fraiseql-server 2.3.0

HTTP server for FraiseQL v2 GraphQL engine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198

//! HTTP server implementation.

use std::sync::Arc;

#[cfg(feature = "arrow")]
use fraiseql_arrow::FraiseQLFlightService;
use fraiseql_core::{
    db::traits::DatabaseAdapter,
    runtime::{Executor, SubscriptionManager},
    security::{AuthMiddleware, OidcValidator},
};
#[cfg(feature = "observers")]
use {
    crate::observers::{ObserverRuntime, ObserverRuntimeConfig},
    tokio::sync::RwLock,
};

#[cfg(feature = "auth")]
use crate::routes::{AuthMeState, AuthPkceState, auth_callback, auth_me, auth_start};
use crate::{
    Result, ServerError,
    middleware::{
        BearerAuthState, OidcAuthState, RateLimiter, bearer_auth_middleware, cors_layer_restricted,
        metrics_middleware, oidc_auth_middleware, require_json_content_type, trace_layer,
    },
    routes::{
        BroadcastState, PlaygroundState, SubscriptionState, api, broadcast_handler,
        graphql_get_handler, graphql_handler, health_handler, introspection_handler,
        metrics_handler, metrics_json_handler, playground_handler, readiness_handler,
        subscription_handler,
    },
    server_config::ServerConfig,
    tls::TlsSetup,
};

mod builder;
mod extensions;
mod initialization;
mod lifecycle;
mod routing;

#[cfg(test)]
mod routing_tests;

#[cfg(test)]
mod tests;

/// FraiseQL HTTP Server.
///
/// `Server<A>` is generic over a `DatabaseAdapter` implementation, which allows
/// swapping database backends and injecting mock adapters in tests.
///
/// # Feature: `observers`
///
/// When compiled with the `observers` Cargo feature, the server mounts observer
/// management and runtime-health API endpoints under `/api/observers`. These
/// endpoints require a live **PostgreSQL** connection pool (`sqlx::PgPool`).
///
/// Pass `Some(pg_pool)` as the `db_pool` argument to [`Server::new`] when the
/// `observers` feature is enabled. Passing `None` causes the observer routes to
/// be skipped at startup (an error is logged) rather than panicking, but the
/// rest of the server continues to function normally.
///
/// The PostgreSQL pool is distinct from the generic `DatabaseAdapter`: the
/// adapter handles application queries, while the pool is used exclusively by
/// the observer subsystem to store and retrieve reactive rule metadata.
pub struct Server<A: DatabaseAdapter> {
    pub(super) config: ServerConfig,
    pub(super) executor: Arc<Executor<A>>,
    pub(super) subscription_manager: Arc<SubscriptionManager>,
    pub(super) subscription_lifecycle: Arc<dyn crate::subscriptions::SubscriptionLifecycle>,
    pub(super) max_subscriptions_per_connection: Option<u32>,
    pub(super) oidc_validator: Option<Arc<OidcValidator>>,
    /// Local HS256 JWT validator (alternative to `oidc_validator`).
    ///
    /// When set, the GraphQL endpoint is protected by shared-secret JWT
    /// validation instead of OIDC. Intended for integration testing and
    /// internal service-to-service auth.
    pub(super) hs256_auth: Option<Arc<AuthMiddleware>>,
    pub(super) rate_limiter: Option<Arc<RateLimiter>>,
    #[cfg(feature = "secrets")]
    pub(super) secrets_manager: Option<Arc<crate::secrets_manager::SecretsManager>>,
    #[cfg(feature = "federation")]
    pub(super) circuit_breaker:
        Option<Arc<crate::federation::circuit_breaker::FederationCircuitBreakerManager>>,
    pub(super) error_sanitizer: Arc<crate::config::error_sanitization::ErrorSanitizer>,
    #[cfg(feature = "auth")]
    pub(super) state_encryption: Option<Arc<crate::auth::state_encryption::StateEncryptionService>>,
    #[cfg(feature = "auth")]
    pub(super) pkce_store: Option<Arc<crate::auth::PkceStateStore>>,
    #[cfg(feature = "auth")]
    pub(super) oidc_server_client: Option<Arc<crate::auth::OidcServerClient>>,
    /// Unified social login provider registry.
    ///
    /// When `Some`, the server mounts `GET /auth/v1/authorize` and uses the
    /// registry to look up `OAuth` providers by name.  Set via
    /// [`Server::with_social_login`].
    #[cfg(feature = "auth")]
    pub(super) social_login: Option<Arc<crate::auth::social::SocialLoginState>>,
    /// Anonymous session signup state.
    ///
    /// When `Some`, mounts `POST /auth/v1/signup`.  Set via [`Server::with_anon_signup`].
    #[cfg(feature = "auth")]
    pub(super) anon_signup_state: Option<Arc<crate::auth::AnonSignupState>>,
    /// `TOTP` `MFA` route state.
    ///
    /// When `Some`, the server mounts the four `MFA` endpoints under
    /// `/auth/v1/mfa/`.  Set via [`Server::with_mfa`].
    #[cfg(feature = "auth")]
    pub(super) mfa_state: Option<Arc<crate::auth::MfaRouteState>>,
    pub(super) api_key_authenticator: Option<Arc<crate::api_key::ApiKeyAuthenticator>>,
    // Reason: only read inside #[cfg(feature = "auth")] blocks in routing.rs
    #[allow(dead_code)] // Reason: field kept for API completeness; may be used in future features
    pub(super) revocation_manager: Option<Arc<crate::token_revocation::TokenRevocationManager>>,
    pub(super) apq_store: Option<fraiseql_core::apq::ArcApqStorage>,
    pub(super) trusted_docs: Option<Arc<crate::trusted_documents::TrustedDocumentStore>>,

    #[cfg(feature = "observers")]
    pub(super) observer_runtime: Option<Arc<RwLock<ObserverRuntime>>>,

    #[cfg(feature = "observers")]
    pub(super) db_pool: Option<sqlx::PgPool>,

    /// PostgreSQL pool for claims enrichment queries (independent of observers).
    #[cfg(feature = "auth")]
    #[allow(dead_code)] // Reason: read by enrichment routing code (ported in sub-phase 4e)
    pub(super) enrichment_pool: Option<sqlx::PgPool>,

    #[cfg(feature = "arrow")]
    pub(super) flight_service: Option<FraiseQLFlightService>,

    #[cfg(feature = "mcp")]
    pub(super) mcp_config: Option<fraiseql_core::schema::McpConfig>,

    /// Pre-built storage state for mounting storage routes.
    ///
    /// Populated during server construction when `[storage]` is configured and
    /// a PostgreSQL pool is available for metadata tracking.
    pub(super) storage_state: Option<fraiseql_storage::StorageState>,

    /// Pre-built realtime state for mounting the `WebSocket` endpoint.
    ///
    /// When `Some`, `build_base_router` merges `realtime_router(state)` at
    /// `/realtime/v1`. Set via [`Server::with_realtime`].
    pub(super) realtime_state: Option<crate::realtime::server::RealtimeState>,

    /// Pool pressure monitoring configuration (loaded from `[pool_tuning]` in `fraiseql.toml`).
    pub(super) pool_tuning_config: Option<crate::config::pool_tuning::PoolPressureMonitorConfig>,

    /// Whether the adapter-level query result cache (`CachedDatabaseAdapter`) is active.
    ///
    /// Set to `true` when `ServerConfig::cache_enabled = true` and the server was built
    /// with `Server::new` or `Server::with_relay_pagination`.
    pub(super) adapter_cache_enabled: bool,

    /// Broadcast channel manager for ephemeral realtime pub/sub.
    pub(super) broadcast_manager: Option<Arc<crate::subscriptions::BroadcastManager>>,

    /// Presence manager for room-based member tracking.
    pub(super) presence_manager: Option<Arc<crate::subscriptions::PresenceManager>>,

    /// Object storage backend for the `/storage/v1/` routes.
    ///
    /// Set via [`Server::with_storage`]. When `None`, storage routes are not mounted.
    pub(super) storage_backend:          Option<Arc<dyn crate::storage::StorageBackend>>,
    /// Maximum allowed upload size for the storage backend (bytes).
    ///
    /// Defaults to 100 `MiB`. Applied as a per-request body limit on upload routes.
    pub(super) storage_max_upload_bytes: usize,

    /// Function deployment store for the `/functions/v1/` routes.
    ///
    /// Set via [`Server::with_functions`]. When `None`, function routes are not mounted.
    #[cfg(feature = "functions")]
    pub(super) function_store: Option<Arc<dyn fraiseql_functions::FunctionStore>>,

    /// Function execution runtime for the `/functions/v1/` routes.
    ///
    /// Set via [`Server::with_functions`]. When `None`, function routes are not mounted.
    #[cfg(feature = "functions")]
    pub(super) function_runtime: Option<Arc<dyn fraiseql_functions::runtime::SendFunctionRuntime>>,

    /// Shared usage aggregator — written by [`MutationAuditLayer`] and read by
    /// the `GET /api/v1/admin/usage` endpoint via [`AppState::usage`].
    ///
    /// [`MutationAuditLayer`]: crate::usage::layer::MutationAuditLayer
    /// [`AppState::usage`]: crate::routes::graphql::AppState::usage
    pub(super) usage: Arc<crate::usage::aggregator::UsageAggregator>,

    /// Background lifecycle tasks owned by the server.
    ///
    /// Long-running tasks spawned during server construction or `serve_with_shutdown`
    /// (e.g. SIGUSR1 schema reload, PKCE state cleanup, trusted-documents manifest
    /// reload, usage persistence flush, Arrow Flight gRPC server) are tracked on
    /// this [`tokio::task::JoinSet`]. On graceful shutdown the server aborts and
    /// awaits the set so per-process state is not abandoned mid-flight.
    pub(super) tasks: tokio::task::JoinSet<()>,
}