API tools faq
paste
Advertisement
rizky21id

sad

rizky21id
Mar 26th, 2020
534
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.98 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. * @Author: Gaurav Mishra
  3. * @Date: 2018-12-30 19:15:04
  4. * @Last Modified by: Gaurav Mishra
  5. * @Last Modified time: 2019-01-09 16:01:42
  6. */
  7.  
  8. var express = require("express");
  9. var app = express();
  10. var url = require("url");
  11. var fs = require("fs");
  12. var bodyParser = require("body-parser");
  13. var exec = require("child_process").exec;
  14. var multiparty = require("multiparty");
  15. var validUrl = require("valid-url");
  16. var Promise = require("bluebird");
  17. var https = require("https");
  18. var cron = require("node-cron");
  19. var schedule = require("node-schedule");
  20. var cookieParser = require("cookie-parser");
  21. var session = require("express-session");
  22. var helmet = require("helmet");
  23. var csrf = require("csurf");
  24. var contextPath = "./";
  25. /*
  26. Certificate and Key generation commands:
  27. ========================================
  28. openssl genrsa -out ssl/localhost.key 2048
  29. openssl req -new -x509 -key ssl/localhost.key -out ssl/localhost.cert -days 3650 -subj /CN=localhost
  30. */
  31. var options = {
  32. key: fs.readFileSync(contextPath + "ssl/localhost.key"),
  33. cert: fs.readFileSync(contextPath + "ssl/localhost.cert"),
  34. requestCert: false,
  35. rejectUnauthorized: false
  36. };
  37. var server = https.createServer(options, app);
  38. var hour = 3600000;
  39.  
  40.  
  41. app.use(helmet());
  42. app.disable("x-powered-by");
  43. app.use(express.static(__dirname + "/static/"));
  44. app.use(bodyParser.urlencoded({
  45. extended: true
  46. }));
  47. app.use(bodyParser.json());
  48. app.use(cookieParser());
  49. app.use(csrf({ cookie: true }));
  50. app.use(function(err, req, res, next) {
  51. if (err.code !== "EBADCSRFTOKEN") {
  52. return next(err);
  53. }
  54. // handle CSRF token errors here
  55. res.status(403);
  56. res.send("Invalid CSRF Token. Please refresh the page.");
  57. });
  58.  
  59. server.listen(1337, function() {
  60. console.log("Server has started listening on port " + 1337);
  61. });
  62. try {
  63. var appConfig = JSON.parse(fs.readFileSync(contextPath + "config.json", "utf8"));
  64. } catch (err) {
  65. console.log("Error reading application configuration file. Exiting...");
  66. process.exit(1);
  67. }
  68.  
  69. // initialize express-session to allow us track the logged-in user across sessions.
  70. app.use(session({
  71. key: "user_sid",
  72. secret: appConfig.session_secret,
  73. resave: true,
  74. saveUninitialized: true,
  75. rolling: true,
  76. cookie: {
  77. secure: true,
  78. httpOnly: true,
  79. maxAge: hour
  80. }
  81. }));
  82.  
  83. // This middleware will check if user's cookie is still saved in browser and user is not set, then automatically log the user out.
  84. // This usually happens when you stop your express server after login, your cookie still remains saved in the browser.
  85. app.use(function(req, res, next) {
  86. if (req.cookies.user_sid && !req.session.user) {
  87. res.clearCookie("user_sid");
  88. }
  89. next();
  90. });
  91.  
  92. // middleware function to check for logged-in users
  93. var sessionChecker = function(req, res, next) {
  94. if (req.session.user && req.cookies.user_sid) {
  95. res.redirect("/main");
  96. } else {
  97. res.redirect("/login");
  98. }
  99. };
  100.  
  101. // route for user Login
  102. app.route("/login")
  103. .get(function(req, res) {
  104. res.sendFile(__dirname + "/static/templates/login.html");
  105. })
  106. .post(function(req, res) {
  107. var username = req.body.username;
  108. var password = req.body.password;
  109. if (username !== undefined && password !== undefined) {
  110. if (username.toString() === appConfig.login_creds.username && password.toString() === appConfig.login_creds.password) {
  111. req.session.user = username;
  112. res.status(200).send(true);
  113. } else if (username.toString().trim() === "" && password.toString().trim() === "") {
  114. res.status(403).send("Please supply username and password.");
  115. } else if (username.toString().trim() === "" || password.toString().trim() === "") {
  116. res.status(403).send("Please supply both username and password.");
  117. } else {
  118. res.status(403).send("Invalid username or password.");
  119. }
  120. } else {
  121. res.status(403).send("Request has been tampered.");
  122. }
  123.  
  124. });
  125.  
  126. // route for user logout
  127. app.get("/logout", function(req, res) {
  128. if (req.session.user && req.cookies.user_sid) {
  129. req.session.destroy();
  130. res.clearCookie("user_sid");
  131. res.redirect("/login");
  132. } else {
  133. res.redirect("/login");
  134. }
  135. });
  136.  
  137. app.get("/", sessionChecker, function(req, res) {
  138. fs.readFile("static/templates/login.html", function(err, data) {
  139. if (err) {
  140. res.writeHead(404, {
  141. "Content-Type": "text/html"
  142. });
  143. return res.end("404 Not Found");
  144. }
  145. res.writeHead(200, {
  146. "Content-Type": "text/html"
  147. });
  148. res.write(data);
  149. return res.end();
  150. });
  151. });
  152.  
  153. app.get("/csrfToken", function(req, res) {
  154. return res.status(200).send({ csrfToken: req.csrfToken() });
  155. });
  156.  
  157. var child;
  158.  
  159. app.get("/main", function(req, res) {
  160. if (req.session.user && req.cookies.user_sid) {
  161. fs.readFile("static/templates/main.html", function(err, data) {
  162. if (err) {
  163. res.writeHead(404, {
  164. "Content-Type": "text/html"
  165. });
  166. return res.end("404 Not Found");
  167. }
  168. res.writeHead(200, {
  169. "Content-Type": "text/html"
  170. });
  171. res.write(data);
  172. return res.end();
  173. });
  174. } else {
  175. res.redirect("/login");
  176. }
  177. });
  178.  
  179.  
  180. app.post("/scan", function(req, res) {
  181. if (req.session.user && req.cookies.user_sid) {
  182. var form = new multiparty.Form();
  183. form.parse(req, function(err, fields, files) {
  184. // When both the inputs are supplied
  185. if (fields.scanUrl !== undefined && files.url_list !== undefined) {
  186. var _url = fields.scanUrl.toString().trim();
  187. var fileContentType = files.url_list[0].headers["content-type"];
  188. var fileExtension = files.url_list[0].originalFilename.split(".").pop();
  189. var fileSize = files.url_list[0].size;
  190. var filePath = files.url_list[0].path;
  191. if (_url !== "" && fileSize > 0) {
  192. return res.send("Please supply ethier a URL or a file");
  193. } else if (_url !== "" && fileSize === 0) {
  194. // When URL is supplied as an input
  195. if (validUrl.isHttpUri(_url) || validUrl.isHttpsUri(_url)) {
  196. try {
  197. var scanUrl = url.parse(_url, true);
  198. startSingleScan(scanUrl, res).then(function(result) {
  199. if (result) {
  200. console.log("URL Scanned successfully: " + scanUrl.href);
  201. res.status(200).send("URL Scanned successfully");
  202. }
  203. });
  204. } catch (error) {
  205. return res.status(200).send("Unable to parse the URL");
  206. }
  207. } else {
  208. return res.status(200).send("Invalid URL Supplied");
  209. }
  210. } else if (fileSize > 0 && _url == "") {
  211. // When File is supplied as an input
  212. var i;
  213. if (fileContentType == "text/plain" && fileExtension == "txt" && fileSize <= 2097152) {
  214. res.status(200).send("Scan is running in the background. Go take a coffee!<br>Scan history will be updated automatically.");
  215. var data = fs.readFileSync(filePath, "utf8");
  216. var urlList = data.split("\n");
  217. var promises = [];
  218. var urlListLength = urlList.length;
  219. var urlStr;
  220. for (i = 0; i < urlListLength; i += 1) {
  221. if (validUrl.isHttpUri(urlList[i]) || validUrl.isHttpsUri(urlList[i])) {
  222. urlStr = url.parse(urlList[i], true);
  223. promises.push(startScan(urlStr, res));
  224. }
  225. }
  226. Promise.all(promises).then(function(result) {
  227. console.log("List scanned successfully!");
  228. }, function(err) {
  229. console.log("What went wrong?" + err);
  230. });
  231. } else if (fileContentType == "text/plain" && fileSize > 2097152) {
  232. return res.status(200).send("File size should not exceed 2 MB.");
  233. } else {
  234. return res.status(200).send("Only text files are allowed");
  235. }
  236. }
  237. // When server could not understand the input properly
  238. else {
  239. return res.send("Please supply an input");
  240. }
  241. } else {
  242. return res.send("Request has been tampered");
  243. }
  244.  
  245. });
  246. form.on("close", function() {
  247. //console.log('Upload completed!');
  248. });
  249. } else {
  250. res.redirect("/login");
  251. }
  252. });
  253.  
  254. function startSingleScan(scanUrl, res) {
  255. var timestamp = new Date().getTime();
  256. var filename = scanUrl.hostname + "_" + timestamp + ".json";
  257. var completeUrl = scanUrl.protocol + "//" + scanUrl.hostname + scanUrl.pathname;
  258. console.log("Scan started on: " + completeUrl);
  259. var cmd = "wpscan --format=json --ignore-main-redirect -o data/scan_results/" + filename + " --url=" + completeUrl + " || :";
  260. // Using ` || : ` as a hack to return 0 exit code because otherwise wpscan returns non-zero exit code
  261. // which makes node js to think command failed to run. ` echo $? ` is used to check exit code
  262.  
  263. return new Promise(function(resolve, reject) {
  264. child = exec(cmd, null, function(error, stderr, stdout) {
  265. var resultObj = JSON.parse(fs.readFileSync(contextPath + "data/scan_results/" + filename, "utf8"));
  266. if (resultObj.scan_aborted !== undefined) {
  267. console.log("Scan failed for: " + completeUrl);
  268. try {
  269. fs.unlink(contextPath + "data/scan_results/" + filename, function(err) {
  270. if (err) throw err;
  271. });
  272. } catch (_err) {
  273.  
  274. }
  275. console.log("Reason: " + resultObj.scan_aborted);
  276. res.status(200).send(resultObj.scan_aborted);
  277. resolve(false);
  278. } else {
  279. var result_details = {
  280. "application_url": completeUrl,
  281. "timestamp": timestamp,
  282. "filename": filename
  283. };
  284. var obj = JSON.parse(fs.readFileSync(contextPath + "data/scan_history.json", "utf8"));
  285. obj.scan_history.unshift(result_details);
  286. fs.writeFileSync(contextPath + "data/scan_history.json", JSON.stringify(obj), function(err) {
  287. if (err) {
  288. console.log("Error: " + err);
  289. }
  290. });
  291. resolve(true);
  292. }
  293. });
  294. });
  295. }
  296.  
  297. function startScan(scanUrl, res) {
  298. var timestamp = new Date().getTime();
  299. var filename = scanUrl.hostname + "_" + timestamp + ".json";
  300. var completeUrl = scanUrl.protocol + "//" + scanUrl.hostname + scanUrl.pathname;
  301. console.log("Scan started on: " + completeUrl);
  302. var cmd = "wpscan --format=json --ignore-main-redirect -o data/scan_results/" + filename + " --url=" + completeUrl + " || :";
  303. // Using ` || : ` as a hack to return 0 exit code because otherwise wpscan returns non-zero exit code
  304. // which makes node js to think command failed to run. ` echo $? ` is used to check exit code
  305. return new Promise(function(resolve, reject) {
  306. child = exec(cmd, null, function(error, stderr, stdout) {
  307. try {
  308. var resultObj = JSON.parse(fs.readFileSync(contextPath + "data/scan_results/" + filename, "utf8"));
  309. if (resultObj.scan_aborted !== undefined) {
  310. console.log("Scan failed for: " + completeUrl);
  311. try {
  312. fs.unlink(contextPath + "data/scan_results/" + filename, function(err) {
  313. if (err) throw err;
  314. });
  315. } catch (err) {
  316.  
  317. }
  318. console.log("Reason: " + resultObj.scan_aborted);
  319. } else {
  320. var result_details = {
  321. "application_url": completeUrl,
  322. "timestamp": timestamp,
  323. "filename": filename
  324. };
  325. var obj = JSON.parse(fs.readFileSync(contextPath + "data/scan_history.json", "utf8"));
  326. obj.scan_history.unshift(result_details);
  327. console.log("Scan successfully completed for: " + result_details.application_url);
  328. try {
  329. fs.writeFileSync(contextPath + "data/scan_history.json", JSON.stringify(obj), function(err) {
  330. if (err) {
  331. console.log("Error: " + err);
  332. }
  333. });
  334. } catch (err) {
  335. console.log("Error writing to file: " + err);
  336. }
  337. }
  338. } catch (err) {
  339. console.log("Error reading file: " + err);
  340. }
  341. resolve(true);
  342. });
  343. });
  344. }
  345.  
  346. app.get("/fetch/scheduled/history", function(req, res) {
  347. if (req.session.user && req.cookies.user_sid) {
  348. var data = JSON.parse(fs.readFileSync(contextPath + "data/scheduled_scans.json", "utf-8"));
  349. return res.status(200).send(data);
  350. } else {
  351. res.redirect("/login");
  352. }
  353. });
  354.  
  355. var currentCount = JSON.parse(fs.readFileSync(contextPath + "data/scheduled_scans.json", "utf-8")).total;
  356.  
  357. app.post("/schedule", function(req, res) {
  358. if (req.session.user && req.cookies.user_sid) {
  359. var reqBody = req.body;
  360. var second = reqBody.second ? reqBody.second : "",
  361. minute = reqBody.minute,
  362. hour = reqBody.hour,
  363. day = reqBody.day,
  364. dayOfMonth = reqBody.dayOfMonth,
  365. dayOfWeek = reqBody.dayOfWeek,
  366. scanUrl = reqBody.scheduleUrl;
  367. var isRequestValid = (minute !== undefined) && (hour !== undefined) && (day !== undefined) && (dayOfMonth !== undefined) && (dayOfWeek !== undefined) && (scanUrl !== undefined);
  368. if (isRequestValid) {
  369. var scheduleRule = second.trim() + " " + minute.trim() + " " + hour.trim() + " " + day.trim() + " " + dayOfMonth.trim() + " " + dayOfWeek.trim(),
  370. valid;
  371. scanUrl = scanUrl.trim();
  372. if (scanUrl == "") {
  373. return res.status(400).send('{"message":"Please enter a URL.", "status": "failure"}');
  374. } else if (scanUrl !== "" && (validUrl.isHttpUri(scanUrl) || validUrl.isHttpsUri(scanUrl))) {
  375. try {
  376. var Url = url.parse(scanUrl, true);
  377. valid = cron.validate(scheduleRule.trim());
  378. if (valid) {
  379. var timestamp = new Date().getTime();
  380. var task = schedule.scheduleJob({ start: timestamp, rule: scheduleRule }, function() {
  381. startScan(Url, res).then(function(result) {
  382. if (result)
  383. console.log("Scheduled scan completed successfully");
  384. });
  385. });
  386. var schedule_details = {
  387. "rule": {
  388. "second": second.trim(),
  389. "minute": minute.trim(),
  390. "hour": hour.trim(),
  391. "day": day.trim(),
  392. "dayOfMonth": dayOfMonth.trim(),
  393. "dayOfWeek": dayOfWeek.trim()
  394. },
  395. "timestamp": timestamp,
  396. "application_url": Url.protocol + "//" + Url.hostname + Url.pathname,
  397. "task": task
  398. };
  399. var obj = JSON.parse(fs.readFileSync(contextPath + "data/scheduled_scans.json", "utf8"));
  400. obj.scheduled_scans.unshift(schedule_details);
  401. obj.total = ++currentCount;
  402. fs.writeFileSync(contextPath + "data/scheduled_scans.json", JSON.stringify(obj), function() {
  403. if (err) {
  404. console.log("Error: " + err);
  405. }
  406. });
  407. return res.status(200).send('{"message":"Scan has been scheduled successfully.","status":"success"}');
  408. } else {
  409. return res.status(400).send('{"message":"Invalid cron fields entered. Please retry","status":"failure"}');
  410. }
  411. } catch (err) {
  412. return res.status(400).send('{"message":"Unable to parse the URL.", "status": "failure"}');
  413. }
  414. } else {
  415. return res.status(400).send('{"message":"Please enter a valid URL", "status": "failure"}');
  416. }
  417. } else {
  418. return res.status(400).send('{"message":"Request has been tampered.", "status": "failure"}');
  419. }
  420. } else {
  421. res.redirect("/login");
  422. }
  423. });
  424.  
  425. function reinitializeScheduledScans() {
  426. console.log("Re-initializing Scheduled Scans...");
  427. try {
  428. var obj = JSON.parse(fs.readFileSync(contextPath + "data/scheduled_scans.json", "utf8"));
  429. for (let i = 0; i < obj.scheduled_scans.length; i++) { // Don't change let keyword to var
  430. var timestamp = new Date(obj.scheduled_scans[i].timestamp);
  431. var rule = obj.scheduled_scans[i].rule.second + " " + obj.scheduled_scans[i].rule.minute + " " + obj.scheduled_scans[i].rule.hour + " " + obj.scheduled_scans[i].rule.day + " " + obj.scheduled_scans[i].rule.dayOfMonth + " " + obj.scheduled_scans[i].rule.dayOfWeek;
  432. var task = schedule.scheduleJob({ start: timestamp, rule: rule.trim() }, function(data) {
  433. startScan(url.parse(obj.scheduled_scans[i].application_url, true)).then(function(result) {
  434. if (result)
  435. console.log("Scheduled scan completed successfully");
  436. });
  437. });
  438. obj.scheduled_scans[i].task = task;
  439. }
  440. fs.writeFile(contextPath + "data/scheduled_scans.json", JSON.stringify(obj), function(err) {
  441. if (err) {
  442. console.log("Failed to updated task details.");
  443. } else {
  444. console.log("Task details updated successfully.");
  445. }
  446. });
  447. } catch (err) {
  448. console.log("Error reading scheduled_scans.json file or file doesn't exist.");
  449. }
  450. }
  451.  
  452. reinitializeScheduledScans();
  453.  
  454. app.get("/report", function(req, res) {
  455. if (req.session.user && req.cookies.user_sid) {
  456. try {
  457. var application_url = req.query.application_url;
  458. var timestamp = req.query.timestamp;
  459. if (application_url !== undefined && timestamp !== undefined) {
  460. var obj = JSON.parse(fs.readFileSync(contextPath + "data/scan_history.json", "utf8"));
  461. var i;
  462. var objLen = obj.scan_history.length;
  463. var scanHistory = obj.scan_history;
  464. for (i = 0; i < objLen; i++) {
  465. if (scanHistory[i].application_url == application_url && scanHistory[i].timestamp == timestamp) {
  466. var objResult = JSON.parse(fs.readFileSync(contextPath + "data/scan_results/" + scanHistory[i].filename, "utf8"));
  467. res.send(objResult);
  468. res.end();
  469. return;
  470. }
  471. }
  472. if (i == objLen) {
  473. res.redirect("/main");
  474. }
  475. } else {
  476. return res.status(400).send("Request has been tampered");
  477. }
  478. } catch (err) {
  479. res.redirect("/");
  480. }
  481. } else {
  482. res.redirect("/login");
  483. }
  484. });
  485.  
  486. app.get("/fetch/scan/history", function(req, res) {
  487. if (req.session.user && req.cookies.user_sid) {
  488. var obj = JSON.parse(fs.readFileSync(contextPath + "data/scan_history.json", "utf8"));
  489. res.send(obj);
  490. res.end();
  491. } else {
  492. res.redirect("/login");
  493. }
  494. });
  495.  
  496. app.post("/delete/report", function(req, res) {
  497. if (req.session.user && req.cookies.user_sid) {
  498. try {
  499. var application_url = req.body.application_url;
  500. var timestamp = req.body.timestamp;
  501. if (application_url !== undefined && timestamp !== undefined) {
  502. var historyObj = JSON.parse(fs.readFileSync(contextPath + "data/scan_history.json", "utf8"));
  503. var scanHistoryList = historyObj.scan_history;
  504. var historyLength = scanHistoryList.length;
  505. var i;
  506. for (i = 0; i < historyLength; i++) {
  507. if (scanHistoryList[i].application_url === application_url && scanHistoryList[i].timestamp === parseInt(timestamp)) {
  508. // Report deletion logic
  509. var j = i;
  510. fs.unlink(contextPath + "data/scan_results/" + scanHistoryList[i].filename, function(err) {
  511. if (err) {
  512. console.log("Failed to delete the report.");
  513. return res.status(400).send("Failed to delete the report.");
  514. } else {
  515. console.log("Report successfully deleted. Updating scan history...");
  516. historyObj.scan_history.splice(j, 1);
  517. fs.writeFile(contextPath + "data/scan_history.json", JSON.stringify(historyObj), function(err) {
  518. if (err) {
  519. console.log("Failed to update scan history.");
  520. } else {
  521. console.log("Scan history updated successfully.");
  522. return res.status(200).send(true);
  523. }
  524. });
  525. }
  526. });
  527. }
  528. }
  529. } else {
  530. return res.status(400).send("Request has been tampered");
  531. }
  532. } catch (err) {
  533.  
  534. }
  535. }
  536. });
  537.  
  538. app.post("/delete/schedule", function(req, res) {
  539. if (req.session.user && req.cookies.user_sid) {
  540. try {
  541. var application_url = req.body.application_url;
  542. var timestamp = req.body.timestamp;
  543. if (application_url !== undefined && timestamp !== undefined) {
  544. var scheduleHistoryObj = JSON.parse(fs.readFileSync(contextPath + "data/scheduled_scans.json", "utf8"));
  545. var scheduleHistoryList = scheduleHistoryObj.scheduled_scans;
  546. var scheduledHistoryLength = scheduleHistoryList.length;
  547. var i, deleted;
  548. for (i = 0; i < scheduledHistoryLength; i++) {
  549. if (scheduleHistoryList[i].application_url === application_url && scheduleHistoryList[i].timestamp === parseInt(timestamp)) {
  550. // Schedule deletion logic
  551. deleted = schedule.scheduledJobs[scheduleHistoryList[i].task.name].cancel();
  552. scheduleHistoryObj.total -= 1;
  553. scheduleHistoryObj.scheduled_scans.splice(i, 1);
  554. fs.writeFile(contextPath + "data/scheduled_scans.json", JSON.stringify(scheduleHistoryObj), function(err) {
  555. if (err) {
  556. console.log("Failed to delete schedule.");
  557. } else {
  558. console.log("Schedule deleted successfully.");
  559. return res.status(200).send(true);
  560. }
  561. });
  562. }
  563. }
  564. } else {
  565. return res.status(400).send("Request has been tampered");
  566. }
  567. } catch (err) {
  568.  
  569. }
  570. }
  571. });
  572.  
  573. app.post("/edit/schedule", function(req, res) {
  574. if (req.session.user && req.cookies.user_sid) {
  575. var application_url = req.body.application_url;
  576. var timestamp = req.body.timestamp;
  577. if (application_url !== undefined && timestamp !== undefined) {
  578. var scheduleHistoryObj = JSON.parse(fs.readFileSync(contextPath + "data/scheduled_scans.json", 'utf8'));
  579. var scheduleHistoryList = scheduleHistoryObj.scheduled_scans;
  580. var scheduledHistoryLength = scheduleHistoryList.length;
  581. var i;
  582. for (i = 0; i < scheduledHistoryLength; i++) {
  583. if (scheduleHistoryList[i].application_url === application_url && scheduleHistoryList[i].timestamp === parseInt(timestamp)) {
  584. // Schedule edit logic
  585. var scheduledTask = scheduleHistoryList[i];
  586. scheduledTask.rule = req.body.rule;
  587. scheduledTask.timestamp = new Date().getTime();
  588. var rule = scheduledTask.rule.second + " " + scheduledTask.rule.minute + " " + scheduledTask.rule.hour + " " + scheduledTask.rule.day + " " + scheduledTask.rule.dayOfMonth + " " + scheduledTask.rule.dayOfWeek;
  589. var valid = cron.validate(rule);
  590. if (valid) {
  591. try {
  592. fs.writeFile(contextPath + "data/scheduled_scans.json", JSON.stringify(scheduleHistoryObj), function(err) {
  593. if (err) {
  594. console.log("Failed to edit schedule. Reason: " + err);
  595. return res.status(400).send("Failed to edit schedule.");
  596. } else {
  597. var resche = schedule.scheduledJobs[scheduledTask.task.name].reschedule({ start: scheduledTask.timestamp, rule: rule });
  598. console.log("Schedule edited successfully.");
  599. return res.status(200).send(true);
  600. }
  601. });
  602. } catch (err) {
  603. console.log("Failed to open/edit scheduled_scans.json file.");
  604. return res.status(400).send("Failed to update scheduled scans.");
  605. }
  606. } else {
  607. return res.status(400).send("Please enter a valid cron expression.");
  608. }
  609. }
  610. }
  611. } else {
  612. return res.status(400).send("Request has been tampered.");
  613. }
  614. }
  615. });
  616.  
  617. app.post("*", pageNotFound);
  618.  
  619. app.get("*", pageNotFound);
  620.  
  621. function pageNotFound(req, res) {
  622. if (req.session.user && req.cookies.user_sid) {
  623. fs.readFile("static/templates/404.html", function(err, data) {
  624. res.writeHead(404, {
  625. "Content-Type": "text/html"
  626. });
  627. res.write(data);
  628. return res.end();
  629. });
  630. } else {
  631. res.redirect("/login");
  632. }
  633. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!