mirror of
https://github.com/tobychui/zoraxy.git
synced 2025-06-27 01:41:44 +02:00
Fixed #267
- Added csrf middleware to management portal mux - Added csrf token to all html templates - Added csrf validation to all endpoints - Optimized some old endpoints implementation
This commit is contained in:
Toby Chui
@ -2,12 +2,14 @@
|
||||
<head>
|
||||
<title>File Manager</title>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="zoraxy.csrf.Token" content="{{.csrfToken}}">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0 user-scalable=no">
|
||||
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
|
||||
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.4.1/semantic.min.css" />
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.4.1/semantic.min.js"></script>
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/jszip/3.6.0/jszip.min.js"></script>
|
||||
<link rel="stylesheet" href="fs.css">
|
||||
<script src="../script/utils.js"></script>
|
||||
<script>
|
||||
|
||||
</script>
|
||||
@ -199,7 +201,7 @@
|
||||
let counter = $(".fileObject.selected").length;
|
||||
$(".fileObject.selected").each(function(){
|
||||
let thisFilepath = $(this).attr("filepath");
|
||||
$.ajax({
|
||||
$.cjax({
|
||||
url: "/api/fs/del?target=" + thisFilepath,
|
||||
method: "POST",
|
||||
success: function(data){
|
||||
@ -241,22 +243,9 @@
|
||||
let filename = $(this).attr("filename");
|
||||
if (ftype != "folder"){
|
||||
let ext = filepath.split(".").pop();
|
||||
if (isCodeFiles(ext)){
|
||||
editableCodeFiles.push({
|
||||
"filename": filename,
|
||||
"filepath": filepath
|
||||
});
|
||||
}else{
|
||||
openthis($(this), evt);
|
||||
}
|
||||
|
||||
openthis($(this), evt);
|
||||
}
|
||||
});
|
||||
|
||||
if (editableCodeFiles.length > 0){
|
||||
let hash = encodeURIComponent(JSON.stringify(editableCodeFiles))
|
||||
window.open("notepad/index.html#" + hash);
|
||||
}
|
||||
}
|
||||
|
||||
function refresh(){
|
||||
@ -571,12 +560,19 @@
|
||||
return;
|
||||
}
|
||||
|
||||
$.post("/api/fs/newFolder?path=" + currentPath + folderName, function(data){
|
||||
if (data.error != undefined){
|
||||
msgbox(data.error, false);
|
||||
}else{
|
||||
msgbox("Folder Created");
|
||||
refresh();
|
||||
$.cjax({
|
||||
url: "/api/fs/newFolder",
|
||||
method: "POST",
|
||||
data: {
|
||||
"path": currentPath + folderName,
|
||||
},
|
||||
success: function(data){
|
||||
if (data.error != undefined){
|
||||
msgbox(data.error, false);
|
||||
}else{
|
||||
msgbox("Folder Created");
|
||||
refresh();
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
@ -597,8 +593,12 @@
|
||||
if (newName && newName != oldName) {
|
||||
// User entered a new name, perform renaming logic here
|
||||
console.log(oldPath, currentPath + newName);
|
||||
$.ajax({
|
||||
url: "/api/fs/move?srcpath=" + oldPath + "&destpath=" + currentPath + newName,
|
||||
$.cjax({
|
||||
url: "/api/fs/move",
|
||||
data: {
|
||||
"srcpath": oldPath,
|
||||
"destpath": currentPath + newName
|
||||
},
|
||||
method: "POST",
|
||||
success: function(data){
|
||||
if (data.error != undefined){
|
||||
@ -826,6 +826,7 @@
|
||||
ajax.addEventListener("error", errorHandler, false);
|
||||
ajax.addEventListener("abort", abortHandler, false);
|
||||
ajax.open("POST", "/api/fs/upload?dir=" + dir);
|
||||
ajax.setRequestHeader("X-CSRF-Token", document.getElementsByTagName("meta")["zoraxy.csrf.Token"].getAttribute("content"));
|
||||
ajax.send(formdata);
|
||||
}
|
||||
|
||||
@ -914,8 +915,12 @@
|
||||
let filename = fileToPaste.filename;
|
||||
let filepath = fileToPaste.filepath;
|
||||
|
||||
$.ajax({
|
||||
url: "/api/fs/move?srcpath=" + filepath + "&destpath=" + currentPath + filename,
|
||||
$.cjax({
|
||||
url: "/api/fs/move",
|
||||
data:{
|
||||
"srcpath": filepath,
|
||||
"destpath": currentPath + filename,
|
||||
},
|
||||
method: "POST",
|
||||
success: function(data){
|
||||
if (data.error != undefined){
|
||||
@ -939,7 +944,7 @@
|
||||
function copyFirstItemInQueueUntilAllCopied(){
|
||||
let file = copyPendingFiles.shift();
|
||||
let startingDir = currentPath;
|
||||
$.ajax({
|
||||
$.cjax({
|
||||
url: "/api/fs/copy",
|
||||
method: "POST",
|
||||
data: {
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta name="zoraxy.csrf.Token" content="{{.csrfToken}}">
|
||||
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||
<meta name="viewport" content="user-scalable=no, width=device-width, initial-scale=1, maximum-scale=1"/>
|
||||
<meta charset="UTF-8">
|
||||
@ -13,6 +14,7 @@
|
||||
<script src="../script/semantic/semantic.min.js"></script>
|
||||
<script src="../script/tablesort.js"></script>
|
||||
<link rel="stylesheet" href="../main.css">
|
||||
<script src="../script/utils.js"></script>
|
||||
<style>
|
||||
.offlinehost{
|
||||
display: none;
|
||||
@ -86,9 +88,14 @@
|
||||
<div class="ui basic segment" align="center">
|
||||
<i class="loading spinner icon"></i> Scanning
|
||||
</div>`);
|
||||
$.post("/api/tools/ipscan", {start: start, end: end}, function(data) {
|
||||
displayResults(data);
|
||||
$(".scanbtn").removeClass("disabled");
|
||||
$.cjax({
|
||||
url: "/api/tools/ipscan",
|
||||
data: {start: start, end: end},
|
||||
method: "POST",
|
||||
success: function(data){
|
||||
displayResults(data);
|
||||
$(".scanbtn").removeClass("disabled");
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
@ -109,9 +116,14 @@
|
||||
<div class="ui basic segment" align="center">
|
||||
<i class="loading spinner icon"></i> Scanning
|
||||
</div>`);
|
||||
$.post("/api/tools/ipscan", {cidr: cidr}, function(data) {
|
||||
displayResults(data);
|
||||
$(".scanbtn").removeClass("disabled");
|
||||
$.cjax({
|
||||
url: "/api/tools/ipscan",
|
||||
method: "POST",
|
||||
data: {cidr: cidr},
|
||||
success: function(data) {
|
||||
displayResults(data);
|
||||
$(".scanbtn").removeClass("disabled");
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta name="zoraxy.csrf.Token" content="{{.csrfToken}}">
|
||||
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||
<meta name="viewport" content="user-scalable=no, width=device-width, initial-scale=1, maximum-scale=1"/>
|
||||
<meta charset="UTF-8">
|
||||
@ -13,6 +14,7 @@
|
||||
<script src="../script/semantic/semantic.min.js"></script>
|
||||
<script src="../script/tablesort.js"></script>
|
||||
<link rel="stylesheet" href="../main.css">
|
||||
<script src="../script/utils.js"></script>
|
||||
<style>
|
||||
body{
|
||||
overflow-x: auto;
|
||||
@ -54,7 +56,7 @@
|
||||
var domain = $("#domain").val();
|
||||
$("#discover").addClass("loading").addClass('disabled');
|
||||
setCountdown();
|
||||
$.ajax({
|
||||
$.cjax({
|
||||
type: "POST",
|
||||
url: "/api/mdns/discover",
|
||||
data: { domain: domain },
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta name="zoraxy.csrf.Token" content="{{.csrfToken}}">
|
||||
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||
<meta name="viewport" content="user-scalable=no, width=device-width, initial-scale=1, maximum-scale=1"/>
|
||||
<meta charset="UTF-8">
|
||||
@ -13,6 +14,7 @@
|
||||
<script src="../script/semantic/semantic.min.js"></script>
|
||||
<script src="../script/tablesort.js"></script>
|
||||
<link rel="stylesheet" href="../main.css">
|
||||
<script src="../script/utils.js"></script>
|
||||
<style>
|
||||
#loadingUI{
|
||||
width: 100%;
|
||||
@ -153,7 +155,7 @@
|
||||
//Try to ask the server side to create a ssh proxy object
|
||||
function createSSHProxy(remoteAddr, remotePort, username){
|
||||
//Request to create a ssh session instance
|
||||
$.ajax({
|
||||
$.cjax({
|
||||
url: "/api/tools/webssh",
|
||||
data: {ipaddr: remoteAddr, port: remotePort, username:username},
|
||||
method: "POST",
|
||||
|
||||
Reference in New Issue
Block a user