uwe.admin/oatpp-authkit
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
No description
5 commits 1 branch 21 tags 434 KiB
Find a file
Exact
Uwe Schuster ccb77daac5 Add ws::Hub + ws::Listener — WebSocket pub/sub hub 
Lifted from fewo-webapp src/ws/ — zero fewo-webapp domain coupling in
the public surface. Classes renamed WSHub→Hub, WSListener→Listener and
namespaced under oatpp_authkit::ws.

Features:
- 64 KB per-message cap (rejects fragmented frames exceeding the buffer)
- 500-socket cap
- Detached housekeeper thread pinging idle sockets >90 s, closing >180 s
- Per-socket SocketInfo (userId, role, property scopes) populated via
  thread_local handoff from the HTTP controller that served the upgrade

Consumers construct a Hub and pass it to oatpp's
HttpConnectionHandler::setSocketInstanceListener. No other integration
required.

Unblocks fewo-webapp #452.
2026-04-22 23:19:40 +02:00
cmake v0.1.0: initial clean-lift from fewo-webapp 2026-04-21 21:42:53 +02:00
docs v0.1.0: initial clean-lift from fewo-webapp 2026-04-21 21:42:53 +02:00
include/oatpp-authkit Add ws::Hub + ws::Listener — WebSocket pub/sub hub 2026-04-22 23:19:40 +02:00
.gitignore v0.1.0: initial clean-lift from fewo-webapp 2026-04-21 21:42:53 +02:00
CMakeLists.txt v0.2.1: wrap clean-lift headers in namespace oatpp_authkit 2026-04-21 21:53:21 +02:00
README.md v0.1.0: initial clean-lift from fewo-webapp 2026-04-21 21:42:53 +02:00

README.md

oatpp-authkit

Header-only C++ library distilled from fewo-webapp's hardened auth / security stack. Header-only, oatpp 1.3+, C++17.

What's in v0.1 (the clean-lift set)

Header Purpose
interceptor/SecurityHeadersInterceptor.hpp CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy. Strict defaults.
interceptor/BodySizeLimitInterceptor.hpp Reject request bodies above a configurable limit with 413 before they hit your handlers.
handler/JsonErrorHandler.hpp Normalises thrown exceptions into {status, message} JSON so controllers never leak raw HTML error pages.
util/RateLimiter.hpp In-memory token-bucket keyed on an arbitrary string (typically the client IP from clientIpTrusted).
util/TokenExtract.hpp extractToken (Cookie/Bearer), isValidIp (IPv4/IPv6 via inet_pton), clientIpTrusted (loopback-gated XFF).
startup/RequireEncryptionKey.hpp requireEncryptionKey(envVarName, encryptionEnabled, allowPlaintext) — refuse startup without a symmetric key unless a dev flag overrides.

Consume via CMake

# FetchContent (pin to a tag):
include(FetchContent)
FetchContent_Declare(oatpp-authkit
    GIT_REPOSITORY https://git.uwe-schuster.info/uwe.admin/oatpp-authkit.git
    GIT_TAG v0.1.0)
FetchContent_MakeAvailable(oatpp-authkit)

target_link_libraries(app PRIVATE oatpp::authkit)

Or after cmake --install:

find_package(oatpp-authkit 0.1 REQUIRED)
target_link_libraries(app PRIVATE oatpp::authkit)

Roadmap

  • v0.2AuthInterceptor + requireAdmin ported onto three seams (IAuthBackend, IAuthPolicy, IRuntimeConfig) so consumers plug in their own user store, public-path list, and admin role set without forking the interceptor.
  • Later — session cookie helpers, API-key rotation, re-encryption migration.

See docs/security-baseline.md for language-neutral CSP / rate-limit / body-size constants that non-C++ consumers can re-implement directly.