RubyGems - spikard - Versions diffs - 0.3.6 → 0.5.0 - Mend

spikard 0.3.6 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

checksums.yaml +4 -4
data/README.md +21 -6
data/ext/spikard_rb/Cargo.toml +2 -2
data/lib/spikard/app.rb +33 -14
data/lib/spikard/testing.rb +47 -12
data/lib/spikard/version.rb +1 -1
data/vendor/crates/spikard-bindings-shared/Cargo.toml +63 -0
data/vendor/crates/spikard-bindings-shared/examples/config_extraction.rs +132 -0
data/vendor/crates/spikard-bindings-shared/src/config_extractor.rs +752 -0
data/vendor/crates/spikard-bindings-shared/src/conversion_traits.rs +194 -0
data/vendor/crates/spikard-bindings-shared/src/di_traits.rs +246 -0
data/vendor/crates/spikard-bindings-shared/src/error_response.rs +401 -0
data/vendor/crates/spikard-bindings-shared/src/handler_base.rs +238 -0
data/vendor/crates/spikard-bindings-shared/src/lib.rs +24 -0
data/vendor/crates/spikard-bindings-shared/src/lifecycle_base.rs +292 -0
data/vendor/crates/spikard-bindings-shared/src/lifecycle_executor.rs +616 -0
data/vendor/crates/spikard-bindings-shared/src/response_builder.rs +305 -0
data/vendor/crates/spikard-bindings-shared/src/test_client_base.rs +248 -0
data/vendor/crates/spikard-bindings-shared/src/validation_helpers.rs +351 -0
data/vendor/crates/spikard-bindings-shared/tests/comprehensive_coverage.rs +454 -0
data/vendor/crates/spikard-bindings-shared/tests/error_response_edge_cases.rs +383 -0
data/vendor/crates/spikard-bindings-shared/tests/handler_base_integration.rs +280 -0
data/vendor/crates/spikard-core/Cargo.toml +4 -4
data/vendor/crates/spikard-core/src/debug.rs +64 -0
data/vendor/crates/spikard-core/src/di/container.rs +3 -27
data/vendor/crates/spikard-core/src/di/factory.rs +1 -5
data/vendor/crates/spikard-core/src/di/graph.rs +8 -47
data/vendor/crates/spikard-core/src/di/mod.rs +1 -1
data/vendor/crates/spikard-core/src/di/resolved.rs +1 -7
data/vendor/crates/spikard-core/src/di/value.rs +2 -4
data/vendor/crates/spikard-core/src/errors.rs +30 -0
data/vendor/crates/spikard-core/src/http.rs +262 -0
data/vendor/crates/spikard-core/src/lib.rs +1 -1
data/vendor/crates/spikard-core/src/lifecycle.rs +764 -0
data/vendor/crates/spikard-core/src/metadata.rs +389 -0
data/vendor/crates/spikard-core/src/parameters.rs +1962 -159
data/vendor/crates/spikard-core/src/problem.rs +34 -0
data/vendor/crates/spikard-core/src/request_data.rs +966 -1
data/vendor/crates/spikard-core/src/router.rs +263 -2
data/vendor/crates/spikard-core/src/validation/error_mapper.rs +688 -0
data/vendor/crates/spikard-core/src/{validation.rs → validation/mod.rs} +26 -268
data/vendor/crates/spikard-http/Cargo.toml +12 -16
data/vendor/crates/spikard-http/examples/sse-notifications.rs +148 -0
data/vendor/crates/spikard-http/examples/websocket-chat.rs +92 -0
data/vendor/crates/spikard-http/src/auth.rs +65 -16
data/vendor/crates/spikard-http/src/background.rs +1614 -3
data/vendor/crates/spikard-http/src/cors.rs +515 -0
data/vendor/crates/spikard-http/src/debug.rs +65 -0
data/vendor/crates/spikard-http/src/di_handler.rs +1322 -77
data/vendor/crates/spikard-http/src/handler_response.rs +711 -0
data/vendor/crates/spikard-http/src/handler_trait.rs +607 -5
data/vendor/crates/spikard-http/src/handler_trait_tests.rs +6 -0
data/vendor/crates/spikard-http/src/lib.rs +33 -28
data/vendor/crates/spikard-http/src/lifecycle/adapter.rs +81 -0
data/vendor/crates/spikard-http/src/lifecycle.rs +765 -0
data/vendor/crates/spikard-http/src/middleware/mod.rs +372 -117
data/vendor/crates/spikard-http/src/middleware/multipart.rs +836 -10
data/vendor/crates/spikard-http/src/middleware/urlencoded.rs +409 -43
data/vendor/crates/spikard-http/src/middleware/validation.rs +513 -65
data/vendor/crates/spikard-http/src/openapi/parameter_extraction.rs +345 -0
data/vendor/crates/spikard-http/src/openapi/schema_conversion.rs +1055 -0
data/vendor/crates/spikard-http/src/openapi/spec_generation.rs +473 -3
data/vendor/crates/spikard-http/src/query_parser.rs +455 -31
data/vendor/crates/spikard-http/src/response.rs +321 -0
data/vendor/crates/spikard-http/src/server/handler.rs +1572 -9
data/vendor/crates/spikard-http/src/server/lifecycle_execution.rs +136 -0
data/vendor/crates/spikard-http/src/server/mod.rs +875 -178
data/vendor/crates/spikard-http/src/server/request_extraction.rs +674 -23
data/vendor/crates/spikard-http/src/server/routing_factory.rs +599 -0
data/vendor/crates/spikard-http/src/sse.rs +983 -21
data/vendor/crates/spikard-http/src/testing/form.rs +38 -0
data/vendor/crates/spikard-http/src/testing/test_client.rs +0 -2
data/vendor/crates/spikard-http/src/testing.rs +7 -7
data/vendor/crates/spikard-http/src/websocket.rs +1055 -4
data/vendor/crates/spikard-http/tests/background_behavior.rs +832 -0
data/vendor/crates/spikard-http/tests/common/handlers.rs +309 -0
data/vendor/crates/spikard-http/tests/common/mod.rs +26 -0
data/vendor/crates/spikard-http/tests/di_integration.rs +192 -0
data/vendor/crates/spikard-http/tests/doc_snippets.rs +5 -0
data/vendor/crates/spikard-http/tests/lifecycle_execution.rs +1093 -0
data/vendor/crates/spikard-http/tests/multipart_behavior.rs +656 -0
data/vendor/crates/spikard-http/tests/server_config_builder.rs +314 -0
data/vendor/crates/spikard-http/tests/sse_behavior.rs +620 -0
data/vendor/crates/spikard-http/tests/websocket_behavior.rs +663 -0
data/vendor/crates/spikard-rb/Cargo.toml +10 -4
data/vendor/crates/spikard-rb/build.rs +196 -5
data/vendor/crates/spikard-rb/src/config/mod.rs +5 -0
data/vendor/crates/spikard-rb/src/{config.rs → config/server_config.rs} +100 -109
data/vendor/crates/spikard-rb/src/conversion.rs +121 -20
data/vendor/crates/spikard-rb/src/di/builder.rs +100 -0
data/vendor/crates/spikard-rb/src/{di.rs → di/mod.rs} +12 -46
data/vendor/crates/spikard-rb/src/handler.rs +100 -107
data/vendor/crates/spikard-rb/src/integration/mod.rs +3 -0
data/vendor/crates/spikard-rb/src/lib.rs +467 -1428
data/vendor/crates/spikard-rb/src/lifecycle.rs +1 -0
data/vendor/crates/spikard-rb/src/metadata/mod.rs +5 -0
data/vendor/crates/spikard-rb/src/metadata/route_extraction.rs +447 -0
data/vendor/crates/spikard-rb/src/runtime/mod.rs +5 -0
data/vendor/crates/spikard-rb/src/runtime/server_runner.rs +324 -0
data/vendor/crates/spikard-rb/src/server.rs +47 -22
data/vendor/crates/spikard-rb/src/{test_client.rs → testing/client.rs} +187 -40
data/vendor/crates/spikard-rb/src/testing/mod.rs +7 -0
data/vendor/crates/spikard-rb/src/testing/websocket.rs +635 -0
data/vendor/crates/spikard-rb/src/websocket.rs +178 -37
metadata +46 -13
data/vendor/crates/spikard-http/src/parameters.rs +0 -1
data/vendor/crates/spikard-http/src/problem.rs +0 -1
data/vendor/crates/spikard-http/src/router.rs +0 -1
data/vendor/crates/spikard-http/src/schema_registry.rs +0 -1
data/vendor/crates/spikard-http/src/type_hints.rs +0 -1
data/vendor/crates/spikard-http/src/validation.rs +0 -1
data/vendor/crates/spikard-rb/src/test_websocket.rs +0 -221
/data/vendor/crates/spikard-rb/src/{test_sse.rs → testing/sse.rs} +0 -0

data/vendor/crates/spikard-http/src/middleware/validation.rs CHANGED Viewed

@@ -1,27 +1,167 @@
 //! JSON schema validation middleware
-use crate::problem::{CONTENT_TYPE_PROBLEM_JSON, ProblemDetails};
+use axum::http::HeaderValue;
 use axum::http::{HeaderMap, StatusCode};
 use axum::response::{IntoResponse, Response};
 use serde_json::json;
+use spikard_core::problem::{CONTENT_TYPE_PROBLEM_JSON, ProblemDetails};
 /// Check if a media type is JSON or has a +json suffix
 pub fn is_json_content_type(mime: &mime::Mime) -> bool {
     (mime.type_() == mime::APPLICATION && mime.subtype() == mime::JSON) || mime.suffix() == Some(mime::JSON)
 }
+fn trim_ascii_whitespace(bytes: &[u8]) -> &[u8] {
+    let mut start = 0usize;
+    let mut end = bytes.len();
+    while start < end && (bytes[start] == b' ' || bytes[start] == b'\t') {
+        start += 1;
+    }
+    while end > start && (bytes[end - 1] == b' ' || bytes[end - 1] == b'\t') {
+        end -= 1;
+    }
+    &bytes[start..end]
+}
+fn token_before_semicolon(bytes: &[u8]) -> &[u8] {
+    let mut i = 0usize;
+    while i < bytes.len() {
+        let b = bytes[i];
+        if b == b';' {
+            break;
+        }
+        i += 1;
+    }
+    trim_ascii_whitespace(&bytes[..i])
+}
+#[inline]
+fn is_json_like_token(token: &[u8]) -> bool {
+    if token.eq_ignore_ascii_case(b"application/json") {
+        return true;
+    }
+    // vendor JSON: application/vnd.foo+json
+    token.len() >= 5 && token[token.len() - 5..].eq_ignore_ascii_case(b"+json")
+}
+#[inline]
+fn is_multipart_form_data_token(token: &[u8]) -> bool {
+    token.eq_ignore_ascii_case(b"multipart/form-data")
+}
+#[inline]
+fn is_form_urlencoded_token(token: &[u8]) -> bool {
+    token.eq_ignore_ascii_case(b"application/x-www-form-urlencoded")
+}
+fn is_valid_content_type_token(token: &[u8]) -> bool {
+    // Minimal fast validation:
+    // - exactly one '/' separating type and subtype
+    // - no whitespace
+    // - type and subtype are non-empty
+    if token.is_empty() {
+        return false;
+    }
+    let mut slash_pos: Option<usize> = None;
+    for (idx, &b) in token.iter().enumerate() {
+        if b == b' ' || b == b'\t' {
+            return false;
+        }
+        if b == b'/' {
+            if slash_pos.is_some() {
+                return false;
+            }
+            slash_pos = Some(idx);
+        }
+    }
+    match slash_pos {
+        None => false,
+        Some(0) => false,
+        Some(pos) if pos + 1 >= token.len() => false,
+        Some(_) => true,
+    }
+}
+fn ascii_contains_ignore_case(haystack: &[u8], needle: &[u8]) -> bool {
+    if needle.is_empty() {
+        return true;
+    }
+    if haystack.len() < needle.len() {
+        return false;
+    }
+    haystack.windows(needle.len()).any(|w| w.eq_ignore_ascii_case(needle))
+}
+/// Fast classification: does this Content-Type represent JSON (application/json or +json)?
+pub fn is_json_like(content_type: &HeaderValue) -> bool {
+    let token = token_before_semicolon(content_type.as_bytes());
+    is_json_like_token(token)
+}
+/// Fast classification for already-extracted header strings.
+///
+/// This is used in hot paths where headers are stored as `String` values in `RequestData`.
+pub fn is_json_like_str(content_type: &str) -> bool {
+    let token = token_before_semicolon(content_type.as_bytes());
+    is_json_like_token(token)
+}
+/// Fast classification: is this Content-Type multipart/form-data?
+pub fn is_multipart_form_data(content_type: &HeaderValue) -> bool {
+    let token = token_before_semicolon(content_type.as_bytes());
+    is_multipart_form_data_token(token)
+}
+/// Fast classification: is this Content-Type application/x-www-form-urlencoded?
+pub fn is_form_urlencoded(content_type: &HeaderValue) -> bool {
+    let token = token_before_semicolon(content_type.as_bytes());
+    is_form_urlencoded_token(token)
+}
+fn multipart_has_boundary(content_type: &HeaderValue) -> bool {
+    ascii_contains_ignore_case(content_type.as_bytes(), b"boundary=")
+}
+fn json_charset_value(content_type: &HeaderValue) -> Option<&[u8]> {
+    let bytes = content_type.as_bytes();
+    if !ascii_contains_ignore_case(bytes, b"charset=") {
+        return None;
+    }
+    // Extract first charset token after "charset=" up to ';' or whitespace.
+    let mut i = 0usize;
+    while i + 8 <= bytes.len() {
+        if bytes[i..i + 8].eq_ignore_ascii_case(b"charset=") {
+            let mut j = i + 8;
+            while j < bytes.len() && (bytes[j] == b' ' || bytes[j] == b'\t') {
+                j += 1;
+            }
+            let start = j;
+            while j < bytes.len() {
+                let b = bytes[j];
+                if b == b';' || b == b' ' || b == b'\t' {
+                    break;
+                }
+                j += 1;
+            }
+            return Some(&bytes[start..j]);
+        }
+        i += 1;
+    }
+    None
+}
 /// Validate that Content-Type is JSON-compatible when route expects JSON
 #[allow(clippy::result_large_err)]
 pub fn validate_json_content_type(headers: &HeaderMap) -> Result<(), Response> {
-    if let Some(content_type_header) = headers.get(axum::http::header::CONTENT_TYPE)
-        && let Ok(content_type_str) = content_type_header.to_str()
-        && let Ok(parsed_mime) = content_type_str.parse::<mime::Mime>()
-    {
-        let is_json = (parsed_mime.type_() == mime::APPLICATION && parsed_mime.subtype() == mime::JSON)
-            || parsed_mime.suffix() == Some(mime::JSON);
+    if let Some(content_type_header) = headers.get(axum::http::header::CONTENT_TYPE) {
+        if content_type_header.to_str().is_err() {
+            return Ok(());
+        }
-        let is_form = (parsed_mime.type_() == mime::APPLICATION && parsed_mime.subtype() == "x-www-form-urlencoded")
-            || (parsed_mime.type_() == mime::MULTIPART && parsed_mime.subtype() == "form-data");
+        let token = token_before_semicolon(content_type_header.as_bytes());
+        let is_json = is_json_like_token(token);
+        let is_form = is_form_urlencoded_token(token) || is_multipart_form_data_token(token);
         if !is_json && !is_form {
             let problem = ProblemDetails::new(
@@ -47,78 +187,94 @@ pub fn validate_json_content_type(headers: &HeaderMap) -> Result<(), Response> {
 #[allow(clippy::result_large_err, clippy::collapsible_if)]
 pub fn validate_content_length(headers: &HeaderMap, actual_size: usize) -> Result<(), Response> {
     if let Some(content_length_header) = headers.get(axum::http::header::CONTENT_LENGTH) {
-        if let Ok(content_length_str) = content_length_header.to_str() {
-            if let Ok(declared_length) = content_length_str.parse::<usize>() {
-                if declared_length != actual_size {
-                    let problem = ProblemDetails::bad_request(format!(
-                        "Content-Length header ({}) does not match actual body size ({})",
-                        declared_length, actual_size
-                    ));
-                    let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
-                    return Err((
-                        StatusCode::BAD_REQUEST,
-                        [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
-                        body,
-                    )
-                        .into_response());
-                }
-            }
+        let Some(declared_length) = parse_ascii_usize(content_length_header.as_bytes()) else {
+            return Ok(());
+        };
+        if declared_length != actual_size {
+            let problem = ProblemDetails::bad_request(format!(
+                "Content-Length header ({}) does not match actual body size ({})",
+                declared_length, actual_size
+            ));
+            let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
+            return Err((
+                StatusCode::BAD_REQUEST,
+                [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
+                body,
+            )
+                .into_response());
         }
     }
     Ok(())
 }
+fn parse_ascii_usize(bytes: &[u8]) -> Option<usize> {
+    if bytes.is_empty() {
+        return None;
+    }
+    let mut value: usize = 0;
+    for &b in bytes {
+        if !b.is_ascii_digit() {
+            return None;
+        }
+        value = value.saturating_mul(10).saturating_add((b - b'0') as usize);
+    }
+    Some(value)
+}
 /// Validate Content-Type header and related requirements
 #[allow(clippy::result_large_err)]
 pub fn validate_content_type_headers(headers: &HeaderMap, _declared_body_size: usize) -> Result<(), Response> {
-    if let Some(content_type_str) = headers
-        .get(axum::http::header::CONTENT_TYPE)
-        .and_then(|h| h.to_str().ok())
-    {
-        let parsed_mime = match content_type_str.parse::<mime::Mime>() {
-            Ok(m) => m,
-            Err(_) => {
-                let error_body = json!({
-                    "error": format!("Invalid Content-Type header: {}", content_type_str)
-                });
-                return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
-            }
-        };
+    if let Some(content_type) = headers.get(axum::http::header::CONTENT_TYPE) {
+        if !content_type.as_bytes().is_ascii() && content_type.to_str().is_err() {
+            // Keep legacy behavior: invalid bytes should fail fast.
+            let error_body = json!({
+                "error": "Invalid Content-Type header"
+            });
+            return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
+        }
+        let token = token_before_semicolon(content_type.as_bytes());
+        if !is_valid_content_type_token(token) {
+            let error_body = json!({
+                "error": "Invalid Content-Type header"
+            });
+            return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
+        }
-        let is_json = is_json_content_type(&parsed_mime);
-        let is_multipart = parsed_mime.type_() == mime::MULTIPART && parsed_mime.subtype() == "form-data";
+        let is_json = is_json_like_token(token);
+        let is_multipart = is_multipart_form_data_token(token);
-        if is_multipart && parsed_mime.get_param(mime::BOUNDARY).is_none() {
+        if is_multipart && !multipart_has_boundary(content_type) {
             let error_body = json!({
                 "error": "multipart/form-data requires 'boundary' parameter"
             });
             return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
         }
-        #[allow(clippy::collapsible_if)]
-        if is_json {
-            if let Some(charset) = parsed_mime.get_param(mime::CHARSET).map(|c| c.as_str()) {
-                if !charset.eq_ignore_ascii_case("utf-8") && !charset.eq_ignore_ascii_case("utf8") {
-                    let problem = ProblemDetails::new(
-                        "https://spikard.dev/errors/unsupported-charset",
-                        "Unsupported Charset",
-                        StatusCode::UNSUPPORTED_MEDIA_TYPE,
-                    )
-                    .with_detail(format!(
-                        "Unsupported charset '{}' for JSON. Only UTF-8 is supported.",
-                        charset
-                    ));
-                    let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
-                    return Err((
-                        StatusCode::UNSUPPORTED_MEDIA_TYPE,
-                        [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
-                        body,
-                    )
-                        .into_response());
-                }
-            }
+        if is_json
+            && let Some(charset) = json_charset_value(content_type)
+            && !charset.eq_ignore_ascii_case(b"utf-8")
+            && !charset.eq_ignore_ascii_case(b"utf8")
+        {
+            let charset_str = String::from_utf8_lossy(charset);
+            let problem = ProblemDetails::new(
+                "https://spikard.dev/errors/unsupported-charset",
+                "Unsupported Charset",
+                StatusCode::UNSUPPORTED_MEDIA_TYPE,
+            )
+            .with_detail(format!(
+                "Unsupported charset '{}' for JSON. Only UTF-8 is supported.",
+                charset_str
+            ));
+            let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
+            return Err((
+                StatusCode::UNSUPPORTED_MEDIA_TYPE,
+                [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
+                body,
+            )
+                .into_response());
         }
     }
@@ -284,4 +440,296 @@ mod tests {
         let mime = "application/x-www-form-urlencoded".parse::<mime::Mime>().unwrap();
         assert!(!is_json_content_type(&mime));
     }
+    #[test]
+    fn test_json_with_utf8_uppercase_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=UTF-8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "UTF-8 in uppercase should be accepted");
+    }
+    #[test]
+    fn test_json_with_utf8_no_hyphen_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=utf8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "utf8 without hyphen should be accepted");
+    }
+    #[test]
+    fn test_json_with_iso88591_charset_rejected() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=iso-8859-1"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err(), "iso-8859-1 should be rejected for JSON");
+    }
+    #[test]
+    fn test_json_with_utf32_charset_rejected() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=utf-32"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err(), "UTF-32 should be rejected for JSON");
+    }
+    #[test]
+    fn test_multipart_with_boundary_and_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("multipart/form-data; boundary=abc123; charset=utf-8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(
+            result.is_ok(),
+            "multipart with boundary should accept charset parameter"
+        );
+    }
+    #[test]
+    fn test_validate_content_length_no_header() {
+        let headers = HeaderMap::new();
+        let result = validate_content_length(&headers, 1024);
+        assert!(result.is_ok(), "Missing Content-Length header should pass");
+    }
+    #[test]
+    fn test_validate_content_length_zero_bytes() {
+        let mut headers = HeaderMap::new();
+        headers.insert(axum::http::header::CONTENT_LENGTH, HeaderValue::from_static("0"));
+        assert!(validate_content_length(&headers, 0).is_ok());
+    }
+    #[test]
+    fn test_validate_content_length_large_body() {
+        let mut headers = HeaderMap::new();
+        let large_size = 1024 * 1024 * 100;
+        headers.insert(
+            axum::http::header::CONTENT_LENGTH,
+            HeaderValue::from_str(&large_size.to_string()).unwrap(),
+        );
+        assert!(validate_content_length(&headers, large_size).is_ok());
+    }
+    #[test]
+    fn test_validate_content_length_invalid_header_format() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_LENGTH,
+            HeaderValue::from_static("not-a-number"),
+        );
+        let result = validate_content_length(&headers, 100);
+        assert!(
+            result.is_ok(),
+            "Invalid Content-Length format should be skipped gracefully"
+        );
+    }
+    #[test]
+    fn test_invalid_content_type_format() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("not/a/valid/type"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err(), "Invalid mime type format should be rejected");
+    }
+    #[test]
+    fn test_unsupported_content_type_xml() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/xml"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(
+            result.is_ok(),
+            "XML should pass header validation (routing layer rejects if needed)"
+        );
+    }
+    #[test]
+    fn test_unsupported_content_type_plain_text() {
+        let mut headers = HeaderMap::new();
+        headers.insert(axum::http::header::CONTENT_TYPE, HeaderValue::from_static("text/plain"));
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "Plain text should pass header validation");
+    }
+    #[test]
+    fn test_content_type_with_boundary_missing_boundary_param() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("multipart/form-data; charset=utf-8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(
+            result.is_err(),
+            "multipart/form-data without boundary parameter should be rejected"
+        );
+    }
+    #[test]
+    fn test_content_type_form_urlencoded() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/x-www-form-urlencoded"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "form-urlencoded should be accepted");
+    }
+    #[test]
+    fn test_is_json_content_type_with_hal_json() {
+        let mime = "application/hal+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime), "HAL+JSON should be recognized as JSON");
+    }
+    #[test]
+    fn test_is_json_content_type_with_ld_json() {
+        let mime = "application/ld+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime), "LD+JSON should be recognized as JSON");
+    }
+    #[test]
+    fn test_is_json_content_type_rejects_json_patch() {
+        let mime = "application/json-patch+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime), "JSON-Patch should be recognized as JSON");
+    }
+    #[test]
+    fn test_is_json_content_type_rejects_html() {
+        let mime = "text/html".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime), "HTML should not be JSON");
+    }
+    #[test]
+    fn test_is_json_content_type_rejects_csv() {
+        let mime = "text/csv".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime), "CSV should not be JSON");
+    }
+    #[test]
+    fn test_is_json_content_type_rejects_image_png() {
+        let mime = "image/png".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime), "PNG should not be JSON");
+    }
+    #[test]
+    fn test_validate_json_content_type_missing_header() {
+        let headers = HeaderMap::new();
+        let result = validate_json_content_type(&headers);
+        assert!(
+            result.is_ok(),
+            "Missing Content-Type for JSON route should be OK (routing layer handles)"
+        );
+    }
+    #[test]
+    fn test_validate_json_content_type_accepts_form_urlencoded() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/x-www-form-urlencoded"),
+        );
+        let result = validate_json_content_type(&headers);
+        assert!(result.is_ok(), "Form-urlencoded should be accepted for JSON routes");
+    }
+    #[test]
+    fn test_validate_json_content_type_accepts_multipart() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("multipart/form-data; boundary=abc123"),
+        );
+        let result = validate_json_content_type(&headers);
+        assert!(result.is_ok(), "Multipart should be accepted for JSON routes");
+    }
+    #[test]
+    fn test_validate_json_content_type_rejects_xml() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/xml"),
+        );
+        let result = validate_json_content_type(&headers);
+        assert!(result.is_err(), "XML should be rejected for JSON-expecting routes");
+        assert_eq!(
+            result.unwrap_err().status(),
+            StatusCode::UNSUPPORTED_MEDIA_TYPE,
+            "Should return 415 Unsupported Media Type"
+        );
+    }
+    #[test]
+    fn test_content_type_with_multiple_parameters() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=utf-8; boundary=xyz"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "Multiple parameters should be parsed correctly");
+    }
+    #[test]
+    fn test_content_type_with_quoted_parameter() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static(r#"multipart/form-data; boundary="----WebKitFormBoundary""#),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "Quoted boundary parameter should be handled");
+    }
+    #[test]
+    fn test_content_type_case_insensitive_type() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("Application/JSON"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "Content-Type type/subtype should be case-insensitive");
+    }
 }