Merge branch 'main' into lm/restrict-content-type

author: Liam Mitchell <[email protected]> 2026-03-09 19:06:36 -0700
committer: Liam Mitchell <[email protected]> 2026-03-09 19:06:36 -0700
commit: d1abc50ee9d4fb72efc646e17decafea741caa34 (patch)
tree: e4288e00f2f7ca0391b83d986efcb69d3ba66a83 /src/zenserver/zenserver.cpp
parent: Allow requests with invalid content-types unless specified in command line or... (diff)
parent: updated chunk–block analyser (#818) (diff)
download: zen-d1abc50ee9d4fb72efc646e17decafea741caa34.tar.xz
zen-d1abc50ee9d4fb72efc646e17decafea741caa34.zip
1 files changed, 147 insertions, 20 deletions
diff --git a/src/zenserver/zenserver.cpp b/src/zenserver/zenserver.cpp
index 2bafeeaa1..bb6b02d21 100644
--- a/src/zenserver/zenserver.cpp
+++ b/src/zenserver/zenserver.cpp
@@ -18,11 +18,13 @@
 #include <zencore/sentryintegration.h>
 #include <zencore/session.h>
 #include <zencore/string.h>
+#include <zencore/system.h>
 #include <zencore/thread.h>
 #include <zencore/timer.h>
 #include <zencore/trace.h>
 #include <zencore/workthreadpool.h>
 #include <zenhttp/httpserver.h>
+#include <zenhttp/security/passwordsecurityfilter.h>
 #include <zentelemetry/otlptrace.h>
 #include <zenutil/service.h>
 #include <zenutil/workerpools.h>
@@ -44,6 +46,20 @@ ZEN_THIRD_PARTY_INCLUDES_END
 
 //////////////////////////////////////////////////////////////////////////
 
+#ifndef ZEN_WITH_COMPUTE_SERVICES
+#	define ZEN_WITH_COMPUTE_SERVICES 0
+#endif
+
+#ifndef ZEN_WITH_HORDE
+#	define ZEN_WITH_HORDE 0
+#endif
+
+#ifndef ZEN_WITH_NOMAD
+#	define ZEN_WITH_NOMAD 0
+#endif
+
+//////////////////////////////////////////////////////////////////////////
+
 #include "config/config.h"
 #include "diag/logging.h"
 
@@ -142,8 +158,18 @@ ZenServerBase::Initialize(const ZenServerConfig& ServerOptions, ZenServerState::
 
 	ZEN_INFO("Effective concurrency: {} (hw: {})", GetHardwareConcurrency(), std::thread::hardware_concurrency());
 
+	InitializeSecuritySettings(ServerOptions);
+
+	if (ServerOptions.LieCpu)
+	{
+		SetCpuCountForReporting(ServerOptions.LieCpu);
+
+		ZEN_INFO("Reporting concurrency: {}", ServerOptions.LieCpu);
+	}
+
 	m_StatusService.RegisterHandler("status", *this);
 	m_Http->RegisterService(m_StatusService);
+	m_Http->RegisterService(m_StatsService);
 
 	m_StatsReporter.Initialize(ServerOptions.StatsConfig);
 	if (ServerOptions.StatsConfig.Enabled)
@@ -151,10 +177,37 @@ ZenServerBase::Initialize(const ZenServerConfig& ServerOptions, ZenServerState::
 		EnqueueStatsReportingTimer();
 	}
 
-	m_HealthService.SetHealthInfo({.DataRoot		= ServerOptions.DataDir,
-								   .AbsLogPath		= ServerOptions.AbsLogFile,
-								   .HttpServerClass = std::string(ServerOptions.HttpConfig.ServerClass),
-								   .BuildVersion	= std::string(ZEN_CFG_VERSION_BUILD_STRING_FULL)});
+	// clang-format off
+	HealthServiceInfo HealthInfo {
+		.DataRoot		  = ServerOptions.DataDir,
+		.AbsLogPath		  = ServerOptions.LoggingConfig.AbsLogFile,
+		.HttpServerClass  = std::string(ServerOptions.HttpConfig.ServerClass),
+		.BuildVersion	  = std::string(ZEN_CFG_VERSION_BUILD_STRING_FULL),
+		.Port			  = EffectiveBasePort,
+		.Pid			  = GetCurrentProcessId(),
+		.IsDedicated	  = ServerOptions.IsDedicated,
+		.StartTimeMs	  = std::chrono::duration_cast<std::chrono::milliseconds>(
+								std::chrono::system_clock::now().time_since_epoch()).count(),
+		.BuildOptions = {
+			{"ZEN_ADDRESS_SANITIZER",		ZEN_ADDRESS_SANITIZER != 0},
+			{"ZEN_USE_SENTRY",				ZEN_USE_SENTRY != 0},
+			{"ZEN_WITH_TESTS",				ZEN_WITH_TESTS != 0},
+			{"ZEN_USE_MIMALLOC",			ZEN_USE_MIMALLOC != 0},
+			{"ZEN_USE_RPMALLOC",			ZEN_USE_RPMALLOC != 0},
+			{"ZEN_WITH_HTTPSYS",			ZEN_WITH_HTTPSYS != 0},
+			{"ZEN_WITH_MEMTRACK",			ZEN_WITH_MEMTRACK != 0},
+			{"ZEN_WITH_TRACE",				ZEN_WITH_TRACE != 0},
+			{"ZEN_WITH_COMPUTE_SERVICES",	ZEN_WITH_COMPUTE_SERVICES != 0},
+			{"ZEN_WITH_HORDE",				ZEN_WITH_HORDE != 0},
+			{"ZEN_WITH_NOMAD",				ZEN_WITH_NOMAD != 0},
+		},
+		.RuntimeConfig = BuildSettingsList(ServerOptions),
+	};
+	// clang-format on
+
+	HealthInfo.RuntimeConfig.emplace(HealthInfo.RuntimeConfig.begin() + 2, "EffectivePort"sv, fmt::to_string(EffectiveBasePort));
+
+	m_HealthService.SetHealthInfo(std::move(HealthInfo));
 
 	LogSettingsSummary(ServerOptions);
 
@@ -164,12 +217,23 @@ ZenServerBase::Initialize(const ZenServerConfig& ServerOptions, ZenServerState::
 void
 ZenServerBase::Finalize()
 {
+	m_StatsService.RegisterHandler("http", *m_Http);
+
+	m_Http->SetDefaultRedirect("/dashboard/");
+
 	// Register health service last so if we return "OK" for health it means all services have been properly initialized
 
 	m_Http->RegisterService(m_HealthService);
 }
 
 void
+ZenServerBase::ShutdownServices()
+{
+	m_StatsService.UnregisterHandler("http", *m_Http);
+	m_StatsService.Shutdown();
+}
+
+void
 ZenServerBase::GetBuildOptions(StringBuilderBase& OutOptions, char Separator) const
 {
 	ZEN_MEMSCOPE(GetZenserverTag());
@@ -375,46 +439,65 @@ ZenServerBase::CheckSigInt()
 void
 ZenServerBase::HandleStatusRequest(HttpServerRequest& Request)
 {
+	auto Metrics = m_MetricsTracker.Query();
+
 	CbObjectWriter Cbo;
 	Cbo << "ok" << true;
 	Cbo << "state" << ToString(m_CurrentState);
+	Cbo << "hostname" << GetMachineName();
+	Cbo << "cpuUsagePercent" << Metrics.CpuUsagePercent;
 	Request.WriteResponse(HttpResponseCode::OK, Cbo.Save());
 }
 
-void
-ZenServerBase::LogSettingsSummary(const ZenServerConfig& ServerConfig)
+std::vector<std::pair<std::string_view, std::string>>
+ZenServerBase::BuildSettingsList(const ZenServerConfig& ServerConfig)
 {
 	// clang-format off
-	std::list<std::pair<std::string_view, std::string>> Settings = {
-		{"DataDir"sv, 				ServerConfig.DataDir.string()},
-		{"AbsLogFile"sv,			ServerConfig.AbsLogFile.string()},
-		{"SystemRootDir"sv, 		ServerConfig.SystemRootDir.string()},
-		{"ContentDir"sv, 			ServerConfig.ContentDir.string()},
+	std::vector<std::pair<std::string_view, std::string>> Settings = {
+		{"SystemRootDir"sv, 		fmt::format("{}", ServerConfig.SystemRootDir)},
+		{"ContentDir"sv, 			fmt::format("{}", ServerConfig.ContentDir)},
 		{"BasePort"sv, 				fmt::to_string(ServerConfig.BasePort)},
+		{"CoreLimit"sv, 			fmt::to_string(ServerConfig.CoreLimit)},
 		{"IsDebug"sv, 				fmt::to_string(ServerConfig.IsDebug)},
 		{"IsCleanStart"sv, 			fmt::to_string(ServerConfig.IsCleanStart)},
 		{"IsPowerCycle"sv, 			fmt::to_string(ServerConfig.IsPowerCycle)},
 		{"IsTest"sv, 				fmt::to_string(ServerConfig.IsTest)},
 		{"Detach"sv, 				fmt::to_string(ServerConfig.Detach)},
-		{"NoConsoleOutput"sv, 		fmt::to_string(ServerConfig.NoConsoleOutput)},
-		{"QuietConsole"sv, 			fmt::to_string(ServerConfig.QuietConsole)},
-		{"CoreLimit"sv, 			fmt::to_string(ServerConfig.CoreLimit)},
-		{"IsDedicated"sv, 			fmt::to_string(ServerConfig.IsDedicated)},
-		{"ShouldCrash"sv, 			fmt::to_string(ServerConfig.ShouldCrash)},
+		{"NoConsoleOutput"sv, 		fmt::to_string(ServerConfig.LoggingConfig.NoConsoleOutput)},
+		{"QuietConsole"sv, 			fmt::to_string(ServerConfig.LoggingConfig.QuietConsole)},
 		{"ChildId"sv,				ServerConfig.ChildId},
-		{"LogId"sv,					ServerConfig.LogId},
+		{"LogId"sv,					ServerConfig.LoggingConfig.LogId},
 		{"Sentry DSN"sv,			ServerConfig.SentryConfig.Dsn.empty() ? "not set" : ServerConfig.SentryConfig.Dsn},
 		{"Sentry Environment"sv,	ServerConfig.SentryConfig.Environment},
 		{"Statsd Enabled"sv,		fmt::to_string(ServerConfig.StatsConfig.Enabled)},
+		{"SecurityConfigPath"sv,	fmt::format("{}", ServerConfig.SecurityConfigPath)},
 	};
 	// clang-format on
 
 	if (ServerConfig.StatsConfig.Enabled)
 	{
-		Settings.emplace_back("Statsd Host", ServerConfig.StatsConfig.StatsdHost);
-		Settings.emplace_back("Statsd Port", fmt::to_string(ServerConfig.StatsConfig.StatsdPort));
+		Settings.emplace_back("Statsd Host"sv, ServerConfig.StatsConfig.StatsdHost);
+		Settings.emplace_back("Statsd Port"sv, fmt::to_string(ServerConfig.StatsConfig.StatsdPort));
 	}
 
+	return Settings;
+}
+
+void
+ZenServerBase::LogSettingsSummary(const ZenServerConfig& ServerConfig)
+{
+	auto Settings = BuildSettingsList(ServerConfig);
+
+	// Log-only entries not needed in RuntimeConfig
+	// clang-format off
+	Settings.insert(Settings.begin(), {
+		{"DataDir"sv,		fmt::format("{}", ServerConfig.DataDir)},
+		{"AbsLogFile"sv,	fmt::format("{}", ServerConfig.LoggingConfig.AbsLogFile)},
+	});
+	// clang-format on
+	Settings.emplace_back("IsDedicated"sv, fmt::to_string(ServerConfig.IsDedicated));
+	Settings.emplace_back("ShouldCrash"sv, fmt::to_string(ServerConfig.ShouldCrash));
+
 	size_t MaxWidth = 0;
 	for (const auto& Setting : Settings)
 	{
@@ -432,6 +515,44 @@ ZenServerBase::LogSettingsSummary(const ZenServerConfig& ServerConfig)
 	}
 }
 
+void
+ZenServerBase::InitializeSecuritySettings(const ZenServerConfig& ServerOptions)
+{
+	ZEN_ASSERT(m_Http);
+
+	if (!ServerOptions.SecurityConfigPath.empty())
+	{
+		IoBuffer		 SecurityJson = ReadFile(ServerOptions.SecurityConfigPath).Flatten();
+		std::string_view Json(reinterpret_cast<const char*>(SecurityJson.GetData()), SecurityJson.GetSize());
+		std::string		 JsonError;
+		CbObject		 SecurityConfig = LoadCompactBinaryFromJson(Json, JsonError).AsObject();
+		if (!JsonError.empty())
+		{
+			throw std::runtime_error(
+				fmt::format("Invalid security configuration file at {}. '{}'", ServerOptions.SecurityConfigPath, JsonError));
+		}
+
+		CbObjectView HttpRootFilterConfig = SecurityConfig["http"sv].AsObjectView()["root"sv].AsObjectView()["filter"sv].AsObjectView();
+		if (HttpRootFilterConfig)
+		{
+			std::string_view FilterType = HttpRootFilterConfig["type"sv].AsString();
+			if (FilterType == PasswordHttpFilter::TypeName)
+			{
+				PasswordHttpFilter::Configuration Config =
+					PasswordHttpFilter::ReadConfiguration(HttpRootFilterConfig["config"].AsObjectView());
+				m_HttpRequestFilter = std::make_unique<PasswordHttpFilter>(Config);
+				m_Http->SetHttpRequestFilter(m_HttpRequestFilter.get());
+			}
+			else
+			{
+				throw std::runtime_error(fmt::format("Security configuration file at {} references unknown http root filter type '{}'",
+													 ServerOptions.SecurityConfigPath,
+													 FilterType));
+			}
+		}
+	}
+}
+
 //////////////////////////////////////////////////////////////////////////
 
 ZenServerMain::ZenServerMain(ZenServerConfig& ServerOptions) : m_ServerOptions(ServerOptions)
@@ -467,7 +588,7 @@ ZenServerMain::Run()
 		ZEN_OTEL_SPAN("SentryInit");
 
 		std::string SentryDatabasePath	 = (m_ServerOptions.DataDir / ".sentry-native").string();
-		std::string SentryAttachmentPath = m_ServerOptions.AbsLogFile.string();
+		std::string SentryAttachmentPath = m_ServerOptions.LoggingConfig.AbsLogFile.string();
 
 		Sentry.Initialize({.DatabasePath	= SentryDatabasePath,
 						   .AttachmentsPath = SentryAttachmentPath,
@@ -567,6 +688,8 @@ ZenServerMain::Run()
 			{
 				ZEN_INFO(ZEN_APP_NAME " unable to grab lock at '{}' (reason: '{}'), retrying", LockFilePath, Ec.message());
 				Sleep(500);
+
+				m_LockFile.Create(LockFilePath, MakeLockData(false), Ec);
 				if (Ec)
 				{
 					ZEN_WARN(ZEN_APP_NAME " exiting, unable to grab lock at '{}' (reason: '{}')", LockFilePath, Ec.message());
@@ -622,6 +745,10 @@ ZenServerMain::Run()
 		RequestApplicationExit(1);
 	}
 
+#if ZEN_USE_SENTRY
+	Sentry.Close();
+#endif
+
 	ShutdownServerLogging();
 
 	ReportServiceStatus(ServiceStatus::Stopped);
author	Liam Mitchell <[email protected]>	2026-03-09 19:06:36 -0700
committer	Liam Mitchell <[email protected]>	2026-03-09 19:06:36 -0700
commit	d1abc50ee9d4fb72efc646e17decafea741caa34 (patch)
tree	e4288e00f2f7ca0391b83d986efcb69d3ba66a83 /src/zenserver/zenserver.cpp
parent	Allow requests with invalid content-types unless specified in command line or... (diff)
parent	updated chunk–block analyser (#818) (diff)
download	zen-d1abc50ee9d4fb72efc646e17decafea741caa34.tar.xz zen-d1abc50ee9d4fb72efc646e17decafea741caa34.zip