# Refactor HTTP control plane to structured server
## Summary
Refactor `src/http.rs` to a structured HTTP server (recommended: `axum` + `serde_json`) with typed JSON and consistent error handling.
## Status (2026-02-03)
- [x] Implementation: `src/http.rs` uses axum with typed JSON, consistent error responses, and structured routing.
- [x] Endpoints preserved (`/reset`, `/inject`, `/users`, `/messages`, `DELETE /messages`) and expanded.
- [x] Optional bearer auth via `ELEKTROMAIL_HTTP_TOKEN` enforced by middleware.
- [x] Tests: `tests/http_control_plane.rs` and `tests/http_admin_api.rs` cover JSON errors and auth.
- [ ] Tests: add an explicit 405 method-not-allowed case.
- [x] Docs: `README.md` HTTP Control Plane section updated.
## Motivation
The current TCP parser is brittle and makes it hard to safely add the GreenMail admin API features, auth, and OpenAPI docs.
## Scope
- Replace manual parsing with a router-based server.
- Preserve existing endpoints and semantics: `POST /reset`, `POST /inject`, `GET /users`, `GET /messages`, `DELETE /messages`.
- Add consistent JSON error responses and proper status codes.
- Add optional bearer auth via `ELEKTROMAIL_HTTP_TOKEN` or config.
## Acceptance Criteria
- `tests/http_control_plane.rs` passes with minimal changes.
- Malformed JSON returns 400.
- Unsupported methods return 405.
- If `ELEKTROMAIL_HTTP_TOKEN` is set, missing or wrong bearer token returns 401.
## Tests
- Extend `tests/http_control_plane.rs` with JSON/method/error cases.
- Add a small auth enforcement test if token is set.
## Implementation Notes
- Prefer a new module (for example `src/http_api.rs`) that returns `impl IntoResponse`.
- Avoid blocking calls inside request handlers.
## Docs
- Update `README.md` HTTP Control Plane section to mention auth token and new stack.