users can update their paths

2024-11-27 23:00:18 +00:00 · 2023-01-15 22:13:54 -08:00 · 2023-01-15 22:13:54 -08:00 · 4f8b365cca
commit 4f8b365cca
parent d408f3708d
3 changed files with 90 additions and 13 deletions
--- a/api.js
+++ b/api.js
@ -210,6 +210,54 @@ async function set_up_api_server(app) {
        }).end();
    });

+    /*
+		Get the user's path.
+    */
+    app.get(constants.API_BASE_PATH + 'user-path', async (req, res) => {
+        const user = await Users.findOne({ where: { 'id': req.session.user_id } });
+        res.status(200).json({
+            "success": true,
+            "result": {
+            	"uri": user.path
+            }
+        }).end();
+    });
+
+    /*
+		Update the user's path.
+    */
+    app.put(constants.API_BASE_PATH + 'user-path', async (req, res) => {
+        if(req.body.path instanceof String){
+            const desiredPath = req.body.path;
+            const collisionUser = await Users.findOne({ where: { 'path': desiredPath } });
+        }else{
+            return res.status(200).json({
+                "success": false,
+                "error": "invalid path"
+            }).end();
+        }
+        if( collisionUser ){
+            return res.status(200).json({
+                "success": false,
+                "error": "Path taken by another user"
+            }).end();
+        }
+
+        const user = await Users.findOne({ where: { 'id': req.session.user_id } });
+        user.path = desiredPath;
+        user.save();
+        res.status(200).json({
+            "success": true,
+            "result": {
+            	"uri": user.path
+            }
+        }).end();
+    });
+
+
+
+
+

    /*
    	Attempt to log into the administrator account
--- a/front-end/src/libs/api.js
+++ b/front-end/src/libs/api.js
@ -122,6 +122,25 @@ async function generate_new_correlation_api_key() {
    );
 }

+async function get_user_path() {
+    return api_request(
+        'PUT',
+        `/api/v1/user-path`,
+        false
+    );
+}
+
+async function update_user_path(path) {
+    return api_request(
+        'PUT',
+        `/api/v1/user-path`,
+        {
+            "user_path": path,
+        }
+    );
+}
+
+
 async function set_chainload_uri(chainload_uri) {
    return api_request(
        'PUT',
@ -168,6 +187,8 @@ module.exports = {
    api_request,
    is_authenticated,
    authenticate,
+    get_user_path,
+    update_user_path,
    get_payload_fires,
    delete_payload_fires,
    get_collect_pages,
--- a/front-end/src/pages/Settings.vue
+++ b/front-end/src/pages/Settings.vue
@ -21,13 +21,13 @@
                            </base-button>
                        </card>
                        <card>
-                            <h4 class="card-title">Master Password</h4>
-                            <h6 class="card-subtitle mb-2 text-muted">Change your login password for this XSS Hunter express instance.</h6>
+                            <h4 class="card-title">XSSHunter path</h4>
+                            <h6 class="card-subtitle mb-2 text-muted">This unique path ties injection payloads back to you. You can set it to something shorter (it defaults to 20 chars).</h6>
                            <p class="card-text">
-                                <base-input v-model="password" type="password" placeholder="*******************"></base-input>
+                                <base-input v-bind:value="user_path" type="text" placeholder="..."></base-input>
                            </p>
-                            <base-button type="primary" v-on:click="update_password">
-                                <i class="fas fa-lock"></i> Update Password
+                            <base-button type="primary" v-on:click="update_path">
+                                <i class="fas fa-lock"></i> Update Path
                            </base-button>
                        </card>
                        <card>
@ -164,6 +164,7 @@ export default {
            ],
            chainload_uri: '',
            correlation_api_key: '',
+            user_path: '',
            pages_to_collect: [],
            selected_page_to_collect: [],
            new_page_to_collect: '',
@ -174,15 +175,20 @@ export default {
    },
    watch: {},
    methods: {
-        update_password: async function() {
-            const password = this.password;
-            if(password === '') {
-                alert('Password is empty, please provide a valid password to continue.');
+        update_path: async function() {
+            const desiredPath = this.user_path;
+            if(desiredPath === '') {
+                alert('Path is empty, please provide a valid path to continue.');
                return
            }
-            await api_request.update_password(this.password);
-            this.password = '';
-            toastr.success('Your instance password has been updated.', 'Password Updated')
+            const res = await api_request.update_user_path(path);
+            const user_path = await api_request.get_user_path();
+            this.user_path = user_path;
+            if(res.success){
+                toastr.success('Your user path has been updated.', 'Path Updated');
+            }else{
+                toastr.error(res.error, 'Path Update Error');
+            }
        },
        generate_new_correlation_api_key: async function() {
            await api_request.generate_new_correlation_api_key();
@ -204,6 +210,8 @@ export default {
            settings_keys.map(settings_key => {
                this[settings_key] = settings[settings_key];
            });
+            const user_path = await api_request.get_user_path();
+            this[user_path] = user_path;
        },
        update_chainload_uri: async function() {
            await api_request.set_chainload_uri(this.chainload_uri);
@ -269,4 +277,4 @@ export default {
 .dropdown-item {
    font-size: 16px !important;
 }
-</style>
+</style>