RubyGems - spikard - Versions diffs - 0.3.2 → 0.3.4 - Mend

spikard 0.3.2 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (180) hide show

checksums.yaml +4 -4
data/LICENSE +1 -1
data/README.md +659 -659
data/ext/spikard_rb/Cargo.toml +17 -17
data/ext/spikard_rb/extconf.rb +10 -10
data/ext/spikard_rb/src/lib.rs +6 -6
data/lib/spikard/app.rb +386 -386
data/lib/spikard/background.rb +27 -27
data/lib/spikard/config.rb +396 -396
data/lib/spikard/converters.rb +13 -13
data/lib/spikard/handler_wrapper.rb +113 -113
data/lib/spikard/provide.rb +214 -214
data/lib/spikard/response.rb +173 -173
data/lib/spikard/schema.rb +243 -243
data/lib/spikard/sse.rb +111 -111
data/lib/spikard/streaming_response.rb +44 -44
data/lib/spikard/testing.rb +221 -221
data/lib/spikard/upload_file.rb +131 -131
data/lib/spikard/version.rb +5 -5
data/lib/spikard/websocket.rb +59 -59
data/lib/spikard.rb +43 -43
data/sig/spikard.rbs +360 -360
data/vendor/crates/spikard-core/Cargo.toml +40 -40
data/vendor/crates/spikard-core/src/bindings/mod.rs +3 -3
data/vendor/crates/spikard-core/src/bindings/response.rs +133 -133
data/vendor/crates/spikard-core/src/debug.rs +63 -63
data/vendor/crates/spikard-core/src/di/container.rs +726 -726
data/vendor/crates/spikard-core/src/di/dependency.rs +273 -273
data/vendor/crates/spikard-core/src/di/error.rs +118 -118
data/vendor/crates/spikard-core/src/di/factory.rs +538 -538
data/vendor/crates/spikard-core/src/di/graph.rs +545 -545
data/vendor/crates/spikard-core/src/di/mod.rs +192 -192
data/vendor/crates/spikard-core/src/di/resolved.rs +411 -411
data/vendor/crates/spikard-core/src/di/value.rs +283 -283
data/vendor/crates/spikard-core/src/errors.rs +39 -39
data/vendor/crates/spikard-core/src/http.rs +153 -153
data/vendor/crates/spikard-core/src/lib.rs +29 -29
data/vendor/crates/spikard-core/src/lifecycle.rs +422 -422
data/vendor/crates/spikard-core/src/parameters.rs +722 -722
data/vendor/crates/spikard-core/src/problem.rs +310 -310
data/vendor/crates/spikard-core/src/request_data.rs +189 -189
data/vendor/crates/spikard-core/src/router.rs +249 -249
data/vendor/crates/spikard-core/src/schema_registry.rs +183 -183
data/vendor/crates/spikard-core/src/type_hints.rs +304 -304
data/vendor/crates/spikard-core/src/validation.rs +699 -699
data/vendor/crates/spikard-http/Cargo.toml +58 -58
data/vendor/crates/spikard-http/src/auth.rs +247 -247
data/vendor/crates/spikard-http/src/background.rs +249 -249
data/vendor/crates/spikard-http/src/bindings/mod.rs +3 -3
data/vendor/crates/spikard-http/src/bindings/response.rs +1 -1
data/vendor/crates/spikard-http/src/body_metadata.rs +8 -8
data/vendor/crates/spikard-http/src/cors.rs +490 -490
data/vendor/crates/spikard-http/src/debug.rs +63 -63
data/vendor/crates/spikard-http/src/di_handler.rs +423 -423
data/vendor/crates/spikard-http/src/handler_response.rs +190 -190
data/vendor/crates/spikard-http/src/handler_trait.rs +228 -228
data/vendor/crates/spikard-http/src/handler_trait_tests.rs +284 -284
data/vendor/crates/spikard-http/src/lib.rs +529 -529
data/vendor/crates/spikard-http/src/lifecycle/adapter.rs +149 -149
data/vendor/crates/spikard-http/src/lifecycle.rs +428 -428
data/vendor/crates/spikard-http/src/middleware/mod.rs +285 -285
data/vendor/crates/spikard-http/src/middleware/multipart.rs +86 -86
data/vendor/crates/spikard-http/src/middleware/urlencoded.rs +147 -147
data/vendor/crates/spikard-http/src/middleware/validation.rs +287 -287
data/vendor/crates/spikard-http/src/openapi/mod.rs +309 -309
data/vendor/crates/spikard-http/src/openapi/parameter_extraction.rs +190 -190
data/vendor/crates/spikard-http/src/openapi/schema_conversion.rs +308 -308
data/vendor/crates/spikard-http/src/openapi/spec_generation.rs +195 -195
data/vendor/crates/spikard-http/src/parameters.rs +1 -1
data/vendor/crates/spikard-http/src/problem.rs +1 -1
data/vendor/crates/spikard-http/src/query_parser.rs +369 -369
data/vendor/crates/spikard-http/src/response.rs +399 -399
data/vendor/crates/spikard-http/src/router.rs +1 -1
data/vendor/crates/spikard-http/src/schema_registry.rs +1 -1
data/vendor/crates/spikard-http/src/server/handler.rs +87 -87
data/vendor/crates/spikard-http/src/server/lifecycle_execution.rs +98 -98
data/vendor/crates/spikard-http/src/server/mod.rs +805 -805
data/vendor/crates/spikard-http/src/server/request_extraction.rs +119 -119
data/vendor/crates/spikard-http/src/sse.rs +447 -447
data/vendor/crates/spikard-http/src/testing/form.rs +14 -14
data/vendor/crates/spikard-http/src/testing/multipart.rs +60 -60
data/vendor/crates/spikard-http/src/testing/test_client.rs +285 -285
data/vendor/crates/spikard-http/src/testing.rs +377 -377
data/vendor/crates/spikard-http/src/type_hints.rs +1 -1
data/vendor/crates/spikard-http/src/validation.rs +1 -1
data/vendor/crates/spikard-http/src/websocket.rs +324 -324
data/vendor/crates/spikard-rb/Cargo.toml +42 -42
data/vendor/crates/spikard-rb/build.rs +8 -8
data/vendor/crates/spikard-rb/src/background.rs +63 -63
data/vendor/crates/spikard-rb/src/config.rs +294 -294
data/vendor/crates/spikard-rb/src/conversion.rs +453 -453
data/vendor/crates/spikard-rb/src/di.rs +409 -409
data/vendor/crates/spikard-rb/src/handler.rs +625 -625
data/vendor/crates/spikard-rb/src/lib.rs +2771 -2771
data/vendor/crates/spikard-rb/src/lifecycle.rs +274 -274
data/vendor/crates/spikard-rb/src/server.rs +283 -283
data/vendor/crates/spikard-rb/src/sse.rs +231 -231
data/vendor/crates/spikard-rb/src/test_client.rs +404 -404
data/vendor/crates/spikard-rb/src/test_sse.rs +143 -143
data/vendor/crates/spikard-rb/src/test_websocket.rs +221 -221
data/vendor/crates/spikard-rb/src/websocket.rs +233 -233
data/vendor/spikard-core/Cargo.toml +40 -40
data/vendor/spikard-core/src/bindings/mod.rs +3 -3
data/vendor/spikard-core/src/bindings/response.rs +133 -133
data/vendor/spikard-core/src/debug.rs +63 -63
data/vendor/spikard-core/src/di/container.rs +726 -726
data/vendor/spikard-core/src/di/dependency.rs +273 -273
data/vendor/spikard-core/src/di/error.rs +118 -118
data/vendor/spikard-core/src/di/factory.rs +538 -538
data/vendor/spikard-core/src/di/graph.rs +545 -545
data/vendor/spikard-core/src/di/mod.rs +192 -192
data/vendor/spikard-core/src/di/resolved.rs +411 -411
data/vendor/spikard-core/src/di/value.rs +283 -283
data/vendor/spikard-core/src/http.rs +153 -153
data/vendor/spikard-core/src/lib.rs +28 -28
data/vendor/spikard-core/src/lifecycle.rs +422 -422
data/vendor/spikard-core/src/parameters.rs +719 -719
data/vendor/spikard-core/src/problem.rs +310 -310
data/vendor/spikard-core/src/request_data.rs +189 -189
data/vendor/spikard-core/src/router.rs +249 -249
data/vendor/spikard-core/src/schema_registry.rs +183 -183
data/vendor/spikard-core/src/type_hints.rs +304 -304
data/vendor/spikard-core/src/validation.rs +699 -699
data/vendor/spikard-http/Cargo.toml +58 -58
data/vendor/spikard-http/src/auth.rs +247 -247
data/vendor/spikard-http/src/background.rs +249 -249
data/vendor/spikard-http/src/bindings/mod.rs +3 -3
data/vendor/spikard-http/src/bindings/response.rs +1 -1
data/vendor/spikard-http/src/body_metadata.rs +8 -8
data/vendor/spikard-http/src/cors.rs +490 -490
data/vendor/spikard-http/src/debug.rs +63 -63
data/vendor/spikard-http/src/di_handler.rs +423 -423
data/vendor/spikard-http/src/handler_response.rs +190 -190
data/vendor/spikard-http/src/handler_trait.rs +228 -228
data/vendor/spikard-http/src/handler_trait_tests.rs +284 -284
data/vendor/spikard-http/src/lib.rs +529 -529
data/vendor/spikard-http/src/lifecycle/adapter.rs +149 -149
data/vendor/spikard-http/src/lifecycle.rs +428 -428
data/vendor/spikard-http/src/middleware/mod.rs +285 -285
data/vendor/spikard-http/src/middleware/multipart.rs +86 -86
data/vendor/spikard-http/src/middleware/urlencoded.rs +147 -147
data/vendor/spikard-http/src/middleware/validation.rs +287 -287
data/vendor/spikard-http/src/openapi/mod.rs +309 -309
data/vendor/spikard-http/src/openapi/parameter_extraction.rs +190 -190
data/vendor/spikard-http/src/openapi/schema_conversion.rs +308 -308
data/vendor/spikard-http/src/openapi/spec_generation.rs +195 -195
data/vendor/spikard-http/src/parameters.rs +1 -1
data/vendor/spikard-http/src/problem.rs +1 -1
data/vendor/spikard-http/src/query_parser.rs +369 -369
data/vendor/spikard-http/src/response.rs +399 -399
data/vendor/spikard-http/src/router.rs +1 -1
data/vendor/spikard-http/src/schema_registry.rs +1 -1
data/vendor/spikard-http/src/server/handler.rs +80 -80
data/vendor/spikard-http/src/server/lifecycle_execution.rs +98 -98
data/vendor/spikard-http/src/server/mod.rs +805 -805
data/vendor/spikard-http/src/server/request_extraction.rs +119 -119
data/vendor/spikard-http/src/sse.rs +447 -447
data/vendor/spikard-http/src/testing/form.rs +14 -14
data/vendor/spikard-http/src/testing/multipart.rs +60 -60
data/vendor/spikard-http/src/testing/test_client.rs +285 -285
data/vendor/spikard-http/src/testing.rs +377 -377
data/vendor/spikard-http/src/type_hints.rs +1 -1
data/vendor/spikard-http/src/validation.rs +1 -1
data/vendor/spikard-http/src/websocket.rs +324 -324
data/vendor/spikard-rb/Cargo.toml +42 -42
data/vendor/spikard-rb/build.rs +8 -8
data/vendor/spikard-rb/src/background.rs +63 -63
data/vendor/spikard-rb/src/config.rs +294 -294
data/vendor/spikard-rb/src/conversion.rs +392 -392
data/vendor/spikard-rb/src/di.rs +409 -409
data/vendor/spikard-rb/src/handler.rs +534 -534
data/vendor/spikard-rb/src/lib.rs +2020 -2020
data/vendor/spikard-rb/src/lifecycle.rs +267 -267
data/vendor/spikard-rb/src/server.rs +283 -283
data/vendor/spikard-rb/src/sse.rs +231 -231
data/vendor/spikard-rb/src/test_client.rs +404 -404
data/vendor/spikard-rb/src/test_sse.rs +143 -143
data/vendor/spikard-rb/src/test_websocket.rs +221 -221
data/vendor/spikard-rb/src/websocket.rs +233 -233
metadata +1 -1

data/vendor/crates/spikard-http/src/middleware/validation.rs CHANGED Viewed

@@ -1,287 +1,287 @@
-//! JSON schema validation middleware
-use crate::problem::{CONTENT_TYPE_PROBLEM_JSON, ProblemDetails};
-use axum::http::{HeaderMap, StatusCode};
-use axum::response::{IntoResponse, Response};
-use serde_json::json;
-/// Check if a media type is JSON or has a +json suffix
-pub fn is_json_content_type(mime: &mime::Mime) -> bool {
-    (mime.type_() == mime::APPLICATION && mime.subtype() == mime::JSON) || mime.suffix() == Some(mime::JSON)
-}
-/// Validate that Content-Type is JSON-compatible when route expects JSON
-#[allow(clippy::result_large_err)]
-pub fn validate_json_content_type(headers: &HeaderMap) -> Result<(), Response> {
-    if let Some(content_type_header) = headers.get(axum::http::header::CONTENT_TYPE)
-        && let Ok(content_type_str) = content_type_header.to_str()
-        && let Ok(parsed_mime) = content_type_str.parse::<mime::Mime>()
-    {
-        let is_json = (parsed_mime.type_() == mime::APPLICATION && parsed_mime.subtype() == mime::JSON)
-            || parsed_mime.suffix() == Some(mime::JSON);
-        let is_form = (parsed_mime.type_() == mime::APPLICATION && parsed_mime.subtype() == "x-www-form-urlencoded")
-            || (parsed_mime.type_() == mime::MULTIPART && parsed_mime.subtype() == "form-data");
-        if !is_json && !is_form {
-            let problem = ProblemDetails::new(
-                "https://spikard.dev/errors/unsupported-media-type",
-                "Unsupported Media Type",
-                StatusCode::UNSUPPORTED_MEDIA_TYPE,
-            )
-            .with_detail("Unsupported media type");
-            let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
-            return Err((
-                StatusCode::UNSUPPORTED_MEDIA_TYPE,
-                [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
-                body,
-            )
-                .into_response());
-        }
-    }
-    Ok(())
-}
-/// Validate Content-Length header matches actual body size
-#[allow(clippy::result_large_err, clippy::collapsible_if)]
-pub fn validate_content_length(headers: &HeaderMap, actual_size: usize) -> Result<(), Response> {
-    if let Some(content_length_header) = headers.get(axum::http::header::CONTENT_LENGTH) {
-        if let Ok(content_length_str) = content_length_header.to_str() {
-            if let Ok(declared_length) = content_length_str.parse::<usize>() {
-                if declared_length != actual_size {
-                    let problem = ProblemDetails::bad_request(format!(
-                        "Content-Length header ({}) does not match actual body size ({})",
-                        declared_length, actual_size
-                    ));
-                    let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
-                    return Err((
-                        StatusCode::BAD_REQUEST,
-                        [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
-                        body,
-                    )
-                        .into_response());
-                }
-            }
-        }
-    }
-    Ok(())
-}
-/// Validate Content-Type header and related requirements
-#[allow(clippy::result_large_err)]
-pub fn validate_content_type_headers(headers: &HeaderMap, _declared_body_size: usize) -> Result<(), Response> {
-    if let Some(content_type_str) = headers
-        .get(axum::http::header::CONTENT_TYPE)
-        .and_then(|h| h.to_str().ok())
-    {
-        let parsed_mime = match content_type_str.parse::<mime::Mime>() {
-            Ok(m) => m,
-            Err(_) => {
-                let error_body = json!({
-                    "error": format!("Invalid Content-Type header: {}", content_type_str)
-                });
-                return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
-            }
-        };
-        let is_json = is_json_content_type(&parsed_mime);
-        let is_multipart = parsed_mime.type_() == mime::MULTIPART && parsed_mime.subtype() == "form-data";
-        if is_multipart && parsed_mime.get_param(mime::BOUNDARY).is_none() {
-            let error_body = json!({
-                "error": "multipart/form-data requires 'boundary' parameter"
-            });
-            return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
-        }
-        #[allow(clippy::collapsible_if)]
-        if is_json {
-            if let Some(charset) = parsed_mime.get_param(mime::CHARSET).map(|c| c.as_str()) {
-                if !charset.eq_ignore_ascii_case("utf-8") && !charset.eq_ignore_ascii_case("utf8") {
-                    let problem = ProblemDetails::new(
-                        "https://spikard.dev/errors/unsupported-charset",
-                        "Unsupported Charset",
-                        StatusCode::UNSUPPORTED_MEDIA_TYPE,
-                    )
-                    .with_detail(format!(
-                        "Unsupported charset '{}' for JSON. Only UTF-8 is supported.",
-                        charset
-                    ));
-                    let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
-                    return Err((
-                        StatusCode::UNSUPPORTED_MEDIA_TYPE,
-                        [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
-                        body,
-                    )
-                        .into_response());
-                }
-            }
-        }
-    }
-    Ok(())
-}
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use axum::http::HeaderValue;
-    #[test]
-    fn validate_content_length_accepts_matching_sizes() {
-        let mut headers = HeaderMap::new();
-        headers.insert(axum::http::header::CONTENT_LENGTH, HeaderValue::from_static("5"));
-        assert!(validate_content_length(&headers, 5).is_ok());
-    }
-    #[test]
-    fn validate_content_length_rejects_mismatched_sizes() {
-        let mut headers = HeaderMap::new();
-        headers.insert(axum::http::header::CONTENT_LENGTH, HeaderValue::from_static("10"));
-        let err = validate_content_length(&headers, 4).expect_err("expected mismatch");
-        assert_eq!(err.status(), StatusCode::BAD_REQUEST);
-        assert_eq!(
-            err.headers()
-                .get(axum::http::header::CONTENT_TYPE)
-                .and_then(|value| value.to_str().ok()),
-            Some(CONTENT_TYPE_PROBLEM_JSON)
-        );
-    }
-    #[test]
-    fn test_multipart_without_boundary() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("multipart/form-data"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_err());
-    }
-    #[test]
-    fn test_multipart_with_boundary() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("multipart/form-data; boundary=----WebKitFormBoundary"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_json_with_utf16_charset() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/json; charset=utf-16"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_err());
-    }
-    #[test]
-    fn test_json_with_utf8_charset() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/json; charset=utf-8"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_json_without_charset() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/json"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_vendor_json_accepted() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/vnd.api+json"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_problem_json_accepted() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/problem+json"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_vendor_json_with_utf16_charset_rejected() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/vnd.api+json; charset=utf-16"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_err());
-    }
-    #[test]
-    fn test_vendor_json_with_utf8_charset_accepted() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/vnd.api+json; charset=utf-8"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_is_json_content_type() {
-        let mime = "application/json".parse::<mime::Mime>().unwrap();
-        assert!(is_json_content_type(&mime));
-        let mime = "application/vnd.api+json".parse::<mime::Mime>().unwrap();
-        assert!(is_json_content_type(&mime));
-        let mime = "application/problem+json".parse::<mime::Mime>().unwrap();
-        assert!(is_json_content_type(&mime));
-        let mime = "application/hal+json".parse::<mime::Mime>().unwrap();
-        assert!(is_json_content_type(&mime));
-        let mime = "text/plain".parse::<mime::Mime>().unwrap();
-        assert!(!is_json_content_type(&mime));
-        let mime = "application/xml".parse::<mime::Mime>().unwrap();
-        assert!(!is_json_content_type(&mime));
-        let mime = "application/x-www-form-urlencoded".parse::<mime::Mime>().unwrap();
-        assert!(!is_json_content_type(&mime));
-    }
-}
+//! JSON schema validation middleware
+use crate::problem::{CONTENT_TYPE_PROBLEM_JSON, ProblemDetails};
+use axum::http::{HeaderMap, StatusCode};
+use axum::response::{IntoResponse, Response};
+use serde_json::json;
+/// Check if a media type is JSON or has a +json suffix
+pub fn is_json_content_type(mime: &mime::Mime) -> bool {
+    (mime.type_() == mime::APPLICATION && mime.subtype() == mime::JSON) || mime.suffix() == Some(mime::JSON)
+}
+/// Validate that Content-Type is JSON-compatible when route expects JSON
+#[allow(clippy::result_large_err)]
+pub fn validate_json_content_type(headers: &HeaderMap) -> Result<(), Response> {
+    if let Some(content_type_header) = headers.get(axum::http::header::CONTENT_TYPE)
+        && let Ok(content_type_str) = content_type_header.to_str()
+        && let Ok(parsed_mime) = content_type_str.parse::<mime::Mime>()
+    {
+        let is_json = (parsed_mime.type_() == mime::APPLICATION && parsed_mime.subtype() == mime::JSON)
+            || parsed_mime.suffix() == Some(mime::JSON);
+        let is_form = (parsed_mime.type_() == mime::APPLICATION && parsed_mime.subtype() == "x-www-form-urlencoded")
+            || (parsed_mime.type_() == mime::MULTIPART && parsed_mime.subtype() == "form-data");
+        if !is_json && !is_form {
+            let problem = ProblemDetails::new(
+                "https://spikard.dev/errors/unsupported-media-type",
+                "Unsupported Media Type",
+                StatusCode::UNSUPPORTED_MEDIA_TYPE,
+            )
+            .with_detail("Unsupported media type");
+            let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
+            return Err((
+                StatusCode::UNSUPPORTED_MEDIA_TYPE,
+                [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
+                body,
+            )
+                .into_response());
+        }
+    }
+    Ok(())
+}
+/// Validate Content-Length header matches actual body size
+#[allow(clippy::result_large_err, clippy::collapsible_if)]
+pub fn validate_content_length(headers: &HeaderMap, actual_size: usize) -> Result<(), Response> {
+    if let Some(content_length_header) = headers.get(axum::http::header::CONTENT_LENGTH) {
+        if let Ok(content_length_str) = content_length_header.to_str() {
+            if let Ok(declared_length) = content_length_str.parse::<usize>() {
+                if declared_length != actual_size {
+                    let problem = ProblemDetails::bad_request(format!(
+                        "Content-Length header ({}) does not match actual body size ({})",
+                        declared_length, actual_size
+                    ));
+                    let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
+                    return Err((
+                        StatusCode::BAD_REQUEST,
+                        [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
+                        body,
+                    )
+                        .into_response());
+                }
+            }
+        }
+    }
+    Ok(())
+}
+/// Validate Content-Type header and related requirements
+#[allow(clippy::result_large_err)]
+pub fn validate_content_type_headers(headers: &HeaderMap, _declared_body_size: usize) -> Result<(), Response> {
+    if let Some(content_type_str) = headers
+        .get(axum::http::header::CONTENT_TYPE)
+        .and_then(|h| h.to_str().ok())
+    {
+        let parsed_mime = match content_type_str.parse::<mime::Mime>() {
+            Ok(m) => m,
+            Err(_) => {
+                let error_body = json!({
+                    "error": format!("Invalid Content-Type header: {}", content_type_str)
+                });
+                return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
+            }
+        };
+        let is_json = is_json_content_type(&parsed_mime);
+        let is_multipart = parsed_mime.type_() == mime::MULTIPART && parsed_mime.subtype() == "form-data";
+        if is_multipart && parsed_mime.get_param(mime::BOUNDARY).is_none() {
+            let error_body = json!({
+                "error": "multipart/form-data requires 'boundary' parameter"
+            });
+            return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
+        }
+        #[allow(clippy::collapsible_if)]
+        if is_json {
+            if let Some(charset) = parsed_mime.get_param(mime::CHARSET).map(|c| c.as_str()) {
+                if !charset.eq_ignore_ascii_case("utf-8") && !charset.eq_ignore_ascii_case("utf8") {
+                    let problem = ProblemDetails::new(
+                        "https://spikard.dev/errors/unsupported-charset",
+                        "Unsupported Charset",
+                        StatusCode::UNSUPPORTED_MEDIA_TYPE,
+                    )
+                    .with_detail(format!(
+                        "Unsupported charset '{}' for JSON. Only UTF-8 is supported.",
+                        charset
+                    ));
+                    let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
+                    return Err((
+                        StatusCode::UNSUPPORTED_MEDIA_TYPE,
+                        [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
+                        body,
+                    )
+                        .into_response());
+                }
+            }
+        }
+    }
+    Ok(())
+}
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use axum::http::HeaderValue;
+    #[test]
+    fn validate_content_length_accepts_matching_sizes() {
+        let mut headers = HeaderMap::new();
+        headers.insert(axum::http::header::CONTENT_LENGTH, HeaderValue::from_static("5"));
+        assert!(validate_content_length(&headers, 5).is_ok());
+    }
+    #[test]
+    fn validate_content_length_rejects_mismatched_sizes() {
+        let mut headers = HeaderMap::new();
+        headers.insert(axum::http::header::CONTENT_LENGTH, HeaderValue::from_static("10"));
+        let err = validate_content_length(&headers, 4).expect_err("expected mismatch");
+        assert_eq!(err.status(), StatusCode::BAD_REQUEST);
+        assert_eq!(
+            err.headers()
+                .get(axum::http::header::CONTENT_TYPE)
+                .and_then(|value| value.to_str().ok()),
+            Some(CONTENT_TYPE_PROBLEM_JSON)
+        );
+    }
+    #[test]
+    fn test_multipart_without_boundary() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("multipart/form-data"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err());
+    }
+    #[test]
+    fn test_multipart_with_boundary() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("multipart/form-data; boundary=----WebKitFormBoundary"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_json_with_utf16_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=utf-16"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err());
+    }
+    #[test]
+    fn test_json_with_utf8_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=utf-8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_json_without_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_vendor_json_accepted() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/vnd.api+json"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_problem_json_accepted() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/problem+json"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_vendor_json_with_utf16_charset_rejected() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/vnd.api+json; charset=utf-16"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err());
+    }
+    #[test]
+    fn test_vendor_json_with_utf8_charset_accepted() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/vnd.api+json; charset=utf-8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_is_json_content_type() {
+        let mime = "application/json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime));
+        let mime = "application/vnd.api+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime));
+        let mime = "application/problem+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime));
+        let mime = "application/hal+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime));
+        let mime = "text/plain".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime));
+        let mime = "application/xml".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime));
+        let mime = "application/x-www-form-urlencoded".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime));
+    }
+}