code: cpp,dbal,hpp (3 files)

This commit is contained in:
2025-12-26 01:28:59 +00:00
parent f2f7e4b4cc
commit add892f565
3 changed files with 65 additions and 1043 deletions

File diff suppressed because it is too large Load Diff

View File

@@ -1,105 +1,46 @@
#pragma once
/**
* @file nonce_store.hpp
* @brief Nonce storage for replay attack prevention
* @details Header-only, thread-safe nonce management
* @brief Nonce storage for replay attack prevention (thread-safe wrapper)
*/
#include <string>
#include <unordered_map>
#include <chrono>
#include <mutex>
#include "nonce_check_and_store.hpp"
#include "nonce_cleanup.hpp"
#include "nonce_maybe_cleanup.hpp"
#include "nonce_size.hpp"
namespace dbal::security {
/**
* Thread-safe nonce store with automatic expiry
* Used to prevent replay attacks in signed requests
* Wraps individual nonce functions with mutex protection
*/
class NonceStore {
public:
/**
* @param expiry_seconds How long nonces are remembered
* @param cleanup_interval_seconds How often to purge expired (0 = every check)
*/
explicit NonceStore(
int expiry_seconds = 300,
int cleanup_interval_seconds = 60
)
: expiry_seconds_(expiry_seconds)
, cleanup_interval_seconds_(cleanup_interval_seconds)
{}
explicit NonceStore(int expiry_seconds = 300, int cleanup_interval_seconds = 60) {
storage_.expiry_seconds = expiry_seconds;
storage_.cleanup_interval_seconds = cleanup_interval_seconds;
}
/**
* Check if nonce was already used, and mark it as used
* @param nonce The nonce string to check
* @return true if nonce is fresh (not seen before), false if replay
*/
bool check_and_store(const std::string& nonce) {
std::lock_guard<std::mutex> lock(mutex_);
auto now = std::chrono::steady_clock::now();
// Periodic cleanup
maybe_cleanup(now);
// Check if already exists
auto it = nonces_.find(nonce);
if (it != nonces_.end()) {
// Replay detected
return false;
}
// Store new nonce
nonces_[nonce] = now;
return true;
nonce_maybe_cleanup(storage_);
return nonce_check_and_store(storage_, nonce);
}
/**
* Get count of stored nonces (for monitoring)
*/
size_t size() const {
std::lock_guard<std::mutex> lock(mutex_);
return nonces_.size();
return nonce_size(storage_);
}
/**
* Force cleanup of expired nonces
*/
void cleanup() {
std::lock_guard<std::mutex> lock(mutex_);
do_cleanup(std::chrono::steady_clock::now());
nonce_cleanup(storage_);
}
private:
void maybe_cleanup(std::chrono::steady_clock::time_point now) {
auto elapsed = std::chrono::duration_cast<std::chrono::seconds>(
now - last_cleanup_
).count();
if (elapsed >= cleanup_interval_seconds_) {
do_cleanup(now);
}
}
void do_cleanup(std::chrono::steady_clock::time_point now) {
auto cutoff = now - std::chrono::seconds(expiry_seconds_);
for (auto it = nonces_.begin(); it != nonces_.end(); ) {
if (it->second < cutoff) {
it = nonces_.erase(it);
} else {
++it;
}
}
last_cleanup_ = now;
}
int expiry_seconds_;
int cleanup_interval_seconds_;
std::unordered_map<std::string, std::chrono::steady_clock::time_point> nonces_;
std::chrono::steady_clock::time_point last_cleanup_{};
NonceStorage storage_;
mutable std::mutex mutex_;
};

View File

@@ -2,8 +2,7 @@
/**
* @file security.hpp
* @brief Fort Knox Security Suite - includes all security headers
* @details Convenience header to include all security utilities
* Each function is in its own .hpp file (1 function = 1 file)
* @details Each function is in its own .hpp file (1 function = 1 file)
*
* Usage:
* #include "security/security.hpp"
@@ -15,11 +14,9 @@
* dbal::security::RateLimiter limiter(100, 200);
* if (!limiter.try_acquire(client_ip)) { return 429; }
*
* // Sign request
* auto sig = dbal::security::hmac_sha256(key, key_len, payload);
*
* // Validate path
* auto safe = dbal::security::validate_path("/data", user_input);
* // Or use functions directly
* dbal::security::TokenBucket bucket;
* if (!dbal::security::rate_limit_try_acquire(bucket, 100, 200)) { return 429; }
*/
// HTTP security headers
@@ -47,7 +44,17 @@
#include "generate_nonce.hpp"
#include "generate_token.hpp"
// Classes (cohesive units, stay as single files)
// Rate limiting functions
#include "rate_limit_try_acquire.hpp"
#include "rate_limit_remaining.hpp"
// Nonce functions
#include "nonce_check_and_store.hpp"
#include "nonce_cleanup.hpp"
#include "nonce_maybe_cleanup.hpp"
#include "nonce_size.hpp"
// Thread-safe wrappers (use these for convenience)
#include "rate_limiter.hpp"
#include "nonce_store.hpp"