xssbook/README.md

# xssbook

**description**

who doesn't want to run non free javascript

now with xssbook you can run as much stallman disapprovement as you want 
- all inputs on the site are unfiltered
- api calls dont care what you send them as long as they are valid strings
- /console page to see everyones amazing api calls
- /admin page for adnim things

**installation**

The project is written in rust, so you can build it by running 

`cargo build --release`

Next, make sure where you are runing the binary from, that you copy the sources public folder to the same directory. The public folder is needed to server html, css, js, and font files.

Next, the /admin page is protected by a set secret. By default this is set to admin, but you should change it by setting the `SECRET` environment variable.

Finally, the site runs on port `8080`, so its recommended you put it behind a reverse proxy, or you could use a docker container and remap the outsite port (see below).

**docker**

If you want to run it in a docker container a premade dockerfile is here for you

`docker build -f deployments/docker/Dockerfile -t xssbook .`

There is also a docker-compose.yml file for your reference in the /deployments/docker folder.

The one thing about the docker container is you have to mount the volume

`-v [your directory]/xssbook.db:/data/xssbook.db`

to make the database persistant. Finally, before running the container run 

`touch [your directory]/xssbook.db` 

since docker will create a folder there otherwise and it won't work.

**reverse proxy**

Finally if you are using docker by itself, a reverse proxy, or both, the ip send to the container likily will not be the correct ip. xssbook looks for headers `x-forwarded-for`, `x-real-ip`, and `forwarded` to check for proxies. So make sure to have those headers set. Or if your running just docker, you could also run the docker container on the host network instead of on the bridge network. 

**license**

This amazing project is licensed under the WTFPL