systemprompt-api 0.13.0

Axum-based HTTP server and API gateway for systemprompt.io AI governance infrastructure. Exposes governed agents, MCP, A2A, and admin endpoints with rate limiting and RBAC.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

//! Request-derived base URL for OAuth discovery responses.
//!
//! RFC 9728 implementations identify themselves coherently from the host the
//! client actually dialled. A single gateway reachable via both `127.0.0.1`
//! and `localhost` must echo whichever the client used in every URL it
//! returns (`issuer`, `authorization_endpoint`, `token_endpoint`, `resource`…),
//! otherwise the client's RFC 8707 `resource` indicator won't round-trip
//! against the configured `api_external_url` origin.
//!
//! [`RequestBaseUrl`] is an axum extractor that resolves
//! `scheme://host[:port]` from the incoming request, validating the host
//! against a small allowlist seeded from `api_external_url`. On allowlist
//! miss or missing/invalid header it falls back to `api_external_url` — the
//! gateway never advertises a hostname an attacker fabricated via Host
//! header injection.

use axum::extract::FromRequestParts;
use http::request::Parts;
use http::{StatusCode, header};
use systemprompt_models::Config;

#[derive(Debug, Clone)]
pub struct RequestBaseUrl {
    base: String,
    origin: url::Origin,
}

impl RequestBaseUrl {
    #[must_use]
    pub fn as_str(&self) -> &str {
        &self.base
    }

    #[must_use]
    pub const fn origin(&self) -> &url::Origin {
        &self.origin
    }

    #[must_use]
    pub fn into_string(self) -> String {
        self.base
    }
}

fn is_loopback_host(host: &str) -> bool {
    let bare = host.split(':').next().unwrap_or(host).to_ascii_lowercase();
    bare == "localhost" || bare == "127.0.0.1" || bare == "[::1]" || bare == "::1"
}

fn host_in_allowlist(candidate_host: &str, configured: &url::Url) -> bool {
    let candidate_bare = candidate_host
        .rsplit_once(':')
        .map_or(candidate_host, |(h, _)| h)
        .to_ascii_lowercase();
    let configured_host = configured.host_str().unwrap_or("").to_ascii_lowercase();

    if candidate_bare == configured_host {
        return true;
    }
    if is_loopback_host(&configured_host) && is_loopback_host(&candidate_bare) {
        return true;
    }
    false
}

fn fallback_from_url(configured: &url::Url) -> RequestBaseUrl {
    let trimmed = configured.as_str().trim_end_matches('/').to_owned();
    RequestBaseUrl {
        base: trimmed,
        origin: configured.origin(),
    }
}

/// Resolve a [`RequestBaseUrl`] from an optional Host header and configured
/// `api_external_url`.
///
/// Exposed for unit testing — production callers use the [`FromRequestParts`]
/// impl which reads both from the request and global config.
#[must_use]
pub fn resolve(raw_host: Option<&str>, configured: &url::Url) -> RequestBaseUrl {
    if let Some(host) = raw_host.map(str::trim).filter(|s| !s.is_empty())
        && let Ok(resolved) = build_from_host(host, configured)
    {
        return resolved;
    }
    fallback_from_url(configured)
}

fn build_from_host(raw_host: &str, configured: &url::Url) -> Result<RequestBaseUrl, &'static str> {
    if raw_host.is_empty() || raw_host.contains('/') || raw_host.contains(' ') {
        return Err("invalid host header");
    }
    if !host_in_allowlist(raw_host, configured) {
        return Err("host not in allowlist");
    }
    let host_bare = raw_host
        .rsplit_once(':')
        .map_or(raw_host, |(h, _)| h)
        .to_ascii_lowercase();
    let scheme = if is_loopback_host(&host_bare) {
        "http"
    } else {
        configured.scheme()
    };
    let base = format!("{scheme}://{raw_host}");
    let parsed = url::Url::parse(&base).map_err(|_e| "host header did not parse as URL")?;
    Ok(RequestBaseUrl {
        base: base.trim_end_matches('/').to_owned(),
        origin: parsed.origin(),
    })
}

impl<S: Send + Sync> FromRequestParts<S> for RequestBaseUrl {
    type Rejection = (StatusCode, String);

    async fn from_request_parts(parts: &mut Parts, _state: &S) -> Result<Self, Self::Rejection> {
        let cfg = Config::get().map_err(|e| {
            tracing::error!(error = %e, "Failed to load config for RequestBaseUrl");
            (
                StatusCode::INTERNAL_SERVER_ERROR,
                "Configuration unavailable".to_owned(),
            )
        })?;
        let configured = url::Url::parse(&cfg.api_external_url).map_err(|e| {
            tracing::error!(
                error = %e,
                api_external_url = %cfg.api_external_url,
                "api_external_url is not a valid URL — bootstrap validation should have caught this"
            );
            (
                StatusCode::INTERNAL_SERVER_ERROR,
                "Configuration invalid".to_owned(),
            )
        })?;

        let raw_host = parts
            .headers
            .get(header::HOST)
            .and_then(|v| v.to_str().ok());
        Ok(resolve(raw_host, &configured))
    }
}