oatpp-authkit

3 commits 1 branch 21 tags 434 KiB

Author	SHA1	Message	Date
Uwe Schuster	081e0b36dc	v0.2.1: wrap clean-lift headers in namespace oatpp_authkit The four clean-lift headers (SecurityHeadersInterceptor, BodySizeLimitInterceptor, JsonErrorHandler, RateLimiter) were copied verbatim in v0.1.0 and left in the global namespace — consumers that adopt the library alongside existing same-named classes (e.g. fewo-webapp during the #417 swap) would hit ODR clashes. Wrap them in the same namespace the v0.2 auth seams use. Patch bump; no API surface change beyond the qualifier. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 21:53:21 +02:00
Uwe Schuster	495c8ddbb9	v0.2.0: IAuthBackend/IAuthPolicy/IRuntimeConfig seams + AuthInterceptor port Ports the fewo-webapp AuthInterceptor + requireAdmin onto three abstract interfaces so consumer apps plug in their own user store, public paths, and runtime config without forking: auth/AuthPrincipal.hpp library-owned {id, username, role} value auth/IAuthBackend.hpp resolveBy{Session,ApiKey,Cert}, hasActiveUsers, deleteExpiredSessions auth/IAuthPolicy.hpp isPublicPath, adminRoles, readonlyRoles, setupModeActive (defaults: admin/readonly, no public paths, setup off) auth/IRuntimeConfig.hpp bindAddress, isLoopback auth/AuthInterceptor.hpp intercept() running the same 6-step ladder as fewo's original (public → setup → cert DN → session/API key → CSRF → readonly) auth/RequireRole.hpp requireUser + requireAdmin helpers reading bundle data (config-driven role sets, not hard-coded 'admin') TokenHasher is passed in so the library doesn't prescribe SHA-256 vs. whatever. Bundle keys match fewo's existing controllers so the consumer migration in #418 is a straightforward adapter swap. Smoke-compiled against oatpp 1.3.0 headers. Closes fewo-webapp#413 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 21:48:43 +02:00
Uwe Schuster	32356ad226	v0.1.0: initial clean-lift from fewo-webapp Header-only C++ library; CMake config package; zero-coupling files lifted from fewo-webapp: interceptor/SecurityHeadersInterceptor.hpp interceptor/BodySizeLimitInterceptor.hpp handler/JsonErrorHandler.hpp util/RateLimiter.hpp util/TokenExtract.hpp (extractToken, isValidIp, clientIpTrusted) startup/RequireEncryptionKey.hpp fewo-specific couplings (bindAddress global, fewo::config) replaced with explicit function arguments so the library stands alone. AuthInterceptor + requireAdmin deferred to v0.2 — they need IAuthBackend / IAuthPolicy / IRuntimeConfig seams designed first. docs/security-baseline.md ships CSP / rate-limit / body-size / encryption key constants as language-neutral baselines for non-C++ consumers. Closes fewo-webapp#412 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 21:42:53 +02:00

Author

SHA1

Message

Date

Uwe Schuster

081e0b36dc

v0.2.1: wrap clean-lift headers in namespace oatpp_authkit

The four clean-lift headers (SecurityHeadersInterceptor,
BodySizeLimitInterceptor, JsonErrorHandler, RateLimiter) were copied
verbatim in v0.1.0 and left in the global namespace — consumers that
adopt the library alongside existing same-named classes (e.g. fewo-webapp
during the #417 swap) would hit ODR clashes.

Wrap them in the same namespace the v0.2 auth seams use. Patch bump; no
API surface change beyond the qualifier.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-21 21:53:21 +02:00

Uwe Schuster

495c8ddbb9

v0.2.0: IAuthBackend/IAuthPolicy/IRuntimeConfig seams + AuthInterceptor port

Ports the fewo-webapp AuthInterceptor + requireAdmin onto three abstract
interfaces so consumer apps plug in their own user store, public paths,
and runtime config without forking:

  auth/AuthPrincipal.hpp      library-owned {id, username, role} value
  auth/IAuthBackend.hpp       resolveBy{Session,ApiKey,Cert}, hasActiveUsers,
                              deleteExpiredSessions
  auth/IAuthPolicy.hpp        isPublicPath, adminRoles, readonlyRoles,
                              setupModeActive (defaults: admin/readonly,
                              no public paths, setup off)
  auth/IRuntimeConfig.hpp     bindAddress, isLoopback
  auth/AuthInterceptor.hpp    intercept() running the same 6-step ladder as
                              fewo's original (public → setup → cert DN →
                              session/API key → CSRF → readonly)
  auth/RequireRole.hpp        requireUser + requireAdmin helpers reading
                              bundle data (config-driven role sets, not
                              hard-coded 'admin')

TokenHasher is passed in so the library doesn't prescribe SHA-256 vs.
whatever. Bundle keys match fewo's existing controllers so the consumer
migration in #418 is a straightforward adapter swap.

Smoke-compiled against oatpp 1.3.0 headers.

Closes fewo-webapp#413

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-21 21:48:43 +02:00

Uwe Schuster

32356ad226

v0.1.0: initial clean-lift from fewo-webapp

Header-only C++ library; CMake config package; zero-coupling files lifted
from fewo-webapp:

  interceptor/SecurityHeadersInterceptor.hpp
  interceptor/BodySizeLimitInterceptor.hpp
  handler/JsonErrorHandler.hpp
  util/RateLimiter.hpp
  util/TokenExtract.hpp    (extractToken, isValidIp, clientIpTrusted)
  startup/RequireEncryptionKey.hpp

fewo-specific couplings (bindAddress global, fewo::config) replaced with
explicit function arguments so the library stands alone.

AuthInterceptor + requireAdmin deferred to v0.2 — they need IAuthBackend /
IAuthPolicy / IRuntimeConfig seams designed first.

docs/security-baseline.md ships CSP / rate-limit / body-size / encryption
key constants as language-neutral baselines for non-C++ consumers.

Closes fewo-webapp#412

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-21 21:42:53 +02:00