Skip to content

Commit

Permalink
prepared to move model out of server.js
Browse files Browse the repository at this point in the history
  • Loading branch information
@bkimminich
bkimminich committed Oct 22, 2014
1 parent 29bd911 commit 7103272
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 33 deletions.
11 changes: 11 additions & 0 deletions lib/domain.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
/*jslint node: true */
'use strict';

var Sequelize = require('sequelize'),
sequelize = new Sequelize('database', 'username', 'password', {
dialect: 'sqlite',
storage: 'data/juiceshop.sqlite'
});

exports.Sequelize = Sequelize;
exports.sequelize = sequelize;
62 changes: 29 additions & 33 deletions server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,6 @@ var application_root = __dirname.replace(/\\/g, '/'),
fs = require('fs'),
glob = require('glob'),
morgan = require('morgan'),
Sequelize = require('sequelize'),
sequelize = new Sequelize('database', 'username', 'password', {
dialect: 'sqlite',
storage: 'data/juiceshop.sqlite'
}),
restful = require('sequelize-restful'),
express = require('express'),
errorhandler = require('errorhandler'),
Expand All @@ -20,6 +15,7 @@ var application_root = __dirname.replace(/\\/g, '/'),
PDFDocument = require('pdfkit'),
utils = require('./lib/utils'),
insecurity = require('./lib/insecurity'),
db = require('./lib/domain'),
app = express();

errorhandler.title = 'Juice Shop (Express ' + utils.version('express') + ')';
Expand All @@ -32,9 +28,9 @@ glob(__dirname + '/app/public/ftp/*.pdf', function (err, files) {
});

/* Domain Model */
var User = sequelize.define('User', {
email: Sequelize.STRING,
password: Sequelize.STRING
var User = db.sequelize.define('User', {
email: db.Sequelize.STRING,
password: db.Sequelize.STRING
},
{ hooks: {
beforeCreate: function (user, fn) {
Expand All @@ -59,11 +55,11 @@ function xssChallengeUserHook(user) {
}
}

var Product = sequelize.define('Product', {
name: Sequelize.STRING,
description: Sequelize.STRING,
price: Sequelize.DECIMAL,
image: Sequelize.STRING
var Product = db.sequelize.define('Product', {
name: db.Sequelize.STRING,
description: db.Sequelize.STRING,
price: db.Sequelize.DECIMAL,
image: db.Sequelize.STRING
},
{ hooks: {
beforeCreate: function (product, fn) {
Expand All @@ -82,25 +78,25 @@ function xssChallengeProductHook(product) {
}
}

var Basket = sequelize.define('Basket', {
var Basket = db.sequelize.define('Basket', {
});

var BasketItem = sequelize.define('BasketItems', {
var BasketItem = db.sequelize.define('BasketItems', {
id: {
type: Sequelize.INTEGER,
type: db.Sequelize.INTEGER,
primaryKey: true,
autoIncrement: true
},
quantity: Sequelize.INTEGER
quantity: db.Sequelize.INTEGER
});

Basket.belongsTo(User);
Basket.hasMany(Product, {through: BasketItem});
Product.hasMany(Basket, {through: BasketItem});

var Feedback = sequelize.define('Feedback', {
comment: Sequelize.STRING,
rating: Sequelize.INTEGER
var Feedback = db.sequelize.define('Feedback', {
comment: db.Sequelize.STRING,
rating: db.Sequelize.INTEGER
},
{ hooks: {
beforeCreate: function (feedback, fn) {
Expand All @@ -122,9 +118,9 @@ function htmlSanitizationHook(feedback) {
}
}

var Challenge = sequelize.define('Challenges', {
description: Sequelize.STRING,
solved: Sequelize.BOOLEAN
var Challenge = db.sequelize.define('Challenges', {
description: db.Sequelize.STRING,
solved: db.Sequelize.BOOLEAN
});

/* Challenges */
Expand All @@ -139,8 +135,8 @@ var redirectChallenge, easterEggLevelOneChallenge, easterEggLevelTwoChallenge, d
var bender, osaft;

/* Data */
sequelize.drop();
sequelize.sync().success(function () {
db.sequelize.drop();
db.sequelize.sync().success(function () {
Challenge.create({
description: 'Find the carefully hidden \'Score Board\' page.',
solved: false
Expand Down Expand Up @@ -457,11 +453,11 @@ app.use('/rest/user/authentication-details', insecurity.isAuthorized());
app.use('/rest/basket/:id', insecurity.isAuthorized());
app.use('/rest/basket/:id/order', insecurity.isAuthorized());

/* Challenge evaluation before sequelize-restful takes over */
/* Challenge evaluation before db.sequelize-restful takes over */
app.post('/api/Feedbacks', verifyForgedFeedbackChallenge());

/* Sequelize Restful APIs */
app.use(restful(sequelize, { endpoint: '/api', allowed: ['Users', 'Products', 'Feedbacks', 'BasketItems', 'Challenges'] }));
/* db.Sequelize Restful APIs */
app.use(restful(db.sequelize, { endpoint: '/api', allowed: ['Users', 'Products', 'Feedbacks', 'BasketItems', 'Challenges'] }));
/* Custom Restful API */
app.post('/rest/user/login', loginUser());
app.get('/rest/user/change-password', changePassword());
Expand Down Expand Up @@ -668,7 +664,7 @@ function searchProducts() {
if (notSolved(localXssChallenge) && utils.contains(criteria, '<script>alert("XSS1")</script>')) {
solve(localXssChallenge);
}
sequelize.query('SELECT * FROM Products WHERE (name LIKE \'%' + criteria + '%\') OR (description LIKE \'%' + criteria + '%\')')
db.sequelize.query('SELECT * FROM Products WHERE (name LIKE \'%' + criteria + '%\') OR (description LIKE \'%' + criteria + '%\')')
.success(function(products) {
if (notSolved(unionSqlInjectionChallenge)) {
var dataString = JSON.stringify(products);
Expand Down Expand Up @@ -727,7 +723,7 @@ function loginUser() {
if (notSolved(weakPasswordChallenge) && req.body.email === '[email protected]' && req.body.password === 'admin123') {
solve(weakPasswordChallenge);
}
sequelize.query('SELECT * FROM Users WHERE email = \'' + (req.body.email || '') + '\' AND password = \'' + insecurity.hash(req.body.password || '') + '\'', User, {plain: true})
db.sequelize.query('SELECT * FROM Users WHERE email = \'' + (req.body.email || '') + '\' AND password = \'' + insecurity.hash(req.body.password || '') + '\'', User, {plain: true})
.success(function(authenticatedUser) {
var user = utils.queryResultToJson(authenticatedUser);
if (user.data && user.data.id) {
Expand Down Expand Up @@ -799,9 +795,9 @@ function verifyDatabaseRelatedChallenges() {
});
}
if (notSolved(knownVulnerableComponentChallenge)) {
Feedback.findAndCountAll({where: Sequelize.or(
Sequelize.and(['comment LIKE \'%sanitize-html%\''], ['comment LIKE \'%1.4.2%\'']),
Sequelize.and(['comment LIKE \'%htmlparser2%\''], ['comment LIKE \'%3.3.0%\'']) ) }
Feedback.findAndCountAll({where: db.Sequelize.or(
db.Sequelize.and(['comment LIKE \'%sanitize-html%\''], ['comment LIKE \'%1.4.2%\'']),
db.Sequelize.and(['comment LIKE \'%htmlparser2%\''], ['comment LIKE \'%3.3.0%\'']) ) }
).success(function (data) {
if (data.count > 0) {
solve(knownVulnerableComponentChallenge);
Expand Down

0 comments on commit 7103272

Please sign in to comment.