diff --git a/index.js b/index.js
index c35ccbb..313dd5d 100644
--- a/index.js
+++ b/index.js
@@ -1,37 +1,24 @@
-require('dotenv').config()
-
const express = require('express')
+const cookie = require('cookie-parser')
const app = express()
const port = 8080
app.set('trust proxy', true)
-
-const database = require('./src/database.js')
-
-const rateLimiter = require('express-rate-limit')
-const limiter = (min, count) => {
- return rateLimiter({
- windowMs: min * 60 * 1000,
- max: count,
- message: 'Too many requests, please try again later.',
- standardHeaders: true,
- legacyHeaders: false,
- })
-}
-
-const cookieParser = require('cookie-parser')
-app.use(cookieParser())
-
+app.use(cookie())
app.use(express.json());
app.use(express.static('public'))
+const database = require('./src/database.js')
+const con = require('./src/console.js')
+const api = require('./src/api.js')
+
app.use((req, res, next) => {
const public = { ... req.body }
if (public.password !== undefined) {
public.password = '********'
}
console.log(req.ip, req.method, req.path, public)
- update(req.ip, req.method, req.path, public)
+ con.update(req.ip, req.method, req.path, public)
next()
})
@@ -85,81 +72,8 @@ app.get('/profile', (req, res) => {
res.sendFile('profile.html', { root: './public' })
})
-const api = require('./src/api.js')
app.use('/api', api);
-
-const connections = []
-app.get('/console', (req, res) => {
- res.write(`
-
-
-
-
-
- XSSBook - Console
-
-
- `)
- connections.push(res)
-})
-
-function color(method) {
- switch(method) {
- case 'GET':
- return '4ae04a'
- case 'POST':
- return 'b946db'
- case 'PUT':
- return 'ff9705'
- case 'PATCH':
- return `42caff`
- case 'DELETE':
- return `ff4a4a`
- case 'HEAD':
- return '424cff'
- case 'OPTIONS':
- return 'ff9757'
- }
-}
-
-function highlight(json) {
- if (typeof json != 'string') {
- json = JSON.stringify(json, undefined, 2);
- }
- json = json.replace(/&/g, '&').replace(//g, '>');
- return json.replace(/("(\\u[a-zA-Z0-9]{4}|\\[^u]|[^\\"])*"(\s*:)?|\b(true|false|null)\b|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?)/g, function (match) {
- var cls = 'number';
- if (/^"/.test(match)) {
- if (/:$/.test(match)) {
- cls = 'key';
- } else {
- cls = 'string';
- }
- } else if (/true|false/.test(match)) {
- cls = 'boolean';
- } else if (/null/.test(match)) {
- cls = 'null';
- }
- return '' + match + '';
- });
-}
-
-async function update(ip, method, path, json) {
- connections.forEach(con => {
- con.write(`
-
- ${ip}
- ${method}
- ${path}
- ${highlight(json)}
-
- `)
- })
-}
-
-// app.use('/api', limiter(1,60))
-// app.use('/api/register', limiter(60, 5))
-// app.use('/api/login', limiter(10, 5))
+app.use('/console', con.router);
app.use((req, res, next) => {
res.status(404).sendFile('404.html', { root: './public' })
diff --git a/src/console.js b/src/console.js
new file mode 100644
index 0000000..c7f4089
--- /dev/null
+++ b/src/console.js
@@ -0,0 +1,81 @@
+const express = require('express')
+const router = express.Router()
+const sleep = ms => new Promise(r => setTimeout(r, ms));
+
+const connections = []
+
+router.get('/', async (req, res) => {
+ res.write(`
+
+
+
+
+
+ XSSBook - Console
+
+
+ `)
+ res.write(new Array(2048).join(" "))
+ await sleep(500)
+ connections.push(res)
+ while (true) {
+ res.write(" ")
+ await sleep(100)
+ }
+})
+
+function color(method) {
+ switch(method) {
+ case 'GET':
+ return '4ae04a'
+ case 'POST':
+ return 'b946db'
+ case 'PUT':
+ return 'ff9705'
+ case 'PATCH':
+ return `42caff`
+ case 'DELETE':
+ return `ff4a4a`
+ case 'HEAD':
+ return '424cff'
+ case 'OPTIONS':
+ return 'ff9757'
+ }
+}
+
+function highlight(json) {
+ if (typeof json != 'string') {
+ json = JSON.stringify(json, undefined, 2);
+ }
+ json = json.replace(/&/g, '&').replace(//g, '>');
+ return json.replace(/("(\\u[a-zA-Z0-9]{4}|\\[^u]|[^\\"])*"(\s*:)?|\b(true|false|null)\b|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?)/g, function (match) {
+ var cls = 'number';
+ if (/^"/.test(match)) {
+ if (/:$/.test(match)) {
+ cls = 'key';
+ } else {
+ cls = 'string';
+ }
+ } else if (/true|false/.test(match)) {
+ cls = 'boolean';
+ } else if (/null/.test(match)) {
+ cls = 'null';
+ }
+ return '' + match + '';
+ });
+}
+
+async function update(ip, method, path, json) {
+ connections.forEach(con => {
+ con.write(`
+
+ ${ip}
+ ${method}
+ ${path}
+ ${highlight(json)}
+
+ `)
+ })
+}
+
+module.exports = { router, update };
\ No newline at end of file