code: cpp,dbal,hpp (3 files)

2026-04-25 14:25:02 +00:00 · 2025-12-26 01:28:59 +00:00
parent f2f7e4b4cc
commit add892f565
3 changed files with 65 additions and 1043 deletions
--- a/dbal/cpp/src/client.cpp
+++ b/dbal/cpp/src/client.cpp
--- a/dbal/cpp/src/security/nonce_store.hpp
+++ b/dbal/cpp/src/security/nonce_store.hpp
@@ -1,105 +1,46 @@
 #pragma once
 /**
 * @file nonce_store.hpp
- * @brief Nonce storage for replay attack prevention
- * @details Header-only, thread-safe nonce management
+ * @brief Nonce storage for replay attack prevention (thread-safe wrapper)
 */

-#include <string>
-#include <unordered_map>
-#include <chrono>
 #include <mutex>
+#include "nonce_check_and_store.hpp"
+#include "nonce_cleanup.hpp"
+#include "nonce_maybe_cleanup.hpp"
+#include "nonce_size.hpp"

 namespace dbal::security {

 /**
 * Thread-safe nonce store with automatic expiry
- * Used to prevent replay attacks in signed requests
+ * Wraps individual nonce functions with mutex protection
 */
 class NonceStore {
 public:
-    /**
-     * @param expiry_seconds How long nonces are remembered
-     * @param cleanup_interval_seconds How often to purge expired (0 = every check)
-     */
-    explicit NonceStore(
-        int expiry_seconds = 300,
-        int cleanup_interval_seconds = 60
-    )
-        : expiry_seconds_(expiry_seconds)
-        , cleanup_interval_seconds_(cleanup_interval_seconds)
-    {}
+    explicit NonceStore(int expiry_seconds = 300, int cleanup_interval_seconds = 60) {
+        storage_.expiry_seconds = expiry_seconds;
+        storage_.cleanup_interval_seconds = cleanup_interval_seconds;
+    }
    
-    /**
-     * Check if nonce was already used, and mark it as used
-     * @param nonce The nonce string to check
-     * @return true if nonce is fresh (not seen before), false if replay
-     */
    bool check_and_store(const std::string& nonce) {
        std::lock_guard<std::mutex> lock(mutex_);
-        
-        auto now = std::chrono::steady_clock::now();
-        
-        // Periodic cleanup
-        maybe_cleanup(now);
-        
-        // Check if already exists
-        auto it = nonces_.find(nonce);
-        if (it != nonces_.end()) {
-            // Replay detected
-            return false;
-        }
-        
-        // Store new nonce
-        nonces_[nonce] = now;
-        return true;
+        nonce_maybe_cleanup(storage_);
+        return nonce_check_and_store(storage_, nonce);
    }
    
-    /**
-     * Get count of stored nonces (for monitoring)
-     */
    size_t size() const {
        std::lock_guard<std::mutex> lock(mutex_);
-        return nonces_.size();
+        return nonce_size(storage_);
    }
    
-    /**
-     * Force cleanup of expired nonces
-     */
    void cleanup() {
        std::lock_guard<std::mutex> lock(mutex_);
-        do_cleanup(std::chrono::steady_clock::now());
+        nonce_cleanup(storage_);
    }
    
 private:
-    void maybe_cleanup(std::chrono::steady_clock::time_point now) {
-        auto elapsed = std::chrono::duration_cast<std::chrono::seconds>(
-            now - last_cleanup_
-        ).count();
-        
-        if (elapsed >= cleanup_interval_seconds_) {
-            do_cleanup(now);
-        }
-    }
-    
-    void do_cleanup(std::chrono::steady_clock::time_point now) {
-        auto cutoff = now - std::chrono::seconds(expiry_seconds_);
-        
-        for (auto it = nonces_.begin(); it != nonces_.end(); ) {
-            if (it->second < cutoff) {
-                it = nonces_.erase(it);
-            } else {
-                ++it;
-            }
-        }
-        
-        last_cleanup_ = now;
-    }
-    
-    int expiry_seconds_;
-    int cleanup_interval_seconds_;
-    std::unordered_map<std::string, std::chrono::steady_clock::time_point> nonces_;
-    std::chrono::steady_clock::time_point last_cleanup_{};
+    NonceStorage storage_;
    mutable std::mutex mutex_;
 };

--- a/dbal/cpp/src/security/security.hpp
+++ b/dbal/cpp/src/security/security.hpp
@@ -2,8 +2,7 @@
 /**
 * @file security.hpp
 * @brief Fort Knox Security Suite - includes all security headers
- * @details Convenience header to include all security utilities
- *          Each function is in its own .hpp file (1 function = 1 file)
+ * @details Each function is in its own .hpp file (1 function = 1 file)
 * 
 * Usage:
 *   #include "security/security.hpp"
@@ -15,11 +14,9 @@
 *   dbal::security::RateLimiter limiter(100, 200);
 *   if (!limiter.try_acquire(client_ip)) { return 429; }
 *   
- *   // Sign request
- *   auto sig = dbal::security::hmac_sha256(key, key_len, payload);
- *   
- *   // Validate path
- *   auto safe = dbal::security::validate_path("/data", user_input);
+ *   // Or use functions directly
+ *   dbal::security::TokenBucket bucket;
+ *   if (!dbal::security::rate_limit_try_acquire(bucket, 100, 200)) { return 429; }
 */

 // HTTP security headers
@@ -47,7 +44,17 @@
 #include "generate_nonce.hpp"
 #include "generate_token.hpp"

-// Classes (cohesive units, stay as single files)
+// Rate limiting functions
+#include "rate_limit_try_acquire.hpp"
+#include "rate_limit_remaining.hpp"
+
+// Nonce functions
+#include "nonce_check_and_store.hpp"
+#include "nonce_cleanup.hpp"
+#include "nonce_maybe_cleanup.hpp"
+#include "nonce_size.hpp"
+
+// Thread-safe wrappers (use these for convenience)
 #include "rate_limiter.hpp"
 #include "nonce_store.hpp"