Fixed XSS bug in connlog and optimized the load speed of connlog ui

mod/auth/authlogger/handlers.go

@@ -3,6 +3,7 @@ package authlogger
 import (
 	"encoding/json"
 	"net/http"
+	"regexp"
 )
 
 //Handle of listing of the logger index (months)
@@ -32,6 +33,16 @@ func (l *Logger) HandleTableListing(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	js, _ := json.Marshal(records)
+	//Filter the records before sending it to web UI
+	results := []LoginRecord{}
+	for _, record := range records {
+		//Replace the username with a regex filtered one
+		reg, _ := regexp.Compile("[^a-zA-Z0-9]+")
+		filteredUsername := reg.ReplaceAllString(record.TargetUsername, "░")
+		record.TargetUsername = filteredUsername
+		results = append(results, record)
+	}
+
+	js, _ := json.Marshal(results)
 	sendJSONResponse(w, string(js))
 }

web/Camera/img/icons/left.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 0 24 24" width="24px" fill="#FFFFFF"><path d="M0 0h24v24H0z" fill="none"/><path d="M15.41 7.41L14 6l-6 6 6 6 1.41-1.41L10.83 12z"/></svg>

web/Camera/img/icons/right.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 0 24 24" width="24px" fill="#FFFFFF"><path d="M0 0h24v24H0z" fill="none"/><path d="M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"/></svg>

web/Camera/preview.html

@@ -55,6 +55,20 @@
                 margin: auto;
                 z-index: 10;
             }
+
+            .rightarrow{
+                position: fixed;
+                top: calc(50% - 1.5em);
+                right: 1em;
+                z-index: 1000;
+            }
+
+            .leftarrow{
+                position: fixed;
+                top: calc(50% - 1.5em);
+                left: 1em;
+                z-index: 1000;
+            }
         </style>
     </head>
     <body>
@@ -71,11 +85,20 @@
                 </div>
             </div>
         </div>
+        <div class="desktopcontrols">
+            <div class="rightarrow">
+                <img  onclick="nextPhoto();" style="width: 3em; cursor: pointer;" src="img/icons/right.svg">
+            </div>
+            <div class="leftarrow">
+                <img  onclick="previousPhoto();" style="width: 3em; cursor: pointer;" src="img/icons/left.svg">
+            </div>
+        </div>
         <div class="imgwrapper">
             <div class="imgbox">
                 <img id="viewpoint" class="center-fit" src='img/place-holder.png'>
             </div>
         </div>
+        
         <script>
             let photoList = [];
             let currentViewingPhoto = 0; //The index of current viewing photo
@@ -85,6 +108,14 @@
                 window.location.href = "index.html";
             }
 
+            $(document).on("keydown", function(e){
+                if (e.keyCode == 39){
+                    nextPhoto();
+                }else if (e.keyCode == 37){
+                    previousPhoto();
+                }
+            });
+
             $(document).ready(function(){
                 //Load the latest image
                 ao_module_agirun("Camera/backend/listPhoto.js",{

web/SystemAO/security/connlog.html

@@ -7,24 +7,32 @@
     <link rel="stylesheet" href="../../script/semantic/semantic.min.css">
     <script type="text/javascript" src="../../script/jquery.min.js"></script>
     <script type="text/javascript" src="../../script/semantic/semantic.min.js"></script>
+    <style>
+    
+    </style>
 </head>
 <body>
-    <div class="ui container">
-        <p>Connection Attempts</p>
-        <h1 class="ui header">
-            <span id="normalStatus">Analysising</span>
-            <div class="sub header"><span id="loginAptCount"></span> login request logged this month with <span id="incorrectRatio"></span> incorrect password attempts.
-        </h1>
-        <div class="ui divider"></div>
-        <div class="ui fluid selection dropdown">
-            <input type="hidden" name="tablekey" onchange="loadRecords(this);">
-            <i class="dropdown icon"></i>
-            <div class="default text">Date</div>
-            <div id="recordTables" class="menu">
-                
+    <div class="ui container" style="height: 100% !important;">
+        <div>
+            <p>Connection Attempts</p>
+            <h1 class="ui header">
+                <span id="normalStatus">Analysising</span>
+                <div class="sub header">
+                    <span id="loginAptCount"></span> login request logged this month with <span id="incorrectRatio"></span> incorrect password attempts.
+                </div>
+            </h1>
+            <div class="ui divider"></div>
+            <div class="ui fluid selection dropdown">
+                <input type="hidden" name="tablekey" onchange="loadRecords(this);">
+                <i class="dropdown icon"></i>
+                <div class="default text">Date</div>
+                <div id="recordTables" class="menu">
+
+                </div>
             </div>
         </div>
-        <div class="ui divider">
+        <div class="ui divider"></div>
+        <div>
             <table class="ui celled table">
                 <thead>
                     <tr>
@@ -38,16 +46,19 @@
                 <tbody id="records">
                 
                 </tbody>
-              </table>
+            </table>
         </div>
+        <br><br>
     </div>
-    <br><br><br>
+    
     <script>
         var monthNames = ["Jan", "Feb", "Mar", "Apr", "May", "Jun","Jul", "Aug", "Sep", "Oct", "Nov", "Dec"];
 
         $(".ui.dropdown").dropdown();
 
+
         initMonthList();
+       
 
         //Get the table that belongs to today. Put in offset if the current month not found in list
         function getCurrentMonthTable(monOffset = 0){
@@ -83,18 +94,17 @@
                     }
 
                     //Select the current month if it exists
-                    setTimeout(function(){
-                        if (currentMontHTableExists){
-                            $("#recordTables").parent().dropdown("set selected", getCurrentMonthTable());
-                        }
-                    },300);
+                    if (currentMontHTableExists){
+                        $("#recordTables").parent().dropdown("set selected", getCurrentMonthTable());
+                        loadRecordsByTableName(getCurrentMonthTable());
+                    }
+              
                     
                 }
             });
         }
 
-        function loadRecords(object){
-            var tableName = object.value;
+        function loadRecordsByTableName(tableName){
             $.ajax({
                 url: "../../system/auth/logger/list",
                 data: {record: tableName},
@@ -133,7 +143,12 @@
                         }
                     }
                 }
-            })
+            });
+        }
+
+        function loadRecords(object){
+            var tableName = object.value;
+            loadRecordsByTableName(tableName);
         }
 
         function updateSummaryText(records){