HTTPD performance improvements

Author: Telesphoreo

src/main/java/dev/plex/HTTPDModule.java

@@ -19,6 +19,7 @@
 import org.eclipse.jetty.ee10.servlet.ServletHandler;
 import org.eclipse.jetty.ee10.servlet.ServletHolder;
 import org.eclipse.jetty.server.*;
+import org.eclipse.jetty.util.thread.QueuedThreadPool;
 
 import java.io.File;
 import java.util.EnumSet;
@@ -66,18 +67,29 @@ public void enable()
 
         serverThread = new Thread(() ->
         {
-            Server server = new Server();
+            int maxThreads = moduleConfig.getInt("server.threads.max", 16);
+            int minThreads = Math.min(moduleConfig.getInt("server.threads.min", 2), maxThreads);
+            int idleTimeout = moduleConfig.getInt("server.threads.idle-timeout-ms", 30_000);
+            QueuedThreadPool pool = new QueuedThreadPool(maxThreads, minThreads, idleTimeout);
+            pool.setName("Plex-HTTPD");
+            pool.setDaemon(true);
+
+            Server server = new Server(pool);
             ServletHandler servletHandler = new ServletHandler();
 
             context = new ServletContextHandler(ServletContextHandler.SESSIONS);
             context.setHandler(servletHandler);
             context.setContextPath("/");
             HttpConfiguration configuration = new HttpConfiguration();
             configuration.addCustomizer(new ForwardedRequestCustomizer());
+            configuration.setRequestHeaderSize(moduleConfig.getInt("server.limits.request-header-bytes", 8 * 1024));
+            configuration.setSendServerVersion(false);
             HttpConnectionFactory factory = new HttpConnectionFactory(configuration);
             ServerConnector connector = new ServerConnector(server, factory);
             connector.setHost(moduleConfig.getString("server.bind-address"));
             connector.setPort(moduleConfig.getInt("server.port"));
+            connector.setIdleTimeout(moduleConfig.getLong("server.limits.idle-timeout-ms", 15_000L));
+            connector.setAcceptQueueSize(moduleConfig.getInt("server.limits.accept-queue", 32));
 
             context.addFilter(new FilterHolder(new RateLimitFilter()), "/*", EnumSet.of(DispatcherType.REQUEST));
 

src/main/java/dev/plex/request/AbstractServlet.java

@@ -16,6 +16,7 @@
 import java.io.InputStreamReader;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.text.CharacterIterator;
 import java.text.StringCharacterIterator;
@@ -153,7 +154,20 @@ public static AuthenticatedUser currentStaff(HttpServletRequest request)
 
     public static String signInPrompt(String action)
     {
-        return "You must <a class=\"text-primary underline\" href=\"/oauth2/login\">sign in</a> as staff " + action + ".";
+        return signInPrompt(null, action);
+    }
+
+    public static String signInPrompt(HttpServletRequest request, String action)
+    {
+        String href = "/oauth2/login";
+        if (request != null)
+        {
+            String path = getRequestPath(request);
+            String query = request.getQueryString();
+            String returnTo = query == null || query.isEmpty() ? path : path + "?" + query;
+            href = href + "?return_to=" + URLEncoder.encode(returnTo, StandardCharsets.UTF_8);
+        }
+        return "You must <a class=\"text-primary underline\" href=\"" + href + "\">sign in</a> as staff " + action + ".";
     }
 
     public static String readFile(InputStream filename)

src/main/java/dev/plex/request/SchematicUploadServlet.java

@@ -30,7 +30,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
         AuthenticatedUser user = AbstractServlet.currentStaff(request);
         if (user == null)
         {
-            response.getWriter().println(schematicUploadBadHTML(AbstractServlet.signInPrompt("to upload schematics")));
+            response.getWriter().println(schematicUploadBadHTML(AbstractServlet.signInPrompt(request, "to upload schematics")));
             return;
         }
         File worldeditFolder = HTTPDModule.getWorldeditFolder();

src/main/java/dev/plex/request/impl/AuthenticationEndpoint.java

@@ -14,9 +14,14 @@
 import org.json.JSONObject;
 
 import java.io.IOException;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 
 public class AuthenticationEndpoint extends AbstractServlet
 {
+    private static final String RETURN_TO_COOKIE = "plex_return_to";
+
     @GetMapping(endpoint = "/oauth2/login")
     public String login(HttpServletRequest request, HttpServletResponse response) throws IOException
     {
@@ -26,6 +31,20 @@ public String login(HttpServletRequest request, HttpServletResponse response) th
             response.sendError(HttpServletResponse.SC_NOT_FOUND, "Authentication is not enabled.");
             return null;
         }
+
+        String returnTo = sanitizeReturnTo(request.getParameter("return_to"));
+        String cookieValue = returnTo == null ? "" : URLEncoder.encode(returnTo, StandardCharsets.UTF_8);
+        Cookie returnCookie = new Cookie(RETURN_TO_COOKIE, cookieValue);
+        returnCookie.setHttpOnly(true);
+        returnCookie.setPath("/");
+        returnCookie.setMaxAge(returnTo == null ? 0 : 600);
+        returnCookie.setAttribute("SameSite", "Lax");
+        if (request.isSecure() || "https".equalsIgnoreCase(request.getHeader("X-Forwarded-Proto")))
+        {
+            returnCookie.setSecure(true);
+        }
+        response.addCookie(returnCookie);
+
         response.sendRedirect(provider.buildAuthorizeUrl(request));
         return null;
     }
@@ -54,7 +73,12 @@ public String callback(HttpServletRequest request, HttpServletResponse response)
                     + "<p>" + escape(e.getMessage()) + "</p>"
                     + "<p><a href=\"/oauth2/login\">Try again</a></p>";
         }
-        response.sendRedirect("/");
+
+        String raw = readCookie(request, RETURN_TO_COOKIE);
+        String decoded = raw == null || raw.isEmpty() ? null : URLDecoder.decode(raw, StandardCharsets.UTF_8);
+        String target = sanitizeReturnTo(decoded);
+        clearReturnToCookie(request, response);
+        response.sendRedirect(target == null ? "/" : target);
         return null;
     }
 
@@ -103,19 +127,51 @@ public String me(HttpServletRequest request, HttpServletResponse response)
     }
 
     private static String readSessionCookie(HttpServletRequest request)
+    {
+        return readCookie(request, OAuth2Provider.SESSION_COOKIE);
+    }
+
+    private static String readCookie(HttpServletRequest request, String name)
     {
         Cookie[] cookies = request.getCookies();
         if (cookies == null) return null;
         for (Cookie cookie : cookies)
         {
-            if (OAuth2Provider.SESSION_COOKIE.equals(cookie.getName()))
+            if (name.equals(cookie.getName()))
             {
                 return cookie.getValue();
             }
         }
         return null;
     }
 
+    private void clearReturnToCookie(HttpServletRequest request, HttpServletResponse response)
+    {
+        Cookie clear = new Cookie(RETURN_TO_COOKIE, "");
+        clear.setHttpOnly(true);
+        clear.setPath("/");
+        clear.setMaxAge(0);
+        clear.setAttribute("SameSite", "Lax");
+        if (request.isSecure() || "https".equalsIgnoreCase(request.getHeader("X-Forwarded-Proto")))
+        {
+            clear.setSecure(true);
+        }
+        response.addCookie(clear);
+    }
+
+    private static String sanitizeReturnTo(String value)
+    {
+        if (value == null || value.isEmpty()) return null;
+        if (!value.startsWith("/")) return null;
+        if (value.startsWith("//") || value.startsWith("/\\")) return null;
+        for (int i = 0; i < value.length(); i++)
+        {
+            char c = value.charAt(i);
+            if (c == '\n' || c == '\r' || c == '\\') return null;
+        }
+        return value;
+    }
+
     private static String escape(String s)
     {
         if (s == null) return "";

src/main/java/dev/plex/request/impl/CommandsEndpoint.java

@@ -77,7 +77,7 @@ private static String renderSection(String plugin, List<Command> commands)
                         <svg class="size-4 text-muted-foreground transition-transform group-open:rotate-90" aria-hidden="true"><use href="#i-arrow-right"/></svg>
                         %s
                     </span>
-                    <span class="font-mono text-[11px] uppercase tracking-wider text-muted-foreground">
+                    <span class="text-sm text-muted-foreground">
                         %d %s
                     </span>
                 </summary>
@@ -113,11 +113,11 @@ private static String renderCard(Command c)
                     %s
                 </header>
                 %s
-                <dl class="mt-3 grid grid-cols-[max-content_1fr] gap-x-3 gap-y-1.5 border-t border-border/60 pt-3 font-mono text-[11px]">
-                    <dt class="text-muted-foreground uppercase tracking-wider">usage</dt>
-                    <dd class="text-foreground/80 break-all">%s</dd>
-                    <dt class="text-muted-foreground uppercase tracking-wider">perm</dt>
-                    <dd class="text-foreground/80 break-all">%s</dd>
+                <dl class="mt-3 grid grid-cols-[max-content_1fr] gap-x-3 gap-y-1.5 border-t border-border/60 pt-3 text-xs">
+                    <dt class="text-muted-foreground">usage</dt>
+                    <dd class="font-mono text-foreground/80 break-all">%s</dd>
+                    <dt class="text-muted-foreground">perm</dt>
+                    <dd class="font-mono text-foreground/80 break-all">%s</dd>
                 </dl>
             </article>
             """.formatted(searchBlob, name, aliasMarkup, descMarkup, usage, permission);

src/main/java/dev/plex/request/impl/IndefBansEndpoint.java

@@ -16,7 +16,7 @@ public String getBans(HttpServletRequest request, HttpServletResponse response)
         AuthenticatedUser user = currentStaff(request);
         if (user == null)
         {
-            return indefbansHTML(signInPrompt("to view this page"));
+            return indefbansHTML(signInPrompt(request, "to view this page"));
         }
 
         response.setHeader("content-type", "application/json");

src/main/java/dev/plex/request/impl/IndefBansUIEndpoint.java

@@ -19,7 +19,7 @@ public String getBans(HttpServletRequest request, HttpServletResponse response)
         AuthenticatedUser viewer = currentStaff(request);
         if (viewer == null)
         {
-            return errorHTML(signInPrompt("to view this page"));
+            return errorHTML(signInPrompt(request, "to view this page"));
         }
 
         List<IndefiniteBan> bans = Plex.get().getPunishmentManager().getIndefiniteBans();
@@ -66,24 +66,24 @@ private static String renderCard(IndefiniteBan ban)
         StringBuilder rows = new StringBuilder();
         if (!ban.getUsernames().isEmpty())
         {
-            rows.append(renderRow("users", "text-foreground/90 break-all", ban.getUsernames().stream().map(IndefBansUIEndpoint::escapeHtml).toList()));
+            rows.append(renderRow("Users", "text-foreground/90 break-all", ban.getUsernames().stream().map(IndefBansUIEndpoint::escapeHtml).toList()));
         }
         if (!ban.getUuids().isEmpty())
         {
-            rows.append(renderRow("uuids", "text-foreground/55 break-all", ban.getUuids().stream().map(UUID::toString).toList()));
+            rows.append(renderRow("UUIDs", "font-mono text-foreground/55 break-all", ban.getUuids().stream().map(UUID::toString).toList()));
         }
         if (!ban.getIps().isEmpty())
         {
-            rows.append(renderRow("ips", "text-warning break-all", ban.getIps().stream().map(IndefBansUIEndpoint::escapeHtml).toList()));
+            rows.append(renderRow("IPs", "font-mono text-warning break-all", ban.getIps().stream().map(IndefBansUIEndpoint::escapeHtml).toList()));
         }
 
         return """
             <article class="ring-card rounded-2xl bg-card p-5">
                 <header class="flex flex-wrap items-baseline justify-between gap-3">
                     <p class="text-sm">%s</p>
-                    <span class="font-mono text-[11px] uppercase tracking-wider text-muted-foreground">%d %s</span>
+                    <span class="text-xs text-muted-foreground">%d %s</span>
                 </header>
-                <dl class="mt-4 grid grid-cols-[max-content_1fr] gap-x-4 gap-y-2 border-t border-border/60 pt-3 font-mono text-[11px]">
+                <dl class="mt-4 grid grid-cols-[max-content_1fr] gap-x-4 gap-y-2 border-t border-border/60 pt-3 text-xs">
                     %s
                 </dl>
             </article>
@@ -98,7 +98,7 @@ private static String renderRow(String label, String valueClasses, List<String>
             items.append("<span>").append(value).append("</span>");
         }
         return """
-            <dt class="text-muted-foreground uppercase tracking-wider">%s</dt>
+            <dt class="text-muted-foreground">%s</dt>
             <dd class="flex flex-wrap gap-x-3 gap-y-1 %s">%s</dd>
             """.formatted(label, valueClasses, items);
     }