Alfred
/
fm-rds-tx
1
0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 6 Wiki Activity
Go-based FM stereo transmitter with RDS, Windows-first and cross-platform
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
207 Commit
1 分支
37MB
目錄樹: 3fee92ca8f
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from '3fee92ca8f'
${ noResults }
fm-rds-tx/internal/control/control.go

848 line
25KB
原始文件 Blame 文件歷史 

  1. package control

  2. 

  3. import (

  4. 	_ "embed"

  5. 	"encoding/json"

  6. 	"errors"

  7. 	"io"

  8. 	"mime"

  9. 	"net/http"

  10. 	"strings"

  11. 	"sync"

  12. 	"sync/atomic"

  13. 	"time"

  14. 

  15. 	"github.com/jan/fm-rds-tx/internal/audio"

  16. 	"github.com/jan/fm-rds-tx/internal/config"

  17. 	drypkg "github.com/jan/fm-rds-tx/internal/dryrun"

  18. 	"github.com/jan/fm-rds-tx/internal/ingest"

  19. 	"github.com/jan/fm-rds-tx/internal/platform"

  20. )

  21. 

  22. //go:embed ui.html

  23. var uiHTML []byte

  24. 

  25. //go:embed logo.png

  26. var logoPNG []byte

  27. 

  28. // TXController is an optional interface the Server uses to start/stop TX

  29. // and apply live config changes.

  30. type TXController interface {

  31. 	StartTX() error

  32. 	StopTX() error

  33. 	TXStats() map[string]any

  34. 	UpdateConfig(patch LivePatch) error

  35. 	ResetFault() error

  36. }

  37. 

  38. // LivePatch mirrors the patchable fields from ConfigPatch for the engine.

  39. // nil = no change.

  40. type LivePatch struct {

  41. 	FrequencyMHz            *float64

  42. 	OutputDrive             *float64

  43. 	StereoEnabled           *bool

  44. 	StereoMode              *string

  45. 	PilotLevel              *float64

  46. 	RDSInjection            *float64

  47. 	RDSEnabled              *bool

  48. 	LimiterEnabled          *bool

  49. 	LimiterCeiling          *float64

  50. 	PS                      *string

  51. 	RadioText               *string

  52. 	TA                      *bool

  53. 	TP                      *bool

  54. 	ToneLeftHz              *float64

  55. 	ToneRightHz             *float64

  56. 	ToneAmplitude           *float64

  57. 	AudioGain               *float64

  58. 	CompositeClipperEnabled *bool

  59. }

  60. 

  61. type Server struct {

  62. 	mu           sync.RWMutex

  63. 	cfg          config.Config

  64. 	tx           TXController

  65. 	drv          platform.SoapyDriver // optional, for runtime stats

  66. 	streamSrc    *audio.StreamSource  // optional, for live audio ring stats

  67. 	audioIngress AudioIngress         // optional, for /audio/stream

  68. 	ingestRt     IngestRuntime        // optional, for /runtime ingest stats

  69. 	saveConfig   func(config.Config) error

  70. 	hardReload   func()

  71. 	// BUG-F fix: reloadPending prevents multiple concurrent goroutines from

  72. 	// calling hardReload when handleIngestSave is hit multiple times quickly.

  73. 	reloadPending atomic.Bool

  74. 	audit         auditCounters

  75. }

  76. 

  77. type AudioIngress interface {

  78. 	WritePCM16(data []byte) (int, error)

  79. }

  80. 

  81. type IngestRuntime interface {

  82. 	Stats() ingest.Stats

  83. }

  84. 

  85. type auditEvent string

  86. 

  87. const (

  88. 	auditMethodNotAllowed     auditEvent = "methodNotAllowed"

  89. 	auditUnsupportedMediaType auditEvent = "unsupportedMediaType"

  90. 	auditBodyTooLarge         auditEvent = "bodyTooLarge"

  91. 	auditUnexpectedBody       auditEvent = "unexpectedBody"

  92. )

  93. 

  94. type auditCounters struct {

  95. 	methodNotAllowed     uint64

  96. 	unsupportedMediaType uint64

  97. 	bodyTooLarge         uint64

  98. 	unexpectedBody       uint64

  99. }

  100. 

  101. const (

  102. 	maxConfigBodyBytes          = 64 << 10 // 64 KiB

  103. 	configContentTypeHeader     = "application/json"

  104. 	noBodyErrMsg                = "request must not include a body"

  105. 	audioStreamContentTypeError = "Content-Type must be application/octet-stream or audio/L16"

  106. 	audioStreamBodyLimitDefault = 512 << 20 // 512 MiB

  107. )

  108. 

  109. var audioStreamAllowedMediaTypes = []string{

  110. 	"application/octet-stream",

  111. 	"audio/l16",

  112. }

  113. 

  114. var audioStreamBodyLimit = int64(audioStreamBodyLimitDefault) // bytes allowed per /audio/stream request; tests may override.

  115. 

  116. func isJSONContentType(r *http.Request) bool {

  117. 	ct := strings.TrimSpace(r.Header.Get("Content-Type"))

  118. 	if ct == "" {

  119. 		return false

  120. 	}

  121. 	mediaType, _, err := mime.ParseMediaType(ct)

  122. 	if err != nil {

  123. 		return false

  124. 	}

  125. 	return strings.EqualFold(mediaType, configContentTypeHeader)

  126. }

  127. 

  128. type ConfigPatch struct {

  129. 	FrequencyMHz                *float64   `json:"frequencyMHz,omitempty"`

  130. 	OutputDrive                 *float64   `json:"outputDrive,omitempty"`

  131. 	StereoEnabled               *bool      `json:"stereoEnabled,omitempty"`

  132. 	StereoMode                  *string    `json:"stereoMode,omitempty"`

  133. 	PilotLevel                  *float64   `json:"pilotLevel,omitempty"`

  134. 	RDSInjection                *float64   `json:"rdsInjection,omitempty"`

  135. 	RDSEnabled                  *bool      `json:"rdsEnabled,omitempty"`

  136. 	ToneLeftHz                  *float64   `json:"toneLeftHz,omitempty"`

  137. 	ToneRightHz                 *float64   `json:"toneRightHz,omitempty"`

  138. 	ToneAmplitude               *float64   `json:"toneAmplitude,omitempty"`

  139. 	PS                          *string    `json:"ps,omitempty"`

  140. 	RadioText                   *string    `json:"radioText,omitempty"`

  141. 	PreEmphasisTauUS            *float64   `json:"preEmphasisTauUS,omitempty"`

  142. 	LimiterEnabled              *bool      `json:"limiterEnabled,omitempty"`

  143. 	LimiterCeiling              *float64   `json:"limiterCeiling,omitempty"`

  144. 	AudioGain                   *float64   `json:"audioGain,omitempty"`

  145. 	PI                          *string    `json:"pi,omitempty"`

  146. 	PTY                         *int       `json:"pty,omitempty"`

  147. 	TP                          *bool      `json:"tp,omitempty"`

  148. 	TA                          *bool      `json:"ta,omitempty"`

  149. 	MS                          *bool      `json:"ms,omitempty"`

  150. 	CTEnabled                   *bool      `json:"ctEnabled,omitempty"`

  151. 	RTPlusEnabled               *bool      `json:"rtPlusEnabled,omitempty"`

  152. 	RTPlusSeparator             *string    `json:"rtPlusSeparator,omitempty"`

  153. 	PTYN                        *string    `json:"ptyn,omitempty"`

  154. 	LPS                         *string    `json:"lps,omitempty"`

  155. 	ERTEnabled                  *bool      `json:"ertEnabled,omitempty"`

  156. 	ERT                         *string    `json:"ert,omitempty"`

  157. 	RDS2Enabled                 *bool      `json:"rds2Enabled,omitempty"`

  158. 	StationLogoPath             *string    `json:"stationLogoPath,omitempty"`

  159. 	AF                          *[]float64 `json:"af,omitempty"`

  160. 	BS412Enabled                *bool      `json:"bs412Enabled,omitempty"`

  161. 	BS412ThresholdDBr           *float64   `json:"bs412ThresholdDBr,omitempty"`

  162. 	MpxGain                     *float64   `json:"mpxGain,omitempty"`

  163. 	CompositeClipperEnabled     *bool      `json:"compositeClipperEnabled,omitempty"`

  164. 	CompositeClipperIterations  *int       `json:"compositeClipperIterations,omitempty"`

  165. 	CompositeClipperSoftKnee    *float64   `json:"compositeClipperSoftKnee,omitempty"`

  166. 	CompositeClipperLookaheadMs *float64   `json:"compositeClipperLookaheadMs,omitempty"`

  167. }

  168. 

  169. type IngestSaveRequest struct {

  170. 	Ingest config.IngestConfig `json:"ingest"`

  171. }

  172. 

  173. func NewServer(cfg config.Config) *Server {

  174. 	return &Server{cfg: cfg}

  175. }

  176. 

  177. func hasRequestBody(r *http.Request) bool {

  178. 	if r.ContentLength > 0 {

  179. 		return true

  180. 	}

  181. 	for _, te := range r.TransferEncoding {

  182. 		if strings.EqualFold(te, "chunked") {

  183. 			return true

  184. 		}

  185. 	}

  186. 	return false

  187. }

  188. 

  189. func (s *Server) rejectBody(w http.ResponseWriter, r *http.Request) bool {

  190. 	// Returns true when the request has an unexpected body and the error response

  191. 	// has already been written — callers should return immediately in that case.

  192. 	// Returns false when there is no body (happy path — request should proceed).

  193. 	if !hasRequestBody(r) {

  194. 		return false

  195. 	}

  196. 	s.recordAudit(auditUnexpectedBody)

  197. 	http.Error(w, noBodyErrMsg, http.StatusBadRequest)

  198. 	return true

  199. }

  200. 

  201. func (s *Server) recordAudit(evt auditEvent) {

  202. 	switch evt {

  203. 	case auditMethodNotAllowed:

  204. 		atomic.AddUint64(&s.audit.methodNotAllowed, 1)

  205. 	case auditUnsupportedMediaType:

  206. 		atomic.AddUint64(&s.audit.unsupportedMediaType, 1)

  207. 	case auditBodyTooLarge:

  208. 		atomic.AddUint64(&s.audit.bodyTooLarge, 1)

  209. 	case auditUnexpectedBody:

  210. 		atomic.AddUint64(&s.audit.unexpectedBody, 1)

  211. 	}

  212. }

  213. 

  214. func (s *Server) auditSnapshot() map[string]uint64 {

  215. 	return map[string]uint64{

  216. 		"methodNotAllowed":     atomic.LoadUint64(&s.audit.methodNotAllowed),

  217. 		"unsupportedMediaType": atomic.LoadUint64(&s.audit.unsupportedMediaType),

  218. 		"bodyTooLarge":         atomic.LoadUint64(&s.audit.bodyTooLarge),

  219. 		"unexpectedBody":       atomic.LoadUint64(&s.audit.unexpectedBody),

  220. 	}

  221. }

  222. 

  223. func isAudioStreamContentType(r *http.Request) bool {

  224. 	ct := strings.TrimSpace(r.Header.Get("Content-Type"))

  225. 	if ct == "" {

  226. 		return false

  227. 	}

  228. 	mediaType, _, err := mime.ParseMediaType(ct)

  229. 	if err != nil {

  230. 		return false

  231. 	}

  232. 	for _, allowed := range audioStreamAllowedMediaTypes {

  233. 		if strings.EqualFold(mediaType, allowed) {

  234. 			return true

  235. 		}

  236. 	}

  237. 	return false

  238. }

  239. 

  240. func (s *Server) SetTXController(tx TXController) {

  241. 	s.mu.Lock()

  242. 	s.tx = tx

  243. 	s.mu.Unlock()

  244. }

  245. 

  246. func (s *Server) SetDriver(drv platform.SoapyDriver) {

  247. 	s.mu.Lock()

  248. 	s.drv = drv

  249. 	s.mu.Unlock()

  250. }

  251. 

  252. func (s *Server) SetStreamSource(src *audio.StreamSource) {

  253. 	s.mu.Lock()

  254. 	s.streamSrc = src

  255. 	s.mu.Unlock()

  256. }

  257. 

  258. func (s *Server) SetAudioIngress(ingress AudioIngress) {

  259. 	s.mu.Lock()

  260. 	s.audioIngress = ingress

  261. 	s.mu.Unlock()

  262. }

  263. 

  264. func (s *Server) SetIngestRuntime(rt IngestRuntime) {

  265. 	s.mu.Lock()

  266. 	s.ingestRt = rt

  267. 	s.mu.Unlock()

  268. }

  269. 

  270. func (s *Server) SetConfigSaver(save func(config.Config) error) {

  271. 	s.mu.Lock()

  272. 	s.saveConfig = save

  273. 	s.mu.Unlock()

  274. }

  275. 

  276. func (s *Server) SetHardReload(fn func()) {

  277. 	s.mu.Lock()

  278. 	s.hardReload = fn

  279. 	s.mu.Unlock()

  280. }

  281. 

  282. func (s *Server) Handler() http.Handler {

  283. 	mux := http.NewServeMux()

  284. 	mux.HandleFunc("/", s.handleUI)

  285. 	mux.HandleFunc("/logo", s.handleLogo)

  286. 	mux.HandleFunc("/healthz", s.handleHealth)

  287. 	mux.HandleFunc("/status", s.handleStatus)

  288. 	mux.HandleFunc("/dry-run", s.handleDryRun)

  289. 	mux.HandleFunc("/config", s.handleConfig)

  290. 	mux.HandleFunc("/config/ingest/save", s.handleIngestSave)

  291. 	mux.HandleFunc("/runtime", s.handleRuntime)

  292. 	mux.HandleFunc("/measurements", s.handleMeasurements)

  293. 	mux.HandleFunc("/runtime/fault/reset", s.handleRuntimeFaultReset)

  294. 	mux.HandleFunc("/tx/start", s.handleTXStart)

  295. 	mux.HandleFunc("/tx/stop", s.handleTXStop)

  296. 	mux.HandleFunc("/audio/stream", s.handleAudioStream)

  297. 	return mux

  298. }

  299. 

  300. func (s *Server) handleHealth(w http.ResponseWriter, _ *http.Request) {

  301. 	w.Header().Set("Content-Type", "application/json")

  302. 	_ = json.NewEncoder(w).Encode(map[string]any{"ok": true})

  303. }

  304. 

  305. func (s *Server) handleUI(w http.ResponseWriter, r *http.Request) {

  306. 	if r.URL.Path != "/" {

  307. 		http.NotFound(w, r)

  308. 		return

  309. 	}

  310. 	w.Header().Set("Content-Type", "text/html; charset=utf-8")

  311. 	w.Header().Set("Cache-Control", "no-cache")

  312. 	w.Write(uiHTML)

  313. }

  314. 

  315. func (s *Server) handleLogo(w http.ResponseWriter, r *http.Request) {

  316. 	w.Header().Set("Content-Type", "image/png")

  317. 	w.Header().Set("Cache-Control", "public, max-age=3600")

  318. 	w.Write(logoPNG)

  319. }

  320. 

  321. func (s *Server) handleStatus(w http.ResponseWriter, _ *http.Request) {

  322. 	s.mu.RLock()

  323. 	cfg := s.cfg

  324. 	tx := s.tx

  325. 	s.mu.RUnlock()

  326. 

  327. 	status := map[string]any{

  328. 		"service":             "fm-rds-tx",

  329. 		"backend":             cfg.Backend.Kind,

  330. 		"frequencyMHz":        cfg.FM.FrequencyMHz,

  331. 		"stereoEnabled":       cfg.FM.StereoEnabled,

  332. 		"stereoMode":          cfg.FM.StereoMode,

  333. 		"rdsEnabled":          cfg.RDS.Enabled,

  334. 		"preEmphasisTauUS":    cfg.FM.PreEmphasisTauUS,

  335. 		"limiterEnabled":      cfg.FM.LimiterEnabled,

  336. 		"fmModulationEnabled": cfg.FM.FMModulationEnabled,

  337. 	}

  338. 	if tx != nil {

  339. 		if stats := tx.TXStats(); stats != nil {

  340. 			if ri, ok := stats["runtimeIndicator"]; ok {

  341. 				status["runtimeIndicator"] = ri

  342. 			}

  343. 			if alert, ok := stats["runtimeAlert"]; ok {

  344. 				status["runtimeAlert"] = alert

  345. 			}

  346. 			if queue, ok := stats["queue"]; ok {

  347. 				status["queue"] = queue

  348. 			}

  349. 			if runtimeState, ok := stats["state"]; ok {

  350. 				status["runtimeState"] = runtimeState

  351. 			}

  352. 		}

  353. 	}

  354. 

  355. 	w.Header().Set("Content-Type", "application/json")

  356. 	_ = json.NewEncoder(w).Encode(status)

  357. }

  358. 

  359. func (s *Server) handleMeasurements(w http.ResponseWriter, _ *http.Request) {

  360. 	s.mu.RLock()

  361. 	tx := s.tx

  362. 	s.mu.RUnlock()

  363. 

  364. 	result := map[string]any{"noData": true, "stale": true}

  365. 	if tx != nil {

  366. 		if stats := tx.TXStats(); stats != nil {

  367. 			if measurement, ok := stats["measurement"]; ok && measurement != nil {

  368. 				result = map[string]any{"noData": false, "stale": false, "measurement": measurement}

  369. 				if state, ok := stats["state"]; ok {

  370. 					result["state"] = state

  371. 				}

  372. 				if applied, ok := stats["appliedFrequencyMHz"]; ok {

  373. 					result["appliedFrequencyMHz"] = applied

  374. 				}

  375. 				if queue, ok := stats["queue"]; ok {

  376. 					result["queue"] = queue

  377. 				}

  378. 				if runtimeIndicator, ok := stats["runtimeIndicator"]; ok {

  379. 					result["runtimeIndicator"] = runtimeIndicator

  380. 				}

  381. 				if runtimeAlert, ok := stats["runtimeAlert"]; ok {

  382. 					result["runtimeAlert"] = runtimeAlert

  383. 				}

  384. 			}

  385. 		}

  386. 	}

  387. 	w.Header().Set("Content-Type", "application/json")

  388. 	_ = json.NewEncoder(w).Encode(result)

  389. }

  390. 

  391. func (s *Server) handleRuntime(w http.ResponseWriter, _ *http.Request) {

  392. 	s.mu.RLock()

  393. 	drv := s.drv

  394. 	tx := s.tx

  395. 	stream := s.streamSrc

  396. 	ingestRt := s.ingestRt

  397. 	s.mu.RUnlock()

  398. 

  399. 	result := map[string]any{}

  400. 	if drv != nil {

  401. 		result["driver"] = drv.Stats()

  402. 	}

  403. 	if tx != nil {

  404. 		if stats := tx.TXStats(); stats != nil {

  405. 			result["engine"] = stats

  406. 		}

  407. 	}

  408. 	if stream != nil {

  409. 		result["audioStream"] = stream.Stats()

  410. 	}

  411. 	if ingestRt != nil {

  412. 		result["ingest"] = ingestRt.Stats()

  413. 	}

  414. 	result["controlAudit"] = s.auditSnapshot()

  415. 	w.Header().Set("Content-Type", "application/json")

  416. 	_ = json.NewEncoder(w).Encode(result)

  417. }

  418. 

  419. func (s *Server) handleRuntimeFaultReset(w http.ResponseWriter, r *http.Request) {

  420. 	if r.Method != http.MethodPost {

  421. 		s.recordAudit(auditMethodNotAllowed)

  422. 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)

  423. 		return

  424. 	}

  425. 	if s.rejectBody(w, r) { // BUG-01 fix: rejectBody returns true when rejected

  426. 		return

  427. 	}

  428. 	s.mu.RLock()

  429. 	tx := s.tx

  430. 	s.mu.RUnlock()

  431. 	if tx == nil {

  432. 		http.Error(w, "tx controller not available", http.StatusServiceUnavailable)

  433. 		return

  434. 	}

  435. 	if err := tx.ResetFault(); err != nil {

  436. 		http.Error(w, err.Error(), http.StatusConflict)

  437. 		return

  438. 	}

  439. 	w.Header().Set("Content-Type", "application/json")

  440. 	_ = json.NewEncoder(w).Encode(map[string]any{"ok": true})

  441. }

  442. 

  443. // handleAudioStream accepts raw S16LE PCM via HTTP POST and pushes

  444. // it into the configured ingest http-raw source. Use with:

  445. //

  446. //	curl -X POST --data-binary @- http://host:8088/audio/stream < audio.raw

  447. //	ffmpeg ... -f s16le -ar 44100 -ac 2 - | curl -X POST --data-binary @- http://host:8088/audio/stream

  448. func (s *Server) handleAudioStream(w http.ResponseWriter, r *http.Request) {

  449. 	if r.Method != http.MethodPost {

  450. 		s.recordAudit(auditMethodNotAllowed)

  451. 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)

  452. 		return

  453. 	}

  454. 	if !isAudioStreamContentType(r) {

  455. 		s.recordAudit(auditUnsupportedMediaType)

  456. 		http.Error(w, audioStreamContentTypeError, http.StatusUnsupportedMediaType)

  457. 		return

  458. 	}

  459. 	s.mu.RLock()

  460. 	ingress := s.audioIngress

  461. 	s.mu.RUnlock()

  462. 

  463. 	if ingress == nil {

  464. 		http.Error(w, "audio ingest not configured (use --audio-http with ingest runtime)", http.StatusServiceUnavailable)

  465. 		return

  466. 	}

  467. 

  468. 	// BUG-10 fix: /audio/stream is a long-lived streaming endpoint.

  469. 	// The global HTTP server ReadTimeout (5s) and WriteTimeout (10s) would

  470. 	// kill connections mid-stream. Disable them per-request via ResponseController

  471. 	// (requires Go 1.20+, confirmed Go 1.22).

  472. 	rc := http.NewResponseController(w)

  473. 	_ = rc.SetReadDeadline(time.Time{})

  474. 	_ = rc.SetWriteDeadline(time.Time{})

  475. 

  476. 	r.Body = http.MaxBytesReader(w, r.Body, audioStreamBodyLimit)

  477. 

  478. 	// Read body in chunks and push to ring buffer

  479. 	buf := make([]byte, 32768)

  480. 	totalFrames := 0

  481. 	for {

  482. 		n, err := r.Body.Read(buf)

  483. 		if n > 0 {

  484. 			written, writeErr := ingress.WritePCM16(buf[:n])

  485. 			totalFrames += written

  486. 			if writeErr != nil {

  487. 				http.Error(w, writeErr.Error(), http.StatusServiceUnavailable)

  488. 				return

  489. 			}

  490. 		}

  491. 		if err != nil {

  492. 			if err == io.EOF {

  493. 				break

  494. 			}

  495. 			var maxErr *http.MaxBytesError

  496. 			if errors.As(err, &maxErr) {

  497. 				s.recordAudit(auditBodyTooLarge)

  498. 				http.Error(w, maxErr.Error(), http.StatusRequestEntityTooLarge)

  499. 				return

  500. 			}

  501. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  502. 			return

  503. 		}

  504. 	}

  505. 

  506. 	w.Header().Set("Content-Type", "application/json")

  507. 	_ = json.NewEncoder(w).Encode(map[string]any{

  508. 		"ok":     true,

  509. 		"frames": totalFrames,

  510. 	})

  511. }

  512. 

  513. func (s *Server) handleTXStart(w http.ResponseWriter, r *http.Request) {

  514. 	if r.Method != http.MethodPost {

  515. 		s.recordAudit(auditMethodNotAllowed)

  516. 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)

  517. 		return

  518. 	}

  519. 	if s.rejectBody(w, r) { // BUG-01 fix: rejectBody returns true when rejected

  520. 		return

  521. 	}

  522. 	s.mu.RLock()

  523. 	tx := s.tx

  524. 	s.mu.RUnlock()

  525. 	if tx == nil {

  526. 		http.Error(w, "tx controller not available", http.StatusServiceUnavailable)

  527. 		return

  528. 	}

  529. 	if err := tx.StartTX(); err != nil {

  530. 		http.Error(w, err.Error(), http.StatusConflict)

  531. 		return

  532. 	}

  533. 	w.Header().Set("Content-Type", "application/json")

  534. 	_ = json.NewEncoder(w).Encode(map[string]any{"ok": true, "action": "started"})

  535. }

  536. 

  537. func (s *Server) handleTXStop(w http.ResponseWriter, r *http.Request) {

  538. 	if r.Method != http.MethodPost {

  539. 		s.recordAudit(auditMethodNotAllowed)

  540. 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)

  541. 		return

  542. 	}

  543. 	if s.rejectBody(w, r) { // BUG-01 fix: rejectBody returns true when rejected

  544. 		return

  545. 	}

  546. 	s.mu.RLock()

  547. 	tx := s.tx

  548. 	s.mu.RUnlock()

  549. 	if tx == nil {

  550. 		http.Error(w, "tx controller not available", http.StatusServiceUnavailable)

  551. 		return

  552. 	}

  553. 	go func() {

  554. 		_ = tx.StopTX()

  555. 	}()

  556. 	w.Header().Set("Content-Type", "application/json")

  557. 	_ = json.NewEncoder(w).Encode(map[string]any{"ok": true, "action": "stop-requested"})

  558. }

  559. 

  560. func (s *Server) handleDryRun(w http.ResponseWriter, _ *http.Request) {

  561. 	s.mu.RLock()

  562. 	cfg := s.cfg

  563. 	s.mu.RUnlock()

  564. 	w.Header().Set("Content-Type", "application/json")

  565. 	_ = json.NewEncoder(w).Encode(drypkg.Generate(cfg))

  566. }

  567. 

  568. func (s *Server) handleConfig(w http.ResponseWriter, r *http.Request) {

  569. 	switch r.Method {

  570. 	case http.MethodGet:

  571. 		s.mu.RLock()

  572. 		cfg := s.cfg

  573. 		s.mu.RUnlock()

  574. 		w.Header().Set("Content-Type", "application/json")

  575. 		_ = json.NewEncoder(w).Encode(cfg)

  576. 	case http.MethodPost:

  577. 		if !isJSONContentType(r) {

  578. 			s.recordAudit(auditUnsupportedMediaType)

  579. 			http.Error(w, "Content-Type must be application/json", http.StatusUnsupportedMediaType)

  580. 			return

  581. 		}

  582. 		r.Body = http.MaxBytesReader(w, r.Body, maxConfigBodyBytes)

  583. 		var patch ConfigPatch

  584. 		// BUG-4 fix: reject unknown JSON fields (typos) with 400 rather than

  585. 		// silently ignoring them (e.g. "outputDrvie" would succeed and do nothing).

  586. 		dec := json.NewDecoder(r.Body)

  587. 		dec.DisallowUnknownFields()

  588. 		if err := dec.Decode(&patch); err != nil {

  589. 			statusCode := http.StatusBadRequest

  590. 			if strings.Contains(err.Error(), "http: request body too large") {

  591. 				statusCode = http.StatusRequestEntityTooLarge

  592. 				s.recordAudit(auditBodyTooLarge)

  593. 			}

  594. 			http.Error(w, err.Error(), statusCode)

  595. 			return

  596. 		}

  597. 

  598. 		// Update the server's config snapshot (for GET /config and /status)

  599. 		s.mu.Lock()

  600. 		next := s.cfg

  601. 		if patch.FrequencyMHz != nil {

  602. 			next.FM.FrequencyMHz = *patch.FrequencyMHz

  603. 		}

  604. 		if patch.OutputDrive != nil {

  605. 			next.FM.OutputDrive = *patch.OutputDrive

  606. 		}

  607. 		if patch.ToneLeftHz != nil {

  608. 			next.Audio.ToneLeftHz = *patch.ToneLeftHz

  609. 		}

  610. 		if patch.ToneRightHz != nil {

  611. 			next.Audio.ToneRightHz = *patch.ToneRightHz

  612. 		}

  613. 		if patch.ToneAmplitude != nil {

  614. 			next.Audio.ToneAmplitude = *patch.ToneAmplitude

  615. 		}

  616. 		if patch.AudioGain != nil {

  617. 			next.Audio.Gain = *patch.AudioGain

  618. 		}

  619. 		if patch.PS != nil {

  620. 			next.RDS.PS = *patch.PS

  621. 		}

  622. 		if patch.RadioText != nil {

  623. 			next.RDS.RadioText = *patch.RadioText

  624. 		}

  625. 		if patch.PI != nil {

  626. 			next.RDS.PI = *patch.PI

  627. 		}

  628. 		if patch.PTY != nil {

  629. 			next.RDS.PTY = *patch.PTY

  630. 		}

  631. 		if patch.TP != nil {

  632. 			next.RDS.TP = *patch.TP

  633. 		}

  634. 		if patch.TA != nil {

  635. 			next.RDS.TA = *patch.TA

  636. 		}

  637. 		if patch.MS != nil {

  638. 			next.RDS.MS = *patch.MS

  639. 		}

  640. 		if patch.CTEnabled != nil {

  641. 			next.RDS.CTEnabled = *patch.CTEnabled

  642. 		}

  643. 		if patch.RTPlusEnabled != nil {

  644. 			next.RDS.RTPlusEnabled = *patch.RTPlusEnabled

  645. 		}

  646. 		if patch.RTPlusSeparator != nil {

  647. 			next.RDS.RTPlusSeparator = *patch.RTPlusSeparator

  648. 		}

  649. 		if patch.PTYN != nil {

  650. 			next.RDS.PTYN = *patch.PTYN

  651. 		}

  652. 		if patch.LPS != nil {

  653. 			next.RDS.LPS = *patch.LPS

  654. 		}

  655. 		if patch.ERTEnabled != nil {

  656. 			next.RDS.ERTEnabled = *patch.ERTEnabled

  657. 		}

  658. 		if patch.ERT != nil {

  659. 			next.RDS.ERT = *patch.ERT

  660. 		}

  661. 		if patch.RDS2Enabled != nil {

  662. 			next.RDS.RDS2Enabled = *patch.RDS2Enabled

  663. 		}

  664. 		if patch.StationLogoPath != nil {

  665. 			next.RDS.StationLogoPath = *patch.StationLogoPath

  666. 		}

  667. 		if patch.AF != nil {

  668. 			next.RDS.AF = *patch.AF

  669. 		}

  670. 		if patch.PreEmphasisTauUS != nil {

  671. 			next.FM.PreEmphasisTauUS = *patch.PreEmphasisTauUS

  672. 		}

  673. 		if patch.StereoEnabled != nil {

  674. 			next.FM.StereoEnabled = *patch.StereoEnabled

  675. 		}

  676. 		if patch.StereoMode != nil {

  677. 			next.FM.StereoMode = *patch.StereoMode

  678. 		}

  679. 		if patch.LimiterEnabled != nil {

  680. 			next.FM.LimiterEnabled = *patch.LimiterEnabled

  681. 		}

  682. 		if patch.LimiterCeiling != nil {

  683. 			next.FM.LimiterCeiling = *patch.LimiterCeiling

  684. 		}

  685. 		if patch.RDSEnabled != nil {

  686. 			next.RDS.Enabled = *patch.RDSEnabled

  687. 		}

  688. 		if patch.PilotLevel != nil {

  689. 			next.FM.PilotLevel = *patch.PilotLevel

  690. 		}

  691. 		if patch.RDSInjection != nil {

  692. 			next.FM.RDSInjection = *patch.RDSInjection

  693. 		}

  694. 		if patch.BS412Enabled != nil {

  695. 			next.FM.BS412Enabled = *patch.BS412Enabled

  696. 		}

  697. 		if patch.BS412ThresholdDBr != nil {

  698. 			next.FM.BS412ThresholdDBr = *patch.BS412ThresholdDBr

  699. 		}

  700. 		if patch.MpxGain != nil {

  701. 			next.FM.MpxGain = *patch.MpxGain

  702. 		}

  703. 		if patch.CompositeClipperEnabled != nil {

  704. 			next.FM.CompositeClipper.Enabled = *patch.CompositeClipperEnabled

  705. 		}

  706. 		if patch.CompositeClipperIterations != nil {

  707. 			next.FM.CompositeClipper.Iterations = *patch.CompositeClipperIterations

  708. 		}

  709. 		if patch.CompositeClipperSoftKnee != nil {

  710. 			next.FM.CompositeClipper.SoftKnee = *patch.CompositeClipperSoftKnee

  711. 		}

  712. 		if patch.CompositeClipperLookaheadMs != nil {

  713. 			next.FM.CompositeClipper.LookaheadMs = *patch.CompositeClipperLookaheadMs

  714. 		}

  715. 		if err := next.Validate(); err != nil {

  716. 			s.mu.Unlock()

  717. 			http.Error(w, err.Error(), http.StatusBadRequest)

  718. 			return

  719. 		}

  720. 		lp := LivePatch{

  721. 			FrequencyMHz:            patch.FrequencyMHz,

  722. 			OutputDrive:             patch.OutputDrive,

  723. 			StereoEnabled:           patch.StereoEnabled,

  724. 			StereoMode:              patch.StereoMode,

  725. 			PilotLevel:              patch.PilotLevel,

  726. 			RDSInjection:            patch.RDSInjection,

  727. 			RDSEnabled:              patch.RDSEnabled,

  728. 			LimiterEnabled:          patch.LimiterEnabled,

  729. 			LimiterCeiling:          patch.LimiterCeiling,

  730. 			PS:                      patch.PS,

  731. 			RadioText:               patch.RadioText,

  732. 			TA:                      patch.TA,

  733. 			TP:                      patch.TP,

  734. 			ToneLeftHz:              patch.ToneLeftHz,

  735. 			ToneRightHz:             patch.ToneRightHz,

  736. 			ToneAmplitude:           patch.ToneAmplitude,

  737. 			AudioGain:               patch.AudioGain,

  738. 			CompositeClipperEnabled: patch.CompositeClipperEnabled,

  739. 		}

  740. 		// NEU-02 fix: determine whether any live-patchable fields are present,

  741. 		// then release the lock before calling UpdateConfig to avoid holding

  742. 		// s.mu across a potentially blocking engine call.

  743. 		tx := s.tx

  744. 		hasLiveFields := patch.FrequencyMHz != nil || patch.OutputDrive != nil ||

  745. 			patch.StereoEnabled != nil || patch.StereoMode != nil || patch.PilotLevel != nil ||

  746. 			patch.RDSInjection != nil || patch.RDSEnabled != nil ||

  747. 			patch.LimiterEnabled != nil || patch.LimiterCeiling != nil ||

  748. 			patch.PS != nil || patch.RadioText != nil || patch.TA != nil || patch.TP != nil ||

  749. 			patch.ToneLeftHz != nil || patch.ToneRightHz != nil ||

  750. 			patch.ToneAmplitude != nil || patch.AudioGain != nil ||

  751. 			patch.CompositeClipperEnabled != nil

  752. 		s.mu.Unlock()

  753. 		// Apply live fields to running engine outside the lock.

  754. 		if tx != nil && hasLiveFields {

  755. 			if err := tx.UpdateConfig(lp); err != nil {

  756. 				http.Error(w, err.Error(), http.StatusBadRequest)

  757. 				return

  758. 			}

  759. 		}

  760. 		// Persist the validated config snapshot when a config saver is available.

  761. 		// This ensures restart-required UI changes survive process restarts instead

  762. 		// of only updating the in-memory snapshot.

  763. 		s.mu.RLock()

  764. 		save := s.saveConfig

  765. 		s.mu.RUnlock()

  766. 		if save != nil {

  767. 			if err := save(next); err != nil {

  768. 				http.Error(w, err.Error(), http.StatusInternalServerError)

  769. 				return

  770. 			}

  771. 		}

  772. 		// Commit the server snapshot only after validation, optional persistence,

  773. 		// and any required live update succeeded.

  774. 		s.mu.Lock()

  775. 		s.cfg = next

  776. 		s.mu.Unlock()

  777. 		// NEU-03 fix: report live=true only when live-patchable fields were applied.

  778. 		live := tx != nil && hasLiveFields

  779. 		w.Header().Set("Content-Type", "application/json")

  780. 		_ = json.NewEncoder(w).Encode(map[string]any{"ok": true, "live": live})

  781. 	default:

  782. 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)

  783. 	}

  784. }

  785. 

  786. func (s *Server) handleIngestSave(w http.ResponseWriter, r *http.Request) {

  787. 	if r.Method != http.MethodPost {

  788. 		s.recordAudit(auditMethodNotAllowed)

  789. 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)

  790. 		return

  791. 	}

  792. 	if !isJSONContentType(r) {

  793. 		s.recordAudit(auditUnsupportedMediaType)

  794. 		http.Error(w, "Content-Type must be application/json", http.StatusUnsupportedMediaType)

  795. 		return

  796. 	}

  797. 	r.Body = http.MaxBytesReader(w, r.Body, maxConfigBodyBytes)

  798. 

  799. 	var req IngestSaveRequest

  800. 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {

  801. 		statusCode := http.StatusBadRequest

  802. 		if strings.Contains(err.Error(), "http: request body too large") {

  803. 			statusCode = http.StatusRequestEntityTooLarge

  804. 			s.recordAudit(auditBodyTooLarge)

  805. 		}

  806. 		http.Error(w, err.Error(), statusCode)

  807. 		return

  808. 	}

  809. 

  810. 	s.mu.Lock()

  811. 	next := s.cfg

  812. 	next.Ingest = req.Ingest

  813. 	if err := next.Validate(); err != nil {

  814. 		s.mu.Unlock()

  815. 		http.Error(w, err.Error(), http.StatusBadRequest)

  816. 		return

  817. 	}

  818. 	save := s.saveConfig

  819. 	reload := s.hardReload

  820. 	if save == nil {

  821. 		s.mu.Unlock()

  822. 		http.Error(w, "config save is not configured (start with --config <path>)", http.StatusServiceUnavailable)

  823. 		return

  824. 	}

  825. 	if err := save(next); err != nil {

  826. 		s.mu.Unlock()

  827. 		http.Error(w, err.Error(), http.StatusInternalServerError)

  828. 		return

  829. 	}

  830. 	s.cfg = next

  831. 	s.mu.Unlock()

  832. 

  833. 	w.Header().Set("Content-Type", "application/json")

  834. 	reloadScheduled := reload != nil

  835. 	_ = json.NewEncoder(w).Encode(map[string]any{

  836. 		"ok":              true,

  837. 		"saved":           true,

  838. 		"reloadScheduled": reloadScheduled,

  839. 	})

  840. 	if reloadScheduled && s.reloadPending.CompareAndSwap(false, true) {

  841. 		go func(fn func()) {

  842. 			time.Sleep(250 * time.Millisecond)

  843. 			s.reloadPending.Store(false)

  844. 			fn()

  845. 		}(reload)

  846. 	}

  847. }