forked from 0xeb/fastmcpp
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhttp_server.cpp
More file actions
166 lines (146 loc) · 5.45 KB
/
http_server.cpp
File metadata and controls
166 lines (146 loc) · 5.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#include "fastmcpp/server/http_server.hpp"
#include "fastmcpp/exceptions.hpp"
#include "fastmcpp/util/json.hpp"
#include <httplib.h>
namespace fastmcpp::server
{
HttpServerWrapper::HttpServerWrapper(std::shared_ptr<Server> core, std::string host, int port,
std::string auth_token, std::string cors_origin)
: core_(std::move(core)), host_(std::move(host)), requested_port_(port),
auth_token_(std::move(auth_token)), cors_origin_(std::move(cors_origin))
{
}
HttpServerWrapper::~HttpServerWrapper()
{
stop();
}
std::optional<int> HttpServerWrapper::port() const
{
const int bound_port = bound_port_.load();
if (bound_port > 0)
return bound_port;
else
return std::nullopt;
}
bool HttpServerWrapper::check_auth(const std::string& auth_header) const
{
// If no auth token configured, allow all requests
if (auth_token_.empty())
return true;
// Check for "Bearer <token>" format
if (auth_header.find("Bearer ") != 0)
return false;
std::string provided_token = auth_header.substr(7); // Skip "Bearer "
return provided_token == auth_token_;
}
bool HttpServerWrapper::start()
{
// Idempotent start: return false if already running
if (running_)
return false;
bound_port_.store(0); // Reset the bound port's value.
svr_ = std::make_unique<httplib::Server>();
// Security: Set payload and timeout limits to prevent DoS
svr_->set_payload_max_length(10 * 1024 * 1024); // 10MB max payload
svr_->set_read_timeout(30, 0); // 30 second read timeout
svr_->set_write_timeout(30, 0); // 30 second write timeout
// Generic POST: /<route>
svr_->Post(R"(/(.*))",
[this](const httplib::Request& req, httplib::Response& res)
{
// Security: Check authentication if configured
if (!auth_token_.empty())
{
auto auth_it = req.headers.find("Authorization");
if (auth_it == req.headers.end() || !check_auth(auth_it->second))
{
res.status = 401;
res.set_content("{\"error\":\"Unauthorized\"}", "application/json");
return;
}
}
// Security: Only set CORS header if explicitly configured
if (!cors_origin_.empty())
res.set_header("Access-Control-Allow-Origin", cors_origin_);
try
{
auto route = req.matches[1].str();
auto payload = fastmcpp::util::json::parse(req.body);
auto out = core_->handle(route, payload);
res.set_content(out.dump(), "application/json");
res.status = 200;
}
catch (const fastmcpp::NotFoundError& e)
{
res.status = 404;
res.set_content(std::string("{\"error\":\"") + e.what() + "\"}",
"application/json");
}
catch (const std::exception& e)
{
res.status = 500;
res.set_content(std::string("{\"error\":\"") + e.what() + "\"}",
"application/json");
}
});
running_ = true;
thread_ = std::thread(
[this]()
{
if (requested_port_ == 0) // Request any available port from the operating system.
{
const int bound_port = svr_->bind_to_any_port(host_.c_str());
if (bound_port != -1) // Returns -1 if some error occured.
{
bound_port_.store(bound_port);
svr_->listen_after_bind();
}
}
else
{
const bool success = svr_->bind_to_port(host_.c_str(), requested_port_);
if (success)
{
bound_port_.store(requested_port_);
svr_->listen_after_bind();
}
}
running_ = false;
});
// Wait for server to be ready by probing a safe GET endpoint.
// HttpServerWrapper only defines POST routes, so GET / should return 404 once bound.
for (int attempt = 0; attempt < 20; ++attempt)
{
if (running_)
{
if (const std::optional bound_port = port())
{
httplib::Client probe(host_.c_str(), *bound_port);
probe.set_connection_timeout(std::chrono::seconds(2));
probe.set_read_timeout(std::chrono::seconds(2));
auto res = probe.Get("/");
if (res)
return true;
}
std::this_thread::sleep_for(std::chrono::milliseconds(50));
}
else
{
stop();
return false; // thread_ signalled failure.
}
}
return true;
}
void HttpServerWrapper::stop()
{
// Always attempt a graceful shutdown; safe to call multiple times
if (svr_)
svr_->stop();
if (thread_.joinable())
thread_.join();
running_ = false;
svr_.reset();
bound_port_.store(0); // Reset the bound port's value.
}
} // namespace fastmcpp::server