feat: implement HTTP allowed hosts/origins checking (#49)

Author: hugodutka

README.md

@@ -4,7 +4,6 @@ Control [Claude Code](https://github.com/anthropics/claude-code), [Goose](https:
 
 ![agentapi-chat](https://github.com/user-attachments/assets/57032c9f-4146-4b66-b219-09e38ab7690d)
 
-
 You can use AgentAPI:
 
 - to build a unified chat interface for coding agents
@@ -54,9 +53,6 @@ You can use AgentAPI:
 
 Run an HTTP server that lets you control an agent. If you'd like to start an agent with additional arguments, pass the full agent command after the `--` flag.
 
-> [!NOTE]
-> When using Codex, always specify the agent type explicitly (`agentapi server --type=codex -- codex`), or message formatting may break.
-
 ```bash
 agentapi server -- claude --allowedTools "Bash(git*) Edit Replace"
 ```
@@ -68,6 +64,9 @@ agentapi server -- aider --model sonnet --api-key anthropic=sk-ant-apio3-XXX
 agentapi server -- goose
 ```
 
+> [!NOTE]
+> When using Codex, always specify the agent type explicitly (`agentapi server --type=codex -- codex`), or message formatting may break.
+
 An OpenAPI schema is available in [openapi.json](openapi.json).
 
 By default, the server runs on port 3284. Additionally, the server exposes the same OpenAPI schema at http://localhost:3284/openapi.json and the available endpoints in a documentation UI at http://localhost:3284/docs.
@@ -79,6 +78,54 @@ There are 4 endpoints:
 - GET `/status` - returns the current status of the agent, either "stable" or "running"
 - GET `/events` - an SSE stream of events from the agent: message and status updates
 
+#### Allowed hosts
+
+By default, the server only allows requests with the host header set to `localhost`. If you'd like to host AgentAPI elsewhere, you can change this by using the `AGENTAPI_ALLOWED_HOSTS` environment variable or the `--allowed-hosts` flag. Hosts must be hostnames only (no ports); the server ignores the port portion of incoming requests when authorizing.
+
+To allow requests from any host, use `*` as the allowed host.
+
+```bash
+agentapi server --allowed-hosts '*' -- claude
+```
+
+To allow a specific host, use:
+
+```bash
+agentapi server --allowed-hosts 'example.com' -- claude
+```
+
+To specify multiple hosts, use a comma-separated list when using the `--allowed-hosts` flag, or a space-separated list when using the `AGENTAPI_ALLOWED_HOSTS` environment variable.
+
+```bash
+agentapi server --allowed-hosts 'example.com,example.org' -- claude
+# or
+AGENTAPI_ALLOWED_HOSTS='example.com example.org' agentapi server -- claude
+```
+
+#### Allowed origins
+
+By default, the server allows CORS requests from `http://localhost:3284`, `http://localhost:3000`, and `http://localhost:3001`. If you'd like to change which origins can make cross-origin requests to AgentAPI, you can change this by using the `AGENTAPI_ALLOWED_ORIGINS` environment variable or the `--allowed-origins` flag.
+
+To allow requests from any origin, use `*` as the allowed origin:
+
+```bash
+agentapi server --allowed-origins '*' -- claude
+```
+
+To allow a specific origin, use:
+
+```bash
+agentapi server --allowed-origins 'https://example.com' -- claude
+```
+
+To specify multiple origins, use a comma-separated list when using the `--allowed-origins` flag, or a space-separated list when using the `AGENTAPI_ALLOWED_ORIGINS` environment variable. Origins must include the protocol (`http://` or `https://`) and support wildcards (e.g., `https://*.example.com`):
+
+```bash
+agentapi server --allowed-origins 'https://example.com,http://localhost:3000' -- claude
+# or
+AGENTAPI_ALLOWED_ORIGINS='https://example.com http://localhost:3000' agentapi server -- claude
+```
+
 ### `agentapi attach`
 
 Attach to a running agent's terminal session.

cmd/server/server.go

@@ -95,12 +95,17 @@ func runServer(ctx context.Context, logger *slog.Logger, argsToPass []string) er
 		}
 	}
 	port := viper.GetInt(FlagPort)
-	srv := httpapi.NewServer(ctx, httpapi.ServerConfig{
-		AgentType:    agentType,
-		Process:      process,
-		Port:         port,
-		ChatBasePath: viper.GetString(FlagChatBasePath),
+	srv, err := httpapi.NewServer(ctx, httpapi.ServerConfig{
+		AgentType:      agentType,
+		Process:        process,
+		Port:           port,
+		ChatBasePath:   viper.GetString(FlagChatBasePath),
+		AllowedHosts:   viper.GetStringSlice(FlagAllowedHosts),
+		AllowedOrigins: viper.GetStringSlice(FlagAllowedOrigins),
 	})
+	if err != nil {
+		return xerrors.Errorf("failed to create server: %w", err)
+	}
 	if printOpenAPI {
 		fmt.Println(srv.GetOpenAPI())
 		return nil
@@ -150,12 +155,15 @@ type flagSpec struct {
 }
 
 const (
-	FlagType         = "type"
-	FlagPort         = "port"
-	FlagPrintOpenAPI = "print-openapi"
-	FlagChatBasePath = "chat-base-path"
-	FlagTermWidth    = "term-width"
-	FlagTermHeight   = "term-height"
+	FlagType           = "type"
+	FlagPort           = "port"
+	FlagPrintOpenAPI   = "print-openapi"
+	FlagChatBasePath   = "chat-base-path"
+	FlagTermWidth      = "term-width"
+	FlagTermHeight     = "term-height"
+	FlagAllowedHosts   = "allowed-hosts"
+	FlagAllowedOrigins = "allowed-origins"
+	FlagExit           = "exit"
 )
 
 func CreateServerCmd() *cobra.Command {
@@ -165,6 +173,10 @@ func CreateServerCmd() *cobra.Command {
 		Long:  fmt.Sprintf("Run the server with the specified agent (one of: %s)", strings.Join(agentNames, ", ")),
 		Args:  cobra.MinimumNArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
+			// The --exit flag is used for testing validation of flags in the test suite
+			if viper.GetBool(FlagExit) {
+				return
+			}
 			logger := slog.New(slog.NewTextHandler(os.Stdout, nil))
 			ctx := logctx.WithLogger(context.Background(), logger)
 			if err := runServer(ctx, logger, cmd.Flags().Args()); err != nil {
@@ -181,6 +193,10 @@ func CreateServerCmd() *cobra.Command {
 		{FlagChatBasePath, "c", "/chat", "Base path for assets and routes used in the static files of the chat interface", "string"},
 		{FlagTermWidth, "W", uint16(80), "Width of the emulated terminal", "uint16"},
 		{FlagTermHeight, "H", uint16(1000), "Height of the emulated terminal", "uint16"},
+		// localhost is the default host for the server. Port is ignored during matching.
+		{FlagAllowedHosts, "a", []string{"localhost", "127.0.0.1", "[::1]"}, "HTTP allowed hosts (hostnames only, no ports). Use '*' for all, comma-separated list via flag, space-separated list via AGENTAPI_ALLOWED_HOSTS env var", "stringSlice"},
+		// localhost:3284 is the default origin when you open the chat interface in your browser. localhost:3000 and 3001 are used during development.
+		{FlagAllowedOrigins, "o", []string{"http://localhost:3284", "http://localhost:3000", "http://localhost:3001"}, "HTTP allowed origins. Use '*' for all, comma-separated list via flag, space-separated list via AGENTAPI_ALLOWED_ORIGINS env var", "stringSlice"},
 	}
 
 	for _, spec := range flagSpecs {
@@ -193,6 +209,8 @@ func CreateServerCmd() *cobra.Command {
 			serverCmd.Flags().BoolP(spec.name, spec.shorthand, spec.defaultValue.(bool), spec.usage)
 		case "uint16":
 			serverCmd.Flags().Uint16P(spec.name, spec.shorthand, spec.defaultValue.(uint16), spec.usage)
+		case "stringSlice":
+			serverCmd.Flags().StringSliceP(spec.name, spec.shorthand, spec.defaultValue.([]string), spec.usage)
 		default:
 			panic(fmt.Sprintf("unknown flag type: %s", spec.flagType))
 		}
@@ -201,6 +219,14 @@ func CreateServerCmd() *cobra.Command {
 		}
 	}
 
+	serverCmd.Flags().Bool(FlagExit, false, "Exit immediately after parsing arguments")
+	if err := serverCmd.Flags().MarkHidden(FlagExit); err != nil {
+		panic(fmt.Sprintf("failed to mark flag %s as hidden: %v", FlagExit, err))
+	}
+	if err := viper.BindPFlag(FlagExit, serverCmd.Flags().Lookup(FlagExit)); err != nil {
+		panic(fmt.Sprintf("failed to bind flag %s: %v", FlagExit, err))
+	}
+
 	viper.SetEnvPrefix("AGENTAPI")
 	viper.AutomaticEnv()
 	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))