[Remove] backend build file
This commit is contained in:
tv0924@icloud.com
parent
cc52c85fd5
commit
b41b086980
2 changed files with 1 additions and 81 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -217,6 +217,7 @@ $RECYCLE.BIN/
|
||||||
|
|
||||||
!dist/
|
!dist/
|
||||||
dist/*
|
dist/*
|
||||||
|
packages/*/dist/*
|
||||||
!dist/*.zip
|
!dist/*.zip
|
||||||
|
|
||||||
# End of https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux
|
# End of https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux
|
||||||
81
packages/backend/dist/index.js
vendored
81
packages/backend/dist/index.js
vendored
|
|
@ -1,81 +0,0 @@
|
||||||
// packages/backend/src/controller/implictGrant.ts
|
|
||||||
var ImplicitGrantController = class {
|
|
||||||
isImplicitGrantReq(req) {
|
|
||||||
const query = req.getQuery();
|
|
||||||
if (query.includes("client_id=") && query.includes("response_type=token")) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
isSendTokenToClient(req) {
|
|
||||||
const path = req.getPath();
|
|
||||||
const query = req.getQuery();
|
|
||||||
if (query.includes("access_token=") && query.includes("state=") || path.includes("&access_token=") || /access_token=%/i.test(query)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
testReq(req) {
|
|
||||||
if (this.isImplicitGrantReq(req)) {
|
|
||||||
return "isImplicitGrantReq";
|
|
||||||
}
|
|
||||||
if (this.isSendTokenToClient(req)) {
|
|
||||||
return "isSendTokenToClient";
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
// packages/backend/src/controller/authZCodeGrant.ts
|
|
||||||
var AuthZCodeGrantController = class {
|
|
||||||
constructor() {
|
|
||||||
}
|
|
||||||
isAuthZReq(req) {
|
|
||||||
const query = req.getQuery();
|
|
||||||
if (query.includes("client_id=") && query.includes("response_type=code")) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
isSendCodeToClient(req) {
|
|
||||||
const path = req.getPath();
|
|
||||||
const query = req.getQuery();
|
|
||||||
if (query.includes("code=") && query.includes("state=") || path.includes("&code=") || /code=%/i.test(query)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
testReq(req) {
|
|
||||||
if (this.isAuthZReq(req)) {
|
|
||||||
return "isAuthZReq";
|
|
||||||
}
|
|
||||||
if (this.isSendCodeToClient(req)) {
|
|
||||||
return "isSendCodeToClient";
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
// isAccessTokenReq(req: Response) {
|
|
||||||
// }
|
|
||||||
};
|
|
||||||
|
|
||||||
// packages/backend/src/index.ts
|
|
||||||
var implicitGrantController = new ImplicitGrantController();
|
|
||||||
var authZCodeGrantController = new AuthZCodeGrantController();
|
|
||||||
function init(sdk) {
|
|
||||||
sdk.events.onInterceptRequest(async (sdk2, req) => {
|
|
||||||
const result = authZCodeGrantController.testReq(req) || implicitGrantController.testReq(req);
|
|
||||||
if (result) {
|
|
||||||
await sdk2.findings.create({
|
|
||||||
title: "Possible SSO Request Detected",
|
|
||||||
description: `SSO-related parameters detected in request:
|
|
||||||
|
|
||||||
${req.getMethod()} ${req.getUrl()} : ${result}`,
|
|
||||||
request: req,
|
|
||||||
reporter: ""
|
|
||||||
});
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
|
||||||
export {
|
|
||||||
init
|
|
||||||
};
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue