synapse_sdk/

http_server.rs

//! HTTP/HTTPS server for service RPC endpoints
//!
//! Supports both plain HTTP (for development) and mTLS (for production).

use anyhow::Result;
use bytes::Bytes;
use http_body_util::{BodyExt, Full};
use hyper::{Method, Request, Response, StatusCode, server::conn::http1, service::service_fn};
use std::{net::SocketAddr, path::Path, sync::Arc};
use synapse_rpc::{
    ParsedMessage, RpcServer,
    codec::{ContentType, decode_message},
    create_health_response, create_rpc_response, parse_message,
};
use tokio::net::TcpListener;
use tokio_rustls::TlsAcceptor;
use tracing::{debug, error, info, warn};

/// Health check provider for the HTTP server
pub type HealthProvider = Arc<dyn Fn() -> synapse_proto::HealthResponse + Send + Sync>;

/// HTTP/HTTPS server for handling RPC requests
pub struct HttpRpcServer {
    rpc_server: Arc<RpcServer>,
    bind_addr: SocketAddr,
    tls_acceptor: Option<TlsAcceptor>,
    health_provider: Option<HealthProvider>,
}

impl HttpRpcServer {
    /// Create a new plain HTTP RPC server (no TLS)
    pub fn new(rpc_server: Arc<RpcServer>, bind_addr: SocketAddr) -> Self {
        Self {
            rpc_server,
            bind_addr,
            tls_acceptor: None,
            health_provider: None,
        }
    }

    /// Create a new mTLS RPC server with a pre-built TLS acceptor
    pub fn with_acceptor(
        rpc_server: Arc<RpcServer>,
        bind_addr: SocketAddr,
        tls_acceptor: TlsAcceptor,
    ) -> Self {
        Self {
            rpc_server,
            bind_addr,
            tls_acceptor: Some(tls_acceptor),
            health_provider: None,
        }
    }

    /// Create a new mTLS RPC server from file paths
    ///
    /// # Arguments
    /// * `rpc_server` - The RPC server to handle requests
    /// * `bind_addr` - Address to bind to
    /// * `cert_path` - Path to server certificate PEM file
    /// * `key_path` - Path to server private key PEM file
    /// * `ca_cert_path` - Path to CA certificate for client verification
    pub fn with_mtls<P: AsRef<Path>>(
        rpc_server: Arc<RpcServer>,
        bind_addr: SocketAddr,
        cert_path: P,
        key_path: P,
        ca_cert_path: P,
    ) -> Result<Self> {
        let tls_acceptor =
            synapse_mtls::server::build_mtls_acceptor(&cert_path, &key_path, &ca_cert_path)?;

        Ok(Self {
            rpc_server,
            bind_addr,
            tls_acceptor: Some(tls_acceptor),
            health_provider: None,
        })
    }

    /// Set a health provider function that returns HealthResponse
    pub fn with_health_provider(mut self, provider: HealthProvider) -> Self {
        self.health_provider = Some(provider);
        self
    }

    /// Start the server (HTTP or HTTPS depending on configuration)
    pub async fn serve(self: Arc<Self>) -> Result<()> {
        let listener = TcpListener::bind(&self.bind_addr).await?;

        if self.tls_acceptor.is_some() {
            info!("HTTPS (mTLS) RPC server listening on {}", self.bind_addr);
        } else {
            info!("HTTP RPC server listening on {}", self.bind_addr);
            warn!("Running without TLS - use with_mtls() for production");
        }

        loop {
            let (stream, peer_addr) = listener.accept().await?;
            let self_clone = Arc::clone(&self);

            tokio::spawn(async move {
                if let Some(ref tls_acceptor) = self_clone.tls_acceptor {
                    // mTLS connection
                    match tls_acceptor.accept(stream).await {
                        Ok(tls_stream) => {
                            let io = hyper_util::rt::TokioIo::new(tls_stream);
                            let service = service_fn(move |req| {
                                let self_clone = Arc::clone(&self_clone);
                                async move { self_clone.handle_request(req).await }
                            });

                            if let Err(err) =
                                http1::Builder::new().serve_connection(io, service).await
                            {
                                error!("Error serving TLS connection from {}: {}", peer_addr, err);
                            }
                        }
                        Err(e) => {
                            warn!("TLS handshake failed from {}: {}", peer_addr, e);
                        }
                    }
                } else {
                    // Plain HTTP connection
                    let io = hyper_util::rt::TokioIo::new(stream);
                    let service = service_fn(move |req| {
                        let self_clone = Arc::clone(&self_clone);
                        async move { self_clone.handle_request(req).await }
                    });

                    if let Err(err) = http1::Builder::new().serve_connection(io, service).await {
                        error!("Error serving connection from {}: {}", peer_addr, err);
                    }
                }
            });
        }
    }

    /// Detect content type from header
    fn detect_content_type(header: Option<&str>) -> ContentType {
        match header {
            Some(h) if h.contains("application/json") => ContentType::Json,
            Some(h) if h.contains("application/protobuf") => ContentType::Protobuf,
            Some(h) if h.contains("application/x-protobuf") => ContentType::Protobuf,
            _ => ContentType::Json,
        }
    }

    /// Build a simple response, logging on the (unlikely) builder failure
    fn build_response(status: StatusCode, body: impl Into<Bytes>) -> Result<Response<Full<Bytes>>> {
        Response::builder()
            .status(status)
            .body(Full::new(body.into()))
            .map_err(|e| anyhow::anyhow!("Failed to build response: {}", e))
    }

    /// Build a response with headers
    fn build_response_with_headers(
        status: StatusCode,
        headers: &[(&str, &str)],
        body: impl Into<Bytes>,
    ) -> Result<Response<Full<Bytes>>> {
        let mut builder = Response::builder().status(status);
        for (name, value) in headers {
            builder = builder.header(*name, *value);
        }
        builder
            .body(Full::new(body.into()))
            .map_err(|e| anyhow::anyhow!("Failed to build response: {}", e))
    }

    /// Handle an HTTP request (RPC or health pull)
    async fn handle_request(
        &self,
        req: Request<hyper::body::Incoming>,
    ) -> Result<Response<Full<Bytes>>> {
        // Only accept POST
        if req.method() != Method::POST {
            return Self::build_response_with_headers(
                StatusCode::METHOD_NOT_ALLOWED,
                &[("Allow", "POST")],
                "Method not allowed",
            );
        }

        // Get content type
        let content_type_header = req
            .headers()
            .get("content-type")
            .and_then(|v| v.to_str().ok());

        let content_type = Self::detect_content_type(content_type_header);

        debug!("Received request: content_type={:?}", content_type_header);

        // Read body
        let body_bytes = req
            .into_body()
            .collect()
            .await
            .map_err(|e| anyhow::anyhow!("Failed to read body: {}", e))?
            .to_bytes();

        // Decode the SynapseMessage
        let synapse_msg = match decode_message(&body_bytes, content_type) {
            Ok(msg) => msg,
            Err(e) => {
                error!("Failed to decode request: {}", e);
                return Self::build_response(
                    StatusCode::BAD_REQUEST,
                    format!("Invalid request: {}", e),
                );
            }
        };

        // Route based on message type
        match parse_message(synapse_msg) {
            ParsedMessage::RpcRequest {
                request_id,
                request,
            } => {
                self.handle_rpc_request(request_id, request, content_type)
                    .await
            }
            ParsedMessage::HealthPull { request_id } => {
                self.handle_health_pull(request_id, content_type).await
            }
            other => {
                warn!(
                    "Unexpected message type: {:?}",
                    std::mem::discriminant(&other)
                );
                Self::build_response(
                    StatusCode::BAD_REQUEST,
                    "Expected RPC_REQUEST or HEALTH_PULL message",
                )
            }
        }
    }

    /// Handle an RPC request
    async fn handle_rpc_request(
        &self,
        request_id: Bytes,
        rpc_request: synapse_rpc::RpcRequest,
        content_type: ContentType,
    ) -> Result<Response<Full<Bytes>>> {
        debug!(
            "Handling RPC: interface={}, method={}",
            rpc_request.interface_id, rpc_request.method_id
        );

        // Handle through RPC server
        let rpc_response = self.rpc_server.handle_request(rpc_request).await;

        debug!("RPC response: status={}", rpc_response.status);

        // Encode response
        let response_body = match create_rpc_response(&request_id, rpc_response, content_type) {
            Ok(body) => body,
            Err(e) => {
                error!("Failed to encode response: {}", e);
                return Self::build_response(
                    StatusCode::INTERNAL_SERVER_ERROR,
                    "Failed to encode response",
                );
            }
        };

        Self::build_response_with_headers(
            StatusCode::OK,
            &[("Content-Type", content_type.mime_type())],
            response_body,
        )
    }

    /// Handle a health pull request (Synapse protocol)
    async fn handle_health_pull(
        &self,
        request_id: Bytes,
        content_type: ContentType,
    ) -> Result<Response<Full<Bytes>>> {
        debug!("Handling health pull request");

        let health_response = self.get_health_response();

        let response_body = match create_health_response(&request_id, health_response, content_type)
        {
            Ok(body) => body,
            Err(e) => {
                error!("Failed to encode health response: {}", e);
                return Self::build_response(
                    StatusCode::INTERNAL_SERVER_ERROR,
                    "Failed to encode health response",
                );
            }
        };

        Self::build_response_with_headers(
            StatusCode::OK,
            &[("Content-Type", content_type.mime_type())],
            response_body,
        )
    }

    /// Get health response from provider or return default
    fn get_health_response(&self) -> synapse_proto::HealthResponse {
        if let Some(ref provider) = self.health_provider {
            provider()
        } else {
            // Default healthy response
            synapse_proto::HealthResponse {
                instance_id: Bytes::new(),
                status: synapse_proto::HealthStatus::Healthy as i32,
                version: env!("CARGO_PKG_VERSION").to_string(),
                uptime_ms: 0,
                message: String::new(),
            }
        }
    }
}