Mirrors/xsshunter
2
0
Fork 0
mirror of https://github.com/trufflesecurity/xsshunter synced 2024-11-27 14:50:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fixingdelete (#21)

Browse source 
* fixing delete issue

* fixes

* fixing storage path

* remove session reset

---------

Co-authored-by: counter <counter@counters-MacBook-Air.local>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
This commit is contained in:
Dylan Ayrey 2023-01-29 16:37:18 -08:00 committed by GitHub
parent eb1639e0e6
commit 85d0671ebe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 21 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
api.js
View file

@ -146,6 +146,17 @@ async function set_up_api_server(app) {
// If the user is authenticated, let them pass
if(req.session.authenticated === true) {
// const user = await Users.findOne({ where: { 'id': req.session.user_id } });
// if (user == null) {
// req.session.destroy();
// res.redirect(302, '/').json({
// "success": false,
// "error": "You must be authenticated to use this endpoint.",
// "code": "NOT_AUTHENTICATED"
// }).end();
// return
// }
next();
return;
}
@ -201,7 +212,7 @@ async function set_up_api_server(app) {
return res.sendStatus(404);
}
const gz_image_path = `${SCREENSHOTS_DIR}/${screenshot_filename}.gz`;
const gz_image_path = `${screenshot_filename}.gz`;
if (process.env.USE_CLOUD_STORAGE == "true"){
const storage = new Storage();
@ -271,10 +282,6 @@ async function set_up_api_server(app) {
*/
app.get(constants.API_BASE_PATH + 'xss-uri', async (req, res) => {
const user = await Users.findOne({ where: { 'id': req.session.user_id } });
if (user === null) {
req.session.destroy();
res.redirect(302, '/').end();
}
const uri = process.env.XSS_HOSTNAME + "/" + user.path;
res.status(200).json({
"success": true,
@ -366,7 +373,8 @@ async function set_up_api_server(app) {
}
}
app.delete(constants.API_BASE_PATH + 'payloadfires', validate({ body: DeletePayloadFiresSchema }), async (req, res) => {
const ids_to_delete = req.body.ids;
console.log("Deleting payload fires: " + req.body.ids)
const ids_to_delete = req.body.ids;
// Pull the corresponding screenshot_ids from the DB so
// we can delete all the payload fire images as well as
@ -380,14 +388,14 @@ async function set_up_api_server(app) {
},
attributes: ['id', 'screenshot_id']
});
const fileName = `${SCREENSHOTS_DIR}/${payload.screenshot_id}.png.gz`;
const screenshots_to_delete = screenshot_id_records.map(payload => {
const fileName = `${payload.screenshot_id}.png.gz`;
return fileName;
});
if ( process.env.USE_CLOUD_STORAGE == "true"){
const storage = new Storage();
await Promise.all(screenshots_to_delete.map(screenshot_path => {
return storage.bucket(process.env.BUCKET_NAME).file(fileName).delete();
return storage.bucket(process.env.BUCKET_NAME).file(screenshot_path).delete();
}));
}else{
await Promise.all(screenshots_to_delete.map(screenshot_path => {

4
app.js
View file

@ -239,12 +239,12 @@ async function get_app_server() {
//uploading the gzipped file to GCS
await bucket.upload(gzipTempFileName, {
gzip: true,
destination: payload_fire_image_filename,
destination: `${payload_fire_image_id}.png.gz`,
metadata: {
cacheControl: 'public, max-age=31536000',
},
});
console.log(`${payload_fire_image_filename} has been uploaded to GCS.`);
console.log(`${payload_fire_image_id}.png.gz has been uploaded to GCS.`);
await asyncfs.unlink(multer_temp_image_path);
await asyncfs.unlink(gzipTempFileName);
}else{

2
docker-compose.yml
View file

@ -13,6 +13,8 @@ services:
depends_on:
postgresdb:
condition: service_healthy
volumes:
- ~/.config/gcloud/application_default_credentials.json:/gcloud.json
postgresdb:
image: postgres
restart: always

2
docker-entrypoint.sh
View file

@ -1,4 +1,4 @@
#!/usr/bin/env bash
echo "Starting server..."
pm2-runtime server.js
node server.js