feat: Harden HTTP server security settings

ysyneu · ysyneu · commit 85e1bd106371 · 2025-07-04T00:14:16.000+08:00
Adjust HTTP server timeouts to better support SSE streaming and improve security.

- Set ReadTimeout to 0 to prevent premature disconnection of SSE connections.

- Add IdleTimeout to prevent dangling connections.

- Set MaxHeaderBytes to a reasonable limit to mitigate memory exhaustion attacks.
diff --git a/internal/flashduty/server.go b/internal/flashduty/server.go
@@ -310,8 +310,10 @@ func RunHTTPServer(cfg HTTPServerConfig) error {
 		Addr:              ":" + cfg.Port,
 		Handler:           mux,
 		ReadHeaderTimeout: 30 * time.Second,
-		ReadTimeout:       30 * time.Second,
-		WriteTimeout:      0, // No timeout for streaming
+		ReadTimeout:       0,                // No timeout for streaming
+		WriteTimeout:      0,                // No timeout for streaming
+		IdleTimeout:       60 * time.Second, // Prevent dangling connections
+		MaxHeaderBytes:    128 * 1024,       // 128KB
 	}
 
 	go func() {
