users can update their paths

This commit is contained in:
counter 2023-01-15 22:13:54 -08:00
parent d408f3708d
commit 4f8b365cca
3 changed files with 90 additions and 13 deletions

48
api.js
View file

@ -210,6 +210,54 @@ async function set_up_api_server(app) {
}).end(); }).end();
}); });
/*
Get the user's path.
*/
app.get(constants.API_BASE_PATH + 'user-path', async (req, res) => {
const user = await Users.findOne({ where: { 'id': req.session.user_id } });
res.status(200).json({
"success": true,
"result": {
"uri": user.path
}
}).end();
});
/*
Update the user's path.
*/
app.put(constants.API_BASE_PATH + 'user-path', async (req, res) => {
if(req.body.path instanceof String){
const desiredPath = req.body.path;
const collisionUser = await Users.findOne({ where: { 'path': desiredPath } });
}else{
return res.status(200).json({
"success": false,
"error": "invalid path"
}).end();
}
if( collisionUser ){
return res.status(200).json({
"success": false,
"error": "Path taken by another user"
}).end();
}
const user = await Users.findOne({ where: { 'id': req.session.user_id } });
user.path = desiredPath;
user.save();
res.status(200).json({
"success": true,
"result": {
"uri": user.path
}
}).end();
});
/* /*
Attempt to log into the administrator account Attempt to log into the administrator account

View file

@ -122,6 +122,25 @@ async function generate_new_correlation_api_key() {
); );
} }
async function get_user_path() {
return api_request(
'PUT',
`/api/v1/user-path`,
false
);
}
async function update_user_path(path) {
return api_request(
'PUT',
`/api/v1/user-path`,
{
"user_path": path,
}
);
}
async function set_chainload_uri(chainload_uri) { async function set_chainload_uri(chainload_uri) {
return api_request( return api_request(
'PUT', 'PUT',
@ -168,6 +187,8 @@ module.exports = {
api_request, api_request,
is_authenticated, is_authenticated,
authenticate, authenticate,
get_user_path,
update_user_path,
get_payload_fires, get_payload_fires,
delete_payload_fires, delete_payload_fires,
get_collect_pages, get_collect_pages,

View file

@ -21,13 +21,13 @@
</base-button> </base-button>
</card> </card>
<card> <card>
<h4 class="card-title">Master Password</h4> <h4 class="card-title">XSSHunter path</h4>
<h6 class="card-subtitle mb-2 text-muted">Change your login password for this XSS Hunter express instance.</h6> <h6 class="card-subtitle mb-2 text-muted">This unique path ties injection payloads back to you. You can set it to something shorter (it defaults to 20 chars).</h6>
<p class="card-text"> <p class="card-text">
<base-input v-model="password" type="password" placeholder="*******************"></base-input> <base-input v-bind:value="user_path" type="text" placeholder="..."></base-input>
</p> </p>
<base-button type="primary" v-on:click="update_password"> <base-button type="primary" v-on:click="update_path">
<i class="fas fa-lock"></i> Update Password <i class="fas fa-lock"></i> Update Path
</base-button> </base-button>
</card> </card>
<card> <card>
@ -164,6 +164,7 @@ export default {
], ],
chainload_uri: '', chainload_uri: '',
correlation_api_key: '', correlation_api_key: '',
user_path: '',
pages_to_collect: [], pages_to_collect: [],
selected_page_to_collect: [], selected_page_to_collect: [],
new_page_to_collect: '', new_page_to_collect: '',
@ -174,15 +175,20 @@ export default {
}, },
watch: {}, watch: {},
methods: { methods: {
update_password: async function() { update_path: async function() {
const password = this.password; const desiredPath = this.user_path;
if(password === '') { if(desiredPath === '') {
alert('Password is empty, please provide a valid password to continue.'); alert('Path is empty, please provide a valid path to continue.');
return return
} }
await api_request.update_password(this.password); const res = await api_request.update_user_path(path);
this.password = ''; const user_path = await api_request.get_user_path();
toastr.success('Your instance password has been updated.', 'Password Updated') this.user_path = user_path;
if(res.success){
toastr.success('Your user path has been updated.', 'Path Updated');
}else{
toastr.error(res.error, 'Path Update Error');
}
}, },
generate_new_correlation_api_key: async function() { generate_new_correlation_api_key: async function() {
await api_request.generate_new_correlation_api_key(); await api_request.generate_new_correlation_api_key();
@ -204,6 +210,8 @@ export default {
settings_keys.map(settings_key => { settings_keys.map(settings_key => {
this[settings_key] = settings[settings_key]; this[settings_key] = settings[settings_key];
}); });
const user_path = await api_request.get_user_path();
this[user_path] = user_path;
}, },
update_chainload_uri: async function() { update_chainload_uri: async function() {
await api_request.set_chainload_uri(this.chainload_uri); await api_request.set_chainload_uri(this.chainload_uri);
@ -269,4 +277,4 @@ export default {
.dropdown-item { .dropdown-item {
font-size: 16px !important; font-size: 16px !important;
} }
</style> </style>