| Age | Commit message (Collapse) | Author |
|---|
|
If the address is using "https:" protocol, the WebSocket address will
use the "wss://" schema.
This changes require latest update on wui repository.
|
|
Release trunks under GPL 3.0 or later license.
See https://kilabit.info/journal/2022/gpl for more information.
|
|
See https://kilabit.info/journal/2022/gpl for more information.
|
|
|
|
Module trunks is a library and HTTP service that provide web user interface
to test HTTP service, similar to Postman, and for load testing.
For the load testing we use vegeta [1] as the backend.
|
|
|
|
In case user set CGO_ENABLED=0, the task for "all" will fail.
This commit fix this by setting CGO_ENABLED to 1 when running test
with -race option.
|
|
|
|
The NavLink struct now has field OpenInIFrame. If its true, the Href
will be opened inside an iframe in the same window, otherwise it
will opened in new tab.
|
|
Using Trunks.RegisterNavLink, one can register custom link into
left navigation menu.
|
|
|
|
Changes,
* AttackResult storage size decreased -24 bytes
* Environment storage size decreased -32 bytes
* HttpTarget storage size decreased -24 bytes
* RunRequest storage size decreased -32 bytes
* RunResponse storage size decreased -8 bytes
* Target storage size decreased -16 bytes
* WebSocketTarget storage size decreased -8 bytes
|
|
The returned value from WebSocketTarget's onClickRun() is already decoded
as object, so we did not need to convert and run JSON.parse with it.
|
|
This changes update on how memfs initialized and GoEmbed called.
|
|
When the worker build received an update to .js or .html files, we run
the Node.Update method on affected node to fetch their latest content.
This is to allow the task to embed files, generate the latest content.
|
|
In the commit edff37e3 and 264cb988, we store the user modified input
into local storage. This including Target options and variables,
HttpTarget headers and parameters, and WebSocket headers and parameters.
When the user interface refreshed, the stored variables is loaded into
input form but not saved into current Target/HttpTarget/WebSocketTarget
variables.
This changes fix this issue by loading the stored variables into
into current instance of Target/HttpTarget/WebSocketTarget variables.
|
|
The internal/cmd/trunks-example is not run and provide an example only
now, its include the workers to build, recompile, re-embeded files.
|
|
Previously, we have a workers to recompile TypeScript and regenerate
HTML files from adoc inside the Trunks type. The workers will run
if the environment variable TRUNKS_DEV set to non-zero.
This changes move those workers to the internal/cmd/trunks-example,
because those workers are related for development only not for running
Trunks server.
|
|
The BaseURL should be only set once by server and read-only to client.
This is to prevent a malicious client attempt to attack non-predefined
target.
|
|
The "cmd" directory on module should be reserved for installable
program that can be executed outside of this repository.
The trunks-example is development server should be run on root of this
repository only, not installable to $GOBIN.
|
|
This changes split the Save function into several functions, in order
to help review and minimize wrong storage key on load and save.
|
|
Changes,
* share: fix the HTTP caching using ETag on the server
* share: rename the terminology to generate Go source code to "embed"
* ciigo: check markup modification time before converting to HTML
|
|
Once the Attack button is clicked, the Target's attack options will
be stored to local storage. On the next refresh or opening the Trunks
web interface, the stored values will be loaded again.
|
|
When the attack finished, the WebSocket server will broadcast the
result to all clients as message "/_trunks/api/attack/result".
|
|
Setting the websocket listen address on environment require,
re-parsing address port on the web side to connect to the server.
In order to simplify creating connection on client, we set only the
websocket port in the environment.
|
|
Currently we are experimenting changing the layout for grouping input
fields from flat layout into fieldset, so user can see more separation
between each sub-section.
|
|
Instead of re-run the commands to recompile and embed for each file
changes on _www, we queue changes into channel and run the recompile
only if the channel is not empty.
|
|
The WebSocket API replace the HTTP APIs for running and canceling
attack. Later, it will use to notify the result of attack.
|
|
Since we will implement API using WebSocket later, we need to split
between the one that manage HTTP and one that manage WebSocket.
|
|
Previously to developer and test trunks on local we need to run "tsc -w"
on directory _www to watch and recompile any changes to TypeScript files,
and run "go run ./cmd/trunks-example" to view the Trunks web interface.
Since we will have internal documentation inside _www/docs, we need
to run another ciigo server that watch any changes to .adoc files
and convert it to HTML.
Three separate commands for development.
This changes refactoring the development process by running two
goroutines when TRUNKS_DEV environment variable is set to non-empty.
One goroutine watch any changes to TypeScript, HTML, and
tsconfig files inside the _www, and when there is an update it will
execute "tsc -p" to recompile and "go run ./internal/generate-memfs" to
embed them into Go source.
Another goroutine watch any changes to .adoc files inside "_www/docs"
directory and convert them into HTML files.
This goroutine will running in the background while the HTTP server is
running too.
|
|
When user click "Run" button on any HttpTarget or WebSocketTarget,
the application will store each dynamic values of input in Target's
Variables, HttpTarget/WebSocketTarget Headers and Parameters into local
storage.
By storing the dynamic values of form input, different users can have
their own dynamic values and automatically loaded when they re-open
the Trunks website again.
|
|
The endpoint for GET and POST examples now return the object like
HTTP Request which contains the HTTP Method, URL, Headers, Form,
MultipartForm, and the Body.
This will allow us to inspect the request with logging in to console.
|
|
If the content-type of request is multipart/form-data, convert the
parameters in HttpTarget using ToMultipartFormData().
|
|
In case two or more users access the Trunks web and set the target
variables, the last user that run any HttpTarget will set the
Target variables or HttpTarget headers/variables.
The next user that open the Trunks web will see the values of headers
and variables from the latest run.
This changes fix this issue by generating new RunRequest using request
original target
|
|
In case the label is longer than 200px, break them by words.
|
|
Since the HttpTarget Params type changes to KeyFormInput, we cannot
use the Params directly but need to convert it JSON object first
using map[string]interface{}.
|
|
Using em is hard to calculate between fixed menu on the left,
content, and header. Especially when there is an element that needs
width larger than parent width (the header of target).
|
|
Also,
* allow auto scroll to the target top content when the Target menu
clicked
* fix header overflow on HTTP and WebSocket target
|
|
The "tsc" task run the tsc program using the tsconfig.json inside
the directory _www, which will recompile all TypeScript before generating
the embeded file.
|
|
In case the FormInput from response does not define the Kind, due to
lazy programmer, generate default form input string.
|
|
Previously, after clicking the "Run" button user need to inspect the
"Run output" to check if the request is success or fail.
This changes, display a notification everytime the "Run" finished.
It will display the notification as error or success based on the
HttpStatusCode inside the RunResponse
|
|
This changes refactor the KeyValue from map[string]string into
map[string]FormInput, where FormInput is a struct with Label, Hint,
Kind, Value, Max, and Min.
With the available of Hint field, the web user interface can render it
as description of input.
This changes also make all input hint to be displayed on the first render.
|
|
The "Hint" provide a general description for Target, a single HttpTarget,
and WebSocketTarget.
|
|
The hint is a text that will be displayed when the icon "i" on the
right side of input is clicked. It provide a description of input.
|
|
Previously, the web user interface is written in pure, single JavaScript
file. The LOC is short but its become hard to maintenance, especially
when there is a change in HTML layout or on the response format.
This changes rewrite the interface to use TypeScript in order to easily
maintenance. The generated JavaScript is loaded using module [1].
[1] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules
|
|
This is to make the target title distinguishable in between another
titles.
|
|
Previously only HTTP/WS targets that have their link when the navigation
item is clicked.
This changes make the header target to be clickable too.
Also, changes the hash path to use the following format,
* "/${target.ID}" - for target only
* "/${target.ID}/http/${httptarget.ID}" - for HTTP target
* "/${target.ID}/ws/${httptarget.ID}" - for WebSocket target
|
|
If the HTTP target IsCustomizable, user can set the request method,
path, and/or request type. When user changes those values, the values
should overwrite the configuration on server, so the Run method can use
it for creating request.
|
|
When user click the target, the location hash will be set to the
target id. By setting the hash, we can allow user to refresh the page
and render the previous selected target.
|
|
|
