Skip to content

[WIP] Misc fixes and improvements #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 23 commits into
base: main
Choose a base branch
from
Draft

[WIP] Misc fixes and improvements #62

wants to merge 23 commits into from

Conversation

@cezarBD
Copy link

@cezarBD cezarBD commented Oct 15, 2025

This work has been done as part of @BeDefended.

This is an attempt to revive the project by fixing a few known issues. Summary of updates:

  • The missing env vars are added from Is there a dev.env template missing? #36 (comment).
  • Fixed local storage for screenshots, similar to Update api.js and docker-compose.yml #47 (comment).
  • The google OAuth was disabled to make it easier to deploy this in a single user scenario with no need to rely on a google account. Just click on login button and the session will be automatically created.
  • Due to the previous point, the admin control panel and the public XSS API are now running on separate ports, so that it's possible to firewall the control panel off.
  • The new env file to edit is .env and is, as such, hidden.

Known bugs:

  • The login page is still present, even though it's not needed now.
  • The URL from the payload generator is missing the right port / hostname at the moment, but it is enough to edit it manually to point to the right location.
  • HTTPS and public deployment have not been fully tested yet.

@randshell
Update compose file
6c9cf02 
- fix volumes tag
- increase healthcheck interval
- pin postgres to v16
- remove version tag
@randshell
Update compose file
4005a5f 
- fix volumes tag
- increase healthcheck interval
- pin postgres to v16
- remove version tag
@randshell
Remove authentication for the control panel
bf948d3
@randshell
Add template for the env vars
70cbd9c
@randshell
Add template for the env vars
5fda9bf
@randshell
Separate the Control Panel to use a different listening port
3103eae
@randshell
Merge branch 'removeAuth'
c4d7c1d 
# Conflicts:
#	config.env
#	docker-compose.yml
@randshell
Try removing check on the hostname
7a302e5 
shouldn't be needed since we have the control panel on a different port
@randshell
Use the server's port in the payloads
82b8cc5
@randshell
Move folder volumes to named volumes
51d4683 
Also add file access permissions
@randshell
Fix port handling in the JS callback
6dd3251
@randshell
Fix Docker volumes permissions
9d2731e
@randshell
Fix local screenshots path
5e629c1
@randshell
Fix local screenshots path
530a5a4
@randshell
Add missing body parser in the API
8d8cf26
@randshell
Add / route to the API
0489542
@randshell
More screenshots related fixes
40101ec
@randshell
Add Caddy web server
7ca656a
@randshell
Fix previous commit
23bfd7d
@randshell
Change to nginx
b1f22ac
@randshell
Improve env handling
500d28b
@randshell
Fix hostnames
7e6c399
@randshell
Fix compose file and env variables
a3ed2f3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cezarBD @randshell