Details
-
Suggestion
-
Resolution: Fixed
-
P2: Important
-
6.6.0
-
None
-
5
-
4a8cd5529 (dev)
-
Foundation PM Staging
Description
Current QHttpServer interface support mutual TLS authentication but authorization is not possible. In order to make it possible QHttpServerRequest should be extended with method following.
Q_HTTPSERVER_EXPORT QSslConfiguration sslConfiguration() const;
This way then peers certificate subject can be retrieved and authenticated client can be authorized. Below is an example of how it could work.
pHttpServer->route("/upload/<arg>", QHttpServerRequest::Method::Put, [](const QString &fileName, const QHttpServerRequest &req) { QString commonName = req.sslConfiguration().peerCertificate().subjectDisplayName().split("CN=").last().split(",").first(); if (!authorizeAccount(commonName)) { return QHttpServerResponse("Unauthorized"); } return QtConcurrent::run([] (const QString &fileName) { storeFile(fileName); return QHttpServerResponse("File stored"); } });