iwf-web/json-request-check-bundle

Symfony bundle to protect against HashDos attacks by limiting JSON request size

Maintainers

Details

github.com/iwf-web/json-request-check-bundle

Homepage

Source

Issues

Forum

Wiki

Documentation

Installs: 580

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 8

Forks: 0

Open Issues: 0

Type:symfony-bundle

pkg:composer/iwf-web/json-request-check-bundle

v1.1.0 2025-06-19 11:29 UTC

Requires

MIT 2b7d54955a963f03585bd4c5209234ae74930c3e

  • Nick Steinwand <n.steinwand.woop@iwf.ch>

This package is auto-updated.

Last update: 2025-10-10 12:53:54 UTC

README

This Symfony bundle protects against HashDos attacks by limiting the size of JSON requests.

Project

License Version Version (including pre-releases) Downloads on Packagist Required PHP version

Getting Started

These instructions will help you install this library in your project and tell you how to use it.

Prerequisites

  • PHP 8.2 or higher
  • Symfony 6.0 or higher
  • Composer for dependency management

Installing

Step 1: Install Package

composer require iwf-web/json-request-check-bundle

Step 2: Register Bundle (Symfony < 5.0)

For Symfony versions before 5.0, you need to manually register the bundle in your config/bundles.php:

// config/bundles.php
return [
    // ...
    IWF\JsonRequestCheckBundle\IWFJsonRequestCheckBundle::class => ['all' => true],
];

Configuration

Create a configuration file at config/packages/iwf_json_request_check.yaml:

iwf_json_request_check:
    default_max_content_length: 10240 # Default: 10KB

Alternatively, you can define the default value as an environment variable in your .env file:

# .env or .env.local
IWF_JSON_REQUEST_CHECK_DEFAULT_MAX_LENGTH=10240

and then use it in your configuration file:

# config/packages/iwf_json_request_check.yaml
iwf_json_request_check:
    default_max_content_length: '%env(int:IWF_JSON_REQUEST_CHECK_DEFAULT_MAX_LENGTH)%'

To have a clue about size you can find a file with a JSON of 4kb in the examples: example-payload-4kb.json

Usage

Add the Attribute to Controller Methods

<?php

namespace App\Controller\Api;

use IWF\JsonRequestCheckBundle\Attribute\JsonRequestCheck;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Attribute\Route;

class ApiController extends AbstractController
{
    #[Route('/api/endpoint', methods: [Request::METHOD_POST])]
    #[JsonRequestCheck(maxJsonContentSize: 1024)] // Limits to 1KB for this route
    public function apiEndpoint(Request $request): object
    {
        // Your code here...
        return $this->json(['status' => 'success']);
    }
}

How It Works

  1. When a JSON request is sent to your controller, the JsonRequestCheckSubscriber checks the size of the request.
  2. If the size exceeds the value specified in the JsonRequestCheck attribute, an HTTP 413 (Payload Too Large) Exception is triggered.
  3. If no specific value is provided for the route, the global default value from the configuration is used.

Error Messages

When a request exceeds the allowed size, an HTTP 413 response is automatically returned with the message "JSON payload too large" along with details about the received size and maximum allowed size.

Local Development Setup

Installing Development Tools

This project uses PHIVE for managing PHP development tools. Follow these steps to set up your local development environment:

Step 1: Install PHIVE

brew install phive

Step 2: Install Development Dependencies

# Install development tools via PHIVE
phive install

# Install Composer dependencies
tools/composer install
tools/composer install -d tools
ln -s vendor/bin/phpstan tools/phpstan

Running Code Quality Checks

PHP-CS-Fixer (Code Style)

Check code style violations:

tools/php-cs-fixer fix --dry-run --diff

Fix code style violations automatically:

tools/php-cs-fixer fix

PHPStan (Static Analysis)

Run PHPStan analysis:

tools/phpstan analyse

Generate PHPStan baseline for existing issues:

tools/phpstan analyse --generate-baseline

Development Workflow

Before committing your changes, ensure all checks pass:

# Check code style
tools/php-cs-fixer fix --dry-run --diff

# Run static analysis
tools/phpstan analyse

# If everything passes, fix code style
tools/php-cs-fixer fix

Built With

  • PHP - Programming Language
  • Composer - Dependency Management
  • Symfony - The PHP framework used

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and CONTRIBUTING.md for the process for submitting pull requests to us.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Authors

All the authors can be seen in the AUTHORS.md file.

Contributors can be seen in the CONTRIBUTORS.md file.

See also the full list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE.txt file for details

Acknowledgments

A list of used libraries and code with their licenses can be seen in the ACKNOWLEDGMENTS.md file.