juice-shop

app.routing.ts
297 строк · 10.8 Кб
Перенос по словам
1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5

6
import { TokenSaleComponent } from './token-sale/token-sale.component'
7
import { OAuthComponent } from './oauth/oauth.component'
8
import { BasketComponent } from './basket/basket.component'
9
import { TrackResultComponent } from './track-result/track-result.component'
10
import { ContactComponent } from './contact/contact.component'
11
import { AboutComponent } from './about/about.component'
12
import { RegisterComponent } from './register/register.component'
13
import { ForgotPasswordComponent } from './forgot-password/forgot-password.component'
14
import { SearchResultComponent } from './search-result/search-result.component'
15
import { LoginComponent } from './login/login.component'
16
import { AdministrationComponent } from './administration/administration.component'
17
import { ChangePasswordComponent } from './change-password/change-password.component'
18
import { ComplaintComponent } from './complaint/complaint.component'
19
import { ChatbotComponent } from './chatbot/chatbot.component'
20
import { RecycleComponent } from './recycle/recycle.component'
21
import { RouterModule, type Routes, type UrlMatchResult, type UrlSegment } from '@angular/router'
22
import { TwoFactorAuthEnterComponent } from './two-factor-auth-enter/two-factor-auth-enter.component'
23
import { ErrorPageComponent } from './error-page/error-page.component'
24
import { PrivacySecurityComponent } from './privacy-security/privacy-security.component'
25
import { TwoFactorAuthComponent } from './two-factor-auth/two-factor-auth.component'
26
import { DataExportComponent } from './data-export/data-export.component'
27
import { LastLoginIpComponent } from './last-login-ip/last-login-ip.component'
28
import { PrivacyPolicyComponent } from './privacy-policy/privacy-policy.component'
29
import { AddressCreateComponent } from './address-create/address-create.component'
30
import { AddressSelectComponent } from './address-select/address-select.component'
31
import { SavedAddressComponent } from './saved-address/saved-address.component'
32
import { PaymentComponent } from './payment/payment.component'
33
import { SavedPaymentMethodsComponent } from './saved-payment-methods/saved-payment-methods.component'
34
import { AccountingComponent } from './accounting/accounting.component'
35
import { OrderCompletionComponent } from './order-completion/order-completion.component'
36
import { OrderSummaryComponent } from './order-summary/order-summary.component'
37
import { WalletComponent } from './wallet/wallet.component'
38
import { OrderHistoryComponent } from './order-history/order-history.component'
39
import { DeliveryMethodComponent } from './delivery-method/delivery-method.component'
40
import { PhotoWallComponent } from './photo-wall/photo-wall.component'
41
import { DeluxeUserComponent } from './deluxe-user/deluxe-user.component'
42
import { AccountingGuard, AdminGuard, LoginGuard } from './app.guard'
43
import { NFTUnlockComponent } from './nft-unlock/nft-unlock.component'
44
import { ScoreBoardComponent } from './score-board/score-board.component'
45

46
const loadFaucetModule = async () => {
47
  const module = await import('./faucet/faucet.module')
48
  return module.FaucetModule
49
}
50
const loadWeb3WalletModule = async () => {
51
  const module = await import('./wallet-web3/wallet-web3.module')
52
  return module.WalletWeb3Module
53
}
54

55
const loadWeb3SandboxtModule = async () => {
56
  const module = await import('./web3-sandbox/web3-sandbox.module')
57
  return module.FaucetModule
58
}
59
// vuln-code-snippet start adminSectionChallenge scoreBoardChallenge web3SandboxChallenge
60
const routes: Routes = [
61
  { // vuln-code-snippet neutral-line adminSectionChallenge
62
    path: 'administration', // vuln-code-snippet vuln-line adminSectionChallenge
63
    component: AdministrationComponent, // vuln-code-snippet neutral-line adminSectionChallenge
64
    canActivate: [AdminGuard] // vuln-code-snippet neutral-line adminSectionChallenge
65
  }, // vuln-code-snippet neutral-line adminSectionChallenge
66
  {
67
    path: 'accounting',
68
    component: AccountingComponent,
69
    canActivate: [AccountingGuard]
70
  },
71
  {
72
    path: 'about',
73
    component: AboutComponent
74
  },
75
  {
76
    path: 'address/select',
77
    component: AddressSelectComponent,
78
    canActivate: [LoginGuard]
79
  },
80
  {
81
    path: 'address/saved',
82
    component: SavedAddressComponent,
83
    canActivate: [LoginGuard]
84
  },
85
  {
86
    path: 'address/create',
87
    component: AddressCreateComponent,
88
    canActivate: [LoginGuard]
89
  },
90
  {
91
    path: 'address/edit/:addressId',
92
    component: AddressCreateComponent,
93
    canActivate: [LoginGuard]
94
  },
95
  {
96
    path: 'delivery-method',
97
    component: DeliveryMethodComponent
98
  },
99
  {
100
    path: 'deluxe-membership',
101
    component: DeluxeUserComponent,
102
    canActivate: [LoginGuard]
103
  },
104
  {
105
    path: 'saved-payment-methods',
106
    component: SavedPaymentMethodsComponent
107
  },
108
  {
109
    path: 'basket',
110
    component: BasketComponent
111
  },
112
  {
113
    path: 'order-completion/:id',
114
    component: OrderCompletionComponent
115
  },
116
  {
117
    path: 'contact',
118
    component: ContactComponent
119
  },
120
  {
121
    path: 'photo-wall',
122
    component: PhotoWallComponent
123
  },
124
  {
125
    path: 'complain',
126
    component: ComplaintComponent
127
  },
128
  {
129
    path: 'chatbot',
130
    component: ChatbotComponent
131
  },
132
  {
133
    path: 'order-summary',
134
    component: OrderSummaryComponent
135
  },
136
  {
137
    path: 'order-history',
138
    component: OrderHistoryComponent
139
  },
140
  {
141
    path: 'payment/:entity',
142
    component: PaymentComponent
143
  },
144
  {
145
    path: 'wallet',
146
    component: WalletComponent
147
  },
148
  {
149
    path: 'login',
150
    component: LoginComponent
151
  },
152
  {
153
    path: 'forgot-password',
154
    component: ForgotPasswordComponent
155
  },
156
  {
157
    path: 'recycle',
158
    component: RecycleComponent
159
  },
160
  {
161
    path: 'register',
162
    component: RegisterComponent
163
  },
164
  {
165
    path: 'search',
166
    component: SearchResultComponent
167
  },
168
  {
169
    path: 'hacking-instructor',
170
    component: SearchResultComponent
171
  },
172
  { // vuln-code-snippet neutral-line scoreBoardChallenge
173
    path: 'score-board', // vuln-code-snippet vuln-line scoreBoardChallenge
174
    component: ScoreBoardComponent // vuln-code-snippet neutral-line scoreBoardChallenge
175
  }, // vuln-code-snippet neutral-line scoreBoardChallenge
176
  {
177
    path: 'track-result',
178
    component: TrackResultComponent
179
  },
180
  {
181
    path: 'track-result/new',
182
    component: TrackResultComponent,
183
    data: {
184
      type: 'new'
185
    }
186
  },
187
  {
188
    path: '2fa/enter',
189
    component: TwoFactorAuthEnterComponent
190
  },
191
  {
192
    path: 'privacy-security',
193
    component: PrivacySecurityComponent,
194
    children: [
195
      {
196
        path: 'privacy-policy',
197
        component: PrivacyPolicyComponent
198
      },
199
      {
200
        path: 'change-password',
201
        component: ChangePasswordComponent
202
      },
203
      {
204
        path: 'two-factor-authentication',
205
        component: TwoFactorAuthComponent
206
      },
207
      {
208
        path: 'data-export',
209
        component: DataExportComponent
210
      },
211
      {
212
        path: 'last-login-ip',
213
        component: LastLoginIpComponent
214
      }
215
    ]
216
  },
217
  {
218
    path: 'juicy-nft',
219
    component: NFTUnlockComponent
220
  },
221
  {
222
    path: 'wallet-web3',
223
    loadChildren: async () => await loadWeb3WalletModule()
224
  },
225
  { // vuln-code-snippet neutral-line web3SandboxChallenge
226
    path: 'web3-sandbox', // vuln-code-snippet vuln-line web3SandboxChallenge
227
    loadChildren: async () => await loadWeb3SandboxtModule() // vuln-code-snippet neutral-line web3SandboxChallenge
228
  }, // vuln-code-snippet neutral-line web3SandboxChallenge
229
  {
230
    path: 'bee-haven',
231
    loadChildren: async () => await loadFaucetModule()
232
  },
233
  // vuln-code-snippet start tokenSaleChallenge
234
  {
235
    matcher: oauthMatcher,
236
    data: { params: (window.location.href).substr(window.location.href.indexOf('#')) },
237
    component: OAuthComponent
238
  },
239
  { // vuln-code-snippet neutral-line tokenSaleChallenge
240
    matcher: tokenMatcher, // vuln-code-snippet vuln-line tokenSaleChallenge
241
    component: TokenSaleComponent // vuln-code-snippet neutral-line tokenSaleChallenge
242
  }, // vuln-code-snippet neutral-line tokenSaleChallenge
243
  {
244
    path: '403',
245
    component: ErrorPageComponent
246
  },
247
  {
248
    path: '**',
249
    component: SearchResultComponent
250
  }
251
]
252
// vuln-code-snippet end adminSectionChallenge scoreBoardChallenge web3SandboxChallenge
253

254
export const Routing = RouterModule.forRoot(routes, { useHash: true })
255

256
export function oauthMatcher (url: UrlSegment[]): UrlMatchResult {
257
  if (url.length === 0) {
258
    return null as unknown as UrlMatchResult
259
  }
260
  const path = window.location.href
261
  if (path.includes('#access_token=')) {
262
    return ({ consumed: url })
263
  }
264

265
  return null as unknown as UrlMatchResult
266
}
267

268
export function tokenMatcher (url: UrlSegment[]): UrlMatchResult { // vuln-code-snippet neutral-line tokenSaleChallenge
269
  if (url.length === 0) { // vuln-code-snippet neutral-line tokenSaleChallenge
270
    return null as unknown as UrlMatchResult // vuln-code-snippet neutral-line tokenSaleChallenge
271
  } // vuln-code-snippet neutral-line tokenSaleChallenge
272
  // vuln-code-snippet neutral-line tokenSaleChallenge
273
  const path = url[0].toString() // vuln-code-snippet neutral-line tokenSaleChallenge
274
  // eslint-disable-next-line @typescript-eslint/restrict-plus-operands
275
  if (path.match((token1(25, 184, 174, 179, 182, 186) + (36669).toString(36).toLowerCase() + token2(13, 144, 87, 152, 139, 144, 83, 138) + (10).toString(36).toLowerCase()))) { // vuln-code-snippet vuln-line tokenSaleChallenge
276
    return ({ consumed: url }) // vuln-code-snippet neutral-line tokenSaleChallenge
277
  } // vuln-code-snippet neutral-line tokenSaleChallenge
278
  // vuln-code-snippet neutral-line tokenSaleChallenge
279
  return null as unknown as UrlMatchResult // vuln-code-snippet neutral-line tokenSaleChallenge
280
} // vuln-code-snippet neutral-line tokenSaleChallenge
281

282
export function token1 (...args: number[]) { // vuln-code-snippet neutral-line tokenSaleChallenge
283
  const L = Array.prototype.slice.call(args) // vuln-code-snippet neutral-line tokenSaleChallenge
284
  const D = L.shift() // vuln-code-snippet neutral-line tokenSaleChallenge
285
  return L.reverse().map(function (C, A) { // vuln-code-snippet neutral-line tokenSaleChallenge
286
    return String.fromCharCode(C - D - 45 - A) // vuln-code-snippet neutral-line tokenSaleChallenge
287
  }).join('') // vuln-code-snippet neutral-line tokenSaleChallenge
288
} // vuln-code-snippet neutral-line tokenSaleChallenge
289

290
export function token2 (...args: number[]) { // vuln-code-snippet neutral-line tokenSaleChallenge
291
  const T = Array.prototype.slice.call(arguments) // vuln-code-snippet neutral-line tokenSaleChallenge
292
  const M = T.shift() // vuln-code-snippet neutral-line tokenSaleChallenge
293
  return T.reverse().map(function (m, H) { // vuln-code-snippet neutral-line tokenSaleChallenge
294
    return String.fromCharCode(m - M - 24 - H) // vuln-code-snippet neutral-line tokenSaleChallenge
295
  }).join('') // vuln-code-snippet neutral-line tokenSaleChallenge
296
} // vuln-code-snippet neutral-line tokenSaleChallenge
297
// vuln-code-snippet end tokenSaleChallenge
298
juice-shop

Использование cookies
