refactor: extract router/serve to server.rs, main is now thin orchestrator

2026-03-16 04:39:36 +01:00
parent e7bd66ffdf
commit 6aa86b6666
2 changed files with 61 additions and 51 deletions
--- a/k-tv-backend/api/src/server.rs
+++ b/k-tv-backend/api/src/server.rs
@@ -0,0 +1,59 @@
+use std::net::SocketAddr;
+
+use axum::Router;
+use axum::http::{HeaderName, HeaderValue};
+use k_core::http::server::{ServerConfig, apply_standard_middleware};
+use tokio::net::TcpListener;
+use tower_http::cors::{AllowHeaders, AllowMethods, AllowOrigin, CorsLayer};
+
+use crate::config::Config;
+use crate::routes;
+use crate::state::AppState;
+
+pub async fn build_and_serve(state: AppState, config: &Config) -> anyhow::Result<()> {
+    let server_config = ServerConfig {
+        cors_origins: config.cors_allowed_origins.clone(),
+    };
+
+    let app = Router::new()
+        .nest("/api/v1", routes::api_v1_router())
+        .with_state(state);
+
+    let app = apply_standard_middleware(app, &server_config);
+
+    // Wrap with an outer CorsLayer that includes the custom password headers.
+    // Being outermost it handles OPTIONS preflights before k_core's inner layer.
+    let origins: Vec<HeaderValue> = config
+        .cors_allowed_origins
+        .iter()
+        .filter_map(|o| o.parse().ok())
+        .collect();
+    let cors = CorsLayer::new()
+        .allow_origin(AllowOrigin::list(origins))
+        .allow_methods(AllowMethods::any())
+        .allow_headers(AllowHeaders::list([
+            axum::http::header::AUTHORIZATION,
+            axum::http::header::CONTENT_TYPE,
+            HeaderName::from_static("x-channel-password"),
+            HeaderName::from_static("x-block-password"),
+        ]));
+    let app = app.layer(cors);
+
+    let addr: SocketAddr = format!("{}:{}", config.host, config.port).parse()?;
+    let listener = TcpListener::bind(addr).await?;
+
+    tracing::info!("🚀 API server running at http://{}", addr);
+    tracing::info!("🔒 Authentication mode: JWT (Bearer token)");
+
+    #[cfg(feature = "auth-jwt")]
+    tracing::info!("  ✓ JWT auth enabled");
+
+    #[cfg(feature = "auth-oidc")]
+    tracing::info!("  ✓ OIDC integration enabled (stateless cookie state)");
+
+    tracing::info!("📝 API endpoints available at /api/v1/...");
+
+    axum::serve(listener, app).await?;
+
+    Ok(())
+}