slight changes to myapp, to support more decoy examples

README.md

@@ -199,7 +199,7 @@ The decoy we just added might trigger if your application is scanned by bots, bu
 
 `docker-compose up --build`
 
-5. visit `http://localhost:8000/login`. Login as **bob/bob**. Press `CTRL-SHIFT-I` to open the developer tools and navigate to the 'storage' tab. Notice how, upon login, a 'role=user' cookie was injected into your cookie jar.
+5. visit `http://localhost:8000/login`. Login as **bob@myapp.com/bob**. Press `CTRL-SHIFT-I` to open the developer tools and navigate to the 'storage' tab. Notice how, upon login, a 'role=user' cookie was injected into your cookie jar.
 
 ![injected role cookie](./assets/cookie.png)
 
@@ -233,7 +233,7 @@ Cloud active defense complements existing solutions such as Intrusion Detection
 Myapp is a demo application which can be used to test how decoys work. It is a simplistic web application with the following features:
   * `GET /` : the front page, displays 'welcome' if you're not authenticated. Displays a static 'dashboard' page otherwise.
   * `GET /login` : a form displaying a login field, a password field, and a submit button.
-  * `POST /login` : checks if username is 'bob' and password is 'bob'. It not, sends an error message. If yes, authenticates by setting a (hardcoded) 'SESSION' cookie
+  * `POST /login` : checks if username is 'bob@myapp.com' and password is 'bob'. It not, sends an error message. If yes, authenticates by setting a (hardcoded) 'SESSION' cookie
 
 There is no logout mechanism. Delete the SESSION cookie to log out.
 

myapp/Dockerfile

@@ -4,6 +4,7 @@ RUN npm install express
 RUN npm install body-parser
 RUN npm install cookie-parser
 ADD myapp.js /usr/app/myapp.js
+ADD files/script.js /usr/app/files/script.js
 USER nobody
 EXPOSE 3000
 CMD [ "node", "myapp.js" ]

myapp/files/script.js

@@ -0,0 +1,22 @@
+document.addEventListener('DOMContentLoaded', function() {
+    const welcomeText = document.querySelector('.full-width');
+
+    welcomeText.addEventListener('mouseover', function(event) {
+      const target = event.target;
+      if (target.classList.contains('letter')) {
+        target.style.color = 'red'; // Change the color of the letter hovered over
+      } else {
+        welcomeText.style.color = 'red'; // Change the color of the whole text
+      }
+    });
+
+    welcomeText.addEventListener('mouseout', function(event) {
+      const target = event.target;
+      if (target.classList.contains('letter')) {
+        target.style.color = ''; // Reset the color of the letter
+      } else {
+        welcomeText.style.color = ''; // Reset the color of the whole text
+      }
+    });
+  });
+

myapp/myapp.js

@@ -8,9 +8,12 @@ app.use(bodyParser.urlencoded({ extended: true }));
 app.use(cookieParser());
 
 const homepage=`
-<div class="full-width">Welcome</div>
+<div class="full-width">
+  ${'WELCOME'.split('').map(letter => `<span class="letter">${letter}</span>`).join('')}
+</div>
 <div align="center"><button type="button" onclick="window.location.href='/login'">Login</button></div>
-`
+<script src="/script.js"></script>
+`;
 
 const css = `
 <style>
@@ -22,7 +25,7 @@ body {
 .full-width {
   width: 100%;
   text-align: center;
-  font-size: 22vw;
+  font-size: 15vw;
   margin-top: 100px;
 }
 
@@ -136,7 +139,7 @@ app.get('/login', (req, res) => {
   res.send(`
     <h1>Login</h1>
     <form method="POST">
-      <input type="text" name="username" placeholder="Username" />
+      <input type="text" name="username" placeholder="Username" pattern="[^@\\s]+@[^@\\s]+\\.[^@\\s]+" title="Invalid email address" />
       <input type="password" name="password" placeholder="Password" />
       <button type="submit">Sign In</button>
     </form>
@@ -150,7 +153,7 @@ app.post('/login', (req, res) => {
   const { username, password } = req.body;
 
   // Check if the username and password are valid
-  if (username === 'bob' && password === 'bob') {
+  if (username === 'bob@myapp.com' && password === 'bob') {
     // Valid credentials, set session cookie
     res.cookie('SESSION', "c32272b9-99d8-4687-b57e-a606952ae870", {
       httpOnly: true,