RubyGems - spikard - Versions diffs - 0.5.0 → 0.6.1 - Mend

spikard 0.5.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (135) hide show

checksums.yaml +4 -4
data/LICENSE +1 -1
data/README.md +674 -674
data/ext/spikard_rb/Cargo.toml +17 -17
data/ext/spikard_rb/extconf.rb +13 -10
data/ext/spikard_rb/src/lib.rs +6 -6
data/lib/spikard/app.rb +405 -405
data/lib/spikard/background.rb +27 -27
data/lib/spikard/config.rb +396 -396
data/lib/spikard/converters.rb +13 -13
data/lib/spikard/handler_wrapper.rb +113 -113
data/lib/spikard/provide.rb +214 -214
data/lib/spikard/response.rb +173 -173
data/lib/spikard/schema.rb +243 -243
data/lib/spikard/sse.rb +111 -111
data/lib/spikard/streaming_response.rb +44 -44
data/lib/spikard/testing.rb +256 -256
data/lib/spikard/upload_file.rb +131 -131
data/lib/spikard/version.rb +5 -5
data/lib/spikard/websocket.rb +59 -59
data/lib/spikard.rb +43 -43
data/sig/spikard.rbs +366 -366
data/vendor/crates/spikard-bindings-shared/Cargo.toml +63 -63
data/vendor/crates/spikard-bindings-shared/examples/config_extraction.rs +132 -132
data/vendor/crates/spikard-bindings-shared/src/config_extractor.rs +752 -752
data/vendor/crates/spikard-bindings-shared/src/conversion_traits.rs +194 -194
data/vendor/crates/spikard-bindings-shared/src/di_traits.rs +246 -246
data/vendor/crates/spikard-bindings-shared/src/error_response.rs +401 -401
data/vendor/crates/spikard-bindings-shared/src/handler_base.rs +238 -238
data/vendor/crates/spikard-bindings-shared/src/lib.rs +24 -24
data/vendor/crates/spikard-bindings-shared/src/lifecycle_base.rs +292 -292
data/vendor/crates/spikard-bindings-shared/src/lifecycle_executor.rs +616 -616
data/vendor/crates/spikard-bindings-shared/src/response_builder.rs +305 -305
data/vendor/crates/spikard-bindings-shared/src/test_client_base.rs +248 -248
data/vendor/crates/spikard-bindings-shared/src/validation_helpers.rs +351 -351
data/vendor/crates/spikard-bindings-shared/tests/comprehensive_coverage.rs +454 -454
data/vendor/crates/spikard-bindings-shared/tests/error_response_edge_cases.rs +383 -383
data/vendor/crates/spikard-bindings-shared/tests/handler_base_integration.rs +280 -280
data/vendor/crates/spikard-core/Cargo.toml +40 -40
data/vendor/crates/spikard-core/src/bindings/mod.rs +3 -3
data/vendor/crates/spikard-core/src/bindings/response.rs +133 -133
data/vendor/crates/spikard-core/src/debug.rs +127 -127
data/vendor/crates/spikard-core/src/di/container.rs +702 -702
data/vendor/crates/spikard-core/src/di/dependency.rs +273 -273
data/vendor/crates/spikard-core/src/di/error.rs +118 -118
data/vendor/crates/spikard-core/src/di/factory.rs +534 -534
data/vendor/crates/spikard-core/src/di/graph.rs +506 -506
data/vendor/crates/spikard-core/src/di/mod.rs +192 -192
data/vendor/crates/spikard-core/src/di/resolved.rs +405 -405
data/vendor/crates/spikard-core/src/di/value.rs +281 -281
data/vendor/crates/spikard-core/src/errors.rs +69 -69
data/vendor/crates/spikard-core/src/http.rs +415 -415
data/vendor/crates/spikard-core/src/lib.rs +29 -29
data/vendor/crates/spikard-core/src/lifecycle.rs +1186 -1186
data/vendor/crates/spikard-core/src/metadata.rs +389 -389
data/vendor/crates/spikard-core/src/parameters.rs +2525 -2525
data/vendor/crates/spikard-core/src/problem.rs +344 -344
data/vendor/crates/spikard-core/src/request_data.rs +1154 -1154
data/vendor/crates/spikard-core/src/router.rs +510 -510
data/vendor/crates/spikard-core/src/schema_registry.rs +183 -183
data/vendor/crates/spikard-core/src/type_hints.rs +304 -304
data/vendor/crates/spikard-core/src/validation/error_mapper.rs +696 -688
data/vendor/crates/spikard-core/src/validation/mod.rs +457 -457
data/vendor/crates/spikard-http/Cargo.toml +62 -64
data/vendor/crates/spikard-http/examples/sse-notifications.rs +148 -148
data/vendor/crates/spikard-http/examples/websocket-chat.rs +92 -92
data/vendor/crates/spikard-http/src/auth.rs +296 -296
data/vendor/crates/spikard-http/src/background.rs +1860 -1860
data/vendor/crates/spikard-http/src/bindings/mod.rs +3 -3
data/vendor/crates/spikard-http/src/bindings/response.rs +1 -1
data/vendor/crates/spikard-http/src/body_metadata.rs +8 -8
data/vendor/crates/spikard-http/src/cors.rs +1005 -1005
data/vendor/crates/spikard-http/src/debug.rs +128 -128
data/vendor/crates/spikard-http/src/di_handler.rs +1668 -1668
data/vendor/crates/spikard-http/src/handler_response.rs +901 -901
data/vendor/crates/spikard-http/src/handler_trait.rs +838 -830
data/vendor/crates/spikard-http/src/handler_trait_tests.rs +290 -290
data/vendor/crates/spikard-http/src/lib.rs +534 -534
data/vendor/crates/spikard-http/src/lifecycle/adapter.rs +230 -230
data/vendor/crates/spikard-http/src/lifecycle.rs +1193 -1193
data/vendor/crates/spikard-http/src/middleware/mod.rs +560 -540
data/vendor/crates/spikard-http/src/middleware/multipart.rs +912 -912
data/vendor/crates/spikard-http/src/middleware/urlencoded.rs +513 -513
data/vendor/crates/spikard-http/src/middleware/validation.rs +768 -735
data/vendor/crates/spikard-http/src/openapi/mod.rs +309 -309
data/vendor/crates/spikard-http/src/openapi/parameter_extraction.rs +535 -535
data/vendor/crates/spikard-http/src/openapi/schema_conversion.rs +1363 -1363
data/vendor/crates/spikard-http/src/openapi/spec_generation.rs +665 -665
data/vendor/crates/spikard-http/src/query_parser.rs +793 -793
data/vendor/crates/spikard-http/src/response.rs +720 -720
data/vendor/crates/spikard-http/src/server/handler.rs +1650 -1650
data/vendor/crates/spikard-http/src/server/lifecycle_execution.rs +234 -234
data/vendor/crates/spikard-http/src/server/mod.rs +1593 -1502
data/vendor/crates/spikard-http/src/server/request_extraction.rs +789 -770
data/vendor/crates/spikard-http/src/server/routing_factory.rs +629 -599
data/vendor/crates/spikard-http/src/sse.rs +1409 -1409
data/vendor/crates/spikard-http/src/testing/form.rs +52 -52
data/vendor/crates/spikard-http/src/testing/multipart.rs +64 -60
data/vendor/crates/spikard-http/src/testing/test_client.rs +311 -283
data/vendor/crates/spikard-http/src/testing.rs +406 -377
data/vendor/crates/spikard-http/src/websocket.rs +1404 -1375
data/vendor/crates/spikard-http/tests/background_behavior.rs +832 -832
data/vendor/crates/spikard-http/tests/common/handlers.rs +309 -309
data/vendor/crates/spikard-http/tests/common/mod.rs +26 -26
data/vendor/crates/spikard-http/tests/di_integration.rs +192 -192
data/vendor/crates/spikard-http/tests/doc_snippets.rs +5 -5
data/vendor/crates/spikard-http/tests/lifecycle_execution.rs +1093 -1093
data/vendor/crates/spikard-http/tests/multipart_behavior.rs +656 -656
data/vendor/crates/spikard-http/tests/server_config_builder.rs +314 -314
data/vendor/crates/spikard-http/tests/sse_behavior.rs +620 -620
data/vendor/crates/spikard-http/tests/websocket_behavior.rs +663 -663
data/vendor/crates/spikard-rb/Cargo.toml +48 -48
data/vendor/crates/spikard-rb/build.rs +199 -199
data/vendor/crates/spikard-rb/src/background.rs +63 -63
data/vendor/crates/spikard-rb/src/config/mod.rs +5 -5
data/vendor/crates/spikard-rb/src/config/server_config.rs +285 -285
data/vendor/crates/spikard-rb/src/conversion.rs +554 -554
data/vendor/crates/spikard-rb/src/di/builder.rs +100 -100
data/vendor/crates/spikard-rb/src/di/mod.rs +375 -375
data/vendor/crates/spikard-rb/src/handler.rs +618 -618
data/vendor/crates/spikard-rb/src/integration/mod.rs +3 -3
data/vendor/crates/spikard-rb/src/lib.rs +1806 -1810
data/vendor/crates/spikard-rb/src/lifecycle.rs +275 -275
data/vendor/crates/spikard-rb/src/metadata/mod.rs +5 -5
data/vendor/crates/spikard-rb/src/metadata/route_extraction.rs +442 -447
data/vendor/crates/spikard-rb/src/runtime/mod.rs +5 -5
data/vendor/crates/spikard-rb/src/runtime/server_runner.rs +324 -324
data/vendor/crates/spikard-rb/src/server.rs +305 -308
data/vendor/crates/spikard-rb/src/sse.rs +231 -231
data/vendor/crates/spikard-rb/src/testing/client.rs +538 -551
data/vendor/crates/spikard-rb/src/testing/mod.rs +7 -7
data/vendor/crates/spikard-rb/src/testing/sse.rs +143 -143
data/vendor/crates/spikard-rb/src/testing/websocket.rs +608 -635
data/vendor/crates/spikard-rb/src/websocket.rs +377 -374
metadata +15 -1

data/vendor/crates/spikard-http/src/middleware/validation.rs CHANGED Viewed

@@ -1,735 +1,768 @@
-//! JSON schema validation middleware
-use axum::http::HeaderValue;
-use axum::http::{HeaderMap, StatusCode};
-use axum::response::{IntoResponse, Response};
-use serde_json::json;
-use spikard_core::problem::{CONTENT_TYPE_PROBLEM_JSON, ProblemDetails};
-/// Check if a media type is JSON or has a +json suffix
-pub fn is_json_content_type(mime: &mime::Mime) -> bool {
-    (mime.type_() == mime::APPLICATION && mime.subtype() == mime::JSON) || mime.suffix() == Some(mime::JSON)
-}
-fn trim_ascii_whitespace(bytes: &[u8]) -> &[u8] {
-    let mut start = 0usize;
-    let mut end = bytes.len();
-    while start < end && (bytes[start] == b' ' || bytes[start] == b'\t') {
-        start += 1;
-    }
-    while end > start && (bytes[end - 1] == b' ' || bytes[end - 1] == b'\t') {
-        end -= 1;
-    }
-    &bytes[start..end]
-}
-fn token_before_semicolon(bytes: &[u8]) -> &[u8] {
-    let mut i = 0usize;
-    while i < bytes.len() {
-        let b = bytes[i];
-        if b == b';' {
-            break;
-        }
-        i += 1;
-    }
-    trim_ascii_whitespace(&bytes[..i])
-}
-#[inline]
-fn is_json_like_token(token: &[u8]) -> bool {
-    if token.eq_ignore_ascii_case(b"application/json") {
-        return true;
-    }
-    // vendor JSON: application/vnd.foo+json
-    token.len() >= 5 && token[token.len() - 5..].eq_ignore_ascii_case(b"+json")
-}
-#[inline]
-fn is_multipart_form_data_token(token: &[u8]) -> bool {
-    token.eq_ignore_ascii_case(b"multipart/form-data")
-}
-#[inline]
-fn is_form_urlencoded_token(token: &[u8]) -> bool {
-    token.eq_ignore_ascii_case(b"application/x-www-form-urlencoded")
-}
-fn is_valid_content_type_token(token: &[u8]) -> bool {
-    // Minimal fast validation:
-    // - exactly one '/' separating type and subtype
-    // - no whitespace
-    // - type and subtype are non-empty
-    if token.is_empty() {
-        return false;
-    }
-    let mut slash_pos: Option<usize> = None;
-    for (idx, &b) in token.iter().enumerate() {
-        if b == b' ' || b == b'\t' {
-            return false;
-        }
-        if b == b'/' {
-            if slash_pos.is_some() {
-                return false;
-            }
-            slash_pos = Some(idx);
-        }
-    }
-    match slash_pos {
-        None => false,
-        Some(0) => false,
-        Some(pos) if pos + 1 >= token.len() => false,
-        Some(_) => true,
-    }
-}
-fn ascii_contains_ignore_case(haystack: &[u8], needle: &[u8]) -> bool {
-    if needle.is_empty() {
-        return true;
-    }
-    if haystack.len() < needle.len() {
-        return false;
-    }
-    haystack.windows(needle.len()).any(|w| w.eq_ignore_ascii_case(needle))
-}
-/// Fast classification: does this Content-Type represent JSON (application/json or +json)?
-pub fn is_json_like(content_type: &HeaderValue) -> bool {
-    let token = token_before_semicolon(content_type.as_bytes());
-    is_json_like_token(token)
-}
-/// Fast classification for already-extracted header strings.
-///
-/// This is used in hot paths where headers are stored as `String` values in `RequestData`.
-pub fn is_json_like_str(content_type: &str) -> bool {
-    let token = token_before_semicolon(content_type.as_bytes());
-    is_json_like_token(token)
-}
-/// Fast classification: is this Content-Type multipart/form-data?
-pub fn is_multipart_form_data(content_type: &HeaderValue) -> bool {
-    let token = token_before_semicolon(content_type.as_bytes());
-    is_multipart_form_data_token(token)
-}
-/// Fast classification: is this Content-Type application/x-www-form-urlencoded?
-pub fn is_form_urlencoded(content_type: &HeaderValue) -> bool {
-    let token = token_before_semicolon(content_type.as_bytes());
-    is_form_urlencoded_token(token)
-}
-fn multipart_has_boundary(content_type: &HeaderValue) -> bool {
-    ascii_contains_ignore_case(content_type.as_bytes(), b"boundary=")
-}
-fn json_charset_value(content_type: &HeaderValue) -> Option<&[u8]> {
-    let bytes = content_type.as_bytes();
-    if !ascii_contains_ignore_case(bytes, b"charset=") {
-        return None;
-    }
-    // Extract first charset token after "charset=" up to ';' or whitespace.
-    let mut i = 0usize;
-    while i + 8 <= bytes.len() {
-        if bytes[i..i + 8].eq_ignore_ascii_case(b"charset=") {
-            let mut j = i + 8;
-            while j < bytes.len() && (bytes[j] == b' ' || bytes[j] == b'\t') {
-                j += 1;
-            }
-            let start = j;
-            while j < bytes.len() {
-                let b = bytes[j];
-                if b == b';' || b == b' ' || b == b'\t' {
-                    break;
-                }
-                j += 1;
-            }
-            return Some(&bytes[start..j]);
-        }
-        i += 1;
-    }
-    None
-}
-/// Validate that Content-Type is JSON-compatible when route expects JSON
-#[allow(clippy::result_large_err)]
-pub fn validate_json_content_type(headers: &HeaderMap) -> Result<(), Response> {
-    if let Some(content_type_header) = headers.get(axum::http::header::CONTENT_TYPE) {
-        if content_type_header.to_str().is_err() {
-            return Ok(());
-        }
-        let token = token_before_semicolon(content_type_header.as_bytes());
-        let is_json = is_json_like_token(token);
-        let is_form = is_form_urlencoded_token(token) || is_multipart_form_data_token(token);
-        if !is_json && !is_form {
-            let problem = ProblemDetails::new(
-                "https://spikard.dev/errors/unsupported-media-type",
-                "Unsupported Media Type",
-                StatusCode::UNSUPPORTED_MEDIA_TYPE,
-            )
-            .with_detail("Unsupported media type");
-            let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
-            return Err((
-                StatusCode::UNSUPPORTED_MEDIA_TYPE,
-                [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
-                body,
-            )
-                .into_response());
-        }
-    }
-    Ok(())
-}
-/// Validate Content-Length header matches actual body size
-#[allow(clippy::result_large_err, clippy::collapsible_if)]
-pub fn validate_content_length(headers: &HeaderMap, actual_size: usize) -> Result<(), Response> {
-    if let Some(content_length_header) = headers.get(axum::http::header::CONTENT_LENGTH) {
-        let Some(declared_length) = parse_ascii_usize(content_length_header.as_bytes()) else {
-            return Ok(());
-        };
-        if declared_length != actual_size {
-            let problem = ProblemDetails::bad_request(format!(
-                "Content-Length header ({}) does not match actual body size ({})",
-                declared_length, actual_size
-            ));
-            let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
-            return Err((
-                StatusCode::BAD_REQUEST,
-                [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
-                body,
-            )
-                .into_response());
-        }
-    }
-    Ok(())
-}
-fn parse_ascii_usize(bytes: &[u8]) -> Option<usize> {
-    if bytes.is_empty() {
-        return None;
-    }
-    let mut value: usize = 0;
-    for &b in bytes {
-        if !b.is_ascii_digit() {
-            return None;
-        }
-        value = value.saturating_mul(10).saturating_add((b - b'0') as usize);
-    }
-    Some(value)
-}
-/// Validate Content-Type header and related requirements
-#[allow(clippy::result_large_err)]
-pub fn validate_content_type_headers(headers: &HeaderMap, _declared_body_size: usize) -> Result<(), Response> {
-    if let Some(content_type) = headers.get(axum::http::header::CONTENT_TYPE) {
-        if !content_type.as_bytes().is_ascii() && content_type.to_str().is_err() {
-            // Keep legacy behavior: invalid bytes should fail fast.
-            let error_body = json!({
-                "error": "Invalid Content-Type header"
-            });
-            return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
-        }
-        let token = token_before_semicolon(content_type.as_bytes());
-        if !is_valid_content_type_token(token) {
-            let error_body = json!({
-                "error": "Invalid Content-Type header"
-            });
-            return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
-        }
-        let is_json = is_json_like_token(token);
-        let is_multipart = is_multipart_form_data_token(token);
-        if is_multipart && !multipart_has_boundary(content_type) {
-            let error_body = json!({
-                "error": "multipart/form-data requires 'boundary' parameter"
-            });
-            return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
-        }
-        if is_json
-            && let Some(charset) = json_charset_value(content_type)
-            && !charset.eq_ignore_ascii_case(b"utf-8")
-            && !charset.eq_ignore_ascii_case(b"utf8")
-        {
-            let charset_str = String::from_utf8_lossy(charset);
-            let problem = ProblemDetails::new(
-                "https://spikard.dev/errors/unsupported-charset",
-                "Unsupported Charset",
-                StatusCode::UNSUPPORTED_MEDIA_TYPE,
-            )
-            .with_detail(format!(
-                "Unsupported charset '{}' for JSON. Only UTF-8 is supported.",
-                charset_str
-            ));
-            let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
-            return Err((
-                StatusCode::UNSUPPORTED_MEDIA_TYPE,
-                [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
-                body,
-            )
-                .into_response());
-        }
-    }
-    Ok(())
-}
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use axum::http::HeaderValue;
-    #[test]
-    fn validate_content_length_accepts_matching_sizes() {
-        let mut headers = HeaderMap::new();
-        headers.insert(axum::http::header::CONTENT_LENGTH, HeaderValue::from_static("5"));
-        assert!(validate_content_length(&headers, 5).is_ok());
-    }
-    #[test]
-    fn validate_content_length_rejects_mismatched_sizes() {
-        let mut headers = HeaderMap::new();
-        headers.insert(axum::http::header::CONTENT_LENGTH, HeaderValue::from_static("10"));
-        let err = validate_content_length(&headers, 4).expect_err("expected mismatch");
-        assert_eq!(err.status(), StatusCode::BAD_REQUEST);
-        assert_eq!(
-            err.headers()
-                .get(axum::http::header::CONTENT_TYPE)
-                .and_then(|value| value.to_str().ok()),
-            Some(CONTENT_TYPE_PROBLEM_JSON)
-        );
-    }
-    #[test]
-    fn test_multipart_without_boundary() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("multipart/form-data"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_err());
-    }
-    #[test]
-    fn test_multipart_with_boundary() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("multipart/form-data; boundary=----WebKitFormBoundary"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_json_with_utf16_charset() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/json; charset=utf-16"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_err());
-    }
-    #[test]
-    fn test_json_with_utf8_charset() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/json; charset=utf-8"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_json_without_charset() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/json"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_vendor_json_accepted() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/vnd.api+json"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_problem_json_accepted() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/problem+json"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_vendor_json_with_utf16_charset_rejected() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/vnd.api+json; charset=utf-16"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_err());
-    }
-    #[test]
-    fn test_vendor_json_with_utf8_charset_accepted() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/vnd.api+json; charset=utf-8"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok());
-    }
-    #[test]
-    fn test_is_json_content_type() {
-        let mime = "application/json".parse::<mime::Mime>().unwrap();
-        assert!(is_json_content_type(&mime));
-        let mime = "application/vnd.api+json".parse::<mime::Mime>().unwrap();
-        assert!(is_json_content_type(&mime));
-        let mime = "application/problem+json".parse::<mime::Mime>().unwrap();
-        assert!(is_json_content_type(&mime));
-        let mime = "application/hal+json".parse::<mime::Mime>().unwrap();
-        assert!(is_json_content_type(&mime));
-        let mime = "text/plain".parse::<mime::Mime>().unwrap();
-        assert!(!is_json_content_type(&mime));
-        let mime = "application/xml".parse::<mime::Mime>().unwrap();
-        assert!(!is_json_content_type(&mime));
-        let mime = "application/x-www-form-urlencoded".parse::<mime::Mime>().unwrap();
-        assert!(!is_json_content_type(&mime));
-    }
-    #[test]
-    fn test_json_with_utf8_uppercase_charset() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/json; charset=UTF-8"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok(), "UTF-8 in uppercase should be accepted");
-    }
-    #[test]
-    fn test_json_with_utf8_no_hyphen_charset() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/json; charset=utf8"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok(), "utf8 without hyphen should be accepted");
-    }
-    #[test]
-    fn test_json_with_iso88591_charset_rejected() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/json; charset=iso-8859-1"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_err(), "iso-8859-1 should be rejected for JSON");
-    }
-    #[test]
-    fn test_json_with_utf32_charset_rejected() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/json; charset=utf-32"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_err(), "UTF-32 should be rejected for JSON");
-    }
-    #[test]
-    fn test_multipart_with_boundary_and_charset() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("multipart/form-data; boundary=abc123; charset=utf-8"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(
-            result.is_ok(),
-            "multipart with boundary should accept charset parameter"
-        );
-    }
-    #[test]
-    fn test_validate_content_length_no_header() {
-        let headers = HeaderMap::new();
-        let result = validate_content_length(&headers, 1024);
-        assert!(result.is_ok(), "Missing Content-Length header should pass");
-    }
-    #[test]
-    fn test_validate_content_length_zero_bytes() {
-        let mut headers = HeaderMap::new();
-        headers.insert(axum::http::header::CONTENT_LENGTH, HeaderValue::from_static("0"));
-        assert!(validate_content_length(&headers, 0).is_ok());
-    }
-    #[test]
-    fn test_validate_content_length_large_body() {
-        let mut headers = HeaderMap::new();
-        let large_size = 1024 * 1024 * 100;
-        headers.insert(
-            axum::http::header::CONTENT_LENGTH,
-            HeaderValue::from_str(&large_size.to_string()).unwrap(),
-        );
-        assert!(validate_content_length(&headers, large_size).is_ok());
-    }
-    #[test]
-    fn test_validate_content_length_invalid_header_format() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_LENGTH,
-            HeaderValue::from_static("not-a-number"),
-        );
-        let result = validate_content_length(&headers, 100);
-        assert!(
-            result.is_ok(),
-            "Invalid Content-Length format should be skipped gracefully"
-        );
-    }
-    #[test]
-    fn test_invalid_content_type_format() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("not/a/valid/type"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_err(), "Invalid mime type format should be rejected");
-    }
-    #[test]
-    fn test_unsupported_content_type_xml() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/xml"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(
-            result.is_ok(),
-            "XML should pass header validation (routing layer rejects if needed)"
-        );
-    }
-    #[test]
-    fn test_unsupported_content_type_plain_text() {
-        let mut headers = HeaderMap::new();
-        headers.insert(axum::http::header::CONTENT_TYPE, HeaderValue::from_static("text/plain"));
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok(), "Plain text should pass header validation");
-    }
-    #[test]
-    fn test_content_type_with_boundary_missing_boundary_param() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("multipart/form-data; charset=utf-8"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(
-            result.is_err(),
-            "multipart/form-data without boundary parameter should be rejected"
-        );
-    }
-    #[test]
-    fn test_content_type_form_urlencoded() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/x-www-form-urlencoded"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok(), "form-urlencoded should be accepted");
-    }
-    #[test]
-    fn test_is_json_content_type_with_hal_json() {
-        let mime = "application/hal+json".parse::<mime::Mime>().unwrap();
-        assert!(is_json_content_type(&mime), "HAL+JSON should be recognized as JSON");
-    }
-    #[test]
-    fn test_is_json_content_type_with_ld_json() {
-        let mime = "application/ld+json".parse::<mime::Mime>().unwrap();
-        assert!(is_json_content_type(&mime), "LD+JSON should be recognized as JSON");
-    }
-    #[test]
-    fn test_is_json_content_type_rejects_json_patch() {
-        let mime = "application/json-patch+json".parse::<mime::Mime>().unwrap();
-        assert!(is_json_content_type(&mime), "JSON-Patch should be recognized as JSON");
-    }
-    #[test]
-    fn test_is_json_content_type_rejects_html() {
-        let mime = "text/html".parse::<mime::Mime>().unwrap();
-        assert!(!is_json_content_type(&mime), "HTML should not be JSON");
-    }
-    #[test]
-    fn test_is_json_content_type_rejects_csv() {
-        let mime = "text/csv".parse::<mime::Mime>().unwrap();
-        assert!(!is_json_content_type(&mime), "CSV should not be JSON");
-    }
-    #[test]
-    fn test_is_json_content_type_rejects_image_png() {
-        let mime = "image/png".parse::<mime::Mime>().unwrap();
-        assert!(!is_json_content_type(&mime), "PNG should not be JSON");
-    }
-    #[test]
-    fn test_validate_json_content_type_missing_header() {
-        let headers = HeaderMap::new();
-        let result = validate_json_content_type(&headers);
-        assert!(
-            result.is_ok(),
-            "Missing Content-Type for JSON route should be OK (routing layer handles)"
-        );
-    }
-    #[test]
-    fn test_validate_json_content_type_accepts_form_urlencoded() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/x-www-form-urlencoded"),
-        );
-        let result = validate_json_content_type(&headers);
-        assert!(result.is_ok(), "Form-urlencoded should be accepted for JSON routes");
-    }
-    #[test]
-    fn test_validate_json_content_type_accepts_multipart() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("multipart/form-data; boundary=abc123"),
-        );
-        let result = validate_json_content_type(&headers);
-        assert!(result.is_ok(), "Multipart should be accepted for JSON routes");
-    }
-    #[test]
-    fn test_validate_json_content_type_rejects_xml() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/xml"),
-        );
-        let result = validate_json_content_type(&headers);
-        assert!(result.is_err(), "XML should be rejected for JSON-expecting routes");
-        assert_eq!(
-            result.unwrap_err().status(),
-            StatusCode::UNSUPPORTED_MEDIA_TYPE,
-            "Should return 415 Unsupported Media Type"
-        );
-    }
-    #[test]
-    fn test_content_type_with_multiple_parameters() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("application/json; charset=utf-8; boundary=xyz"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok(), "Multiple parameters should be parsed correctly");
-    }
-    #[test]
-    fn test_content_type_with_quoted_parameter() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static(r#"multipart/form-data; boundary="----WebKitFormBoundary""#),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok(), "Quoted boundary parameter should be handled");
-    }
-    #[test]
-    fn test_content_type_case_insensitive_type() {
-        let mut headers = HeaderMap::new();
-        headers.insert(
-            axum::http::header::CONTENT_TYPE,
-            HeaderValue::from_static("Application/JSON"),
-        );
-        let result = validate_content_type_headers(&headers, 0);
-        assert!(result.is_ok(), "Content-Type type/subtype should be case-insensitive");
-    }
-}
+//! JSON schema validation middleware
+use axum::http::HeaderValue;
+use axum::http::{HeaderMap, StatusCode};
+use axum::response::{IntoResponse, Response};
+use serde_json::json;
+use spikard_core::problem::{CONTENT_TYPE_PROBLEM_JSON, ProblemDetails};
+/// Check if a media type is JSON or has a +json suffix
+pub fn is_json_content_type(mime: &mime::Mime) -> bool {
+    (mime.type_() == mime::APPLICATION && mime.subtype() == mime::JSON) || mime.suffix() == Some(mime::JSON)
+}
+fn trim_ascii_whitespace(bytes: &[u8]) -> &[u8] {
+    let mut start = 0usize;
+    let mut end = bytes.len();
+    while start < end && (bytes[start] == b' ' || bytes[start] == b'\t') {
+        start += 1;
+    }
+    while end > start && (bytes[end - 1] == b' ' || bytes[end - 1] == b'\t') {
+        end -= 1;
+    }
+    &bytes[start..end]
+}
+fn token_before_semicolon(bytes: &[u8]) -> &[u8] {
+    let mut i = 0usize;
+    while i < bytes.len() {
+        let b = bytes[i];
+        if b == b';' {
+            break;
+        }
+        i += 1;
+    }
+    trim_ascii_whitespace(&bytes[..i])
+}
+#[inline]
+fn is_json_like_token(token: &[u8]) -> bool {
+    if token.eq_ignore_ascii_case(b"application/json") {
+        return true;
+    }
+    // vendor JSON: application/vnd.foo+json
+    token.len() >= 5 && token[token.len() - 5..].eq_ignore_ascii_case(b"+json")
+}
+#[inline]
+fn is_multipart_form_data_token(token: &[u8]) -> bool {
+    token.eq_ignore_ascii_case(b"multipart/form-data")
+}
+#[inline]
+fn is_form_urlencoded_token(token: &[u8]) -> bool {
+    token.eq_ignore_ascii_case(b"application/x-www-form-urlencoded")
+}
+fn is_valid_content_type_token(token: &[u8]) -> bool {
+    // Minimal fast validation:
+    // - exactly one '/' separating type and subtype
+    // - no whitespace
+    // - type and subtype are non-empty
+    if token.is_empty() {
+        return false;
+    }
+    let mut slash_pos: Option<usize> = None;
+    for (idx, &b) in token.iter().enumerate() {
+        if b == b' ' || b == b'\t' {
+            return false;
+        }
+        if b == b'/' {
+            if slash_pos.is_some() {
+                return false;
+            }
+            slash_pos = Some(idx);
+        }
+    }
+    match slash_pos {
+        None => false,
+        Some(0) => false,
+        Some(pos) if pos + 1 >= token.len() => false,
+        Some(_) => true,
+    }
+}
+fn ascii_contains_ignore_case(haystack: &[u8], needle: &[u8]) -> bool {
+    if needle.is_empty() {
+        return true;
+    }
+    if haystack.len() < needle.len() {
+        return false;
+    }
+    haystack.windows(needle.len()).any(|w| w.eq_ignore_ascii_case(needle))
+}
+/// Fast classification: does this Content-Type represent JSON (application/json or +json)?
+pub fn is_json_like(content_type: &HeaderValue) -> bool {
+    let token = token_before_semicolon(content_type.as_bytes());
+    is_json_like_token(token)
+}
+/// Fast classification for already-extracted header strings.
+///
+/// This is used in hot paths where headers are stored as `String` values in `RequestData`.
+pub fn is_json_like_str(content_type: &str) -> bool {
+    let token = token_before_semicolon(content_type.as_bytes());
+    is_json_like_token(token)
+}
+/// Fast classification: is this Content-Type multipart/form-data?
+pub fn is_multipart_form_data(content_type: &HeaderValue) -> bool {
+    let token = token_before_semicolon(content_type.as_bytes());
+    is_multipart_form_data_token(token)
+}
+/// Fast classification: is this Content-Type application/x-www-form-urlencoded?
+pub fn is_form_urlencoded(content_type: &HeaderValue) -> bool {
+    let token = token_before_semicolon(content_type.as_bytes());
+    is_form_urlencoded_token(token)
+}
+/// Classify Content-Type header values after validation.
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum ContentTypeKind {
+    Json,
+    Multipart,
+    FormUrlencoded,
+    Other,
+}
+fn multipart_has_boundary(content_type: &HeaderValue) -> bool {
+    ascii_contains_ignore_case(content_type.as_bytes(), b"boundary=")
+}
+fn json_charset_value(content_type: &HeaderValue) -> Option<&[u8]> {
+    let bytes = content_type.as_bytes();
+    if !ascii_contains_ignore_case(bytes, b"charset=") {
+        return None;
+    }
+    // Extract first charset token after "charset=" up to ';' or whitespace.
+    let mut i = 0usize;
+    while i + 8 <= bytes.len() {
+        if bytes[i..i + 8].eq_ignore_ascii_case(b"charset=") {
+            let mut j = i + 8;
+            while j < bytes.len() && (bytes[j] == b' ' || bytes[j] == b'\t') {
+                j += 1;
+            }
+            let start = j;
+            while j < bytes.len() {
+                let b = bytes[j];
+                if b == b';' || b == b' ' || b == b'\t' {
+                    break;
+                }
+                j += 1;
+            }
+            return Some(&bytes[start..j]);
+        }
+        i += 1;
+    }
+    None
+}
+/// Validate that Content-Type is JSON-compatible when route expects JSON
+#[allow(clippy::result_large_err)]
+pub fn validate_json_content_type(headers: &HeaderMap) -> Result<(), Response> {
+    if let Some(content_type_header) = headers.get(axum::http::header::CONTENT_TYPE) {
+        if content_type_header.to_str().is_err() {
+            return Ok(());
+        }
+        let token = token_before_semicolon(content_type_header.as_bytes());
+        let is_json = is_json_like_token(token);
+        let is_form = is_form_urlencoded_token(token) || is_multipart_form_data_token(token);
+        if !is_json && !is_form {
+            let problem = ProblemDetails::new(
+                "https://spikard.dev/errors/unsupported-media-type",
+                "Unsupported Media Type",
+                StatusCode::UNSUPPORTED_MEDIA_TYPE,
+            )
+            .with_detail("Unsupported media type");
+            let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
+            return Err((
+                StatusCode::UNSUPPORTED_MEDIA_TYPE,
+                [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
+                body,
+            )
+                .into_response());
+        }
+    }
+    Ok(())
+}
+/// Validate Content-Length header matches actual body size
+#[allow(clippy::result_large_err, clippy::collapsible_if)]
+pub fn validate_content_length(headers: &HeaderMap, actual_size: usize) -> Result<(), Response> {
+    if let Some(content_length_header) = headers.get(axum::http::header::CONTENT_LENGTH) {
+        let Some(declared_length) = parse_ascii_usize(content_length_header.as_bytes()) else {
+            return Ok(());
+        };
+        if declared_length != actual_size {
+            let problem = ProblemDetails::new(
+                "https://spikard.dev/errors/content-length-mismatch",
+                "Content-Length header mismatch",
+                StatusCode::BAD_REQUEST,
+            )
+            .with_detail("Content-Length header does not match actual body size");
+            let body = problem.to_json().unwrap_or_else(|_| {
+                json!({"error": "Content-Length header does not match actual body size"}).to_string()
+            });
+            return Err((
+                StatusCode::BAD_REQUEST,
+                [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
+                body,
+            )
+                .into_response());
+        }
+    }
+    Ok(())
+}
+fn parse_ascii_usize(bytes: &[u8]) -> Option<usize> {
+    if bytes.is_empty() {
+        return None;
+    }
+    let mut value: usize = 0;
+    for &b in bytes {
+        if !b.is_ascii_digit() {
+            return None;
+        }
+        value = value.saturating_mul(10).saturating_add((b - b'0') as usize);
+    }
+    Some(value)
+}
+/// Validate Content-Type header and related requirements
+#[allow(clippy::result_large_err)]
+pub fn validate_content_type_headers(headers: &HeaderMap, _declared_body_size: usize) -> Result<(), Response> {
+    validate_content_type_headers_and_classify(headers, _declared_body_size).map(|_| ())
+}
+/// Validate Content-Type and return its classification (if present).
+#[allow(clippy::result_large_err)]
+pub fn validate_content_type_headers_and_classify(
+    headers: &HeaderMap,
+    _declared_body_size: usize,
+) -> Result<Option<ContentTypeKind>, Response> {
+    let Some(content_type) = headers.get(axum::http::header::CONTENT_TYPE) else {
+        return Ok(None);
+    };
+    if !content_type.as_bytes().is_ascii() && content_type.to_str().is_err() {
+        // Keep legacy behavior: invalid bytes should fail fast.
+        let error_body = json!({
+            "error": "Invalid Content-Type header"
+        });
+        return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
+    }
+    let token = token_before_semicolon(content_type.as_bytes());
+    if !is_valid_content_type_token(token) {
+        let error_body = json!({
+            "error": "Invalid Content-Type header"
+        });
+        return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
+    }
+    let is_json = is_json_like_token(token);
+    let is_multipart = is_multipart_form_data_token(token);
+    let is_form = is_form_urlencoded_token(token);
+    if is_multipart && !multipart_has_boundary(content_type) {
+        let error_body = json!({
+            "error": "multipart/form-data requires 'boundary' parameter"
+        });
+        return Err((StatusCode::BAD_REQUEST, axum::Json(error_body)).into_response());
+    }
+    if is_json
+        && let Some(charset) = json_charset_value(content_type)
+        && !charset.eq_ignore_ascii_case(b"utf-8")
+        && !charset.eq_ignore_ascii_case(b"utf8")
+    {
+        let charset_str = String::from_utf8_lossy(charset);
+        let problem = ProblemDetails::new(
+            "https://spikard.dev/errors/unsupported-charset",
+            "Unsupported Charset",
+            StatusCode::UNSUPPORTED_MEDIA_TYPE,
+        )
+        .with_detail(format!(
+            "Unsupported charset '{}' for JSON. Only UTF-8 is supported.",
+            charset_str
+        ));
+        let body = problem.to_json().unwrap_or_else(|_| "{}".to_string());
+        return Err((
+            StatusCode::UNSUPPORTED_MEDIA_TYPE,
+            [(axum::http::header::CONTENT_TYPE, CONTENT_TYPE_PROBLEM_JSON)],
+            body,
+        )
+            .into_response());
+    }
+    let kind = if is_json {
+        ContentTypeKind::Json
+    } else if is_multipart {
+        ContentTypeKind::Multipart
+    } else if is_form {
+        ContentTypeKind::FormUrlencoded
+    } else {
+        ContentTypeKind::Other
+    };
+    Ok(Some(kind))
+}
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use axum::http::HeaderValue;
+    #[test]
+    fn validate_content_length_accepts_matching_sizes() {
+        let mut headers = HeaderMap::new();
+        headers.insert(axum::http::header::CONTENT_LENGTH, HeaderValue::from_static("5"));
+        assert!(validate_content_length(&headers, 5).is_ok());
+    }
+    #[test]
+    fn validate_content_length_rejects_mismatched_sizes() {
+        let mut headers = HeaderMap::new();
+        headers.insert(axum::http::header::CONTENT_LENGTH, HeaderValue::from_static("10"));
+        let err = validate_content_length(&headers, 4).expect_err("expected mismatch");
+        assert_eq!(err.status(), StatusCode::BAD_REQUEST);
+        assert_eq!(
+            err.headers()
+                .get(axum::http::header::CONTENT_TYPE)
+                .and_then(|value| value.to_str().ok()),
+            Some(CONTENT_TYPE_PROBLEM_JSON)
+        );
+    }
+    #[test]
+    fn test_multipart_without_boundary() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("multipart/form-data"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err());
+    }
+    #[test]
+    fn test_multipart_with_boundary() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("multipart/form-data; boundary=----WebKitFormBoundary"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_json_with_utf16_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=utf-16"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err());
+    }
+    #[test]
+    fn test_json_with_utf8_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=utf-8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_json_without_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_vendor_json_accepted() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/vnd.api+json"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_problem_json_accepted() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/problem+json"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_vendor_json_with_utf16_charset_rejected() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/vnd.api+json; charset=utf-16"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err());
+    }
+    #[test]
+    fn test_vendor_json_with_utf8_charset_accepted() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/vnd.api+json; charset=utf-8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok());
+    }
+    #[test]
+    fn test_is_json_content_type() {
+        let mime = "application/json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime));
+        let mime = "application/vnd.api+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime));
+        let mime = "application/problem+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime));
+        let mime = "application/hal+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime));
+        let mime = "text/plain".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime));
+        let mime = "application/xml".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime));
+        let mime = "application/x-www-form-urlencoded".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime));
+    }
+    #[test]
+    fn test_json_with_utf8_uppercase_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=UTF-8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "UTF-8 in uppercase should be accepted");
+    }
+    #[test]
+    fn test_json_with_utf8_no_hyphen_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=utf8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "utf8 without hyphen should be accepted");
+    }
+    #[test]
+    fn test_json_with_iso88591_charset_rejected() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=iso-8859-1"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err(), "iso-8859-1 should be rejected for JSON");
+    }
+    #[test]
+    fn test_json_with_utf32_charset_rejected() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=utf-32"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err(), "UTF-32 should be rejected for JSON");
+    }
+    #[test]
+    fn test_multipart_with_boundary_and_charset() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("multipart/form-data; boundary=abc123; charset=utf-8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(
+            result.is_ok(),
+            "multipart with boundary should accept charset parameter"
+        );
+    }
+    #[test]
+    fn test_validate_content_length_no_header() {
+        let headers = HeaderMap::new();
+        let result = validate_content_length(&headers, 1024);
+        assert!(result.is_ok(), "Missing Content-Length header should pass");
+    }
+    #[test]
+    fn test_validate_content_length_zero_bytes() {
+        let mut headers = HeaderMap::new();
+        headers.insert(axum::http::header::CONTENT_LENGTH, HeaderValue::from_static("0"));
+        assert!(validate_content_length(&headers, 0).is_ok());
+    }
+    #[test]
+    fn test_validate_content_length_large_body() {
+        let mut headers = HeaderMap::new();
+        let large_size = 1024 * 1024 * 100;
+        headers.insert(
+            axum::http::header::CONTENT_LENGTH,
+            HeaderValue::from_str(&large_size.to_string()).unwrap(),
+        );
+        assert!(validate_content_length(&headers, large_size).is_ok());
+    }
+    #[test]
+    fn test_validate_content_length_invalid_header_format() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_LENGTH,
+            HeaderValue::from_static("not-a-number"),
+        );
+        let result = validate_content_length(&headers, 100);
+        assert!(
+            result.is_ok(),
+            "Invalid Content-Length format should be skipped gracefully"
+        );
+    }
+    #[test]
+    fn test_invalid_content_type_format() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("not/a/valid/type"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_err(), "Invalid mime type format should be rejected");
+    }
+    #[test]
+    fn test_unsupported_content_type_xml() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/xml"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(
+            result.is_ok(),
+            "XML should pass header validation (routing layer rejects if needed)"
+        );
+    }
+    #[test]
+    fn test_unsupported_content_type_plain_text() {
+        let mut headers = HeaderMap::new();
+        headers.insert(axum::http::header::CONTENT_TYPE, HeaderValue::from_static("text/plain"));
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "Plain text should pass header validation");
+    }
+    #[test]
+    fn test_content_type_with_boundary_missing_boundary_param() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("multipart/form-data; charset=utf-8"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(
+            result.is_err(),
+            "multipart/form-data without boundary parameter should be rejected"
+        );
+    }
+    #[test]
+    fn test_content_type_form_urlencoded() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/x-www-form-urlencoded"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "form-urlencoded should be accepted");
+    }
+    #[test]
+    fn test_is_json_content_type_with_hal_json() {
+        let mime = "application/hal+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime), "HAL+JSON should be recognized as JSON");
+    }
+    #[test]
+    fn test_is_json_content_type_with_ld_json() {
+        let mime = "application/ld+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime), "LD+JSON should be recognized as JSON");
+    }
+    #[test]
+    fn test_is_json_content_type_rejects_json_patch() {
+        let mime = "application/json-patch+json".parse::<mime::Mime>().unwrap();
+        assert!(is_json_content_type(&mime), "JSON-Patch should be recognized as JSON");
+    }
+    #[test]
+    fn test_is_json_content_type_rejects_html() {
+        let mime = "text/html".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime), "HTML should not be JSON");
+    }
+    #[test]
+    fn test_is_json_content_type_rejects_csv() {
+        let mime = "text/csv".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime), "CSV should not be JSON");
+    }
+    #[test]
+    fn test_is_json_content_type_rejects_image_png() {
+        let mime = "image/png".parse::<mime::Mime>().unwrap();
+        assert!(!is_json_content_type(&mime), "PNG should not be JSON");
+    }
+    #[test]
+    fn test_validate_json_content_type_missing_header() {
+        let headers = HeaderMap::new();
+        let result = validate_json_content_type(&headers);
+        assert!(
+            result.is_ok(),
+            "Missing Content-Type for JSON route should be OK (routing layer handles)"
+        );
+    }
+    #[test]
+    fn test_validate_json_content_type_accepts_form_urlencoded() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/x-www-form-urlencoded"),
+        );
+        let result = validate_json_content_type(&headers);
+        assert!(result.is_ok(), "Form-urlencoded should be accepted for JSON routes");
+    }
+    #[test]
+    fn test_validate_json_content_type_accepts_multipart() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("multipart/form-data; boundary=abc123"),
+        );
+        let result = validate_json_content_type(&headers);
+        assert!(result.is_ok(), "Multipart should be accepted for JSON routes");
+    }
+    #[test]
+    fn test_validate_json_content_type_rejects_xml() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/xml"),
+        );
+        let result = validate_json_content_type(&headers);
+        assert!(result.is_err(), "XML should be rejected for JSON-expecting routes");
+        assert_eq!(
+            result.unwrap_err().status(),
+            StatusCode::UNSUPPORTED_MEDIA_TYPE,
+            "Should return 415 Unsupported Media Type"
+        );
+    }
+    #[test]
+    fn test_content_type_with_multiple_parameters() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("application/json; charset=utf-8; boundary=xyz"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "Multiple parameters should be parsed correctly");
+    }
+    #[test]
+    fn test_content_type_with_quoted_parameter() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static(r#"multipart/form-data; boundary="----WebKitFormBoundary""#),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "Quoted boundary parameter should be handled");
+    }
+    #[test]
+    fn test_content_type_case_insensitive_type() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            axum::http::header::CONTENT_TYPE,
+            HeaderValue::from_static("Application/JSON"),
+        );
+        let result = validate_content_type_headers(&headers, 0);
+        assert!(result.is_ok(), "Content-Type type/subtype should be case-insensitive");
+    }
+}