
+}