Uwe Schuster
9976efe1de
L-1 RequireRole: guard std::stoi on the bundle id — a non-numeric/out-of-range
value now yields a clean 401 instead of an uncaught exception → 500.
AuthPrincipal::id documented as numeric-only (carry UUIDs in username).
L-2 SmtpTransport: require TLS (CURLUSESSL_ALL) for non-loopback relays so a
stripped STARTTLS can't downgrade credentials/body to cleartext; localhost
relay stays opportunistic.
L-3 AuditLog: escapeJson now escapes all control chars (RFC 8259) so a newline
in a field can't forge/corrupt the audit JSON; SKIP_FIELDS gains credential
names (password/passwordHash/tlsCertDn/apiKey/token/secret) so secrets never
land in changed_fields.
L-4 ws/Hub: consume the thread_local auth handoff once, up front, and clear it
unconditionally — a stale value can't attach to a later connection on a
reused worker thread.
L-5 TemporalRepository: default id generator draws 128 bits from the platform
CSPRNG (std::random_device) per call instead of a once-seeded mt19937_64,
so entity_ids aren't predictable from observed output.
L-6 AuthInterceptor: expired-session sweep is now a lock-free atomic timer and
exception-isolated; documented that resolveBySessionHash() must enforce
expiry at query time (the sweep is GC only).
L-7 new util/ConstantTime.hpp (constantTimeEquals) + TokenHasher doc requiring a
>=256-bit cryptographic hash.
L-8 IQueryable: likeEscape + Field::likeContains/likePrefix emit
`LIKE ? ESCAPE '\'` with %/_/\ escaped for untrusted terms; documented the
compile-time identifier-source invariant.
Tests: new test_constant_time; likeEscape/likeContains/likePrefix cases added to
test_queryable. All 20 ctest targets pass. README + header docs updated.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
28 lines
969 B
C++
28 lines
969 B
C++
#ifndef OATPP_AUTHKIT_AUTH_PRINCIPAL_HPP
|
|
#define OATPP_AUTHKIT_AUTH_PRINCIPAL_HPP
|
|
|
|
#include <string>
|
|
|
|
namespace oatpp_authkit {
|
|
|
|
/**
|
|
* @brief Library-owned authenticated-user value.
|
|
*
|
|
* Intentionally decoupled from any consumer-specific DTO so the library
|
|
* stays portable. Consumers translate from their own UserDto (or whatever)
|
|
* into this struct inside their IAuthBackend implementation.
|
|
*/
|
|
struct AuthPrincipal {
|
|
/// Stable numeric id from the user store. NOTE (authkit#16 L-1): this is an
|
|
/// `int`, so it only round-trips numeric ids. A store keyed on UUIDs / other
|
|
/// non-numeric ids must not stuff them here — `requireUser` rejects a
|
|
/// non-numeric bundle id with 401. Carry such identities in `username` (or
|
|
/// extend this struct) instead.
|
|
int id{0};
|
|
std::string username;
|
|
std::string role; ///< Arbitrary string; policy decides what "admin"/"readonly" mean.
|
|
};
|
|
|
|
} // namespace oatpp_authkit
|
|
|
|
#endif
|