incremental
diff --git a/src/base64.cpp b/src/base64.cpp
new file mode 100644
index 0000000..2592887
--- /dev/null
+++ b/src/base64.cpp
@@ -0,0 +1,138 @@
+#include <base64.hpp>
+#include <cassert>
+
+namespace base64
+{
+bool base64_encode(const gsl::cstring_span<> &input, std::string &output)
+{
+ static const char encoding_data[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+ unsigned int input_length = input.size();
+
+ // allocate space for output string
+ output.clear();
+ output.reserve(((input_length + 2) / 3) * 4);
+
+ // for each 3-bytes sequence from the input, extract 4 6-bits sequences and
+ // encode using
+ // encoding_data lookup table.
+ // if input do not contains enough chars to complete 3-byte sequence,use pad
+ // char '='
+ for (unsigned int i = 0; i < input_length; i++) {
+ int base64code0 = 0;
+ int base64code1 = 0;
+ int base64code2 = 0;
+ int base64code3 = 0;
+
+ base64code0 = (input[i] >> 2) & 0x3f; // 1-byte 6 bits
+ output += encoding_data[base64code0];
+ base64code1 = (input[i] << 4) & 0x3f; // 1-byte 2 bits +
+
+ if (++i < input_length) {
+ base64code1 |= (input[i] >> 4) & 0x0f; // 2-byte 4 bits
+ output += encoding_data[base64code1];
+ base64code2 = (input[i] << 2) & 0x3f; // 2-byte 4 bits +
+
+ if (++i < input_length) {
+ base64code2 |= (input[i] >> 6) & 0x03; // 3-byte 2 bits
+ base64code3 = input[i] & 0x3f; // 3-byte 6 bits
+ output += encoding_data[base64code2];
+ output += encoding_data[base64code3];
+ } else {
+ output += encoding_data[base64code2];
+ output += '=';
+ }
+ } else {
+ output += encoding_data[base64code1];
+ output += '=';
+ output += '=';
+ }
+ }
+
+ return true;
+}
+
+
+bool base64_decode(const gsl::cstring_span<> &input, std::string &output)
+{
+ static const char nop = -1;
+ static const char decoding_data[] = {
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, 62, nop,
+ nop, nop, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, nop, nop,
+ nop, nop, nop, nop, nop, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
+ 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
+ 25, nop, nop, nop, nop, nop, nop, 26, 27, 28, 29, 30, 31, 32, 33,
+ 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
+ 49, 50, 51, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop};
+
+ unsigned int input_length = input.size();
+
+ // allocate space for output string
+ output.clear();
+ output.reserve(((input_length + 2) / 3) * 4);
+
+ // for each 4-bytes sequence from the input, extract 4 6-bits sequences by
+ // droping first two bits
+ // and regenerate into 3 8-bits sequence
+
+ for (unsigned int i = 0; i < input_length; i++) {
+ char base64code0;
+ char base64code1;
+ char base64code2 = 0; // initialized to 0 to suppress warnings
+ char base64code3;
+
+ base64code0 = decoding_data[static_cast<int>(input[i])];
+ if (base64code0 == nop) // non base64 character
+ return false;
+ if (!(++i < input_length)) // we need at least two input bytes for first
+ // byte output
+ return false;
+ base64code1 = decoding_data[static_cast<int>(input[i])];
+ if (base64code1 == nop) // non base64 character
+ return false;
+
+ output += ((base64code0 << 2) | ((base64code1 >> 4) & 0x3));
+
+ if (++i < input_length) {
+ char c = input[i];
+ if (c == '=') { // padding , end of input
+ assert((base64code1 & 0x0f) == 0);
+ return true;
+ }
+ base64code2 = decoding_data[static_cast<int>(input[i])];
+ if (base64code2 == nop) // non base64 character
+ return false;
+
+ output += ((base64code1 << 4) & 0xf0) | ((base64code2 >> 2) & 0x0f);
+ }
+
+ if (++i < input_length) {
+ char c = input[i];
+ if (c == '=') { // padding , end of input
+ assert((base64code2 & 0x03) == 0);
+ return true;
+ }
+ base64code3 = decoding_data[static_cast<int>(input[i])];
+ if (base64code3 == nop) // non base64 character
+ return false;
+
+ output += (((base64code2 << 6) & 0xc0) | base64code3);
+ }
+ }
+
+ return true;
+}
+
+}
\ No newline at end of file
diff --git a/src/base64_test.cpp b/src/base64_test.cpp
new file mode 100644
index 0000000..3484976
--- /dev/null
+++ b/src/base64_test.cpp
@@ -0,0 +1,62 @@
+#include "base64.hpp"
+#include "gtest/gtest.h"
+#include "big_list_of_naughty_strings.hpp"
+
+// Tests that Base64 basic strings work
+TEST(Base64, EncodeBasicString)
+{
+ std::string output;
+ EXPECT_TRUE(base64::base64_encode("Foo", output));
+}
+
+// Tests the test vectors available in the base64 spec
+TEST(Base64, EncodeRFC4648)
+{
+ std::string output;
+ EXPECT_TRUE(base64::base64_encode("", output));
+ EXPECT_EQ(output, "");
+ EXPECT_TRUE(base64::base64_encode("f", output));
+ EXPECT_EQ(output, "Zg==");
+ EXPECT_TRUE(base64::base64_encode("fo", output));
+ EXPECT_EQ(output, "Zm8=");
+ EXPECT_TRUE(base64::base64_encode("foo", output));
+ EXPECT_EQ(output, "Zm9v");
+ EXPECT_TRUE(base64::base64_encode("foob", output));
+ EXPECT_EQ(output, "Zm9vYg==");
+ EXPECT_TRUE(base64::base64_encode("fooba", output));
+ EXPECT_EQ(output, "Zm9vYmE=");
+ EXPECT_TRUE(base64::base64_encode("foobar", output));
+ EXPECT_EQ(output, "Zm9vYmFy");
+}
+
+// Tests the test vectors available in the base64 spec
+TEST(Base64, DecodeRFC4648)
+{
+ std::string output;
+ EXPECT_TRUE(base64::base64_decode("", output));
+ EXPECT_EQ(output, "");
+ EXPECT_TRUE(base64::base64_decode("Zg==", output));
+ EXPECT_EQ(output, "f");
+ EXPECT_TRUE(base64::base64_decode("Zm8=", output));
+ EXPECT_EQ(output, "fo");
+ EXPECT_TRUE(base64::base64_decode("Zm9v", output));
+ EXPECT_EQ(output, "foo");
+ EXPECT_TRUE(base64::base64_decode("Zm9vYg==", output));
+ EXPECT_EQ(output, "foob");
+ EXPECT_TRUE(base64::base64_decode("Zm9vYmE=", output));
+ EXPECT_EQ(output, "fooba");
+ EXPECT_TRUE(base64::base64_decode("Zm9vYmFy", output));
+ EXPECT_EQ(output, "foobar");
+}
+
+// Tests using pathalogical cases for all escapings
+TEST(Base64, NaugtyStrings){
+ std::string base64_string;
+ std::string decoded_string;
+ for (auto& str: naughty_strings){
+ EXPECT_TRUE(base64::base64_encode(str, base64_string));
+ EXPECT_TRUE(base64::base64_decode(base64_string, decoded_string));
+ EXPECT_EQ(str, decoded_string);
+ }
+}
+
diff --git a/src/blns.txt b/src/blns.txt
new file mode 100644
index 0000000..cdbac02
--- /dev/null
+++ b/src/blns.txt
@@ -0,0 +1,685 @@
+# sourced from https://raw.githubusercontent.com/minimaxir/big-list-of-naughty-strings/master/blns.txt
+
+# Reserved Strings
+#
+# Strings which may be used elsewhere in code
+
+undefined
+undef
+null
+NULL
+(null)
+nil
+NIL
+true
+false
+True
+False
+TRUE
+FALSE
+None
+hasOwnProperty
+\
+\\
+
+# Numeric Strings
+#
+# Strings which can be interpreted as numeric
+
+0
+1
+1.00
+$1.00
+1/2
+1E2
+1E02
+1E+02
+-1
+-1.00
+-$1.00
+-1/2
+-1E2
+-1E02
+-1E+02
+1/0
+0/0
+-2147483648/-1
+-9223372036854775808/-1
+-0
+-0.0
++0
++0.0
+0.00
+0..0
+.
+0.0.0
+0,00
+0,,0
+,
+0,0,0
+0.0/0
+1.0/0.0
+0.0/0.0
+1,0/0,0
+0,0/0,0
+--1
+-
+-.
+-,
+999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
+NaN
+Infinity
+-Infinity
+INF
+1#INF
+-1#IND
+1#QNAN
+1#SNAN
+1#IND
+0x0
+0xffffffff
+0xffffffffffffffff
+0xabad1dea
+123456789012345678901234567890123456789
+1,000.00
+1 000.00
+1'000.00
+1,000,000.00
+1 000 000.00
+1'000'000.00
+1.000,00
+1 000,00
+1'000,00
+1.000.000,00
+1 000 000,00
+1'000'000,00
+01000
+08
+09
+2.2250738585072011e-308
+
+# Special Characters
+#
+# ASCII punctuation. All of these characters may need to be escaped in some
+# contexts. Divided into three groups based on (US-layout) keyboard position.
+
+,./;'[]\-=
+<>?:"{}|_+
+!@#$%^&*()`~
+
+# Non-whitespace C0 controls: U+0001 through U+0008, U+000E through U+001F,
+# and U+007F (DEL)
+# Often forbidden to appear in various text-based file formats (e.g. XML),
+# or reused for internal delimiters on the theory that they should never
+# appear in input.
+# The next line may appear to be blank or mojibake in some viewers.
+��������������������������
+
+# Non-whitespace C1 controls: U+0080 through U+0084 and U+0086 through U+009F.
+# Commonly misinterpreted as additional graphic characters.
+# The next line may appear to be blank, mojibake, or dingbats in some viewers.
+
+
+# Whitespace: all of the characters with category Zs, Zl, or Zp (in Unicode
+# version 8.0.0), plus U+0009 (HT), U+000B (VT), U+000C (FF), U+0085 (NEL),
+# and U+200B (ZERO WIDTH SPACE), which are in the C categories but are often
+# treated as whitespace in some contexts.
+# This file unfortunately cannot express strings containing
+# U+0000, U+000A, or U+000D (NUL, LF, CR).
+# The next line may appear to be blank or mojibake in some viewers.
+# The next line may be flagged for "trailing whitespace" in some viewers.
+ ��
+
+# Unicode additional control characters: all of the characters with
+# general category Cf (in Unicode 8.0.0).
+# The next line may appear to be blank or mojibake in some viewers.
+
+
+# "Byte order marks", U+FEFF and U+FFFE, each on its own line.
+# The next two lines may appear to be blank or mojibake in some viewers.
+
+
+
+# Unicode Symbols
+#
+# Strings which contain common unicode symbols (e.g. smart quotes)
+
+Ω≈ç√∫˜µ≤≥÷
+åß∂ƒ©˙∆˚¬…æ
+œ∑´®†¥¨ˆøπ“‘
+¡™£¢∞§¶•ªº–≠
+¸˛Ç◊ı˜Â¯˘¿
+ÅÍÎÏ˝ÓÔÒÚÆ☃
+Œ„´‰ˇÁ¨ˆØ∏”’
+`⁄€‹›fifl‡°·‚—±
+⅛⅜⅝⅞
+ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя
+٠١٢٣٤٥٦٧٨٩
+
+# Unicode Subscript/Superscript/Accents
+#
+# Strings which contain unicode subscripts/superscripts; can cause rendering issues
+
+⁰⁴⁵
+₀₁₂
+⁰⁴⁵₀₁₂
+ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็
+
+# Quotation Marks
+#
+# Strings which contain misplaced quotation marks; can cause encoding errors
+
+'
+"
+''
+""
+'"'
+"''''"'"
+"'"'"''''"
+<foo val=“bar” />
+<foo val=“bar” />
+<foo val=”bar“ />
+<foo val=`bar' />
+
+# Two-Byte Characters
+#
+# Strings which contain two-byte characters: can cause rendering issues or character-length issues
+
+田中さんにあげて下さい
+パーティーへ行かないか
+和製漢語
+部落格
+사회과학원 어학연구소
+찦차를 타고 온 펲시맨과 쑛다리 똠방각하
+社會科學院語學研究所
+울란바토르
+𠜎𠜱𠝹𠱓𠱸𠲖𠳏
+
+# Changing length when lowercased
+#
+# Characters which increase in length (2 to 3 bytes) when lowercased
+# Credit: https://twitter.com/jifa/status/625776454479970304
+
+Ⱥ
+Ⱦ
+
+# Japanese Emoticons
+#
+# Strings which consists of Japanese-style emoticons which are popular on the web
+
+ヽ༼ຈل͜ຈ༽ノ ヽ༼ຈل͜ຈ༽ノ
+(。◕ ∀ ◕。)
+`ィ(´∀`∩
+__ロ(,_,*)
+・( ̄∀ ̄)・:*:
+゚・✿ヾ╲(。◕‿◕。)╱✿・゚
+,。・:*:・゜’( ☻ ω ☻ )。・:*:・゜’
+(╯°□°)╯︵ ┻━┻)
+(ノಥ益ಥ)ノ ┻━┻
+┬─┬ノ( º _ ºノ)
+( ͡° ͜ʖ ͡°)
+
+# Emoji
+#
+# Strings which contain Emoji; should be the same behavior as two-byte characters, but not always
+
+😍
+👩🏽
+👾 🙇 💁 🙅 🙆 🙋 🙎 🙍
+🐵 🙈 🙉 🙊
+❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙
+✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿
+🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧
+0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟
+
+# Regional Indicator Symbols
+#
+# Regional Indicator Symbols can be displayed differently across
+# fonts, and have a number of special behaviors
+
+🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸
+🇺🇸🇷🇺🇸🇦🇫🇦🇲
+🇺🇸🇷🇺🇸🇦
+
+# Unicode Numbers
+#
+# Strings which contain unicode numbers; if the code is localized, it should see the input as numeric
+
+123
+١٢٣
+
+# Right-To-Left Strings
+#
+# Strings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew)
+
+ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو.
+בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ
+הָיְתָהtestالصفحات التّحول
+﷽
+ﷺ
+مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ،
+
+# Trick Unicode
+#
+# Strings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http://www.unicode.org/charts/PDF/U2000.pdf)
+
+test
+test
+
test
+testtest
+test
+
+# Zalgo Text
+#
+# Strings which contain "corrupted" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net)
+
+Ṱ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠̣͟s̘͇̳͍̝͉e͉̥̯̞̲͚̬͜ǹ̬͎͎̟̖͇̤t͍̬̤͓̼̭͘ͅi̪̱n͠g̴͉ ͏͉ͅc̬̟h͡a̫̻̯͘o̫̟̖͍̙̝͉s̗̦̲.̨̹͈̣
+̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖̦̻͢.̛̖̞̠̫̰
+̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘c̦͍̲̞͍̩̙ḥ͚a̮͎̟̙͜ơ̩̹͎s̤.̝̝ ҉Z̡̖̜͖̰̣͉̜a͖̰͙̬͡l̲̫̳͍̩g̡̟̼̱͚̞̬ͅo̗͜.̟
+̦H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹̼̣l̴͔̰̤̟͔ḽ̫.͕
+Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
+
+# Unicode Upsidedown
+#
+# Strings which contain unicode with an "upsidedown" effect (via http://www.upsidedowntext.com)
+
+˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥
+00˙Ɩ$-
+
+# Unicode font
+#
+# Strings which contain bold/italic/etc. versions of normal characters
+
+The quick brown fox jumps over the lazy dog
+𝐓𝐡𝐞 𝐪𝐮𝐢𝐜𝐤 𝐛𝐫𝐨𝐰𝐧 𝐟𝐨𝐱 𝐣𝐮𝐦𝐩𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐥𝐚𝐳𝐲 𝐝𝐨𝐠
+𝕿𝖍𝖊 𝖖𝖚𝖎𝖈𝖐 𝖇𝖗𝖔𝖜𝖓 𝖋𝖔𝖝 𝖏𝖚𝖒𝖕𝖘 𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 𝖑𝖆𝖟𝖞 𝖉𝖔𝖌
+𝑻𝒉𝒆 𝒒𝒖𝒊𝒄𝒌 𝒃𝒓𝒐𝒘𝒏 𝒇𝒐𝒙 𝒋𝒖𝒎𝒑𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒍𝒂𝒛𝒚 𝒅𝒐𝒈
+𝓣𝓱𝓮 𝓺𝓾𝓲𝓬𝓴 𝓫𝓻𝓸𝔀𝓷 𝓯𝓸𝔁 𝓳𝓾𝓶𝓹𝓼 𝓸𝓿𝓮𝓻 𝓽𝓱𝓮 𝓵𝓪𝔃𝔂 𝓭𝓸𝓰
+𝕋𝕙𝕖 𝕢𝕦𝕚𝕔𝕜 𝕓𝕣𝕠𝕨𝕟 𝕗𝕠𝕩 𝕛𝕦𝕞𝕡𝕤 𝕠𝕧𝕖𝕣 𝕥𝕙𝕖 𝕝𝕒𝕫𝕪 𝕕𝕠𝕘
+𝚃𝚑𝚎 𝚚𝚞𝚒𝚌𝚔 𝚋𝚛𝚘𝚠𝚗 𝚏𝚘𝚡 𝚓𝚞𝚖𝚙𝚜 𝚘𝚟𝚎𝚛 𝚝𝚑𝚎 𝚕𝚊𝚣𝚢 𝚍𝚘𝚐
+⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢
+
+# Script Injection
+#
+# Strings which attempt to invoke a benign script injection; shows vulnerability to XSS
+
+<script>alert(123)</script>
+<script>alert('123');</script>
+<img src=x onerror=alert(123) />
+<svg><script>123<1>alert(123)</script>
+"><script>alert(123)</script>
+'><script>alert(123)</script>
+><script>alert(123)</script>
+</script><script>alert(123)</script>
+< / script >< script >alert(123)< / script >
+ onfocus=JaVaSCript:alert(123) autofocus
+" onfocus=JaVaSCript:alert(123) autofocus
+' onfocus=JaVaSCript:alert(123) autofocus
+<script>alert(123)</script>
+<sc<script>ript>alert(123)</sc</script>ript>
+--><script>alert(123)</script>
+";alert(123);t="
+';alert(123);t='
+JavaSCript:alert(123)
+;alert(123);
+src=JaVaSCript:prompt(132)
+"><script>alert(123);</script x="
+'><script>alert(123);</script x='
+><script>alert(123);</script x=
+" autofocus onkeyup="javascript:alert(123)
+' autofocus onkeyup='javascript:alert(123)
+<script\x20type="text/javascript">javascript:alert(1);</script>
+<script\x3Etype="text/javascript">javascript:alert(1);</script>
+<script\x0Dtype="text/javascript">javascript:alert(1);</script>
+<script\x09type="text/javascript">javascript:alert(1);</script>
+<script\x0Ctype="text/javascript">javascript:alert(1);</script>
+<script\x2Ftype="text/javascript">javascript:alert(1);</script>
+<script\x0Atype="text/javascript">javascript:alert(1);</script>
+'`"><\x3Cscript>javascript:alert(1)</script>
+'`"><\x00script>javascript:alert(1)</script>
+ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF
+ABC<div style="x:expression\x5C(javascript:alert(1)">DEF
+ABC<div style="x:expression\x00(javascript:alert(1)">DEF
+ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF
+ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF
+ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF
+ABC<div style="x:\x09expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF
+ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF
+ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF
+ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF
+ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF
+ABC<div style="x:\x20expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF
+ABC<div style="x:\x00expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF
+ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF
+<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a>
+`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
+`"'><img src=xxx:x \x22onerror=javascript:alert(1)>
+`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>
+`"'><img src=xxx:x \x0Donerror=javascript:alert(1)>
+`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>
+`"'><img src=xxx:x \x09onerror=javascript:alert(1)>
+`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>
+`"'><img src=xxx:x \x00onerror=javascript:alert(1)>
+`"'><img src=xxx:x \x27onerror=javascript:alert(1)>
+`"'><img src=xxx:x \x20onerror=javascript:alert(1)>
+"`'><script>\x3Bjavascript:alert(1)</script>
+"`'><script>\x0Djavascript:alert(1)</script>
+"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>
+"`'><script>\xE2\x80\x81javascript:alert(1)</script>
+"`'><script>\xE2\x80\x84javascript:alert(1)</script>
+"`'><script>\xE3\x80\x80javascript:alert(1)</script>
+"`'><script>\x09javascript:alert(1)</script>
+"`'><script>\xE2\x80\x89javascript:alert(1)</script>
+"`'><script>\xE2\x80\x85javascript:alert(1)</script>
+"`'><script>\xE2\x80\x88javascript:alert(1)</script>
+"`'><script>\x00javascript:alert(1)</script>
+"`'><script>\xE2\x80\xA8javascript:alert(1)</script>
+"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>
+"`'><script>\xE1\x9A\x80javascript:alert(1)</script>
+"`'><script>\x0Cjavascript:alert(1)</script>
+"`'><script>\x2Bjavascript:alert(1)</script>
+"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>
+"`'><script>-javascript:alert(1)</script>
+"`'><script>\x0Ajavascript:alert(1)</script>
+"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>
+"`'><script>\x7Ejavascript:alert(1)</script>
+"`'><script>\xE2\x80\x87javascript:alert(1)</script>
+"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>
+"`'><script>\xE2\x80\xA9javascript:alert(1)</script>
+"`'><script>\xC2\x85javascript:alert(1)</script>
+"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>
+"`'><script>\xE2\x80\x83javascript:alert(1)</script>
+"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>
+"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>
+"`'><script>\xE2\x80\x80javascript:alert(1)</script>
+"`'><script>\x21javascript:alert(1)</script>
+"`'><script>\xE2\x80\x82javascript:alert(1)</script>
+"`'><script>\xE2\x80\x86javascript:alert(1)</script>
+"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>
+"`'><script>\x0Bjavascript:alert(1)</script>
+"`'><script>\x20javascript:alert(1)</script>
+"`'><script>\xC2\xA0javascript:alert(1)</script>
+<img \x00src=x onerror="alert(1)">
+<img \x47src=x onerror="javascript:alert(1)">
+<img \x11src=x onerror="javascript:alert(1)">
+<img \x12src=x onerror="javascript:alert(1)">
+<img\x47src=x onerror="javascript:alert(1)">
+<img\x10src=x onerror="javascript:alert(1)">
+<img\x13src=x onerror="javascript:alert(1)">
+<img\x32src=x onerror="javascript:alert(1)">
+<img\x47src=x onerror="javascript:alert(1)">
+<img\x11src=x onerror="javascript:alert(1)">
+<img \x47src=x onerror="javascript:alert(1)">
+<img \x34src=x onerror="javascript:alert(1)">
+<img \x39src=x onerror="javascript:alert(1)">
+<img \x00src=x onerror="javascript:alert(1)">
+<img src\x09=x onerror="javascript:alert(1)">
+<img src\x10=x onerror="javascript:alert(1)">
+<img src\x13=x onerror="javascript:alert(1)">
+<img src\x32=x onerror="javascript:alert(1)">
+<img src\x12=x onerror="javascript:alert(1)">
+<img src\x11=x onerror="javascript:alert(1)">
+<img src\x00=x onerror="javascript:alert(1)">
+<img src\x47=x onerror="javascript:alert(1)">
+<img src=x\x09onerror="javascript:alert(1)">
+<img src=x\x10onerror="javascript:alert(1)">
+<img src=x\x11onerror="javascript:alert(1)">
+<img src=x\x12onerror="javascript:alert(1)">
+<img src=x\x13onerror="javascript:alert(1)">
+<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">
+<img src=x onerror=\x09"javascript:alert(1)">
+<img src=x onerror=\x10"javascript:alert(1)">
+<img src=x onerror=\x11"javascript:alert(1)">
+<img src=x onerror=\x12"javascript:alert(1)">
+<img src=x onerror=\x32"javascript:alert(1)">
+<img src=x onerror=\x00"javascript:alert(1)">
+<a href=javascript:javascript:alert(1)>XXX</a>
+<img src="x` `<script>javascript:alert(1)</script>"` `>
+<img src onerror /" '"= alt=javascript:alert(1)//">
+<title onpropertychange=javascript:alert(1)></title><title title=>
+<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
+<!--[if]><script>javascript:alert(1)</script -->
+<!--[if<img src=x onerror=javascript:alert(1)//]> -->
+<script src="/\%(jscript)s"></script>
+<script src="\\%(jscript)s"></script>
+<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
+<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
+<IMG SRC=# onmouseover="alert('xxs')">
+<IMG SRC= onmouseover="alert('xxs')">
+<IMG onmouseover="alert('xxs')">
+<IMG SRC=javascript:alert('XSS')>
+<IMG SRC=javascript:alert('XSS')>
+<IMG SRC=javascript:alert('XSS')>
+<IMG SRC="jav ascript:alert('XSS');">
+<IMG SRC="jav	ascript:alert('XSS');">
+<IMG SRC="jav
ascript:alert('XSS');">
+<IMG SRC="jav
ascript:alert('XSS');">
+perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
+<IMG SRC="  javascript:alert('XSS');">
+<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
+<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+<<SCRIPT>alert("XSS");//<</SCRIPT>
+<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
+<SCRIPT SRC=//ha.ckers.org/.j>
+<IMG SRC="javascript:alert('XSS')"
+<iframe src=http://ha.ckers.org/scriptlet.html <
+\";alert('XSS');//
+<u oncopy=alert()> Copy me</u>
+<i onwheel=alert(1)> Scroll over me </i>
+<plaintext>
+http://a/%%30%30
+</textarea><script>alert(123)</script>
+
+# SQL Injection
+#
+# Strings which can cause a SQL injection if inputs are not sanitized
+
+1;DROP TABLE users
+1'; DROP TABLE users-- 1
+' OR 1=1 -- 1
+' OR '1'='1
+
+%
+_
+
+# Server Code Injection
+#
+# Strings which can cause user to run code on server as a privileged user (c.f. https://news.ycombinator.com/item?id=7665153)
+
+-
+--
+--version
+--help
+$USER
+/dev/null; touch /tmp/blns.fail ; echo
+`touch /tmp/blns.fail`
+$(touch /tmp/blns.fail)
+@{[system "touch /tmp/blns.fail"]}
+
+# Command Injection (Ruby)
+#
+# Strings which can call system commands within Ruby/Rails applications
+
+eval("puts 'hello world'")
+System("ls -al /")
+`ls -al /`
+Kernel.exec("ls -al /")
+Kernel.exit(1)
+%x('ls -al /')
+
+# XXE Injection (XML)
+#
+# String which can reveal system files when parsed by a badly configured XML parser
+
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
+
+# Unwanted Interpolation
+#
+# Strings which can be accidentally expanded into different strings if evaluated in the wrong context, e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just represent the wrong string.
+
+$HOME
+$ENV{'HOME'}
+%d
+%s
+{0}
+%*.*s
+File:///
+
+# File Inclusion
+#
+# Strings which can cause user to pull in files that should not be a part of a web server
+
+../../../../../../../../../../../etc/passwd%00
+../../../../../../../../../../../etc/hosts
+
+# Known CVEs and Vulnerabilities
+#
+# Strings that test for known vulnerabilities
+
+() { 0; }; touch /tmp/blns.shellshock1.fail;
+() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; }
+<<< %s(un='%s') = %u
++++ATH0
+
+# MSDOS/Windows Special Filenames
+#
+# Strings which are reserved characters in MSDOS/Windows
+
+CON
+PRN
+AUX
+CLOCK$
+NUL
+A:
+ZZ:
+COM1
+LPT1
+LPT2
+LPT3
+COM2
+COM3
+COM4
+
+# IRC specific strings
+#
+# Strings that may occur on IRC clients that make security products freak out
+
+DCC SEND STARTKEYLOGGER 0 0 0
+
+# Scunthorpe Problem
+#
+# Innocuous strings which may be blocked by profanity filters (https://en.wikipedia.org/wiki/Scunthorpe_problem)
+
+Scunthorpe General Hospital
+Penistone Community Church
+Lightwater Country Park
+Jimmy Clitheroe
+Horniman Museum
+shitake mushrooms
+RomansInSussex.co.uk
+http://www.cum.qc.ca/
+Craig Cockburn, Software Specialist
+Linda Callahan
+Dr. Herman I. Libshitz
+magna cum laude
+Super Bowl XXX
+medieval erection of parapets
+evaluate
+mocha
+expression
+Arsenal canal
+classic
+Tyson Gay
+Dick Van Dyke
+basement
+
+# Human injection
+#
+# Strings which may cause human to reinterpret worldview
+
+If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.
+
+# Terminal escape codes
+#
+# Strings which punish the fools who use cat/type on this file
+
+Roses are �[0;31mred�[0m, violets are �[0;34mblue. Hope you enjoy terminal hue
+But now...�[20Cfor my greatest trick...�[8m
+The quic������k brown fo�����������x... [Beeeep]
+
+# iOS Vulnerabilities
+#
+# Strings which crashed iMessage in various versions of iOS
+
+Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗
+🏳0🌈️
\ No newline at end of file
diff --git a/src/gtest_main.cpp b/src/gtest_main.cpp
new file mode 100644
index 0000000..1659be8
--- /dev/null
+++ b/src/gtest_main.cpp
@@ -0,0 +1,6 @@
+#include "gtest/gtest.h"
+
+int main(int argc, char **argv) {
+ ::testing::InitGoogleTest(&argc, argv);
+ return RUN_ALL_TESTS();
+}
\ No newline at end of file
diff --git a/src/token_authorization_middleware.cpp b/src/token_authorization_middleware.cpp
new file mode 100644
index 0000000..61ac28d
--- /dev/null
+++ b/src/token_authorization_middleware.cpp
@@ -0,0 +1,49 @@
+#include <unordered_map>
+
+#include <boost/algorithm/string/predicate.hpp>
+
+#include <token_authorization_middleware.hpp>
+
+namespace crow
+{
+ std::string TokenAuthorizationMiddleware::context::get_cookie(const std::string& key)
+ {
+ if (cookie_sessions.count(key))
+ return cookie_sessions[key];
+ return {};
+ }
+
+ void TokenAuthorizationMiddleware::context::set_cookie(const std::string& key, const std::string& value)
+ {
+ cookies_to_push_to_client.emplace(key, value);
+ }
+
+
+ void TokenAuthorizationMiddleware::before_handle(crow::request& req, response& res, context& ctx)
+ {
+ if (req.url == "/login"){
+ return;
+ }
+
+ // Check for an authorization header, reject if not present
+ if (req.headers.count("Authorization") != 1) {
+ res.code = 400;
+ res.end();
+ return;
+ }
+ std::string auth_header = req.get_header_value("Authorization");
+ // If the user is attempting any kind of auth other than token, reject
+ if (!boost::starts_with(auth_header, "Token ")) {
+ res.code = 400;
+ res.end();
+ }
+ }
+
+ void TokenAuthorizationMiddleware::after_handle(request& /*req*/, response& res, context& ctx)
+ {
+ for (auto& cookie : ctx.cookies_to_push_to_client) {
+ res.add_header("Set-Cookie", cookie.first + "=" + cookie.second);
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/src/token_authorization_middleware_test.cpp b/src/token_authorization_middleware_test.cpp
new file mode 100644
index 0000000..8d5be1e
--- /dev/null
+++ b/src/token_authorization_middleware_test.cpp
@@ -0,0 +1,26 @@
+#include "token_authorization_middleware.hpp"
+#include <crow/app.h>
+#include "gtest/gtest.h"
+
+
+// Tests that Base64 basic strings work
+TEST(Authentication, TestBasicReject)
+{
+ crow::App<crow::TokenAuthorizationMiddleware> app;
+ crow::request req;
+ crow::response res;
+ app.handle(req, res);
+ ASSERT_EQ(res.code, 400);
+
+
+ crow::App<crow::TokenAuthorizationMiddleware> app;
+ decltype(app)::server_t server(&app, "127.0.0.1", 45451);
+ CROW_ROUTE(app, "/")([&](const crow::request& req)
+ {
+ app.get_context<NullMiddleware>(req);
+ app.get_context<NullSimpleMiddleware>(req);
+ return "";
+ });
+}
+
+
diff --git a/src/example.cpp b/src/webserver_main.cpp
similarity index 66%
rename from src/example.cpp
rename to src/webserver_main.cpp
index 91fdb7f..bbe599e 100644
--- a/src/example.cpp
+++ b/src/webserver_main.cpp
@@ -1,106 +1,71 @@
-#include "crow/query_string.h"
-#include "crow/http_parser_merged.h"
#include "crow/ci_map.h"
+#include "crow/http_parser_merged.h"
+#include "crow/query_string.h"
//#include "crow/TinySHA1.hpp"
+#include "crow/app.h"
+#include "crow/common.h"
+#include "crow/dumb_timer_queue.h"
+#include "crow/http_connection.h"
+#include "crow/http_request.h"
+#include "crow/http_response.h"
+#include "crow/http_server.h"
+#include "crow/json.h"
+#include "crow/logging.h"
+#include "crow/middleware.h"
+#include "crow/middleware_context.h"
+#include "crow/mustache.h"
+#include "crow/parser.h"
+#include "crow/routing.h"
#include "crow/settings.h"
#include "crow/socket_adaptors.h"
-#include "crow/json.h"
-#include "crow/mustache.h"
-#include "crow/logging.h"
-#include "crow/dumb_timer_queue.h"
#include "crow/utility.h"
-#include "crow/common.h"
-#include "crow/http_request.h"
#include "crow/websocket.h"
-#include "crow/parser.h"
-#include "crow/http_response.h"
-#include "crow/middleware.h"
-#include "crow/routing.h"
-#include "crow/middleware_context.h"
-#include "crow/http_connection.h"
-#include "crow/http_server.h"
-#include "crow/app.h"
#include "color_cout_g3_sink.hpp"
-#include "ssl_key_handler.hpp"
+#include "token_authorization_middleware.hpp"
+
#include <iostream>
#include <string>
-
-
-
-struct ExampleMiddleware
-{
- std::string message;
-
- ExampleMiddleware()
- {
- message = "foo";
- }
-
- void setMessage(std::string newMsg)
- {
- message = newMsg;
- }
-
- struct context
- {
- };
-
- void before_handle(crow::request& /*req*/, crow::response& /*res*/, context& /*ctx*/)
- {
- CROW_LOG_DEBUG << " - MESSAGE: " << message;
- }
-
- void after_handle(crow::request& /*req*/, crow::response& /*res*/, context& /*ctx*/)
- {
- // no-op
- }
-};
-
-
+#include "ssl_key_handler.hpp"
int main(int argc, char** argv)
{
- auto worker = g3::LogWorker::createLogWorker();
- auto handle= worker->addDefaultLogger(argv[0], "/tmp/");
- g3::initializeLogging(worker.get());
- auto log_file_name = handle->call(&g3::FileSink::fileName);
- auto sink_handle = worker->addSink(std::make_unique<crow::ColorCoutSink>(),
- &crow::ColorCoutSink::ReceiveLogMessage);
+ auto worker = g3::LogWorker::createLogWorker();
+ auto handle = worker->addDefaultLogger(argv[0], "/tmp/");
+ g3::initializeLogging(worker.get());
+ auto log_file_name = handle->call(&g3::FileSink::fileName);
+ auto sink_handle = worker->addSink(std::make_unique<crow::ColorCoutSink>(),
+ &crow::ColorCoutSink::ReceiveLogMessage);
- LOG(DEBUG) << "Logging to " << log_file_name.get() << "\n";
+ LOG(DEBUG) << "Logging to " << log_file_name.get() << "\n";
std::string ssl_pem_file("server.pem");
ensuressl::ensure_openssl_key_present_and_valid(ssl_pem_file);
//auto handler2 = std::make_shared<ExampleLogHandler>();
//crow::logger::setHandler(handler2.get());
- crow::App<ExampleMiddleware> app;
-
- app.get_middleware<ExampleMiddleware>().setMessage("hello");
+ crow::App<crow::TokenAuthorizationMiddleware> app;
CROW_ROUTE(app, "/")
- .name("hello")
- ([]{
- return "Hello World!";
- });
+ .name("hello")([] {
+ return "Hello World!";
+ });
CROW_ROUTE(app, "/about")
- ([](){
+ ([]() {
return "About Crow example.";
});
// a request to /path should be forwarded to /path/
CROW_ROUTE(app, "/path/")
- ([](){
+ ([]() {
return "Trailing slash test case..";
});
-
// simple json response
// To see it in action enter {ip}:18080/json
CROW_ROUTE(app, "/json")
- ([]{
+ ([] {
crow::json::wvalue x;
x["message"] = "Hello, World!";
return x;
@@ -108,8 +73,8 @@
// To see it in action enter {ip}:18080/hello/{integer_between -2^32 and 100} and you should receive
// {integer_between -2^31 and 100} bottles of beer!
- CROW_ROUTE(app,"/hello/<int>")
- ([](int count){
+ CROW_ROUTE(app, "/hello/<int>")
+ ([](int count) {
if (count > 100)
return crow::response(400);
std::ostringstream os;
@@ -118,10 +83,10 @@
});
// To see it in action submit {ip}:18080/add/1/2 and you should receive 3 (exciting, isn't it)
- CROW_ROUTE(app,"/add/<int>/<int>")
- ([](const crow::request& /*req*/, crow::response& res, int a, int b){
+ CROW_ROUTE(app, "/add/<int>/<int>")
+ ([](const crow::request& /*req*/, crow::response& res, int a, int b) {
std::ostringstream os;
- os << a+b;
+ os << a + b;
res.write(os.str());
res.end();
});
@@ -129,7 +94,7 @@
// Compile error with message "Handler type is mismatched with URL paramters"
//CROW_ROUTE(app,"/another/<int>")
//([](int a, int b){
- //return crow::response(500);
+ //return crow::response(500);
//});
// more json example
@@ -144,49 +109,48 @@
// A simpler way for json example:
// * curl -d '{"a":1,"b":2}' {ip}:18080/add_json
CROW_ROUTE(app, "/add_json")
- .methods("POST"_method)
- ([](const crow::request& req){
- auto x = crow::json::load(req.body);
- if (!x)
- return crow::response(400);
- int sum = x["a"].i()+x["b"].i();
- std::ostringstream os;
- os << sum;
- return crow::response{os.str()};
- });
+ .methods("POST"_method)([](const crow::request& req) {
+ auto x = crow::json::load(req.body);
+ if (!x)
+ return crow::response(400);
+ int sum = x["a"].i() + x["b"].i();
+ std::ostringstream os;
+ os << sum;
+ return crow::response{os.str()};
+ });
// Example of a request taking URL parameters
// If you want to activate all the functions just query
// {ip}:18080/params?foo='blabla'&pew=32&count[]=a&count[]=b
CROW_ROUTE(app, "/params")
- ([](const crow::request& req){
+ ([](const crow::request& req) {
std::ostringstream os;
// To get a simple string from the url params
// To see it in action /params?foo='blabla'
- os << "Params: " << req.url_params << "\n\n";
+ os << "Params: " << req.url_params << "\n\n";
os << "The key 'foo' was " << (req.url_params.get("foo") == nullptr ? "not " : "") << "found.\n";
// To get a double from the request
// To see in action submit something like '/params?pew=42'
- if(req.url_params.get("pew") != nullptr) {
+ if (req.url_params.get("pew") != nullptr) {
double countD = boost::lexical_cast<double>(req.url_params.get("pew"));
- os << "The value of 'pew' is " << countD << '\n';
+ os << "The value of 'pew' is " << countD << '\n';
}
// To get a list from the request
// You have to submit something like '/params?count[]=a&count[]=b' to have a list with two values (a and b)
auto count = req.url_params.get_list("count");
os << "The key 'count' contains " << count.size() << " value(s).\n";
- for(const auto& countVal : count) {
+ for (const auto& countVal : count) {
os << " - " << countVal << '\n';
}
return crow::response{os.str()};
- });
+ });
CROW_ROUTE(app, "/large")
- ([]{
- return std::string(512*1024, ' ');
+ ([] {
+ return std::string(512 * 1024, ' ');
});
// ignore all log