refactor: enhance FileCache with safe fallback in prepend_header and add max_file_size setter

Author: Yundi339

http/server/FileCache.cpp

@@ -5,11 +5,11 @@
 #include "htime.h"
 #include "hlog.h"
 
-#include "httpdef.h"     // import http_content_type_str_by_suffix
+#include "httpdef.h"    // import http_content_type_str_by_suffix
 #include "http_page.h"  // import make_index_of_page
 
 #ifdef OS_WIN
-#include "hstring.h"     // import hv::utf8_to_wchar
+#include "hstring.h" // import hv::utf8_to_wchar
 #endif
 
 #define ETAG_FMT    "\"%zx-%zx\""
@@ -56,6 +56,7 @@ file_cache_ptr FileCache::Open(const char* filepath, OpenParam* param) {
         flags |= O_BINARY;
 #endif
         int fd = -1;
+        bool is_dir = false;
 #ifdef OS_WIN
         if (wfilepath.empty()) wfilepath = hv::utf8_to_wchar(filepath);
         if (_wstat(wfilepath.c_str(), (struct _stat*)&st) != 0) {
@@ -65,7 +66,7 @@ file_cache_ptr FileCache::Open(const char* filepath, OpenParam* param) {
         if (S_ISREG(st.st_mode)) {
             fd = _wopen(wfilepath.c_str(), flags);
         } else if (S_ISDIR(st.st_mode)) {
-            fd = 0;
+            is_dir = true;
         }
 #else
         if (::stat(filepath, &st) != 0) {
@@ -74,15 +75,11 @@ file_cache_ptr FileCache::Open(const char* filepath, OpenParam* param) {
         }
         fd = open(filepath, flags);
 #endif
-        if (fd < 0) {
+        if (fd < 0 && !is_dir) {
             param->error = ERR_OPEN_FILE;
             return NULL;
         }
-#ifdef OS_WIN
-        defer(if (fd > 0) { close(fd); })  // fd=0 is Windows directory sentinel
-#else
-        defer(close(fd);)
-#endif
+        defer(if (fd >= 0) { close(fd); })
         if (fc == NULL) {
             if (S_ISREG(st.st_mode) ||
                 (S_ISDIR(st.st_mode) &&
@@ -100,61 +97,67 @@ file_cache_ptr FileCache::Open(const char* filepath, OpenParam* param) {
                 return NULL;
             }
         }
-        // Hold fc->mutex for the remainder of initialization
-        std::lock_guard<std::mutex> lock(fc->mutex);
-        if (S_ISREG(fc->st.st_mode)) {
-            param->filesize = fc->st.st_size;
-            // FILE
-            if (param->need_read) {
-                if (fc->st.st_size > param->max_read) {
-                    param->error = ERR_OVER_LIMIT;
-                    // Don't cache incomplete entries
-                    return NULL;
-                }
-                fc->resize_buf(fc->st.st_size, max_header_length);
-                // Loop to handle partial reads (EINTR, etc.)
-                char* dst = fc->filebuf.base;
-                size_t remaining = fc->filebuf.len;
-                while (remaining > 0) {
-                    ssize_t nread = read(fd, dst, remaining);
-                    if (nread < 0) {
-                        if (errno == EINTR) continue;
-                        hloge("Failed to read file: %s", filepath);
-                        param->error = ERR_READ_FILE;
+        // Hold fc->mutex for initialization, but release before put()
+        // to avoid lock-order inversion with RemoveExpiredFileCache().
+        // Lock order: LRUCache mutex → fc->mutex (never reverse).
+        {
+            std::lock_guard<std::mutex> lock(fc->mutex);
+            // Sync local stat result into cached entry
+            fc->st = st;
+            if (S_ISREG(fc->st.st_mode)) {
+                param->filesize = fc->st.st_size;
+                // FILE
+                if (param->need_read) {
+                    if (fc->st.st_size > param->max_read) {
+                        param->error = ERR_OVER_LIMIT;
+                        // Don't cache incomplete entries
                         return NULL;
                     }
-                    if (nread == 0) {
-                        hloge("Unexpected EOF reading file: %s", filepath);
-                        param->error = ERR_READ_FILE;
-                        return NULL;
+                    fc->resize_buf(fc->st.st_size, max_header_length);
+                    // Loop to handle partial reads (EINTR, etc.)
+                    char* dst = fc->filebuf.base;
+                    size_t remaining = fc->filebuf.len;
+                    while (remaining > 0) {
+                        ssize_t nread = read(fd, dst, remaining);
+                        if (nread < 0) {
+                            if (errno == EINTR) continue;
+                            hloge("Failed to read file: %s", filepath);
+                            param->error = ERR_READ_FILE;
+                            return NULL;
+                        }
+                        if (nread == 0) {
+                            hloge("Unexpected EOF reading file: %s", filepath);
+                            param->error = ERR_READ_FILE;
+                            return NULL;
+                        }
+                        dst += nread;
+                        remaining -= nread;
                     }
-                    dst += nread;
-                    remaining -= nread;
                 }
-            }
-            const char* suffix = strrchr(filepath, '.');
-            if (suffix) {
-                http_content_type content_type = http_content_type_enum_by_suffix(suffix + 1);
-                if (content_type == TEXT_HTML) {
-                    fc->content_type = "text/html; charset=utf-8";
-                } else if (content_type == TEXT_PLAIN) {
-                    fc->content_type = "text/plain; charset=utf-8";
-                } else {
-                    fc->content_type = http_content_type_str_by_suffix(suffix + 1);
+                const char* suffix = strrchr(filepath, '.');
+                if (suffix) {
+                    http_content_type content_type = http_content_type_enum_by_suffix(suffix + 1);
+                    if (content_type == TEXT_HTML) {
+                        fc->content_type = "text/html; charset=utf-8";
+                    } else if (content_type == TEXT_PLAIN) {
+                        fc->content_type = "text/plain; charset=utf-8";
+                    } else {
+                        fc->content_type = http_content_type_str_by_suffix(suffix + 1);
+                    }
                 }
+            } else if (S_ISDIR(fc->st.st_mode)) {
+                // DIR
+                std::string page;
+                make_index_of_page(filepath, page, param->path);
+                fc->resize_buf(page.size(), max_header_length);
+                memcpy(fc->filebuf.base, page.c_str(), page.size());
+                fc->content_type = "text/html; charset=utf-8";
             }
-        } else if (S_ISDIR(fc->st.st_mode)) {
-            // DIR
-            std::string page;
-            make_index_of_page(filepath, page, param->path);
-            fc->resize_buf(page.size(), max_header_length);
-            memcpy(fc->filebuf.base, page.c_str(), page.size());
-            fc->content_type = "text/html; charset=utf-8";
-        }
-        gmtime_fmt(fc->st.st_mtime, fc->last_modified);
-        snprintf(fc->etag, sizeof(fc->etag), ETAG_FMT,
-                 (size_t)fc->st.st_mtime, (size_t)fc->st.st_size);
-        // Cache the fully initialized entry
+            gmtime_fmt(fc->st.st_mtime, fc->last_modified);
+            snprintf(fc->etag, sizeof(fc->etag), ETAG_FMT,
+                     (size_t)fc->st.st_mtime, (size_t)fc->st.st_size);
+        } // release fc->mutex before put() to maintain lock ordering
+        // Cache the fully initialized entry (acquires LRUCache mutex only)
         put(filepath, fc);
     }
     return fc;
@@ -179,7 +182,12 @@ file_cache_ptr FileCache::Get(const char* filepath) {
 void FileCache::RemoveExpiredFileCache() {
     time_t now = time(NULL);
     remove_if([this, now](const std::string& filepath, const file_cache_ptr& fc) {
-        std::lock_guard<std::mutex> lock(fc->mutex);
+        // Use try_to_lock to avoid lock-order inversion with Open().
+        // If the entry is busy, skip it — it will be checked next cycle.
+        std::unique_lock<std::mutex> lock(fc->mutex, std::try_to_lock);
+        if (!lock.owns_lock()) {
+            return false;
+        }
         return (now - fc->stat_time > expired_time);
     });
 }

http/server/FileCache.h

@@ -87,9 +87,14 @@ typedef struct file_cache_s {
 
     // Thread-safe: prepend header into reserved space.
     // Returns true on success, false if header exceeds reserved space.
+    // On failure, httpbuf falls back to filebuf (body only, no header).
     bool prepend_header(const char* header, int len) {
         std::lock_guard<std::mutex> lock(mutex);
-        if (len <= 0 || len > header_reserve) return false;
+        if (len <= 0 || len > header_reserve) {
+            // Safe fallback: point httpbuf at filebuf so callers always get valid data
+            httpbuf = filebuf;
+            return false;
+        }
         httpbuf.base = filebuf.base - len;
         httpbuf.len = (size_t)len + filebuf.len;
         memcpy(httpbuf.base, header, len);
@@ -144,8 +149,8 @@ class HV_EXPORT FileCache : public hv::LRUCache<std::string, file_cache_ptr> {
     int  GetExpiredTime()       const { return expired_time; }
 
     // --- new: setters ---
-    void SetMaxHeaderLength(int len)    { max_header_length = len; }
-    void SetMaxFileSize(int size)       { max_file_size = size; }
+    void SetMaxHeaderLength(int len)    { max_header_length = len < 0 ? 0 : len; }
+    void SetMaxFileSize(int size)       { max_file_size = size < 1 ? 1 : size; }
 
 protected:
     file_cache_ptr Get(const char* filepath);

http/server/HttpServer.cpp

@@ -136,6 +136,7 @@ static void loop_thread(void* userdata) {
         FileCache* filecache = &privdata->filecache;
         filecache->stat_interval = service->file_cache_stat_interval;
         filecache->expired_time = service->file_cache_expired_time;
+        filecache->max_file_size = service->max_file_cache_size;
         if (filecache->expired_time > 0) {
             // NOTE: add timer to remove expired file cache
             htimer_t* timer = htimer_add(hloop, [](htimer_t* timer) {