DAW/furt
2
0
Fork 0
Code Issues 11 Pull requests Projects Releases 3 Packages 1 Wiki Activity Actions
furt/src/http_server.lua
michael 8fecb0188c stop(logging): implement structured JSON logging then halt due to YAGNI 
Add comprehensive structured logging system, then stop development:

- Create Logger module with JSON output and configurable log levels
- Implement hash-based request ID generation for request tracing
- Add performance timing and client IP detection to HTTP server
- Enhance startup logging with module loading and configuration checks

STOPPED: Feature violates Low-Tech principles
- 200+ lines logging vs 100 lines business logic (code bloat)
- JSON serialization overhead reduces performance
- No current production need for structured monitoring
- Simple print() statements sufficient for current scale

Branch parked for future consideration when monitoring requirements
actually emerge. Issue #54 deferred to v0.2.x milestone.
2025-09-05 20:31:27 +02:00

339 lines
9.9 KiB
Lua
Raw Blame History

-- src/http_server.lua
-- HTTP Server Core for Furt API-Gateway with Structured Logging
-- Dragons@Work Digital Sovereignty Project
local socket = require("socket")
local found_cjson, cjson = pcall(require, 'cjson')
if not found_cjson then
cjson = require('dkjson')
end
local config = require("config.server")
local Auth = require("src.auth")
local Logger = require("src.logger")
-- HTTP-Server Module
local FurtServer = {}
function FurtServer:new()
local instance = {
server = nil,
port = config.port or 7811,
host = config.host or "127.0.0.1",
routes = {}
}
setmetatable(instance, self)
self.__index = self
return instance
end
-- Add route handler
function FurtServer:add_route(method, path, handler)
if not self.routes[method] then
self.routes[method] = {}
end
self.routes[method][path] = handler
Logger.debug("Route registered", {
method = method,
path = path
})
end
-- Add protected route (requires authentication)
function FurtServer:add_protected_route(method, path, required_permission, handler)
self:add_route(method, path, Auth.create_protected_route(required_permission, handler))
Logger.debug("Protected route registered", {
method = method,
path = path,
permission = required_permission
})
end
-- Parse HTTP request
function FurtServer:parse_request(client)
local request_line = client:receive()
if not request_line then
return nil
end
-- Parse request line: "POST /v1/mail/send HTTP/1.1"
local method, path, protocol = request_line:match("(%w+) (%S+) (%S+)")
if not method then
Logger.warn("Invalid request line", { request_line = request_line })
return nil
end
-- Parse headers
local headers = {}
local content_length = 0
while true do
local line = client:receive()
if not line or line == "" then
break
end
local key, value = line:match("([^:]+): (.+)")
if key and value then
headers[key:lower()] = value
if key:lower() == "content-length" then
content_length = tonumber(value) or 0
end
end
end
-- Parse body
local body = ""
if content_length > 0 then
body = client:receive(content_length)
end
return {
method = method,
path = path,
protocol = protocol,
headers = headers,
body = body,
content_length = content_length
}
end
-- Add CORS headers with configurable origins
function FurtServer:add_cors_headers(request)
local allowed_origins = config.cors and config.cors.allowed_origins or {
"http://localhost:1313",
"http://127.0.0.1:1313",
"https://dragons-at-work.de",
"https://www.dragons-at-work.de"
}
-- Check if request has Origin header
local origin = request and request.headers and request.headers.origin
local cors_origin = "*" -- Default fallback
-- If origin is provided and in allowed list, use it
if origin then
for _, allowed in ipairs(allowed_origins) do
if origin == allowed then
cors_origin = origin
break
end
end
end
return {
["Access-Control-Allow-Origin"] = cors_origin,
["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS",
["Access-Control-Allow-Headers"] = "Content-Type, X-API-Key, Authorization, Accept",
["Access-Control-Max-Age"] = "86400",
["Access-Control-Allow-Credentials"] = "false"
}
end
-- Create HTTP response
function FurtServer:create_response(status, data, content_type, additional_headers, request)
content_type = content_type or "application/json"
local body = ""
if type(data) == "table" then
body = cjson.encode(data)
else
body = tostring(data or "")
end
-- Start with CORS headers
local headers = self:add_cors_headers(request)
-- Add standard headers
headers["Content-Type"] = content_type
headers["Content-Length"] = tostring(#body)
headers["Connection"] = "close"
headers["Server"] = "Furt-Lua/1.1"
-- Add additional headers if provided
if additional_headers then
for key, value in pairs(additional_headers) do
headers[key] = value
end
end
-- Build response
local response = string.format("HTTP/1.1 %d %s\r\n", status, self:get_status_text(status))
for key, value in pairs(headers) do
response = response .. key .. ": " .. value .. "\r\n"
end
response = response .. "\r\n" .. body
return response
end
-- Get HTTP status text
function FurtServer:get_status_text(status)
local status_texts = {
[200] = "OK",
[204] = "No Content",
[400] = "Bad Request",
[401] = "Unauthorized",
[403] = "Forbidden",
[404] = "Not Found",
[405] = "Method Not Allowed",
[429] = "Too Many Requests",
[500] = "Internal Server Error"
}
return status_texts[status] or "Unknown"
end
-- Get client IP address with X-Forwarded-For support
function FurtServer:get_client_ip(client, headers)
-- Check for X-Forwarded-For header (proxy support)
local forwarded_for = headers["x-forwarded-for"]
if forwarded_for then
-- Take first IP in case of multiple proxies
local first_ip = forwarded_for:match("([^,]+)")
if first_ip then
return first_ip:match("^%s*(.-)%s*$") -- trim whitespace
end
end
-- Check for X-Real-IP header
local real_ip = headers["x-real-ip"]
if real_ip then
return real_ip
end
-- Fallback to direct connection
local peer_ip = client:getpeername()
return peer_ip or "unknown"
end
-- Handle client request
function FurtServer:handle_client(client)
-- Generate request ID and start timing
local request_id = Logger.generate_request_id()
local start_time = socket.gettime()
Logger.debug("Request started", {
request_id = request_id
})
local request = self:parse_request(client)
if not request then
local duration_ms = math.floor((socket.gettime() - start_time) * 1000)
local response = self:create_response(400, {error = "Invalid request"}, nil, nil, nil)
client:send(response)
Logger.log_request("INVALID", "unknown", 400, duration_ms, "unknown", request_id)
return
end
-- Get client IP
local client_ip = self:get_client_ip(client, request.headers)
-- Add request_id to request context for handlers
request.request_id = request_id
-- Handle OPTIONS preflight requests (CORS)
if request.method == "OPTIONS" then
local duration_ms = math.floor((socket.gettime() - start_time) * 1000)
local response = self:create_response(204, "", "text/plain", nil, request)
client:send(response)
Logger.log_request("OPTIONS", request.path, 204, duration_ms, client_ip, request_id)
return
end
-- Route handling
local handler = nil
if self.routes[request.method] and self.routes[request.method][request.path] then
handler = self.routes[request.method][request.path]
end
local status = 404
if handler then
local success, result = pcall(handler, request, self)
if success then
client:send(result)
-- Extract status from response (rough parsing)
status = tonumber(result:match("HTTP/1%.1 (%d+)")) or 200
else
Logger.log_error("Handler error", {
request_id = request_id,
method = request.method,
path = request.path,
client_ip = client_ip
}, tostring(result))
status = 500
local error_response = self:create_response(500, {
error = "Internal server error",
request_id = request_id
}, nil, nil, request)
client:send(error_response)
end
else
Logger.debug("Route not found", {
request_id = request_id,
method = request.method,
path = request.path
})
local response = self:create_response(404, {
error = "Route not found",
method = request.method,
path = request.path,
request_id = request_id
}, nil, nil, request)
client:send(response)
end
-- Log completed request with performance metrics
local duration_ms = math.floor((socket.gettime() - start_time) * 1000)
Logger.log_request(request.method, request.path, status, duration_ms, client_ip, request_id)
end
-- Start HTTP server
function FurtServer:start()
self.server = socket.bind(self.host, self.port)
if not self.server then
Logger.error("Failed to bind server", {
host = self.host,
port = self.port
})
error("Failed to bind to " .. self.host .. ":" .. self.port)
end
local HealthRoute = require("src.routes.health")
local version_info = HealthRoute.get_version_info()
-- Structured startup logging
Logger.log_startup(self.host, self.port, version_info)
-- Log configuration details
local rate_limits = config.security and config.security.rate_limits
Logger.log_config_summary({
cors_origins_count = #config.cors.allowed_origins,
rate_limiting_enabled = rate_limits ~= nil,
api_key_max = rate_limits and rate_limits.api_key_max,
ip_max = rate_limits and rate_limits.ip_max,
test_endpoint_enabled = config.security and config.security.enable_test_endpoint,
log_level = Logger.get_log_level()
})
Logger.info("Furt server ready - Press Ctrl+C to stop")
while true do
local client = self.server:accept()
if client then
client:settimeout(10) -- 10 second timeout
self:handle_client(client)
client:close()
end
end
end
return FurtServer
Reference in a new issue View git blame Copy permalink