xssbook/index.js

const express = require('express')
const cookie = require('cookie-parser')
const app = express()
const port = 8080

app.set('trust proxy', true)
app.use(cookie())
app.use(express.json());
app.use(express.static('public'))

const database = require('./src/database.js')
const con = require('./src/console.js')
const api = require('./src/api.js')

app.use((req, res, next) => {
  var ip = req.headers['x-real-ip'] || req.connection.remoteAddress;
  if (req.path !== '/console') {
    const public = { ... req.body }
    if (public.password !== undefined) {
      public.password = '********'
    }
    console.log(ip, req.method, req.path, public)
    con.requests.push({ip: ip, method: req.method, path: req.path, body: public})
  }
  next()
})

app.get('/', (req, res) => {
  const cookies = req.cookies;
  if (cookies === undefined || cookies.auth === undefined) {
      res.redirect('/login')
      return
  }
  const user = database.auth(req.cookies.auth)
  if (user === undefined) {
      res.redirect('/login')
      return
  }
  res.redirect('/home')
})

app.get('/login', (req, res) => {
  const cookies = req.cookies;
  if (cookies === undefined || cookies.auth === undefined) {
    res.sendFile('login.html', { root: './public' })
      return
  }
  const user = database.auth(req.cookies.auth)
  if (user === undefined) {
    res.sendFile('login.html', { root: './public' })
      return
  }
  res.redirect('/home')
})

app.get('/home', (req, res) => {
  const cookies = req.cookies;
  if (cookies === undefined || cookies.auth === undefined) {
      res.redirect('/login')
      return
  }
  const user = database.auth(req.cookies.auth)
  if (user === undefined) {
      res.redirect('/login')
      return
  }
  res.sendFile('home.html', { root: './public' })
})

app.get('/people', (req, res) => {
  res.sendFile('people.html', { root: './public' })
})

app.get('/profile', (req, res) => {
  res.sendFile('profile.html', { root: './public' })
})

app.use('/api', api);
app.use('/console', con.router);

app.use((req, res, next) => {
  res.status(404).sendFile('404.html', { root: './public' })
})

app.use((err, req, res, next) => {
  if (err instanceof SyntaxError && err.status === 400 && 'body' in err) {
    res.status(400).send({msg: 'Invalid json body'})
    return
  }
  console.error(err)
  res.status(500).send({msg: 'Internal server error'})
})

app.listen(port, () => {
  console.log(`App listening on port http://127.0.0.1:${port}`)
})
login page 2023-01-20 04:50:15 +00:00			`const express = require('express')`
console 2023-01-22 21:00:31 +00:00			`const cookie = require('cookie-parser')`
login page 2023-01-20 04:50:15 +00:00			`const app = express()`
			`const port = 8080`

finish 2023-01-22 19:41:39 +00:00			`app.set('trust proxy', true)`
console 2023-01-22 21:00:31 +00:00			`app.use(cookie())`
login page 2023-01-20 04:50:15 +00:00			`app.use(express.json());`
			`app.use(express.static('public'))`

console 2023-01-22 21:00:31 +00:00			`const database = require('./src/database.js')`
			`const con = require('./src/console.js')`
			`const api = require('./src/api.js')`

finish 2023-01-22 19:41:39 +00:00			`app.use((req, res, next) => {`
switch to auto reload console 2023-01-22 21:34:07 +00:00			`var ip = req.headers['x-real-ip'] \|\| req.connection.remoteAddress;`
			`if (req.path !== '/console') {`
			`const public = { ... req.body }`
			`if (public.password !== undefined) {`
			`public.password = '********'`
			`}`
			`console.log(ip, req.method, req.path, public)`
			`con.requests.push({ip: ip, method: req.method, path: req.path, body: public})`
finish 2023-01-22 19:41:39 +00:00			`}`
			`next()`
			`})`

			`app.get('/', (req, res) => {`
			`const cookies = req.cookies;`
			`if (cookies === undefined \|\| cookies.auth === undefined) {`
			`res.redirect('/login')`
			`return`
			`}`
			`const user = database.auth(req.cookies.auth)`
			`if (user === undefined) {`
			`res.redirect('/login')`
			`return`
			`}`
			`res.redirect('/home')`
			`})`

start backend 2023-01-21 14:08:22 +00:00			`app.get('/login', (req, res) => {`
finish 2023-01-22 19:41:39 +00:00			`const cookies = req.cookies;`
			`if (cookies === undefined \|\| cookies.auth === undefined) {`
			`res.sendFile('login.html', { root: './public' })`
			`return`
			`}`
			`const user = database.auth(req.cookies.auth)`
			`if (user === undefined) {`
			`res.sendFile('login.html', { root: './public' })`
			`return`
			`}`
			`res.redirect('/home')`
login page 2023-01-20 04:50:15 +00:00			`})`

more shit 2023-01-20 17:26:51 +00:00			`app.get('/home', (req, res) => {`
finish 2023-01-22 19:41:39 +00:00			`const cookies = req.cookies;`
			`if (cookies === undefined \|\| cookies.auth === undefined) {`
			`res.redirect('/login')`
			`return`
			`}`
			`const user = database.auth(req.cookies.auth)`
			`if (user === undefined) {`
			`res.redirect('/login')`
			`return`
			`}`
more shit 2023-01-20 17:26:51 +00:00			`res.sendFile('home.html', { root: './public' })`
			`})`

			`app.get('/people', (req, res) => {`
			`res.sendFile('people.html', { root: './public' })`
			`})`

start backend 2023-01-21 14:08:22 +00:00			`app.get('/profile', (req, res) => {`
			`res.sendFile('profile.html', { root: './public' })`
			`})`

			`app.use('/api', api);`
console 2023-01-22 21:00:31 +00:00			`app.use('/console', con.router);`
finish 2023-01-22 19:41:39 +00:00
more shit 2023-01-20 17:26:51 +00:00			`app.use((req, res, next) => {`
			`res.status(404).sendFile('404.html', { root: './public' })`
			`})`

finish 2023-01-22 19:41:39 +00:00			`app.use((err, req, res, next) => {`
			`if (err instanceof SyntaxError && err.status === 400 && 'body' in err) {`
			`res.status(400).send({msg: 'Invalid json body'})`
			`return`
			`}`
			`console.error(err)`
			`res.status(500).send({msg: 'Internal server error'})`
			`})`

login page 2023-01-20 04:50:15 +00:00			`app.listen(port, () => {`
			console.log(`App listening on port http://127.0.0.1:${port}`)
			`})`