local docker-compose changes

api.js

@@ -24,7 +24,7 @@ const {OAuth2Client} = require('google-auth-library');
 
 
 const SCREENSHOTS_DIR = path.resolve(process.env.SCREENSHOTS_DIR);
-const client = new OAuth2Client(process.env.CLIENT_ID, process.env.CLIENT_SECRET, `https://${process.env.HOSTNAME}/oauth-login`);
+const client = new OAuth2Client(process.env.CLIENT_ID, process.env.CLIENT_SECRET, process.env.NODE_ENV == 'production' ? `https://${process.env.HOSTNAME}/oauth-login` : `http://${process.env.HOSTNAME}/oauth-login`);
 const SCREENSHOT_FILENAME_REGEX = new RegExp(/^[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}\.png$/i);
 
 
@@ -153,7 +153,7 @@ async function set_up_api_server(app) {
 
     app.get('/login', (req, res) => {
       const authUrl = client.generateAuthUrl({
-        redirect_uri: `https://${process.env.HOSTNAME}/oauth-login`,
+        redirect_uri: process.env.NODE_ENV == 'production' ? `https://${process.env.HOSTNAME}/oauth-login` : `http://${process.env.HOSTNAME}/oauth-login`,
         access_type: 'offline',
         scope: ['email', 'profile'],
         prompt: 'select_account'

database.js

@@ -15,7 +15,7 @@ const sequelize = new Sequelize(
 		benchmark: true,
 		logging: false,
 		dialectOptions: {
-			socketPath: process.env.DATABASE_HOST,
+			socketPath: process.env.NODE_ENV == 'production' ? process.env.DATABASE_HOST : null,
 		},
 	},
 );

docker-compose.yml

@@ -3,86 +3,25 @@ services:
   # XSS Hunter Express service
   xsshunterexpress:
     build: .
-    environment:
-      # [REQUIRED] The hostname/domain pointed to 
-      # the IP of the server running this service. 
-      # SSL will automatically be set up and
-      #  renewed with LetsEncrypt.
-      - HOSTNAME=localhost
-      # THis hostname is where your JS is served out of
-      - XSS_HOSTNAME=your.xss.domain
-      # [REQUIRED] Email for SSL
-      - SSL_CONTACT_EMAIL=YourEmail@gmail.com
-      # Maximum XSS callback payload size
-      # This includes the webpage screenshot, DOM HTML,
-      # page text, and other metadata. Note that if the
-      # payload is above this limit, you won't be notified
-      # of the XSS firing.
-      - MAX_PAYLOAD_UPLOAD_SIZE_MB=50
-      # Whether or not to enable the web control panel
-      # Set to "false" or remove to disable the web UI.
-      # Useful for minimizing attack surface.
-      - CONTROL_PANEL_ENABLED=true
-      # Whether or not to enable email notifications via
-      # SMTP for XSS payload fires.
-      - SMTP_EMAIL_NOTIFICATIONS_ENABLED=true
-      - SMTP_HOST=smtp.gmail.com
-      - SMTP_PORT=465
-      - SMTP_USE_TLS=true
-      - SMTP_USERNAME=YourEmail@gmail.com
-      - SMTP_PASSWORD=YourEmailPassword
-      - SMTP_FROM_EMAIL=YourEmail@gmail.com
-      - SMTP_RECEIVER_EMAIL=YourEmail@gmail.com
-      # CLIENT ID FOR OAUTH LOGIN
-      - CLIENT_ID=your_client_id
-      - CLIENT_SECRET=your_client_secret
-      # GENERATE A RANDOM LONG STRING FOR THIS
-      - SESSION_SECRET_KEY=
-      # THERE IS NO NEED TO MODIFY BELOW THIS LINE
-      # ------------------------------------------
-      # FEEL FREE, BUT KNOW WHAT YOU'RE DOING.
-      # Where XSS screenshots are stored
-      - SCREENSHOTS_DIR=/app/payload-fire-images
-      - DATABASE_NAME=xsshunterexpress
-      - DATABASE_USER=xsshunterexpress
-      - DATABASE_PASSWORD=xsshunterexpress
-      - DATABASE_HOST=postgresdb
-      - NODE_ENV=development
-      - USE_CLOUD_STORAGE=true
-      - BUCKET_NAME=YourBucket
+    env_file:
+      - dev.env
     ports:
-      - "80:80"
-      - "443:443"
+      - "127.0.0.1:8080:8080"
     volumes:
-      # Stores the SSL/TLS certificates and keys
-      # in the "ssldata" directory.
-      # Your certificates are automatically renewed
-      # via LetsEncrypt, no extra work needed!
-      - ./ssldata:/app/greenlock.d
       # Directory where payload fire images are stored.
       - ./payload-fire-images:/app/payload-fire-images
-    # Comment out if you're using an external SQL
-    # server and have commented out the DB section.
     depends_on:
-      - postgresdb
-  # Postgres server to store injection data (not including
-  # screenshots which are stored separately).
-  # NOTE: If you're using an external SQL server, you can comment
-  # out this service.
-  # WARNING: This database gives the "postgres" user admin priveleges
-  # with a default password of "xsshunterexpress". Do not expose it
-  # externally. If you do, be sure to change the password.
+      postgresdb:
+        condition: service_healthy
   postgresdb:
     image: postgres
     restart: always
+    user: postgres
     environment:
-      # This is a volume mounted into the container
-      # (see the directory ./postgres-db-data)
-      # So the database will be persisted across
-      # container deletion.
-      PGDATA: /var/lib/postgresql/data/pgdata
-      POSTGRES_USER: xsshunterexpress
-      POSTGRES_DB: xsshunterexpress
-      POSTGRES_PASSWORD: xsshunterexpress
-    volumes:
-      - ./postgres-db-data:/var/lib/postgresql/data/pgdata
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_HOST_AUTH_METHOD: trust
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 3s
+      timeout: 5s
+      retries: 5