mirror of
https://github.com/trufflesecurity/xsshunter
synced 2024-11-30 16:19:12 +00:00
users can update their paths
This commit is contained in:
parent
d408f3708d
commit
4f8b365cca
3 changed files with 90 additions and 13 deletions
48
api.js
48
api.js
|
@ -210,6 +210,54 @@ async function set_up_api_server(app) {
|
|||
}).end();
|
||||
});
|
||||
|
||||
/*
|
||||
Get the user's path.
|
||||
*/
|
||||
app.get(constants.API_BASE_PATH + 'user-path', async (req, res) => {
|
||||
const user = await Users.findOne({ where: { 'id': req.session.user_id } });
|
||||
res.status(200).json({
|
||||
"success": true,
|
||||
"result": {
|
||||
"uri": user.path
|
||||
}
|
||||
}).end();
|
||||
});
|
||||
|
||||
/*
|
||||
Update the user's path.
|
||||
*/
|
||||
app.put(constants.API_BASE_PATH + 'user-path', async (req, res) => {
|
||||
if(req.body.path instanceof String){
|
||||
const desiredPath = req.body.path;
|
||||
const collisionUser = await Users.findOne({ where: { 'path': desiredPath } });
|
||||
}else{
|
||||
return res.status(200).json({
|
||||
"success": false,
|
||||
"error": "invalid path"
|
||||
}).end();
|
||||
}
|
||||
if( collisionUser ){
|
||||
return res.status(200).json({
|
||||
"success": false,
|
||||
"error": "Path taken by another user"
|
||||
}).end();
|
||||
}
|
||||
|
||||
const user = await Users.findOne({ where: { 'id': req.session.user_id } });
|
||||
user.path = desiredPath;
|
||||
user.save();
|
||||
res.status(200).json({
|
||||
"success": true,
|
||||
"result": {
|
||||
"uri": user.path
|
||||
}
|
||||
}).end();
|
||||
});
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/*
|
||||
Attempt to log into the administrator account
|
||||
|
|
|
@ -122,6 +122,25 @@ async function generate_new_correlation_api_key() {
|
|||
);
|
||||
}
|
||||
|
||||
async function get_user_path() {
|
||||
return api_request(
|
||||
'PUT',
|
||||
`/api/v1/user-path`,
|
||||
false
|
||||
);
|
||||
}
|
||||
|
||||
async function update_user_path(path) {
|
||||
return api_request(
|
||||
'PUT',
|
||||
`/api/v1/user-path`,
|
||||
{
|
||||
"user_path": path,
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
async function set_chainload_uri(chainload_uri) {
|
||||
return api_request(
|
||||
'PUT',
|
||||
|
@ -168,6 +187,8 @@ module.exports = {
|
|||
api_request,
|
||||
is_authenticated,
|
||||
authenticate,
|
||||
get_user_path,
|
||||
update_user_path,
|
||||
get_payload_fires,
|
||||
delete_payload_fires,
|
||||
get_collect_pages,
|
||||
|
|
|
@ -21,13 +21,13 @@
|
|||
</base-button>
|
||||
</card>
|
||||
<card>
|
||||
<h4 class="card-title">Master Password</h4>
|
||||
<h6 class="card-subtitle mb-2 text-muted">Change your login password for this XSS Hunter express instance.</h6>
|
||||
<h4 class="card-title">XSSHunter path</h4>
|
||||
<h6 class="card-subtitle mb-2 text-muted">This unique path ties injection payloads back to you. You can set it to something shorter (it defaults to 20 chars).</h6>
|
||||
<p class="card-text">
|
||||
<base-input v-model="password" type="password" placeholder="*******************"></base-input>
|
||||
<base-input v-bind:value="user_path" type="text" placeholder="..."></base-input>
|
||||
</p>
|
||||
<base-button type="primary" v-on:click="update_password">
|
||||
<i class="fas fa-lock"></i> Update Password
|
||||
<base-button type="primary" v-on:click="update_path">
|
||||
<i class="fas fa-lock"></i> Update Path
|
||||
</base-button>
|
||||
</card>
|
||||
<card>
|
||||
|
@ -164,6 +164,7 @@ export default {
|
|||
],
|
||||
chainload_uri: '',
|
||||
correlation_api_key: '',
|
||||
user_path: '',
|
||||
pages_to_collect: [],
|
||||
selected_page_to_collect: [],
|
||||
new_page_to_collect: '',
|
||||
|
@ -174,15 +175,20 @@ export default {
|
|||
},
|
||||
watch: {},
|
||||
methods: {
|
||||
update_password: async function() {
|
||||
const password = this.password;
|
||||
if(password === '') {
|
||||
alert('Password is empty, please provide a valid password to continue.');
|
||||
update_path: async function() {
|
||||
const desiredPath = this.user_path;
|
||||
if(desiredPath === '') {
|
||||
alert('Path is empty, please provide a valid path to continue.');
|
||||
return
|
||||
}
|
||||
await api_request.update_password(this.password);
|
||||
this.password = '';
|
||||
toastr.success('Your instance password has been updated.', 'Password Updated')
|
||||
const res = await api_request.update_user_path(path);
|
||||
const user_path = await api_request.get_user_path();
|
||||
this.user_path = user_path;
|
||||
if(res.success){
|
||||
toastr.success('Your user path has been updated.', 'Path Updated');
|
||||
}else{
|
||||
toastr.error(res.error, 'Path Update Error');
|
||||
}
|
||||
},
|
||||
generate_new_correlation_api_key: async function() {
|
||||
await api_request.generate_new_correlation_api_key();
|
||||
|
@ -204,6 +210,8 @@ export default {
|
|||
settings_keys.map(settings_key => {
|
||||
this[settings_key] = settings[settings_key];
|
||||
});
|
||||
const user_path = await api_request.get_user_path();
|
||||
this[user_path] = user_path;
|
||||
},
|
||||
update_chainload_uri: async function() {
|
||||
await api_request.set_chainload_uri(this.chainload_uri);
|
||||
|
@ -269,4 +277,4 @@ export default {
|
|||
.dropdown-item {
|
||||
font-size: 16px !important;
|
||||
}
|
||||
</style>
|
||||
</style>
|
||||
|
|
Loading…
Reference in a new issue