forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
prepared to move model out of server.js
- Loading branch information
1 parent
29bd911
commit 7103272
Showing
2 changed files
with
40 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
/*jslint node: true */ | ||
'use strict'; | ||
|
||
var Sequelize = require('sequelize'), | ||
sequelize = new Sequelize('database', 'username', 'password', { | ||
dialect: 'sqlite', | ||
storage: 'data/juiceshop.sqlite' | ||
}); | ||
|
||
exports.Sequelize = Sequelize; | ||
exports.sequelize = sequelize; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,11 +5,6 @@ var application_root = __dirname.replace(/\\/g, '/'), | |
fs = require('fs'), | ||
glob = require('glob'), | ||
morgan = require('morgan'), | ||
Sequelize = require('sequelize'), | ||
sequelize = new Sequelize('database', 'username', 'password', { | ||
dialect: 'sqlite', | ||
storage: 'data/juiceshop.sqlite' | ||
}), | ||
restful = require('sequelize-restful'), | ||
express = require('express'), | ||
errorhandler = require('errorhandler'), | ||
|
@@ -20,6 +15,7 @@ var application_root = __dirname.replace(/\\/g, '/'), | |
PDFDocument = require('pdfkit'), | ||
utils = require('./lib/utils'), | ||
insecurity = require('./lib/insecurity'), | ||
db = require('./lib/domain'), | ||
app = express(); | ||
|
||
errorhandler.title = 'Juice Shop (Express ' + utils.version('express') + ')'; | ||
|
@@ -32,9 +28,9 @@ glob(__dirname + '/app/public/ftp/*.pdf', function (err, files) { | |
}); | ||
|
||
/* Domain Model */ | ||
var User = sequelize.define('User', { | ||
email: Sequelize.STRING, | ||
password: Sequelize.STRING | ||
var User = db.sequelize.define('User', { | ||
email: db.Sequelize.STRING, | ||
password: db.Sequelize.STRING | ||
}, | ||
{ hooks: { | ||
beforeCreate: function (user, fn) { | ||
|
@@ -59,11 +55,11 @@ function xssChallengeUserHook(user) { | |
} | ||
} | ||
|
||
var Product = sequelize.define('Product', { | ||
name: Sequelize.STRING, | ||
description: Sequelize.STRING, | ||
price: Sequelize.DECIMAL, | ||
image: Sequelize.STRING | ||
var Product = db.sequelize.define('Product', { | ||
name: db.Sequelize.STRING, | ||
description: db.Sequelize.STRING, | ||
price: db.Sequelize.DECIMAL, | ||
image: db.Sequelize.STRING | ||
}, | ||
{ hooks: { | ||
beforeCreate: function (product, fn) { | ||
|
@@ -82,25 +78,25 @@ function xssChallengeProductHook(product) { | |
} | ||
} | ||
|
||
var Basket = sequelize.define('Basket', { | ||
var Basket = db.sequelize.define('Basket', { | ||
}); | ||
|
||
var BasketItem = sequelize.define('BasketItems', { | ||
var BasketItem = db.sequelize.define('BasketItems', { | ||
id: { | ||
type: Sequelize.INTEGER, | ||
type: db.Sequelize.INTEGER, | ||
primaryKey: true, | ||
autoIncrement: true | ||
}, | ||
quantity: Sequelize.INTEGER | ||
quantity: db.Sequelize.INTEGER | ||
}); | ||
|
||
Basket.belongsTo(User); | ||
Basket.hasMany(Product, {through: BasketItem}); | ||
Product.hasMany(Basket, {through: BasketItem}); | ||
|
||
var Feedback = sequelize.define('Feedback', { | ||
comment: Sequelize.STRING, | ||
rating: Sequelize.INTEGER | ||
var Feedback = db.sequelize.define('Feedback', { | ||
comment: db.Sequelize.STRING, | ||
rating: db.Sequelize.INTEGER | ||
}, | ||
{ hooks: { | ||
beforeCreate: function (feedback, fn) { | ||
|
@@ -122,9 +118,9 @@ function htmlSanitizationHook(feedback) { | |
} | ||
} | ||
|
||
var Challenge = sequelize.define('Challenges', { | ||
description: Sequelize.STRING, | ||
solved: Sequelize.BOOLEAN | ||
var Challenge = db.sequelize.define('Challenges', { | ||
description: db.Sequelize.STRING, | ||
solved: db.Sequelize.BOOLEAN | ||
}); | ||
|
||
/* Challenges */ | ||
|
@@ -139,8 +135,8 @@ var redirectChallenge, easterEggLevelOneChallenge, easterEggLevelTwoChallenge, d | |
var bender, osaft; | ||
|
||
/* Data */ | ||
sequelize.drop(); | ||
sequelize.sync().success(function () { | ||
db.sequelize.drop(); | ||
db.sequelize.sync().success(function () { | ||
Challenge.create({ | ||
description: 'Find the carefully hidden \'Score Board\' page.', | ||
solved: false | ||
|
@@ -457,11 +453,11 @@ app.use('/rest/user/authentication-details', insecurity.isAuthorized()); | |
app.use('/rest/basket/:id', insecurity.isAuthorized()); | ||
app.use('/rest/basket/:id/order', insecurity.isAuthorized()); | ||
|
||
/* Challenge evaluation before sequelize-restful takes over */ | ||
/* Challenge evaluation before db.sequelize-restful takes over */ | ||
app.post('/api/Feedbacks', verifyForgedFeedbackChallenge()); | ||
|
||
/* Sequelize Restful APIs */ | ||
app.use(restful(sequelize, { endpoint: '/api', allowed: ['Users', 'Products', 'Feedbacks', 'BasketItems', 'Challenges'] })); | ||
/* db.Sequelize Restful APIs */ | ||
app.use(restful(db.sequelize, { endpoint: '/api', allowed: ['Users', 'Products', 'Feedbacks', 'BasketItems', 'Challenges'] })); | ||
/* Custom Restful API */ | ||
app.post('/rest/user/login', loginUser()); | ||
app.get('/rest/user/change-password', changePassword()); | ||
|
@@ -668,7 +664,7 @@ function searchProducts() { | |
if (notSolved(localXssChallenge) && utils.contains(criteria, '<script>alert("XSS1")</script>')) { | ||
solve(localXssChallenge); | ||
} | ||
sequelize.query('SELECT * FROM Products WHERE (name LIKE \'%' + criteria + '%\') OR (description LIKE \'%' + criteria + '%\')') | ||
db.sequelize.query('SELECT * FROM Products WHERE (name LIKE \'%' + criteria + '%\') OR (description LIKE \'%' + criteria + '%\')') | ||
.success(function(products) { | ||
if (notSolved(unionSqlInjectionChallenge)) { | ||
var dataString = JSON.stringify(products); | ||
|
@@ -727,7 +723,7 @@ function loginUser() { | |
if (notSolved(weakPasswordChallenge) && req.body.email === '[email protected]' && req.body.password === 'admin123') { | ||
solve(weakPasswordChallenge); | ||
} | ||
sequelize.query('SELECT * FROM Users WHERE email = \'' + (req.body.email || '') + '\' AND password = \'' + insecurity.hash(req.body.password || '') + '\'', User, {plain: true}) | ||
db.sequelize.query('SELECT * FROM Users WHERE email = \'' + (req.body.email || '') + '\' AND password = \'' + insecurity.hash(req.body.password || '') + '\'', User, {plain: true}) | ||
.success(function(authenticatedUser) { | ||
var user = utils.queryResultToJson(authenticatedUser); | ||
if (user.data && user.data.id) { | ||
|
@@ -799,9 +795,9 @@ function verifyDatabaseRelatedChallenges() { | |
}); | ||
} | ||
if (notSolved(knownVulnerableComponentChallenge)) { | ||
Feedback.findAndCountAll({where: Sequelize.or( | ||
Sequelize.and(['comment LIKE \'%sanitize-html%\''], ['comment LIKE \'%1.4.2%\'']), | ||
Sequelize.and(['comment LIKE \'%htmlparser2%\''], ['comment LIKE \'%3.3.0%\'']) ) } | ||
Feedback.findAndCountAll({where: db.Sequelize.or( | ||
db.Sequelize.and(['comment LIKE \'%sanitize-html%\''], ['comment LIKE \'%1.4.2%\'']), | ||
db.Sequelize.and(['comment LIKE \'%htmlparser2%\''], ['comment LIKE \'%3.3.0%\'']) ) } | ||
).success(function (data) { | ||
if (data.count > 0) { | ||
solve(knownVulnerableComponentChallenge); | ||
|