From 58baac72559a41e352a8e7f968a1d7b19b751d56 Mon Sep 17 00:00:00 2001 From: Andre Vasconcelos Date: Wed, 26 May 2021 16:05:24 +0900 Subject: [PATCH 1/5] WIP: Adding ability to inject page with auth header or cookie --- src/routes/index.js | 19 +++++++++----- src/store/schedule.js | 6 +++++ src/utils/lighthouse.js | 19 +++++++------- src/utils/responseBuilder.js | 51 ++++++++++++++++++++++++++++++++++++ 4 files changed, 79 insertions(+), 16 deletions(-) diff --git a/src/routes/index.js b/src/routes/index.js index d755e9d..6fafa8e 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -209,8 +209,12 @@ router.post('/receive_submission', async function(req, res) { user_id: res_data.user.id, username: res_data.user.username, channel, + auth_header: undefined, + cookie_name: undefined, + cookie_value: undefined, }; + console.log(JSON.stringify(values)); for (const key in values) { if (values[key].audit_options && values[key].audit_options.selected_options && values[key].audit_options.selected_options.length > 0) { values[key].audit_options.selected_options.forEach(option => { @@ -218,19 +222,14 @@ router.post('/receive_submission', async function(req, res) { }); } - if (values[key].audit_url) { - submission.audit_url = values[key].audit_url.value; - } - - if (values[key].schedule) { - submission.schedule = values[key].schedule.value; + for (const optionKey of Object.keys(values[key])) { + submission[optionKey] = values[key][optionKey].value; } } try { // Ad-hoc run if (!is_schedule) { - const options = { throttling: submission.throttling, performance: submission.performance, @@ -238,6 +237,9 @@ router.post('/receive_submission', async function(req, res) { 'best-practices': submission['best-practices'], pwa: submission.pwa, seo: submission.seo, + auth_header: submission.auth_header, + cookie_name: submission.cookie_name, + cookie_value: submission.cookie_value, }; res.send(); await runAudit(submission.audit_url, submission.user_id, submission.channel, options); @@ -255,6 +257,9 @@ router.post('/receive_submission', async function(req, res) { 'best-practices': schedule['best-practices'], pwa: schedule.pwa, seo: schedule.seo, + auth_header: schedule.auth_header, + cookie_name: schedule.cookie_name, + cookie_value: schedule.cookie_value, }; await runAudit(schedule.audit_url, schedule.user_id, schedule.channel, options); }); diff --git a/src/store/schedule.js b/src/store/schedule.js index f695a50..ad32046 100644 --- a/src/store/schedule.js +++ b/src/store/schedule.js @@ -16,6 +16,9 @@ const schema = new mongoose.Schema({ seo: Boolean, pwa: Boolean, throttling: Boolean, + auth_header: String, + cookie_name: String, + cookie_value: String, }); const ScheduleModel = mongoose.model('Schedule', schema); @@ -34,6 +37,9 @@ async function createSchedule(payload) { seo: payload.seo, pwa: payload.pwa, throttling: payload.throttling, + auth_header: payload.auth_header, + cookie_name: payload.cookie_name, + cookie_value: payload.cookie_value, }); const data = await new_schedule.save(); diff --git a/src/utils/lighthouse.js b/src/utils/lighthouse.js index a4af532..b718fdc 100644 --- a/src/utils/lighthouse.js +++ b/src/utils/lighthouse.js @@ -27,18 +27,19 @@ async function launchPuppeteer(url, options) { '--disable-dev-shm-usage' ] }); + const page = await browser.newPage(); - // Run authentication script (as injected javascript) - if (options.auth_script) { - const page = await browser.newPage(); - await page.goto(url, { - waitUntil: 'networkidle0', - }); - await page.waitForSelector(options.await_selector, {visible: true}); - await page.evaluate(options.auth_script); - await page.waitForNavigation(); + if (options.auth_header) { + page.setExtraHTTPHeaders({ + 'Authorization': options.auth_header, + }) } + if (options.cookie_name && options.cookie_value) { + page.setCookie({ name: options.cookie_name, value: options.cookie_value }); + } + + await page.waitForNavigation(); // Lighthouse will open URL. Puppeteer observes `targetchanged` and sets up network conditions. // Possible race condition. let opts = { diff --git a/src/utils/responseBuilder.js b/src/utils/responseBuilder.js index 148ecf5..c34649b 100644 --- a/src/utils/responseBuilder.js +++ b/src/utils/responseBuilder.js @@ -123,6 +123,57 @@ function generateAuditDialog(is_schedule) { blocks.push(schedule); } + const auth_header = { + type: 'input', + element: { + type: 'plain_text_input', + action_id: 'auth_header', + placeholder: { + type: 'plain_text', + text: 'JWT ofma3103dSFNsUJasn311ndSN' + } + }, + label: { + type: 'plain_text', + text: 'Authorization Header (optional)' + } + }; + blocks.push(auth_header); + + const cookie_name = { + type: 'input', + element: { + type: 'plain_text_input', + action_id: 'cookie_name', + placeholder: { + type: 'plain_text', + text: 'jwt_token' + } + }, + label: { + type: 'plain_text', + text: 'Cookie Name (optional)' + } + }; + blocks.push(cookie_name); + + const cookie_value = { + type: 'input', + element: { + type: 'plain_text_input', + action_id: 'cookie_value', + placeholder: { + type: 'plain_text', + text: 'jwt_token' + } + }, + label: { + type: 'plain_text', + text: 'Cookie Value (optional)' + } + }; + blocks.push(cookie_value); + // Option dropdowns const options = { type: 'input', From 1e3cf62025c6cff087adb017508f3dea9c26c408 Mon Sep 17 00:00:00 2001 From: Andre Vasconcelos Date: Mon, 31 May 2021 10:43:09 +0900 Subject: [PATCH 2/5] Adding url to setCookie option + making auth fields optional --- src/routes/index.js | 8 ++++---- src/utils/lighthouse.js | 2 +- src/utils/responseBuilder.js | 3 +++ 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/routes/index.js b/src/routes/index.js index 6fafa8e..d918892 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -220,10 +220,10 @@ router.post('/receive_submission', async function(req, res) { values[key].audit_options.selected_options.forEach(option => { submission[option.value] = true; }); - } - - for (const optionKey of Object.keys(values[key])) { - submission[optionKey] = values[key][optionKey].value; + } else { + for (const optionKey of Object.keys(values[key])) { + submission[optionKey] = values[key][optionKey].value; + } } } diff --git a/src/utils/lighthouse.js b/src/utils/lighthouse.js index b718fdc..128e544 100644 --- a/src/utils/lighthouse.js +++ b/src/utils/lighthouse.js @@ -36,7 +36,7 @@ async function launchPuppeteer(url, options) { } if (options.cookie_name && options.cookie_value) { - page.setCookie({ name: options.cookie_name, value: options.cookie_value }); + page.setCookie({ name: options.cookie_name, value: options.cookie_value, url }); } await page.waitForNavigation(); diff --git a/src/utils/responseBuilder.js b/src/utils/responseBuilder.js index c34649b..daed333 100644 --- a/src/utils/responseBuilder.js +++ b/src/utils/responseBuilder.js @@ -125,6 +125,7 @@ function generateAuditDialog(is_schedule) { const auth_header = { type: 'input', + optional: true, element: { type: 'plain_text_input', action_id: 'auth_header', @@ -142,6 +143,7 @@ function generateAuditDialog(is_schedule) { const cookie_name = { type: 'input', + optional: true, element: { type: 'plain_text_input', action_id: 'cookie_name', @@ -159,6 +161,7 @@ function generateAuditDialog(is_schedule) { const cookie_value = { type: 'input', + optional: true, element: { type: 'plain_text_input', action_id: 'cookie_value', From 097e19b3b850d13a082f0133ddd3b39326a92945 Mon Sep 17 00:00:00 2001 From: Andre Vasconcelos Date: Mon, 31 May 2021 11:50:53 +0900 Subject: [PATCH 3/5] Fixing navigation timeout issue in auth injection --- .github/workflows/push.yml | 1 + .gitignore | 3 ++- src/utils/lighthouse.js | 12 +++++++----- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index a9d5e23..fae888b 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -31,3 +31,4 @@ jobs: run: | docker tag ghcr.io/wanteddev/lighthouse:${{github.event.release.tag_name}} ghcr.io/wanteddev/lighthouse:latest docker push ghcr.io/wanteddev/lighthouse:latest + if: "!github.event.release.prerelease" diff --git a/.gitignore b/.gitignore index 31a37f7..b150984 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ node_modules -*.http \ No newline at end of file +*.http +.env \ No newline at end of file diff --git a/src/utils/lighthouse.js b/src/utils/lighthouse.js index 128e544..863ded1 100644 --- a/src/utils/lighthouse.js +++ b/src/utils/lighthouse.js @@ -30,16 +30,19 @@ async function launchPuppeteer(url, options) { const page = await browser.newPage(); if (options.auth_header) { - page.setExtraHTTPHeaders({ + await page.setExtraHTTPHeaders({ 'Authorization': options.auth_header, }) } if (options.cookie_name && options.cookie_value) { - page.setCookie({ name: options.cookie_name, value: options.cookie_value, url }); + await page.setCookie({ name: options.cookie_name, value: options.cookie_value, url }); } - - await page.waitForNavigation(); + await page.goto(url, { + waitUntil: 'networkidle0', + }); + await page.waitForSelector('body', {visible: true}); + await page.close(); // Lighthouse will open URL. Puppeteer observes `targetchanged` and sets up network conditions. // Possible race condition. let opts = { @@ -84,7 +87,6 @@ async function launchPuppeteer(url, options) { const {lhr} = await lighthouse(url, opts); // Return response back to main thread parentPort.postMessage(lhr); - await browser.close(); return; } catch(error) { From 1479c7c95f007cc5fa1b3399de0d228e52173256 Mon Sep 17 00:00:00 2001 From: Andre Vasconcelos Date: Mon, 31 May 2021 11:52:22 +0900 Subject: [PATCH 4/5] Removing redundant (optional) text --- src/utils/responseBuilder.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/utils/responseBuilder.js b/src/utils/responseBuilder.js index daed333..6600588 100644 --- a/src/utils/responseBuilder.js +++ b/src/utils/responseBuilder.js @@ -136,7 +136,7 @@ function generateAuditDialog(is_schedule) { }, label: { type: 'plain_text', - text: 'Authorization Header (optional)' + text: 'Authorization Header' } }; blocks.push(auth_header); @@ -154,7 +154,7 @@ function generateAuditDialog(is_schedule) { }, label: { type: 'plain_text', - text: 'Cookie Name (optional)' + text: 'Cookie Name' } }; blocks.push(cookie_name); @@ -172,7 +172,7 @@ function generateAuditDialog(is_schedule) { }, label: { type: 'plain_text', - text: 'Cookie Value (optional)' + text: 'Cookie Value' } }; blocks.push(cookie_value); From e1ea0a9cbc59ea6d277e6cde7f29d79eac938c03 Mon Sep 17 00:00:00 2001 From: Andre Vasconcelos Date: Mon, 31 May 2021 11:58:45 +0900 Subject: [PATCH 5/5] Changing dialog placeholder text --- .github/workflows/push.yml | 2 +- src/utils/responseBuilder.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index fae888b..6f41785 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -31,4 +31,4 @@ jobs: run: | docker tag ghcr.io/wanteddev/lighthouse:${{github.event.release.tag_name}} ghcr.io/wanteddev/lighthouse:latest docker push ghcr.io/wanteddev/lighthouse:latest - if: "!github.event.release.prerelease" + if: "github.event.release.prerelease != true" diff --git a/src/utils/responseBuilder.js b/src/utils/responseBuilder.js index 6600588..25d710f 100644 --- a/src/utils/responseBuilder.js +++ b/src/utils/responseBuilder.js @@ -149,7 +149,7 @@ function generateAuditDialog(is_schedule) { action_id: 'cookie_name', placeholder: { type: 'plain_text', - text: 'jwt_token' + text: 'jwt' } }, label: { @@ -167,7 +167,7 @@ function generateAuditDialog(is_schedule) { action_id: 'cookie_value', placeholder: { type: 'plain_text', - text: 'jwt_token' + text: 'ofma3103dSFNsUJasn311ndSN...' } }, label: {