cxxmcp/api/server_2include_2cxxmcp_2server_2http__transport_8hpp_source.html

// Copyright (c) 2025 [caomengxuan666]


#pragma once


#include <chrono>

#include <condition_variable>

#include <cstddef>

#include <cstdint>

#include <deque>

#include <memory>

#include <mutex>

#include <optional>

#include <string>

#include <string_view>

#include <unordered_map>

#include <vector>


#if defined(CXXMCP_ENABLE_AUTH)

#include "cxxmcp/auth/server_auth_endpoints.hpp"

#endif


#include "cxxmcp/server/transport.hpp"


namespace mcp::server {


struct ProtectedResourceMetadataConfig {

  std::string resource;

  std::vector<std::string> authorization_servers;

  std::vector<std::string> scopes_supported;

  std::optional<std::string> resource_name;

  std::optional<std::string> resource_documentation;

};


struct AuthChallengeConfig {

  std::string scheme = "Bearer";

  std::optional<std::string> resource_metadata_url;

  std::optional<std::string> scope;

};


struct HttpTransportOptions {

  std::string listen_host = "127.0.0.1";

  int listen_port = 0;

  std::string path = "/mcp";

  std::optional<std::chrono::milliseconds> sse_retry;

  bool enable_sse_polling = false;

  std::chrono::milliseconds sse_disconnect_retry{5000};

  std::vector<std::string> allowed_origins;

  std::vector<std::string> allowed_hosts = {"localhost", "127.0.0.1", "::1"};

  std::size_t max_pending_sse_events = 1024;

  std::size_t max_pending_sse_bytes = 4 * 1024 * 1024;

  std::size_t max_sse_replay_events = 256;

  std::chrono::milliseconds request_timeout{30000};

  std::size_t max_request_body_bytes = 10 * 1024 * 1024;

  std::chrono::milliseconds read_timeout{30000};

  std::chrono::milliseconds write_timeout{30000};

  std::size_t max_sessions = 1024;

  bool stateless = false;

  std::string auth_challenge = std::string(DefaultAuthChallenge);

  AuthChallengeConfig auth_challenge_config;

  ProtectedResourceMetadataConfig protected_resource_metadata;

#if defined(CXXMCP_ENABLE_AUTH)

  ::mcp::auth::AuthorizationServerConfig authorization_server;

#endif

};


class HttpTransport final : public Transport {

 public:

  explicit HttpTransport(HttpTransportOptions options);


  ~HttpTransport() override;


  HttpTransport(const HttpTransport&) = delete;

  HttpTransport& operator=(const HttpTransport&) = delete;


  core::Result<core::Unit> start(

      RequestHandler handler,

      NotificationHandler notification_handler = {}) override;


  core::Result<protocol::JsonRpcResponse> send_request(

      const protocol::JsonRpcRequest& request) override;


  core::Result<protocol::JsonRpcResponse> send_request_to_session(

      std::string_view session_id,

      const protocol::JsonRpcRequest& request) override;


  std::optional<protocol::ClientCapabilities> client_capabilities()

      const override;


  std::optional<protocol::ClientCapabilities> client_capabilities_for_session(

      std::string_view session_id) const override;


  core::Result<core::Unit> send_notification(

      const protocol::JsonRpcNotification& notification) override;


  core::Result<core::Unit> send_notification_to_session(

      std::string_view session_id,

      const protocol::JsonRpcNotification& notification) override;


  void stop() noexcept override;


  void disconnect_session_sse(std::string_view session_id);


  std::string_view name() const noexcept override;


  void wait_until_ready() override;


 private:

  struct HttpServerHolder;


  struct PendingRequest {

    std::mutex mutex;

    std::condition_variable cv;

    bool ready = false;

    std::optional<protocol::JsonRpcResponse> response;

    std::optional<core::Error> error;

  };


  struct QueuedEvent {

    std::optional<std::uint64_t> event_id;

    std::string payload;

  };


  struct ProgressResponseSink {

    std::mutex mutex;

    std::condition_variable cv;

    std::deque<std::string> events;

    bool done = false;

  };


  struct SessionState {

    std::string session_id;

    bool initialized = false;

    std::optional<protocol::ClientCapabilities> client_capabilities;

    std::deque<QueuedEvent> pending_notifications;

    std::size_t pending_notification_bytes = 0;

    std::deque<QueuedEvent> replay_notifications;

    std::unordered_map<std::string, std::shared_ptr<PendingRequest>>

        pending_requests;

    std::uint64_t next_notification_event_id = 1;

    std::size_t active_sse_streams = 0;

    bool sse_disconnect_requested = false;

    std::shared_ptr<ProgressResponseSink> active_progress_sink;

  };


  void abort_pending_requests_locked(SessionState& session,

                                     std::string message);

  void clear_outbound_events_locked(SessionState& session);

  core::Result<core::Unit> enqueue_outbound_event_locked(SessionState& session,

                                                         QueuedEvent event);

  void remember_replay_event_locked(SessionState& session,

                                    const QueuedEvent& event);

  SessionState* find_session_locked(std::string_view session_id);

  const SessionState* find_session_locked(std::string_view session_id) const;

  SessionState* select_default_session_locked();

  void close_sse_stream(std::string_view session_id) noexcept;


  static std::optional<protocol::ProgressToken> extract_progress_token(

      const protocol::JsonRpcRequest& request);


  HttpTransportOptions options_;

  std::unique_ptr<HttpServerHolder> server_;

  mutable std::mutex mutex_;

  std::condition_variable notification_cv_;

  std::condition_variable startup_cv_;

  std::unordered_map<std::string, SessionState> sessions_;

  std::uint64_t next_session_id_ = 1;

  bool stopped_ = false;

  bool stop_requested_ = false;

  bool startup_finished_ = false;

  bool initialized_ = false;

  std::string default_session_id_;

};


}  // namespace mcp::server

mcp::server::HttpTransport
MCP streamable HTTP transport with session-aware SSE delivery.
Definition http_transport.hpp:155

mcp::server::HttpTransport::name
std::string_view name() const noexcept override
Return the diagnostic transport name "http".

mcp::server::HttpTransport::client_capabilities_for_session
std::optional< protocol::ClientCapabilities > client_capabilities_for_session(std::string_view session_id) const override
Return capabilities from a specific initialized HTTP session.

mcp::server::HttpTransport::client_capabilities
std::optional< protocol::ClientCapabilities > client_capabilities() const override
Return capabilities from the active initialized HTTP session.

mcp::server::HttpTransport::start
core::Result< core::Unit > start(RequestHandler handler, NotificationHandler notification_handler={}) override
Start the HTTP server and serve the configured MCP endpoint.

mcp::server::HttpTransport::send_request
core::Result< protocol::JsonRpcResponse > send_request(const protocol::JsonRpcRequest &request) override
Queue a server-to-client request on the active SSE stream.

mcp::server::HttpTransport::send_request_to_session
core::Result< protocol::JsonRpcResponse > send_request_to_session(std::string_view session_id, const protocol::JsonRpcRequest &request) override
Queue a server-to-client request for a specific HTTP session.

mcp::server::HttpTransport::stop
void stop() noexcept override
Stop the HTTP server and fail pending outbound requests.

mcp::server::HttpTransport::disconnect_session_sse
void disconnect_session_sse(std::string_view session_id)
Request a server-initiated SSE stream disconnect for a session.

mcp::server::HttpTransport::~HttpTransport
~HttpTransport() override
Destroy the transport and its underlying server state.

mcp::server::HttpTransport::wait_until_ready
void wait_until_ready() override
Blocks until the underlying HTTP server socket is bound.

mcp::server::HttpTransport::send_notification_to_session
core::Result< core::Unit > send_notification_to_session(std::string_view session_id, const protocol::JsonRpcNotification &notification) override
Queue an outbound notification for a specific HTTP session.

mcp::server::HttpTransport::HttpTransport
HttpTransport(HttpTransportOptions options)
Construct a transport with normalized HTTP options.

mcp::server::HttpTransport::send_notification
core::Result< core::Unit > send_notification(const protocol::JsonRpcNotification &notification) override
Queue an outbound notification for the active SSE stream.

mcp::server::Transport
Abstract server transport for receiving client JSON-RPC messages.
Definition transport.hpp:99

mcp::core::Result
tl::expected< T, Error > Result
Alias for the SDK result type.
Definition result.hpp:64

transport.hpp
Server-side transport abstraction for MCP JSON-RPC traffic.

mcp::server::RequestHandler
std::function< core::Result< protocol::JsonRpcResponse >(const protocol::JsonRpcRequest &, const SessionContext &)> RequestHandler
Callback used by transports to dispatch inbound JSON-RPC requests.
Definition transport.hpp:74

mcp::server::NotificationHandler
std::function< core::Result< core::Unit >(const protocol::JsonRpcNotification &, const SessionContext &)> NotificationHandler
Callback used by transports to dispatch inbound JSON-RPC notifications.
Definition transport.hpp:84

server_auth_endpoints.hpp
Abstract interfaces for server-side OAuth 2.1 endpoint handlers.

mcp::auth::AuthorizationServerConfig
OAuth authorization server endpoint wiring owned by the auth layer.
Definition server_auth_endpoints.hpp:180

mcp::protocol::JsonRpcNotification
JSON-RPC notification envelope for one-way MCP messages.
Definition types.hpp:137

mcp::protocol::JsonRpcRequest
JSON-RPC request envelope carrying an MCP method invocation.
Definition types.hpp:99

mcp::server::AuthChallengeConfig
Configuration for the HTTP WWW-Authenticate challenge header.
Definition http_transport.hpp:49

mcp::server::AuthChallengeConfig::scheme
std::string scheme
Authentication scheme (default: "Bearer").
Definition http_transport.hpp:51

mcp::server::AuthChallengeConfig::resource_metadata_url
std::optional< std::string > resource_metadata_url
URL of the RFC 9728 Protected Resource Metadata document.
Definition http_transport.hpp:54

mcp::server::AuthChallengeConfig::scope
std::optional< std::string > scope
Scopes required to access the resource.
Definition http_transport.hpp:57

mcp::server::HttpTransportOptions
Configuration for HttpTransport.
Definition http_transport.hpp:61

mcp::server::HttpTransportOptions::protected_resource_metadata
ProtectedResourceMetadataConfig protected_resource_metadata
RFC 9728 Protected Resource Metadata.
Definition http_transport.hpp:116

mcp::server::HttpTransportOptions::max_sse_replay_events
std::size_t max_sse_replay_events
Number of delivered SSE events retained for Last-Event-ID replay.
Definition http_transport.hpp:87

mcp::server::HttpTransportOptions::read_timeout
std::chrono::milliseconds read_timeout
Socket read timeout for HTTP request handling.
Definition http_transport.hpp:95

mcp::server::HttpTransportOptions::allowed_origins
std::vector< std::string > allowed_origins
Optional Origin allow-list. Empty means Origin is not restricted.
Definition http_transport.hpp:78

mcp::server::HttpTransportOptions::listen_port
int listen_port
TCP port to listen on. Must be in the range 1..65535.
Definition http_transport.hpp:65

mcp::server::HttpTransportOptions::allowed_hosts
std::vector< std::string > allowed_hosts
Host allow-list used to reject DNS-rebinding attempts.
Definition http_transport.hpp:81

mcp::server::HttpTransportOptions::request_timeout
std::chrono::milliseconds request_timeout
Maximum time to wait for a client response to a server-to-client request.
Definition http_transport.hpp:90

mcp::server::HttpTransportOptions::max_pending_sse_events
std::size_t max_pending_sse_events
Maximum server-to-client events waiting for an SSE stream.
Definition http_transport.hpp:83

mcp::server::HttpTransportOptions::max_sessions
std::size_t max_sessions
Maximum active HTTP sessions accepted by this transport.
Definition http_transport.hpp:100

mcp::server::HttpTransportOptions::write_timeout
std::chrono::milliseconds write_timeout
Socket write timeout for HTTP response handling.
Definition http_transport.hpp:97

mcp::server::HttpTransportOptions::stateless
bool stateless
Enable stateless MCP mode (SEP-2575).
Definition http_transport.hpp:104

mcp::server::HttpTransportOptions::max_pending_sse_bytes
std::size_t max_pending_sse_bytes
Maximum serialized bytes waiting for an SSE stream.
Definition http_transport.hpp:85

mcp::server::HttpTransportOptions::sse_disconnect_retry
std::chrono::milliseconds sse_disconnect_retry
Retry hint (ms) sent to the client before a server-initiated SSE disconnect.
Definition http_transport.hpp:76

mcp::server::HttpTransportOptions::enable_sse_polling
bool enable_sse_polling
Enable SEP-1699 SSE polling: always send a priming event with id on SSE streams and allow server-init...
Definition http_transport.hpp:73

mcp::server::HttpTransportOptions::path
std::string path
HTTP path for POST, GET/SSE, and DELETE session requests.
Definition http_transport.hpp:67

mcp::server::HttpTransportOptions::auth_challenge_config
AuthChallengeConfig auth_challenge_config
Structured auth challenge configuration.
Definition http_transport.hpp:113

mcp::server::HttpTransportOptions::max_request_body_bytes
std::size_t max_request_body_bytes
Maximum HTTP request body size accepted by the underlying server.
Definition http_transport.hpp:93

mcp::server::HttpTransportOptions::listen_host
std::string listen_host
Interface address passed to the underlying HTTP server.
Definition http_transport.hpp:63

mcp::server::HttpTransportOptions::auth_challenge
std::string auth_challenge
HTTP WWW-Authenticate challenge emitted when authentication fails.
Definition http_transport.hpp:109

mcp::server::HttpTransportOptions::sse_retry
std::optional< std::chrono::milliseconds > sse_retry
Optional SSE retry interval hint for the priming event.
Definition http_transport.hpp:69

mcp::server::ProtectedResourceMetadataConfig
RFC 9728 Protected Resource Metadata configuration for the server.
Definition http_transport.hpp:35

mcp::server::ProtectedResourceMetadataConfig::authorization_servers
std::vector< std::string > authorization_servers
Authorization server issuers that can issue tokens for this resource.
Definition http_transport.hpp:39

mcp::server::ProtectedResourceMetadataConfig::scopes_supported
std::vector< std::string > scopes_supported
Scopes that may be requested to access this resource.
Definition http_transport.hpp:41

mcp::server::ProtectedResourceMetadataConfig::resource
std::string resource
Resource identifier URL (e.g. "https://example.com/mcp").
Definition http_transport.hpp:37

mcp::server::ProtectedResourceMetadataConfig::resource_documentation
std::optional< std::string > resource_documentation
URL of human-readable documentation for the resource.
Definition http_transport.hpp:45

mcp::server::ProtectedResourceMetadataConfig::resource_name
std::optional< std::string > resource_name
Human-readable name of the resource.
Definition http_transport.hpp:43