From 391f1a23467203df0c041b60dafecb3bea995570 Mon Sep 17 00:00:00 2001
From: binhex <megalith01@gmail.com>
Date: Sat, 10 Nov 2018 19:43:18 +0000
Subject: [PATCH] use api, req priv, force options set

---
 README.md                                     |  6 +-
 build/qbittorrent.conf                        |  7 --
 .../qbittorrent/config/qbittorrent.conf       | 12 +--
 run/nobody/qbittorrent.sh                     | 99 +++++++------------
 run/nobody/watchdog.sh                        |  8 +-
 5 files changed, 53 insertions(+), 79 deletions(-)

diff --git a/README.md b/README.md
index 90743c5..651f406 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ Latest stable Privoxy release from Arch Linux repo.
 **Usage**
 ```
 docker run -d \
-    --cap-add=NET_ADMIN \
+    --privileged=true \
     -p 6881:6881 \
     -p 6881:6881/udp \
     -p 8080:8080 \
@@ -59,7 +59,7 @@ Password:- adminadmin
 **PIA example**
 ```
 docker run -d \
-    --cap-add=NET_ADMIN \
+    --privileged=true \
     -p 6881:6881 \
     -p 6881:6881/udp \
     -p 8080:8080 \
@@ -106,7 +106,7 @@ port_random = no
 **AirVPN example**
 ```
 docker run -d \
-    --cap-add=NET_ADMIN \
+    --privileged=true \
     -p 6881:6881 \
     -p 6881:6881/udp \
     -p 8080:8080 \
diff --git a/build/qbittorrent.conf b/build/qbittorrent.conf
index 754c841..be9a8f6 100644
--- a/build/qbittorrent.conf
+++ b/build/qbittorrent.conf
@@ -12,13 +12,6 @@ user = nobody
 command = /home/nobody/watchdog.sh
 umask = 000
 
-[program:qbittorrent-script]
-autorestart = false
-startsecs = 0
-user = nobody
-command = /home/nobody/qbittorrent.sh
-umask = 000
-
 [program:privoxy-script]
 autorestart = false
 startsecs = 0
diff --git a/config/nobody/qbittorrent/config/qbittorrent.conf b/config/nobody/qbittorrent/config/qbittorrent.conf
index b8b6a4c..bc6aa54 100644
--- a/config/nobody/qbittorrent/config/qbittorrent.conf
+++ b/config/nobody/qbittorrent/config/qbittorrent.conf
@@ -2,14 +2,12 @@
 enabled=false
 program=
 
-[LegalNotice]
-Accepted=true
-
 [Preferences]
-Connection\UPnP=false
 Connection\PortRangeMin=6881
-Downloads\SavePath=/data/
-Downloads\ScanDirsV2=@Variant(\0\0\0\x1c\0\0\0\0)
-Downloads\TempPath=/data/incomplete/
+Connection\UPnP=false
+General\UseRandomPort=false
+WebUI\CSRFProtection=false
+WebUI\LocalHostAuth=true
+WebUI\UseUPnP=false
 WebUI\Address=*
 WebUI\ServerDomains=*
\ No newline at end of file
diff --git a/run/nobody/qbittorrent.sh b/run/nobody/qbittorrent.sh
index 1a2b26e..1934fd4 100644
--- a/run/nobody/qbittorrent.sh
+++ b/run/nobody/qbittorrent.sh
@@ -1,91 +1,68 @@
 #!/bin/bash
 
-# kill qbittorrent (required due to the fact qbittorrent cannot cope with dynamic changes to port)
+# change incoming port using the qbittorrent api - note this requires anonymous authentication via webui
+# option 'Bypass authentication for clients on localhost'
 if [[ "${qbittorrent_running}" == "true" ]]; then
 
-	# note its not currently possible to change port and/or ip address whilst running, thus the sigterm
-	echo "[info] Sending SIGTERM (-15) to 'qbittorrent-nox' (will terminate qbittorrent) due to port/ip change..."
-
-	# SIGTERM used here as SIGINT does not kill the process
-	pkill -SIGTERM "qbittorrent-nox"
-
-	# make sure 'qbittorrent-nox' process DOESNT exist before re-starting
-	while pgrep -x "qbittorrent-nox" &> /dev/null
-	do
-
-		sleep 0.5s
-
-	done
-
-fi
-
-echo "[info] Removing session lock file (if it exists)..."
-rm -f /config/qBittorrent/data/BT_backup/session.lock
-
-echo "[info] Attempting to start qBittorrent..."
-
-if [[ "${VPN_ENABLED}" == "yes" ]]; then
-
 	if [[ "${VPN_PROV}" == "pia" && -n "${VPN_INCOMING_PORT}" ]]; then
 
-		# run qBittorrent (daemonized, non-blocking), specifying listening interface and port
-		/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume
-
-		# set qbittorrent port to current vpn port (used when checking for changes on next run)
-		qbittorrent_port="${VPN_INCOMING_PORT}"
-
-	else
-
-		# run qBittorrent (daemonized, non-blocking), specifying listening interface
-		/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume
+		curl -i -X POST -d "json=%7B%22listen_port%22%3A${VPN_INCOMING_PORT}%7D" "http://localhost:${WEBUI_PORT}/command/setPreferences"
 
 	fi
 
-	# set qbittorrent ip to current vpn ip (used when checking for changes on next run)
-	qbittorrent_ip="${vpn_ip}"
-
 else
 
-	# run tmux attached to qBittorrent (daemonized, non-blocking)
+	echo "[info] Removing session lock file (if it exists)..."
+	rm -f /config/qBittorrent/data/BT_backup/session.lock
+
+	echo "[info] Attempting to start qBittorrent..."
+
+	# run qBittorrent (daemonized, non-blocking) - note qbittorrent requires docker privileged flag
 	/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume
 
-fi
+	# make sure process qbittorrent-nox DOES exist
+	retry_count=30
+	while true; do
 
-# make sure process qbittorrent DOES exist
-retry_count=30
-while true; do
+		if ! pgrep -x "qbittorrent-nox" > /dev/null; then
 
-	if ! pgrep -x "qbittorrent-nox" > /dev/null; then
+			retry_count=$((retry_count-1))
+			if [ "${retry_count}" -eq "0" ]; then
 
-		retry_count=$((retry_count-1))
-		if [ "${retry_count}" -eq "0" ]; then
+				echo "[warn] Wait for qBittorrent process to start aborted"
+				break
 
-			echo "[warn] Wait for qBittorrent process to start aborted"
-			break
+			else
 
-		else
+				if [[ "${DEBUG}" == "true" ]]; then
+					echo "[debug] Waiting for qBittorrent process to start..."
+				fi
+
+				sleep 1s
 
-			if [[ "${DEBUG}" == "true" ]]; then
-				echo "[debug] Waiting for qBittorrent process to start..."
 			fi
 
-			sleep 1s
+		else
+
+			echo "[info] qBittorrent process started"
+			break
 
 		fi
 
-	else
+	done
 
-		echo "[info] qBittorrent process started"
-		break
+	echo "[info] Waiting for qBittorrent process to start listening on port ${WEBUI_PORT}..."
 
-	fi
+	while [[ $(netstat -lnt | awk "\$6 == \"LISTEN\" && \$4 ~ \".${WEBUI_PORT}\"") == "" ]]; do
+		sleep 0.1
+	done
 
-done
+	# change incoming port using the qbittorrent api - note this requires anonymous authentication via webui
+	# option 'Bypass authentication for clients on localhost'
+	if [[ "${VPN_PROV}" == "pia" && -n "${VPN_INCOMING_PORT}" ]]; then
 
-echo "[info] Waiting for qBittorrent process to start listening on port ${WEBUI_PORT}..."
+		curl -i -X POST -d "json=%7B%22listen_port%22%3A${VPN_INCOMING_PORT}%7D" "http://localhost:${WEBUI_PORT}/command/setPreferences"
 
-while [[ $(netstat -lnt | awk "\$6 == \"LISTEN\" && \$4 ~ \".${WEBUI_PORT}\"") == "" ]]; do
-	sleep 0.1
-done
+	fi
 
-echo "[info] qBittorrent process listening"
+fi
diff --git a/run/nobody/watchdog.sh b/run/nobody/watchdog.sh
index cb25d1c..d0b8df4 100644
--- a/run/nobody/watchdog.sh
+++ b/run/nobody/watchdog.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # define destination file path for qbittorrent config file
-qbittorrent_config="/config/qBittorrent/config/qbittorrent.conf"
+qbittorrent_config="/config/qBittorrent/config/qBittorrent.conf"
 
 # if qbittorrent config file doesnt exist then copy default to host config volume
 if [[ ! -f "${qbittorrent_config}" ]]; then
@@ -37,6 +37,12 @@ while true; do
 
 	if [[ "${VPN_ENABLED}" == "yes" ]]; then
 
+		# forcibly set allow anonymous access from localhost to api (used to change incoming port)
+		sed -i "s~^WebUI\LocalHostAuth=.*~WebUI\LocalHostAuth=true~g" "${qbittorrent_config}"
+
+		# forcibly set random incoming port to false
+		sed -i "s~^General\UseRandomPort=.*~General\UseRandomPort=false~g" "${qbittorrent_config}"
+
 		# run script to check ip is valid for tunnel device (will block until valid)
 		source /home/nobody/getvpnip.sh