MCPcopy Create free account
hub / github.com/MITK/MITK / RegisterRoutes

Method RegisterRoutes

Modules/RESTAPI/src/mitkRestServer.cpp:821–1201  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

819}
820
821void RestServer::RegisterRoutes()
822{
823 const std::string apiBase = "/api/v1";
824
825 // Enable CORS for browser-based clients. When authentication is required, restrict
826 // the allowed origin to localhost to prevent arbitrary web pages from reading
827 // authenticated responses. With auth disabled, wildcard is acceptable for a local
828 // development server.
829 const std::string corsOrigin = m_PendingConfig.requireAuth ? "http://localhost" : "*";
830 m_Server->set_default_headers({
831 {"Access-Control-Allow-Origin", corsOrigin},
832 {"Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS"},
833 {"Access-Control-Allow-Headers", "Content-Type, Accept, Authorization, X-MITK-Transfer-Mode"}
834 });
835
836 // Handle preflight OPTIONS requests for any route
837 m_Server->Options(".*", [](const httplib::Request& /*req*/, httplib::Response& res) {
838 res.status = 204;
839 });
840
841 // Install security middleware as pre-routing handler.
842 // This runs before any route handler and can short-circuit the request.
843 m_Server->set_pre_routing_handler(
844 [this](const httplib::Request& req, httplib::Response& res) -> httplib::Server::HandlerResponse {
845 // 1. Client IP access check
846 if (!this->CheckClientAccess(req, res))
847 {
848 return httplib::Server::HandlerResponse::Handled;
849 }
850
851 // 2. Rate limiting check
852 if (!this->CheckRateLimit(req, res))
853 {
854 return httplib::Server::HandlerResponse::Handled;
855 }
856
857 // 3. Authentication check
858 if (!this->CheckAuthentication(req, res))
859 {
860 return httplib::Server::HandlerResponse::Handled;
861 }
862
863 // All checks passed - continue to route matching
864 return httplib::Server::HandlerResponse::Unhandled;
865 });
866
867 // Health endpoints
868 m_Server->Get(apiBase + "/health",
869 [this](const httplib::Request& req, httplib::Response& res) {
870 m_HealthController->HandleGET_health(req, res);
871 this->RecordRequest(req.path, "GET", res.status, req.remote_addr);
872 });
873
874 m_Server->Get(apiBase + "/info",
875 [this](const httplib::Request& req, httplib::Response& res) {
876 m_HealthController->HandleGET_info(req, res);
877 this->RecordRequest(req.path, "GET", res.status, req.remote_addr);
878 });

Callers 1

StartMethod · 0.95

Calls 15

CheckClientAccessMethod · 0.95
CheckRateLimitMethod · 0.95
CheckAuthenticationMethod · 0.95
RecordRequestMethod · 0.95
HandleGET_healthMethod · 0.80
HandleGET_infoMethod · 0.80
HandleGET_nodesMethod · 0.80
PostMethod · 0.80
HandlePOST_nodesMethod · 0.80
HandleGET_nodes_uidMethod · 0.80
HandlePATCH_nodes_uidMethod · 0.80

Tested by

no test coverage detected