Release 1.0.6

Author: saltify7

caido.config.ts

@@ -12,7 +12,7 @@ export default defineConfig({
   id,
   name: "Authify",
   description: "Plugin for seamless Authorization testing of user roles",
-  version: "0.1.5",
+  version: "0.1.6",
   author: {
     name: "Saltify",
     email: "saltify7@gmail.com",

packages/backend/src/index.ts

@@ -3,6 +3,7 @@ import { getFilterSettings, setFilterSettings, shouldFilterRequest, isPluginGene
 import { saveAuthHeaders, getAuthHeaders, getStoredAuthHeaders, sendHeadersToAuthify, applyHeadersToReplay } from "./auth-headers";
 import { setSelectedScope, getSelectedScope, getSelectedScopeInternal, setSelectedScopeInternal, isUrlInScope } from "./scopes";
 import { getResponseContentLength, compareResponses } from "./utils";
+import { saveMatchReplaceRules, getMatchReplaceRules, applyMatchReplaceRules, hasEnabledMatchReplaceRules } from "./match-replace";
 
 // Result type for safe error handling between backend and frontend
 export type Result<T> =
@@ -559,9 +560,20 @@ const modifyAndResendRequest = async (sdk: SDK<API, BackendEvents>, originalReqR
       sdk.console.log(`Modified header: ${name}: ${value}`);
     }
 
+    // Extract body from original request
+    const body = headerEndIndex < lines.length ? lines.slice(headerEndIndex + 1).join('\n') : '';
+
+    // Apply match & replace rules to the request body (if any rules are configured)
+    let modifiedBody = body;
+    if (hasEnabledMatchReplaceRules()) {
+      modifiedBody = applyMatchReplaceRules(body);
+      if (modifiedBody !== body) {
+        sdk.console.log(`Applied match & replace rules to request body`);
+      }
+    }
+
     // Reconstruct the modified request
     const requestLine = lines[0]; // GET /path HTTP/1.1
-    const body = headerEndIndex < lines.length ? lines.slice(headerEndIndex + 1).join('\n') : '';
 
     let modifiedReqRaw = requestLine + '\r\n';
 
@@ -572,8 +584,8 @@ const modifyAndResendRequest = async (sdk: SDK<API, BackendEvents>, originalReqR
 
     // Add empty line and body
     modifiedReqRaw += '\r\n';
-    if (body) {
-      modifiedReqRaw += body;
+    if (modifiedBody) {
+      modifiedReqRaw += modifiedBody;
     }
 
     // Convert raw request to RequestSpec and send
@@ -615,9 +627,9 @@ const modifyAndResendRequest = async (sdk: SDK<API, BackendEvents>, originalReqR
       }
     }
 
-    // Set body if present
-    if (body.trim()) {
-      spec.setBody(body);
+    // Set body if present (use modified body from match & replace)
+    if (modifiedBody.trim()) {
+      spec.setBody(modifiedBody);
     }
 
     // Send the request
@@ -819,6 +831,8 @@ export type API = DefineAPI<{
   sendHeadersToAuthify: typeof sendHeadersToAuthify;
   applyHeadersToReplay: typeof applyHeadersToReplay;
   getCurrentProjectId: typeof getCurrentProjectId;
+  saveMatchReplaceRules: typeof saveMatchReplaceRules;
+  getMatchReplaceRules: typeof getMatchReplaceRules;
 }>;
 
 export async function init(sdk: SDK<API, BackendEvents>) {
@@ -838,6 +852,8 @@ export async function init(sdk: SDK<API, BackendEvents>) {
   sdk.api.register("sendHeadersToAuthify", sendHeadersToAuthify);
   sdk.api.register("applyHeadersToReplay", applyHeadersToReplay);
   sdk.api.register("getCurrentProjectId", getCurrentProjectId);
+  sdk.api.register("saveMatchReplaceRules", saveMatchReplaceRules);
+  sdk.api.register("getMatchReplaceRules", getMatchReplaceRules);
 
   // Register event listener for intercepted responses (event-driven approach)
   sdk.events.onInterceptResponse(async (sdk, request, response) => {

packages/backend/src/match-replace.ts

@@ -0,0 +1,73 @@
+import type { DefineAPI, SDK } from "caido:plugin";
+
+// Result type for safe error handling between backend and frontend
+export type Result<T> =
+  | { kind: "Error"; error: string }
+  | { kind: "Ok"; value: T };
+
+// Match & Replace rule type
+export type MatchReplaceRule = {
+  id: string;
+  match: string;
+  replace: string;
+  enabled: boolean;
+};
+
+// Match & Replace state
+let storedMatchReplaceRules: MatchReplaceRule[] = [];
+
+// Save match & replace rules to memory
+export const saveMatchReplaceRules = (sdk: SDK, rules: MatchReplaceRule[]): Result<void> => {
+  storedMatchReplaceRules = rules;
+  sdk.console.log(`Match & replace rules saved (${rules.length} rules)`);
+  return { kind: "Ok", value: undefined };
+};
+
+// Get stored match & replace rules
+export const getMatchReplaceRules = (sdk: SDK): Result<MatchReplaceRule[]> => {
+  return { kind: "Ok", value: storedMatchReplaceRules };
+};
+
+// Get stored match & replace rules for internal use (without SDK parameter)
+export const getStoredMatchReplaceRules = (): MatchReplaceRule[] => {
+  return storedMatchReplaceRules;
+};
+
+// Apply match & replace rules to request body
+export const applyMatchReplaceRules = (body: string): string => {
+  if (!body || body.trim() === '') {
+    return body;
+  }
+
+  let modifiedBody = body;
+  const enabledRules = storedMatchReplaceRules.filter(rule => rule.enabled && rule.match.trim() !== '');
+  
+  for (const rule of enabledRules) {
+    try {
+      // Use global replace to replace all occurrences
+      const regex = new RegExp(escapeRegExp(rule.match), 'g');
+      modifiedBody = modifiedBody.replace(regex, rule.replace);
+    } catch (error) {
+      // If regex creation fails, fall back to simple string replacement
+      modifiedBody = modifiedBody.replace(new RegExp(rule.match.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'), 'g'), rule.replace);
+    }
+  }
+  
+  return modifiedBody;
+};
+
+// Helper function to escape special regex characters for literal string matching
+const escapeRegExp = (string: string): string => {
+  return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+};
+
+// Check if any match & replace rules are configured and enabled
+export const hasEnabledMatchReplaceRules = (): boolean => {
+  return storedMatchReplaceRules.some(rule => rule.enabled && rule.match.trim() !== '');
+};
+
+// API type definition for match & replace functions
+export type MatchReplaceAPI = DefineAPI<{
+  saveMatchReplaceRules: typeof saveMatchReplaceRules;
+  getMatchReplaceRules: typeof getMatchReplaceRules;
+}>;

packages/frontend/src/configs/auth-config.ts

@@ -0,0 +1,112 @@
+import { ref } from "vue";
+import { useSDK } from "@/plugins/sdk";
+import { StorageManager } from "@/utils/storage";
+
+export class AuthConfigManager {
+  private sdk: ReturnType<typeof useSDK>;
+  private storage: StorageManager;
+  
+  // Auth config state
+  public authHeaders = ref<string>("");
+
+  constructor(sdk: ReturnType<typeof useSDK>, storage: StorageManager) {
+    this.sdk = sdk;
+    this.storage = storage;
+  }
+
+  // Function to refresh auth config (can be called manually or on project change)
+  async refreshAuthConfig() {
+    console.log("Refreshing auth config");
+    try {
+      // Store the current auth headers before refreshing
+      const currentAuthHeaders = this.authHeaders.value;
+      
+      // Load project-specific auth config
+      await this.loadProjectAuthConfig();
+      
+      // Return a flag to indicate that traffic should be cleared if auth changed
+      const authChanged = currentAuthHeaders !== this.authHeaders.value;
+      return { shouldClearTraffic: authChanged };
+      
+    } catch (error) {
+      console.warn("Error refreshing auth config:", error);
+      this.sdk.window.showToast("Failed to refresh auth config", { variant: "error" });
+      return { shouldClearTraffic: false };
+    }
+  }
+
+  // Save auth headers to storage (project-specific)
+  async saveAuthHeaders() {
+    const result = await this.sdk.backend.getCurrentProjectId();
+    if (result.kind === "Ok") {
+      await this.storage.saveProjectAuthHeaders(this.authHeaders.value, result.value);
+    } else {
+      console.warn("Could not get project ID for auth headers storage:", result.error);
+    }
+  }
+
+  // Clear stored auth headers from storage (project-specific)
+  async clearStoredAuthHeaders() {
+    const result = await this.sdk.backend.getCurrentProjectId();
+    if (result.kind === "Ok") {
+      await this.storage.clearProjectAuthHeaders(result.value);
+    } else {
+      console.warn("Could not get project ID for auth headers clearing:", result.error);
+    }
+  }
+
+  // Function to load project-specific auth config
+  async loadProjectAuthConfig() {
+    try {
+      // Get current project ID and load project-specific auth headers
+      const result = await this.sdk.backend.getCurrentProjectId();
+      if (result.kind === "Ok") {
+        const storedAuthHeaders = await this.storage.loadProjectAuthHeaders(result.value);
+        if (storedAuthHeaders !== null) {
+          this.authHeaders.value = storedAuthHeaders;
+          console.log("Restored previously saved auth headers for project:", result.value);
+          
+          // Sync the loaded auth headers with the backend
+          const backendResult = await this.sdk.backend.saveAuthHeaders(storedAuthHeaders);
+          if (backendResult.kind === "Error") {
+            console.warn("Failed to sync auth headers with backend:", backendResult.error);
+            this.sdk.window.showToast("Failed to sync auth headers with backend", { variant: "warning" });
+          } else {
+            console.log("Successfully synced auth headers with backend");
+          }
+        } else {
+          // No stored auth headers, default to empty and sync with backend
+          this.authHeaders.value = "";
+          console.log("No stored auth headers for project, defaulting to empty");
+          
+          // Sync empty auth headers with backend
+          const backendResult = await this.sdk.backend.saveAuthHeaders("");
+          if (backendResult.kind === "Error") {
+            console.warn("Failed to sync empty auth headers with backend:", backendResult.error);
+          }
+        }
+      } else {
+        console.warn("Could not get project ID for auth headers loading:", result.error);
+        // No project ID available, default to empty
+        this.authHeaders.value = "";
+      }
+    } catch (error) {
+      console.warn('Could not load project auth config:', error);
+      this.sdk.window.showToast('Could not load project auth config', { variant: "error" });
+      // Fallback to empty
+      this.authHeaders.value = "";
+    }
+  }
+
+  // Function to handle auth headers changes and notify backend
+  async handleAuthHeadersChange(newAuthHeaders: string) {
+    // Save to backend
+    const result = await this.sdk.backend.saveAuthHeaders(newAuthHeaders);
+    if (result.kind === "Error") {
+      this.sdk.window.showToast(`Failed to save auth headers: ${result.error}`, { variant: "error" });
+    } else {
+      // Save the new auth headers to storage
+      await this.saveAuthHeaders();
+    }
+  }
+}