uwe.admin/oatpp-authkit
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
oatpp-authkit/include/oatpp-authkit/interceptor/BodySizeLimitInterceptor.hpp
Uwe Schuster 32356ad226 v0.1.0: initial clean-lift from fewo-webapp 
Header-only C++ library; CMake config package; zero-coupling files lifted
from fewo-webapp:

  interceptor/SecurityHeadersInterceptor.hpp
  interceptor/BodySizeLimitInterceptor.hpp
  handler/JsonErrorHandler.hpp
  util/RateLimiter.hpp
  util/TokenExtract.hpp    (extractToken, isValidIp, clientIpTrusted)
  startup/RequireEncryptionKey.hpp

fewo-specific couplings (bindAddress global, fewo::config) replaced with
explicit function arguments so the library stands alone.

AuthInterceptor + requireAdmin deferred to v0.2 — they need IAuthBackend /
IAuthPolicy / IRuntimeConfig seams designed first.

docs/security-baseline.md ships CSP / rate-limit / body-size / encryption
key constants as language-neutral baselines for non-C++ consumers.

Closes fewo-webapp#412

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 21:42:53 +02:00

43 lines
1.6 KiB
C++
Raw Blame History

#ifndef BodySizeLimitInterceptor_hpp
#define BodySizeLimitInterceptor_hpp
#include "oatpp/web/server/interceptor/RequestInterceptor.hpp"
#include "oatpp/web/protocol/http/outgoing/ResponseFactory.hpp"
/**
* @brief Request interceptor that rejects requests exceeding a body size limit.
*
* Checks the Content-Length header and returns HTTP 413 (Payload Too Large)
* if the declared body size exceeds the configured maximum.
*/
class BodySizeLimitInterceptor : public oatpp::web::server::interceptor::RequestInterceptor {
private:
size_t m_maxBytes;
public:
/**
* @param maxBytes Maximum allowed request body size in bytes.
*/
explicit BodySizeLimitInterceptor(size_t maxBytes) : m_maxBytes(maxBytes) {}
std::shared_ptr<OutgoingResponse> intercept(const std::shared_ptr<IncomingRequest>& request) override {
auto contentLength = request->getHeader("Content-Length");
if (contentLength && !contentLength->empty()) {
try {
size_t len = std::stoull(std::string(*contentLength));
if (len > m_maxBytes) {
auto response = oatpp::web::protocol::http::outgoing::ResponseFactory::createResponse(
oatpp::web::protocol::http::Status(413, "Payload Too Large"),
"{\"status\":\"Payload Too Large\"}");
response->putHeader("Content-Type", "application/json");
return response;
}
} catch (...) {
// Malformed Content-Length — let it through, Oat++ will handle it
}
}
return nullptr; // pass through
}
};
#endif
Reference in a new issue View git blame Copy permalink