Add Server mode

cmd/server.go

@@ -0,0 +1,32 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+	. "github.com/hahwul/dalfox/pkg/server"
+)
+
+// serverCmd represents the server command
+var serverCmd = &cobra.Command{
+	Use:   "server",
+	Short: "Start API Server",
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("server called")
+		RunAPIServer(optionsStr,optionsBool)
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(serverCmd)
+
+	// Here you will define your flags and configuration settings.
+
+	// Cobra supports Persistent Flags which will work for this command
+	// and all subcommands, e.g.:
+	// serverCmd.PersistentFlags().String("foo", "", "A help for foo")
+
+	// Cobra supports local flags which will only run when this command
+	// is called directly, e.g.:
+	// serverCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
+}

go.mod

@@ -8,11 +8,15 @@ require (
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/briandowns/spinner v1.11.1
 	github.com/fatih/color v1.9.0 // indirect
+	github.com/labstack/echo v3.3.10+incompatible
+	github.com/labstack/gommon v0.3.0 // indirect
 	github.com/logrusorgru/aurora v2.0.3+incompatible
 	github.com/mattn/go-colorable v0.1.7 // indirect
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/spf13/cobra v1.0.0
 	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/tylerb/graceful v1.2.15
+	github.com/valyala/fasttemplate v1.2.0 // indirect
 	golang.org/x/net v0.0.0-20200707034311-ab3426394381 // indirect
 	golang.org/x/sys v0.0.0-20200806125547-5acd03effb82 // indirect
 )

pkg/server/model.go

@@ -0,0 +1,12 @@
+package server
+
+type Req struct {
+	URL string `json:"url"`
+	Options map[string]interface{} `json:"options"`
+}
+
+type Res struct {
+	Code int `json:"code"`
+	Msg string `json:"msg"`
+	Data map[string]interface{} `json:"data"`
+}

pkg/server/scan.go

@@ -0,0 +1,10 @@
+package server 
+
+import (
+	. "github.com/hahwul/dalfox/pkg/scanning"
+)
+
+// ScanFromAPI is scanning dalfox with REST API
+func ScanFromAPI(url string, options map[string]interface{}, optionsStr map[string]string, optionsBool map[string]bool){
+	Scan(url,optionsStr,optionsBool)
+}

pkg/server/server.go

@@ -0,0 +1,56 @@
+package server
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/tylerb/graceful"
+	"github.com/labstack/echo/middleware"
+	"github.com/labstack/echo"
+)
+
+func RunAPIServer(optionsStr map[string]string, optionsBool map[string]bool) {
+	e := echo.New()
+	e.Server.Addr = ":6664"
+	e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
+		XSSProtection:         "",
+		ContentTypeNosniff:    "",
+		XFrameOptions:         "",
+		HSTSMaxAge:            3600,
+		ContentSecurityPolicy: "default-src 'self'",
+	}))
+	e.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{
+		Format: "method=${method}, uri=${uri}, status=${status}\n",
+	}))
+	e.GET("/health", func(c echo.Context) error {
+		r := &Res{
+			Code: 200,
+			Msg: "ok",
+		}
+		return c.JSON(http.StatusOK,r)
+	})
+	e.GET("/scans", func(c echo.Context) error {
+		return c.String(http.StatusOK, "")
+	})
+	e.GET("/scan/:sid", func(c echo.Context) error {
+		return c.String(http.StatusOK, "")
+	})
+	e.POST("/scan", func(c echo.Context) error {
+		rq := new(Req)
+		if err := c.Bind(rq); err != nil{
+			r := &Res{
+				Code: 500,
+				Msg: "Parameter Bind error",
+			}
+			return c.JSON(http.StatusInternalServerError,r)
+		}
+		sid := GenerateRandomToken(rq.URL)
+		r := &Res{
+			Code: 200,
+			Msg: sid,
+		}
+		go ScanFromAPI(rq.URL, rq.Options, optionsStr,optionsBool)
+		return c.JSON(http.StatusOK,r)
+	})
+	graceful.ListenAndServe(e.Server, 5*time.Second)
+}

pkg/server/utils.go

@@ -0,0 +1,17 @@
+package server
+
+import (
+	"time"
+	"crypto/sha256"
+	"fmt"
+	"strconv"
+)
+
+// GenerateRandomToken is make scan id
+func GenerateRandomToken(url string) string {
+	now := time.Now()
+	nanos := now.UnixNano()
+	sum := sha256.Sum256([]byte(strconv.FormatInt(nanos,10)+url))
+	data := fmt.Sprintf("%x",string(sum[:]))
+	return data
+}