Implement URL XSS attack

2024-10-08 14:30:39 +02:00
parent f81e9be320
commit 48bfcc9c75
19 changed files with 243 additions and 61 deletions
--- a/software/backend/routes/api.routes.ts
+++ b/software/backend/routes/api.routes.ts
@@ -1,5 +1,5 @@
 import { Request, Response, NextFunction, Router } from 'express'
-import { deleteAllTables, prepopulateDatabase } from '../scripts/databaseHelper'
+import { deleteAllTables, deleteExerciseProgressTables, prepopulateDatabase, prepopulateExerciseDatabase } from '../scripts/databaseHelper'

 export const api = Router()

@@ -15,5 +15,13 @@ api.get("/resetdatabase", async (req: Request, res: Response, next: NextFunction
  await prepopulateDatabase()

  // Step 3: Send status back
+  res.status(200).send()
+})
+
+api.get("/resetExerciseProgress", async (req: Request, res: Response, next: NextFunction) => {
+  deleteExerciseProgressTables()
+  
+  await prepopulateExerciseDatabase()
+  
  res.status(200).send()
 })
--- a/software/backend/routes/events.routes.ts
+++ b/software/backend/routes/events.routes.ts
@@ -43,6 +43,7 @@ events.get("/", async (req: Request, res: Response) => {
    include: [
      {
        model: Concert,
+        required: true,
        include: [
          {
            model: Location,
--- a/software/backend/routes/exercise.routes.ts
+++ b/software/backend/routes/exercise.routes.ts
@@ -20,4 +20,23 @@ exercises.get("/", (req: Request, res: Response) => {
  ).then(result => {
    res.status(200).json(result)
  })
+})
+
+exercises.post("/:groupNr/:exerciseNr/:state", (req: Request, res: Response) => {
+  console.log(req.params.groupNr)
+  ExerciseGroup.findOne({
+    where: { groupNr: req.params.groupNr }
+  })
+    .then(group => {
+      Exercise.findOne({
+        where: {
+          exerciseNr: req.params.exerciseNr,
+          exerciseGroupId: group.id
+        }
+      })
+        .then(exercise => {
+          exercise.update({ solved: req.params.state == "1"})
+          res.status(200).send()
+        })
+    })
 })
--- a/software/backend/scripts/databaseHelper.ts
+++ b/software/backend/scripts/databaseHelper.ts
@@ -42,6 +42,7 @@ export function deleteAllTables() {
  Band.destroy({ truncate: true })
  Event.destroy({ truncate: true })

+  City.destroy({ truncate: true })
  Location.destroy({ truncate: true })
  Concert.destroy({ truncate: true })
  SeatGroup.destroy({ truncate: true })
@@ -52,11 +53,26 @@ export function deleteAllTables() {
  Payment.destroy({ truncate: true })
  Account.destroy({ truncate: true })
  AccountRole.destroy({ truncate: true})
+}

+export function deleteExerciseProgressTables() {
  Exercise.destroy({truncate: true})
  ExerciseGroup.destroy({truncate: true})
 }

+export async function prepopulateExerciseDatabase() {
+  for (let exerciseGroup of exercises.data) {
+    ExerciseGroup.create(exerciseGroup)
+      .then(async dataset => {
+        for (let exercise of exerciseGroup.exercises) {
+          exercise["exerciseGroupId"] = dataset.id
+
+          await Exercise.create(exercise)
+        }
+      })
+  }
+}
+
 /**
 * Insert default datasets in the database tables
 */
@@ -195,15 +211,4 @@ export async function prepopulateDatabase() {
        }
      })
  }
-
-  for (let exerciseGroup of exercises.data) {
-    ExerciseGroup.create(exerciseGroup)
-      .then(async dataset => {
-        for (let exercise of exerciseGroup.exercises) {
-          exercise["exerciseGroupId"] = dataset.id
-
-          await Exercise.create(exercise)
-        }
-      })
-  }
 }