This Symfony bundle protects against HashDos attacks by limiting the size of JSON requests.
Project
These instructions will help you install this library in your project and tell you how to use it.
- PHP 8.2 or higher
- Symfony 6.0 or higher
- Composer for dependency management
composer require iwf-web/json-request-check-bundleFor Symfony versions before 5.0, you need to manually register the bundle in your config/bundles.php:
// config/bundles.php
return [
// ...
IWF\JsonRequestCheckBundle\IWFJsonRequestCheckBundle::class => ['all' => true],
];Create a configuration file at config/packages/iwf_json_request_check.yaml:
iwf_json_request_check:
default_max_content_length: 10240 # Default: 10KBAlternatively, you can define the default value as an environment variable in your .env file:
# .env or .env.local
IWF_JSON_REQUEST_CHECK_DEFAULT_MAX_LENGTH=10240and then use it in your configuration file:
# config/packages/iwf_json_request_check.yaml
iwf_json_request_check:
default_max_content_length: '%env(int:IWF_JSON_REQUEST_CHECK_DEFAULT_MAX_LENGTH)%'To have a clue about size you can find a file with a JSON of 4kb in the examples: example-payload-4kb.json
<?php
namespace App\Controller\Api;
use IWF\JsonRequestCheckBundle\Attribute\JsonRequestCheck;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Attribute\Route;
class ApiController extends AbstractController
{
#[Route('/api/endpoint', methods: [Request::METHOD_POST])]
#[JsonRequestCheck(maxJsonContentSize: 1024)] // Limits to 1KB for this route
public function apiEndpoint(Request $request): object
{
// Your code here...
return $this->json(['status' => 'success']);
}
}- When a JSON request is sent to your controller, the
JsonRequestCheckSubscriberchecks the size of the request. - If the size exceeds the value specified in the
JsonRequestCheckattribute, an HTTP 413 (Payload Too Large) Exception is triggered. - If no specific value is provided for the route, the global default value from the configuration is used.
When a request exceeds the allowed size, an HTTP 413 response is automatically returned with the message "JSON payload too large" along with details about the received size and maximum allowed size.
This project uses PHIVE for managing PHP development tools. Follow these steps to set up your local development environment:
brew install phive# Install development tools via PHIVE
phive install
# Install Composer dependencies
tools/composer install
tools/composer install -d tools
ln -s vendor/bin/phpstan tools/phpstanCheck code style violations:
tools/php-cs-fixer fix --dry-run --diffFix code style violations automatically:
tools/php-cs-fixer fixRun PHPStan analysis:
tools/phpstan analyseGenerate PHPStan baseline for existing issues:
tools/phpstan analyse --generate-baselineBefore committing your changes, ensure all checks pass:
# Check code style
tools/php-cs-fixer fix --dry-run --diff
# Run static analysis
tools/phpstan analyse
# If everything passes, fix code style
tools/php-cs-fixer fixPlease read CONTRIBUTING.md for details on our code of conduct, and CONTRIBUTING.md for the process for submitting pull requests to us.
We use SemVer for versioning. For the versions available, see the tags on this repository.
All the authors can be seen in the AUTHORS.md file.
Contributors can be seen in the CONTRIBUTORS.md file.
See also the full list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE.txt file for details
A list of used libraries and code with their licenses can be seen in the ACKNOWLEDGMENTS.md file.