mirror of
https://github.com/trufflesecurity/xsshunter
synced 2024-11-30 16:19:12 +00:00
users can update their paths
This commit is contained in:
parent
d408f3708d
commit
4f8b365cca
3 changed files with 90 additions and 13 deletions
48
api.js
48
api.js
|
@ -210,6 +210,54 @@ async function set_up_api_server(app) {
|
||||||
}).end();
|
}).end();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/*
|
||||||
|
Get the user's path.
|
||||||
|
*/
|
||||||
|
app.get(constants.API_BASE_PATH + 'user-path', async (req, res) => {
|
||||||
|
const user = await Users.findOne({ where: { 'id': req.session.user_id } });
|
||||||
|
res.status(200).json({
|
||||||
|
"success": true,
|
||||||
|
"result": {
|
||||||
|
"uri": user.path
|
||||||
|
}
|
||||||
|
}).end();
|
||||||
|
});
|
||||||
|
|
||||||
|
/*
|
||||||
|
Update the user's path.
|
||||||
|
*/
|
||||||
|
app.put(constants.API_BASE_PATH + 'user-path', async (req, res) => {
|
||||||
|
if(req.body.path instanceof String){
|
||||||
|
const desiredPath = req.body.path;
|
||||||
|
const collisionUser = await Users.findOne({ where: { 'path': desiredPath } });
|
||||||
|
}else{
|
||||||
|
return res.status(200).json({
|
||||||
|
"success": false,
|
||||||
|
"error": "invalid path"
|
||||||
|
}).end();
|
||||||
|
}
|
||||||
|
if( collisionUser ){
|
||||||
|
return res.status(200).json({
|
||||||
|
"success": false,
|
||||||
|
"error": "Path taken by another user"
|
||||||
|
}).end();
|
||||||
|
}
|
||||||
|
|
||||||
|
const user = await Users.findOne({ where: { 'id': req.session.user_id } });
|
||||||
|
user.path = desiredPath;
|
||||||
|
user.save();
|
||||||
|
res.status(200).json({
|
||||||
|
"success": true,
|
||||||
|
"result": {
|
||||||
|
"uri": user.path
|
||||||
|
}
|
||||||
|
}).end();
|
||||||
|
});
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Attempt to log into the administrator account
|
Attempt to log into the administrator account
|
||||||
|
|
|
@ -122,6 +122,25 @@ async function generate_new_correlation_api_key() {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function get_user_path() {
|
||||||
|
return api_request(
|
||||||
|
'PUT',
|
||||||
|
`/api/v1/user-path`,
|
||||||
|
false
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
async function update_user_path(path) {
|
||||||
|
return api_request(
|
||||||
|
'PUT',
|
||||||
|
`/api/v1/user-path`,
|
||||||
|
{
|
||||||
|
"user_path": path,
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
async function set_chainload_uri(chainload_uri) {
|
async function set_chainload_uri(chainload_uri) {
|
||||||
return api_request(
|
return api_request(
|
||||||
'PUT',
|
'PUT',
|
||||||
|
@ -168,6 +187,8 @@ module.exports = {
|
||||||
api_request,
|
api_request,
|
||||||
is_authenticated,
|
is_authenticated,
|
||||||
authenticate,
|
authenticate,
|
||||||
|
get_user_path,
|
||||||
|
update_user_path,
|
||||||
get_payload_fires,
|
get_payload_fires,
|
||||||
delete_payload_fires,
|
delete_payload_fires,
|
||||||
get_collect_pages,
|
get_collect_pages,
|
||||||
|
|
|
@ -21,13 +21,13 @@
|
||||||
</base-button>
|
</base-button>
|
||||||
</card>
|
</card>
|
||||||
<card>
|
<card>
|
||||||
<h4 class="card-title">Master Password</h4>
|
<h4 class="card-title">XSSHunter path</h4>
|
||||||
<h6 class="card-subtitle mb-2 text-muted">Change your login password for this XSS Hunter express instance.</h6>
|
<h6 class="card-subtitle mb-2 text-muted">This unique path ties injection payloads back to you. You can set it to something shorter (it defaults to 20 chars).</h6>
|
||||||
<p class="card-text">
|
<p class="card-text">
|
||||||
<base-input v-model="password" type="password" placeholder="*******************"></base-input>
|
<base-input v-bind:value="user_path" type="text" placeholder="..."></base-input>
|
||||||
</p>
|
</p>
|
||||||
<base-button type="primary" v-on:click="update_password">
|
<base-button type="primary" v-on:click="update_path">
|
||||||
<i class="fas fa-lock"></i> Update Password
|
<i class="fas fa-lock"></i> Update Path
|
||||||
</base-button>
|
</base-button>
|
||||||
</card>
|
</card>
|
||||||
<card>
|
<card>
|
||||||
|
@ -164,6 +164,7 @@ export default {
|
||||||
],
|
],
|
||||||
chainload_uri: '',
|
chainload_uri: '',
|
||||||
correlation_api_key: '',
|
correlation_api_key: '',
|
||||||
|
user_path: '',
|
||||||
pages_to_collect: [],
|
pages_to_collect: [],
|
||||||
selected_page_to_collect: [],
|
selected_page_to_collect: [],
|
||||||
new_page_to_collect: '',
|
new_page_to_collect: '',
|
||||||
|
@ -174,15 +175,20 @@ export default {
|
||||||
},
|
},
|
||||||
watch: {},
|
watch: {},
|
||||||
methods: {
|
methods: {
|
||||||
update_password: async function() {
|
update_path: async function() {
|
||||||
const password = this.password;
|
const desiredPath = this.user_path;
|
||||||
if(password === '') {
|
if(desiredPath === '') {
|
||||||
alert('Password is empty, please provide a valid password to continue.');
|
alert('Path is empty, please provide a valid path to continue.');
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
await api_request.update_password(this.password);
|
const res = await api_request.update_user_path(path);
|
||||||
this.password = '';
|
const user_path = await api_request.get_user_path();
|
||||||
toastr.success('Your instance password has been updated.', 'Password Updated')
|
this.user_path = user_path;
|
||||||
|
if(res.success){
|
||||||
|
toastr.success('Your user path has been updated.', 'Path Updated');
|
||||||
|
}else{
|
||||||
|
toastr.error(res.error, 'Path Update Error');
|
||||||
|
}
|
||||||
},
|
},
|
||||||
generate_new_correlation_api_key: async function() {
|
generate_new_correlation_api_key: async function() {
|
||||||
await api_request.generate_new_correlation_api_key();
|
await api_request.generate_new_correlation_api_key();
|
||||||
|
@ -204,6 +210,8 @@ export default {
|
||||||
settings_keys.map(settings_key => {
|
settings_keys.map(settings_key => {
|
||||||
this[settings_key] = settings[settings_key];
|
this[settings_key] = settings[settings_key];
|
||||||
});
|
});
|
||||||
|
const user_path = await api_request.get_user_path();
|
||||||
|
this[user_path] = user_path;
|
||||||
},
|
},
|
||||||
update_chainload_uri: async function() {
|
update_chainload_uri: async function() {
|
||||||
await api_request.set_chainload_uri(this.chainload_uri);
|
await api_request.set_chainload_uri(this.chainload_uri);
|
||||||
|
@ -269,4 +277,4 @@ export default {
|
||||||
.dropdown-item {
|
.dropdown-item {
|
||||||
font-size: 16px !important;
|
font-size: 16px !important;
|
||||||
}
|
}
|
||||||
</style>
|
</style>
|
||||||
|
|
Loading…
Reference in a new issue