From 2fc1e13e205517cc0b93dc7ac96de4238bfdea2d Mon Sep 17 00:00:00 2001
From: LCJ-MinYa <1049468118@qq.com>
Date: Fri, 14 Mar 2025 17:43:22 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20xss=E8=8E=B7=E5=8F=96=E7=94=A8=E6=88=B7?=
 =?UTF-8?q?=E6=95=B0=E6=8D=AE=E5=90=8E=E6=AE=B5=E6=B5=8B=E8=AF=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 index.js      |  8 +++++++-
 module/xss.js | 23 +++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 module/xss.js

diff --git a/index.js b/index.js
index bb6c039..bfdaaf7 100644
--- a/index.js
+++ b/index.js
@@ -1,5 +1,6 @@
 import http from 'http';
 import sse from './module/sse.js';
+import xss from './module/xss.js';
 
 const server = http.createServer(async (req, res) => {
     // 设置 CORS 头
@@ -19,11 +20,16 @@ const server = http.createServer(async (req, res) => {
         return;
     }
 
+    if (req.url.startsWith('/xss/test')) {
+        xss(req, res);
+        return;
+    }
+
     res.writeHead(404);
     res.end();
 });
 
 // 监听端口
 server.listen(3000, () => {
-    console.log('SSE server is running at http://localhost:3000/events');
+    console.log('node server is running at http://localhost:3000');
 });
diff --git a/module/xss.js b/module/xss.js
new file mode 100644
index 0000000..2455b5e
--- /dev/null
+++ b/module/xss.js
@@ -0,0 +1,23 @@
+import url from 'url';
+
+export default async function (req, res) {
+    // 设置响应状态码和内容类型
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+
+    // 获取请求的 Cookies，这个只有相同域名才行，没有意义
+    const cookies = req.headers.cookie;
+    // 解析 URL 和查询参数
+    const parsedUrl = url.parse(req.url, true);
+    const queryParams = parsedUrl.query;
+
+    // 返回 JSON 数据
+    const responseData = {
+        message: '我已经获取到该用户的cookie了！',
+        cookies,
+        queryParams,
+        timestamp: new Date().toString(),
+    };
+
+    // 将数据写入响应体
+    res.end(JSON.stringify(responseData));
+}