dynoxide-rs 0.11.0

A lightweight, embeddable DynamoDB emulator backed by SQLite
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

//! MCP (Model Context Protocol) server for Dynoxide.
//!
//! Exposes DynamoDB operations as MCP tools, allowing coding agents to
//! interact with the local DynamoDB emulator through structured tool calls.

mod auth;
mod errors;
mod server;

pub use auth::{
    AuthError, AuthMode, ResolvedAuth, first_run_message, is_loopback_host, resolve_auth,
};
pub use server::{McpConfig, McpServer};

use crate::Database;
use std::sync::Arc;

/// Start the MCP server over stdio transport.
///
/// This blocks until the client disconnects. All logging goes to stderr;
/// stdout is reserved for the JSON-RPC transport.
pub async fn serve_stdio(
    db: Database,
    config: McpConfig,
) -> Result<(), Box<dyn std::error::Error>> {
    use rmcp::{ServiceExt, transport::stdio};

    let server = McpServer::with_config(Arc::new(db), config)
        .serve(stdio())
        .await
        .map_err(|e| format!("MCP server error: {e}"))?;

    server.waiting().await?;
    Ok(())
}

/// Transport-level options for the MCP HTTP server.
///
/// Distinct from [`McpConfig`], which is per-session server behaviour cloned
/// into every connection. These are resolved once at startup: where to bind,
/// the bearer-token auth mode, and any operator-added `Host`/`Origin` allowlist
/// entries beyond loopback.
#[derive(Clone, Debug)]
pub struct HttpOptions {
    pub host: String,
    pub port: u16,
    pub auth: AuthMode,
    /// Extra hosts to accept beyond the loopback default. Each entry also adds
    /// a matching `http://<host>` origin. Empty preserves loopback-only.
    pub extra_allowed_hosts: Vec<String>,
}

/// Wrap a bare IPv6 literal in brackets for a URL authority. Leaves IPv4,
/// hostnames, and already-bracketed literals untouched.
fn bracket_ipv6(host: &str) -> String {
    if host.contains(':') && !host.starts_with('[') {
        format!("[{host}]")
    } else {
        host.to_string()
    }
}

/// Format a `host:port` bind address, bracketing bare IPv6 literals.
fn format_bind_addr(host: &str, port: u16) -> String {
    format!("{}:{}", bracket_ipv6(host), port)
}

/// Start the MCP server over Streamable HTTP transport.
///
/// Binds to `opts.host:opts.port` and serves MCP at `/mcp`, behind the
/// bearer-token auth layer.
pub async fn serve_http(
    db: Database,
    opts: HttpOptions,
    config: McpConfig,
) -> Result<(), Box<dyn std::error::Error>> {
    serve_http_with_shutdown(db, opts, config, None).await
}

/// Start the MCP server over Streamable HTTP with an external shutdown signal.
pub async fn serve_http_with_shutdown(
    db: Database,
    opts: HttpOptions,
    config: McpConfig,
    shutdown: Option<tokio_util::sync::CancellationToken>,
) -> Result<(), Box<dyn std::error::Error>> {
    use rmcp::transport::streamable_http_server::{
        StreamableHttpServerConfig, StreamableHttpService, session::local::LocalSessionManager,
    };

    let ct = shutdown.unwrap_or_default();
    let db = Arc::new(db);

    // Loopback defaults, plus any operator-added hosts (for non-loopback binds
    // reached by name). Each added host gets a matching http:// origin.
    let mut allowed_hosts: Vec<String> = vec!["localhost".into(), "127.0.0.1".into(), "::1".into()];
    let mut allowed_origins: Vec<String> =
        vec!["http://localhost".into(), "http://127.0.0.1".into()];
    for host in &opts.extra_allowed_hosts {
        allowed_hosts.push(host.clone());
        allowed_origins.push(format!("http://{}", bracket_ipv6(host)));
    }

    // load-bearing: rmcp's config struct is #[non_exhaustive], so struct-literal
    // init does not compile. Keep the field-reassign block.
    #[allow(clippy::field_reassign_with_default)]
    let http_config = {
        let mut c = StreamableHttpServerConfig::default();
        c.stateful_mode = false;
        c.json_response = true;
        c.sse_keep_alive = None;
        c.cancellation_token = ct.clone();
        // Explicit DNS rebinding defences. Stating the lists protects against an
        // rmcp default flip. Native clients pass because rmcp skips Origin
        // validation when the header is absent (rmcp 1.6.0 tower.rs:385-387).
        // Bearer-token auth (the .layer below) is the primary control once the
        // bind widens; this allowlist is defense-in-depth for browser origins.
        c.allowed_hosts = allowed_hosts;
        c.allowed_origins = allowed_origins;
        c
    };

    let service: StreamableHttpService<McpServer, LocalSessionManager> = StreamableHttpService::new(
        {
            let db = db.clone();
            let config = config.clone();
            move || Ok(McpServer::with_config(db.clone(), config.clone()))
        },
        Default::default(),
        http_config,
    );

    // Auth runs outside rmcp's Host/Origin checks: unauthenticated callers get
    // 401 regardless of Host; a token holder spoofing Host still hits 403.
    let router = axum::Router::new().nest_service("/mcp", service).layer(
        axum::middleware::from_fn_with_state(opts.auth.clone(), auth::enforce),
    );
    let addr = format_bind_addr(&opts.host, opts.port);
    let listener = tokio::net::TcpListener::bind(&addr).await?;
    let local_addr = listener.local_addr()?;

    eprintln!("MCP HTTP server listening on http://{local_addr}/mcp");

    // Don't use with_graceful_shutdown for the MCP transport: persistent
    // Streamable-HTTP sessions held open by MCP clients (Claude Code, Cursor,
    // etc.) don't close on their own, so the drain phase can hang
    // indefinitely. Race the cancellation against the serve future and drop
    // the serve future on cancel; the listener closes, this function returns,
    // and the surrounding tokio::join! in main.rs proceeds so the process
    // exits.
    use std::future::IntoFuture;
    let serve_fut = axum::serve(listener, router).into_future();
    tokio::select! {
        res = serve_fut => res?,
        _ = ct.cancelled_owned() => {}
    }

    Ok(())
}