jwtiny 1.8.2

Minimal JWT validation library for build web services
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

//! Bounds validation utilities
//!
//! This module provides utilities for validating bounds on various values,
//! including timestamp bounds, field size limits, and cache key validation.

use crate::error::{Error, Result};
use crate::limits::{MAX_CACHE_KEY_LENGTH, MAX_TIMESTAMP, MIN_TIMESTAMP};

/// Check if timestamp is within acceptable bounds
pub(crate) fn validate_timestamp_bounds(value: i64) -> Result<()> {
    if !(MIN_TIMESTAMP..=MAX_TIMESTAMP).contains(&value) {
        return Err(Error::TimestampOutOfBounds {
            value,
            min: MIN_TIMESTAMP,
            max: MAX_TIMESTAMP,
        });
    }
    Ok(())
}

/// Apply clock skew to a timestamp with overflow protection
pub(crate) fn apply_clock_skew(timestamp: i64, skew_seconds: u64, add: bool) -> Result<i64> {
    let skew_i64 = skew_seconds as i64;
    if add {
        timestamp.checked_add(skew_i64)
    } else {
        timestamp.checked_sub(skew_i64)
    }
    .ok_or(Error::TimestampOverflow)
}

/// Validate string field size
pub(crate) fn validate_field_size(field: &str, value: &str, max: usize) -> Result<()> {
    if value.len() > max {
        return Err(Error::HeaderFieldTooLong {
            field: field.into(),
            length: value.len(),
            max,
        });
    }
    Ok(())
}

/// Check if cache key length is valid to prevent DoS attacks
pub(crate) fn is_valid_cache_key(key: &str) -> bool {
    key.len() <= MAX_CACHE_KEY_LENGTH
}