@cappitolian/http-local-server-swifter 0.0.29 → 0.0.30

package/android/src/main/java/com/cappitolian/plugins/httplocalserviceswifter/HttpLocalServerSwifter.java

@@ -17,7 +17,7 @@ import org.json.JSONException;
 import org.json.JSONObject;
 
 import java.io.IOException;
-import java.util.HashMap;
+import java.util.HashMap;>
 import java.util.Map;
 import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
@@ -28,67 +28,104 @@ import java.util.concurrent.TimeoutException;
 import fi.iki.elonen.NanoHTTPD;
 
 public class HttpLocalServerSwifter {
+    // Private static final properties
     private static final String TAG = "HttpLocalServerSwifter";
     private static final int DEFAULT_PORT = 8080;
     private static final int DEFAULT_TIMEOUT_SECONDS = 5;
     private static final String FALLBACK_IP = "127.0.0.1";
-    
-    private LocalNanoServer server;
+    // Changed to String to transport the full JSON response from JS
+    private static final ConcurrentHashMap<String, CompletableFuture<String>> pendingResponses = new ConcurrentHashMap<>();
+    // Add inside LocalNanoServer
+    private static final ConcurrentHashMap<String, long[]> rateLimitMap = new ConcurrentHashMap<>();
+    private static final int RATE_LIMIT = 30; // requests
+    private static final long RATE_WINDOW_MS = 60_000; // per minute
+
+   // Private final properties
     private final Plugin plugin;
     private final int port;
     private final int timeoutSeconds;
-    
-    // Changed to String to transport the full JSON response from JS
-    private static final ConcurrentHashMap<String, CompletableFuture<String>> pendingResponses = new ConcurrentHashMap<>();
-    
+
+    // Private properties
+    private LocalNanoServer server;
+
+    private boolean isRateLimited(String ip) {
+        long now = System.currentTimeMillis();
+
+        rateLimitMap.compute(ip, (key, timestamps) -> {
+            if (timestamps == null)
+                timestamps = new long[] { now, 1 };
+            else if (now - timestamps[0] > RATE_WINDOW_MS) {
+                timestamps[0] = now;
+                timestamps[1] = 1;
+            } else
+                timestamps[1]++;
+
+            return timestamps;
+        });
+
+        long[] entry = rateLimitMap.get(ip);
+
+        return entry != null && entry[1] > RATE_LIMIT;
+    }
+
     public HttpLocalServerSwifter(@NonNull Plugin plugin) {
         this(plugin, DEFAULT_PORT, DEFAULT_TIMEOUT_SECONDS);
     }
-    
+
     public HttpLocalServerSwifter(@NonNull Plugin plugin, int port, int timeoutSeconds) {
         this.plugin = plugin;
         this.port = port;
         this.timeoutSeconds = timeoutSeconds;
     }
-    
+
     public void connect(@NonNull PluginCall call) {
         if (server != null && server.isAlive()) {
             call.reject("Server is already running");
+
             return;
         }
-        
+
         try {
             String localIp = getLocalIpAddress(plugin.getContext());
+
             server = new LocalNanoServer(localIp, port, plugin, timeoutSeconds);
             server.start();
-            
+
             JSObject response = new JSObject();
+
             response.put("ip", localIp);
             response.put("port", port);
+
             call.resolve(response);
-            
+
             Log.i(TAG, "Server started at " + localIp + ":" + port);
         } catch (IOException e) {
             Log.e(TAG, "Failed to start server", e);
+            
             call.reject("Failed to start server: " + e.getMessage());
         }
     }
-    
+
     public void disconnect(@Nullable PluginCall call) {
         if (server != null) {
             server.stop();
+
             server = null;
+
             pendingResponses.clear();
+
             Log.i(TAG, "Server stopped");
         }
-        if (call != null) call.resolve();
+        if (call != null)
+            call.resolve();
     }
-    
+
     /**
      * Completes the future with the full JS response object (body, status, headers)
      */
     public static void handleJsResponse(@NonNull String requestId, @NonNull JSObject responseData) {
         CompletableFuture<String> future = pendingResponses.remove(requestId);
+
         if (future != null && !future.isDone()) {
             future.complete(responseData.toString());
             Log.d(TAG, "Response object delivered to future for ID: " + requestId);
@@ -97,11 +134,19 @@ public class HttpLocalServerSwifter {
 
     private @NonNull String getLocalIpAddress(@NonNull Context context) {
         try {
-            WifiManager wifiManager = (WifiManager) context.getApplicationContext().getSystemService(Context.WIFI_SERVICE);
-            if (wifiManager == null) return FALLBACK_IP;
+            WifiManager wifiManager = (WifiManager) context.getApplicationContext()
+                    .getSystemService(Context.WIFI_SERVICE);
+
+            if (wifiManager == null)
+                return FALLBACK_IP;
+
             WifiInfo wifiInfo = wifiManager.getConnectionInfo();
-            if (wifiInfo == null) return FALLBACK_IP;
+
+            if (wifiInfo == null)
+                return FALLBACK_IP;
+
             int ipAddress = wifiInfo.getIpAddress();
+
             return ipAddress == 0 ? FALLBACK_IP : Formatter.formatIpAddress(ipAddress);
         } catch (Exception e) {
             return FALLBACK_IP;
@@ -111,27 +156,46 @@ public class HttpLocalServerSwifter {
     private static class LocalNanoServer extends NanoHTTPD {
         private final Plugin plugin;
         private final int timeoutSeconds;
-        
+
         public LocalNanoServer(@NonNull String hostname, int port, @NonNull Plugin plugin, int timeoutSeconds) {
             super(hostname, port);
             this.plugin = plugin;
             this.timeoutSeconds = timeoutSeconds;
         }
-        
+
         @Override
         public Response serve(@NonNull IHTTPSession session) {
+            if (Method.OPTIONS.equals(session.getMethod())) {
+                return createCorsResponse();
+            }
+
+            // Rate limiting
+            String clientIp = session.getHeaders().getOrDefault("http-client-ip",
+                    session.getHeaders().getOrDefault("remote-addr", "unknown"));
+
+            if (isRateLimited(clientIp)) {
+                Response r = newFixedLengthResponse(
+                        Response.Status.lookup(429), "application/json",
+                        "{\"success\":false,\"error\":\"Too many requests\"}");
+
+                addCorsHeaders(r);
+
+                return r;
+            }
+
             // Native CORS Preflight handling for efficiency
             if (Method.OPTIONS.equals(session.getMethod())) {
                 return createCorsResponse();
             }
-            
+
             try {
                 String method = session.getMethod().name();
                 String path = session.getUri();
                 String body = extractBody(session);
+
                 Map<String, String> headers = session.getHeaders();
                 Map<String, String> params = session.getParms();
-                
+
                 // Wait for TypeScript to process logic and provide the complex response
                 String jsResponseRaw = processRequest(method, path, body, headers, params);
                 return createDynamicResponse(jsResponseRaw);
@@ -141,24 +205,30 @@ public class HttpLocalServerSwifter {
         }
 
         /**
-         * Parses the JSON from JS and builds a NanoHTTPD Response with custom status and headers
+         * Parses the JSON from JS and builds a NanoHTTPD Response with custom status
+         * and headers
          */
         private Response createDynamicResponse(String jsResponseRaw) {
             try {
                 JSONObject res = new JSONObject(jsResponseRaw);
                 String body = res.optString("body", "");
+
                 int statusCode = res.optInt("status", 200);
+
                 JSONObject customHeaders = res.optJSONObject("headers");
 
                 Response.IStatus status = Response.Status.lookup(statusCode);
-                Response response = newFixedLengthResponse(status != null ? status : Response.Status.OK, "application/json", body);
-                
+                Response response = newFixedLengthResponse(status != null ? status : Response.Status.OK,
+                        "application/json", body);
+
                 // Add standard CORS headers
                 addCorsHeaders(response);
 
-                // Inject custom headers from TypeScript (allows overriding CORS or Content-Type)
+                // Inject custom headers from TypeScript (allows overriding CORS or
+                // Content-Type)
                 if (customHeaders != null) {
                     java.util.Iterator<String> keys = customHeaders.keys();
+
                     while (keys.hasNext()) {
                         String key = keys.next();
                         response.addHeader(key, customHeaders.getString(key));
@@ -173,32 +243,39 @@ public class HttpLocalServerSwifter {
 
         private String extractBody(@NonNull IHTTPSession session) {
             Method method = session.getMethod();
-            if (method != Method.POST && method != Method.PUT && method != Method.PATCH) return null;
+
+            if (method != Method.POST && method != Method.PUT && method != Method.PATCH)
+                return null;
+
             try {
                 HashMap<String, String> files = new HashMap<>();
                 session.parseBody(files);
                 String body = files.get("postData");
+
                 return (body == null || body.isEmpty()) ? session.getQueryParameterString() : body;
             } catch (IOException | ResponseException e) {
                 return null;
             }
         }
-        
-        private String processRequest(String method, String path, String body, Map<String, String> headers, Map<String, String> params) {
+
+        private String processRequest(String method, String path, String body, Map<String, String> headers,
+                Map<String, String> params) {
             String requestId = UUID.randomUUID().toString();
             JSObject requestData = new JSObject();
             requestData.put("requestId", requestId);
             requestData.put("method", method);
             requestData.put("path", path);
-            if (body != null) requestData.put("body", body);
-            
+
+            if (body != null)
+                requestData.put("body", body);
+
             CompletableFuture<String> future = new CompletableFuture<>();
             pendingResponses.put(requestId, future);
-            
+
             if (plugin instanceof HttpLocalServerSwifterPlugin) {
                 ((HttpLocalServerSwifterPlugin) plugin).fireOnRequest(requestData);
             }
-            
+
             try {
                 return future.get(timeoutSeconds, TimeUnit.SECONDS);
             } catch (Exception e) {
@@ -210,14 +287,17 @@ public class HttpLocalServerSwifter {
 
         private Response createCorsResponse() {
             Response response = newFixedLengthResponse(Response.Status.NO_CONTENT, "text/plain", "");
+
             addCorsHeaders(response);
+            
             return response;
         }
 
         private void addCorsHeaders(@NonNull Response response) {
             response.addHeader("Access-Control-Allow-Origin", "*");
             response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS");
-            response.addHeader("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization, X-Requested-With");
+            response.addHeader("Access-Control-Allow-Headers",
+                    "Origin, Content-Type, Accept, Authorization, X-Requested-With");
             response.addHeader("Access-Control-Max-Age", "3600");
             // Prevents TCP connection reuse. NanoHTTPD does not handle keep-alive
             // correctly under rapid sequential requests, causing ERR_INVALID_HTTP_RESPONSE.

package/android/src/main/java/com/cappitolian/plugins/httplocalserviceswifter/HttpLocalServerSwifterPlugin.java

@@ -29,14 +29,17 @@ public class HttpLocalServerSwifterPlugin extends Plugin {
     @PluginMethod
     public void sendResponse(PluginCall call) {
         String requestId = call.getString("requestId");
+
         if (requestId == null || requestId.isEmpty()) {
             call.reject("Missing requestId");
+            
             return;
         }
-        
+
         // Pass the entire PluginCall data object to handleJsResponse
         // This allows us to capture 'status' and 'headers' along with the 'body'
         HttpLocalServerSwifter.handleJsResponse(requestId, call.getData());
+        
         call.resolve();
     }
 

package/ios/Sources/HttpLocalServerSwifterPlugin/HttpLocalServerSwifter.swift

@@ -7,20 +7,43 @@ public protocol HttpLocalServerSwifterDelegate: AnyObject {
 }
 
 @objc public class HttpLocalServerSwifter: NSObject {
-    private var webServer: HttpServer?
-    private weak var delegate: HttpLocalServerSwifterDelegate?
-
+    // Private static properties
     private static var pendingResponses = [String: (String) -> Void]()
     private static let queue = DispatchQueue(
         label: "com.cappitolian.HttpLocalServerSwifter.pendingResponses",
         qos: .userInitiated
     )
 
+    // Private properties
+    private var webServer: HttpServer?
+    private weak var delegate: HttpLocalServerSwifterDelegate?
     private let defaultTimeout: TimeInterval = 10.0
     private let defaultPort: UInt16 = 8080
 
+    private var rateLimitMap = [String: (start: Date, count: Int)]()
+    private let rateLimitQueue = DispatchQueue(label: "rateLimit", qos: .userInitiated)
+    private let rateLimit = 30
+    private let rateWindowSeconds: TimeInterval = 60
+
+    private func isRateLimited(ip: String) -> Bool {
+        return rateLimitQueue.sync {
+            let now = Date()
+
+            if let entry = rateLimitMap[ip], now.timeIntervalSince(entry.start) < rateWindowSeconds {
+                if entry.count >= rateLimit { return true }
+
+                rateLimitMap[ip] = (entry.start, entry.count + 1)
+            } else {
+                rateLimitMap[ip] = (now, 1)
+            }
+
+            return false
+        }
+    }
+
     public init(delegate: HttpLocalServerSwifterDelegate) {
         self.delegate = delegate
+
         super.init()
     }
 
@@ -33,6 +56,7 @@ public protocol HttpLocalServerSwifterDelegate: AnyObject {
             self.stopServer()
 
             let server = HttpServer()
+            
             self.webServer = server
 
             server.middleware.append { [weak self] request in
@@ -41,11 +65,13 @@ public protocol HttpLocalServerSwifterDelegate: AnyObject {
                 if request.method == "OPTIONS" {
                     return self.corsResponse()
                 }
+
                 return self.processRequest(request)
             }
 
             do {
                 try server.start(self.defaultPort, forceIPv4: true)
+
                 let ip = Self.getWiFiAddress() ?? "127.0.0.1"
 
                 print("🚀 SWIFTER: Server running on http://\(ip):\(self.defaultPort)")
@@ -56,6 +82,7 @@ public protocol HttpLocalServerSwifterDelegate: AnyObject {
                 ])
             } catch {
                 print("❌ SWIFTER ERROR: \(error)")
+
                 call.reject("Could not start server: \(error.localizedDescription)")
             }
         }
@@ -65,6 +92,7 @@ public protocol HttpLocalServerSwifterDelegate: AnyObject {
     @objc public func stopServer() {
         webServer?.stop()
         webServer = nil
+
         // Drain pending futures so blocked threads can unblock on their semaphore timeout.
         Self.queue.sync { Self.pendingResponses.removeAll() }
     }
@@ -72,6 +100,7 @@ public protocol HttpLocalServerSwifterDelegate: AnyObject {
     /// Stops the server and resolves the Capacitor call.
     @objc public func disconnect(resolving call: CAPPluginCall) {
         stopServer()
+
         call.resolve()
     }
 
@@ -96,6 +125,18 @@ public protocol HttpLocalServerSwifterDelegate: AnyObject {
     // MARK: - Request processing
 
     private func processRequest(_ request: HttpRequest) -> HttpResponse {
+        let clientIp = request.headers["x-forwarded-for"] ?? 
+                   request.address ?? "unknown"
+    
+        if isRateLimited(ip: clientIp) {
+            return .raw(429, "Too Many Requests", [
+                "Content-Type": "application/json",
+                "Access-Control-Allow-Origin": "*"
+            ]) { writer in
+                try writer.write([UInt8](#"{"success":false,"error":"Too many requests"}"#.utf8))
+            }
+        }
+
         let requestId = UUID().uuidString
 
         // Use a protected local variable written only inside `queue.sync` inside
@@ -184,12 +225,15 @@ public protocol HttpLocalServerSwifterDelegate: AnyObject {
         defer { freeifaddrs(ifaddr) }
 
         var ptr = ifaddr
+
         while let current = ptr {
             let interface = current.pointee
+
             if interface.ifa_addr.pointee.sa_family == UInt8(AF_INET),
                String(cString: interface.ifa_name) == "en0"
             {
                 var hostname = [CChar](repeating: 0, count: Int(NI_MAXHOST))
+
                 getnameinfo(
                     interface.ifa_addr,
                     socklen_t(interface.ifa_addr.pointee.sa_len),
@@ -198,9 +242,12 @@ public protocol HttpLocalServerSwifterDelegate: AnyObject {
                     nil, 0,
                     NI_NUMERICHOST
                 )
+
                 address = String(cString: hostname)
+
                 break
             }
+
             ptr = interface.ifa_next
         }
 

package/ios/Sources/HttpLocalServerSwifterPlugin/HttpLocalServerSwifterPlugin.swift

@@ -3,6 +3,10 @@ import Capacitor
 
 @objc(HttpLocalServerSwifterPlugin)
 public class HttpLocalServerSwifterPlugin: CAPPlugin, CAPBridgedPlugin, HttpLocalServerSwifterDelegate {
+    // Private properties
+    private var localServer: HttpLocalServerSwifter?
+
+    // Publi properties
     public let identifier   = "HttpLocalServerSwifterPlugin"
     public let jsName       = "HttpLocalServerSwifter"
     public let pluginMethods: [CAPPluginMethod] = [
@@ -11,14 +15,13 @@ public class HttpLocalServerSwifterPlugin: CAPPlugin, CAPBridgedPlugin, HttpLoca
         CAPPluginMethod(name: "sendResponse", returnType: CAPPluginReturnPromise)
     ]
 
-    private var localServer: HttpLocalServerSwifter?
-
     // MARK: - Plugin methods
 
     @objc func connect(_ call: CAPPluginCall) {
         if localServer == nil {
             localServer = HttpLocalServerSwifter(delegate: self)
         }
+
         localServer?.connect(call)
     }
 
@@ -32,6 +35,7 @@ public class HttpLocalServerSwifterPlugin: CAPPlugin, CAPBridgedPlugin, HttpLoca
     @objc func sendResponse(_ call: CAPPluginCall) {
         guard let requestId = call.getString("requestId"), !requestId.isEmpty else {
             call.reject("Missing requestId")
+
             return
         }
 
@@ -41,6 +45,7 @@ public class HttpLocalServerSwifterPlugin: CAPPlugin, CAPBridgedPlugin, HttpLoca
             requestId:    requestId,
             responseData: responseData
         )
+        
         call.resolve()
     }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cappitolian/http-local-server-swifter",
-  "version": "0.0.29",
+  "version": "0.0.30",
   "description": "Runs a local HTTP server on your device, accessible over LAN. Supports connect, disconnect, GET, and POST methods with IP and port discovery.",
   "main": "dist/plugin.cjs.js",
   "module": "dist/esm/index.js",