lthn.io/app/Http/Middleware/ValidateJsonRequest.php

<?php

declare(strict_types=1);

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

/**
 * Validates API request body — JSON content type and size limit.
 *
 * Applied to POST/PUT/PATCH API routes to prevent abuse.
 */
class ValidateJsonRequest
{
    private const MAX_BODY_SIZE = 65536; // 64KB

    public function handle(Request $request, Closure $next): mixed
    {
        if (in_array($request->method(), ['POST', 'PUT', 'PATCH'])) {
            $contentType = $request->header('Content-Type', '');

            if (! str_contains($contentType, 'application/json')) {
                return response()->json([
                    'error' => 'Content-Type must be application/json.',
                ], 415);
            }

            if (strlen($request->getContent()) > self::MAX_BODY_SIZE) {
                return response()->json([
                    'error' => 'Request body too large. Maximum 64KB.',
                ], 413);
            }
        }

        return $next($request);
    }
}
feat: UpdateDnsRecords Action, Prometheus metrics, JSON validation - UpdateDnsRecords Action: controller method now one-liner, all DNS logic in Action with activity logging and edit lock. - Prometheus metrics at /v1/metrics: chain_height, alias_count, claims_pending, dns_tickets, gateways_live. Grafana-ready. - ValidateJsonRequest middleware: enforces application/json on POST, 64KB body size limit. Applied to all /v1/* API routes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-04 12:12:07 +01:00			`<?php`

			`declare(strict_types=1);`

			`namespace App\Http\Middleware;`

			`use Closure;`
			`use Illuminate\Http\Request;`

			`/**`
			`* Validates API request body — JSON content type and size limit.`
			`*`
			`* Applied to POST/PUT/PATCH API routes to prevent abuse.`
			`*/`
			`class ValidateJsonRequest`
			`{`
			`private const MAX_BODY_SIZE = 65536; // 64KB`

			`public function handle(Request $request, Closure $next): mixed`
			`{`
			`if (in_array($request->method(), ['POST', 'PUT', 'PATCH'])) {`
			`$contentType = $request->header('Content-Type', '');`

			`if (! str_contains($contentType, 'application/json')) {`
			`return response()->json([`
			`'error' => 'Content-Type must be application/json.',`
			`], 415);`
			`}`

			`if (strlen($request->getContent()) > self::MAX_BODY_SIZE) {`
			`return response()->json([`
			`'error' => 'Request body too large. Maximum 64KB.',`
			`], 413);`
			`}`
			`}`

			`return $next($request);`
			`}`
			`}`