webuipoc: add react based UI

[Moeez905]

No description provided.

[github-actions]

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

[Moeez905]

Tailwind-CSS integrated in this React App

[thc202]

Please create a pull request from a personal repo, otherwise we aren't able to push.

[njmulsqb]

Please create a pull request from a personal repo, otherwise we aren't able to push.

Earlier I have got PRs merged from Tecvity's fork; is this a recent change?

[thc202]

It's not about merging the PR but pushing to the PR's branch.

[njmulsqb]

I see, are you guys also willing to contribute to Web GUI?

[thc202]

Yes not only contribute but maintain too.

[Moeez905]

Please create a pull request from a personal repo, otherwise we aren't able to push.

I have made a new fork on personal repository, now should I make another PR from new fork after closing this PR?

[thc202]

Since this is near ready I'd keep as is and for following PRs use the new fork.

[thc202]

Should be updated to pick/use #5446.

[njmulsqb]

Should be updated to pick/use #5446.

Done

[psiinon]

Does it still need to disable the CSP, if so, are the errors as before?
Ideally I'd like to see at least one working ZAP API call, even if it is just to get the top level domains from the sites tree.

[psiinon]

Shouldnt need to specify http://localhost:1337/ - the API should be on the same host:port
If its not then it will fail anyway..

[njmulsqb]

While developing locally, the React development environment runs on http://localhost:8000 so we need to specify the URL. How can it be ruled out during development?
Yes, I agree once build is deployed, specifying the domain isn't required as it will be on same host:port but thats not the case while developing (even we've to disable CORS temporarily for cross communication)

[Moeez905]

We've prepared a React app. It calls the API endpoint JSON/core/view/childNodes and prints data using an onClick function (just for POC)
Its ready to be merged.

[psiinon]

Hardcoded URLs must not be used for ZAP API calls, and the CSP must not be disabled.
You can do what you like locally, and run time settings are fine, but the default out-of-the-box experience must be secure.

[njmulsqb]

CSP is not disabled anymore. As for hard-coded URLs so we can use a separate config file that defines the URLs (in-fact there are more code improvements that can be done but thats in my plan in upcoming PRs since this is not the final one)

The concern is, how can do development in the local environment with cross-origin i.e. from localhost:8000 (React's default server) if you just want to specify the endpoint and not host and port?

[psiinon]

I dont mind how development is done, as long as when the code is checked in it uses the correct relative paths.

[njmulsqb]

I dont mind how development is done, as long as when the code is checked in it uses the correct relative paths.

f276aa0 should handle this

[psiinon]

Why are the React icons being added? They dont appear to be being used, and we wont need them in the future.
Not a big problem, just seem unnecessary..

[njmulsqb]

@Moeez905 please remove unused logos

[psiinon]

All JS files (and CSS?) should include the std ZAP header.
e.g. as per https://github.com/zaproxy/zap-extensions/blob/main/addOns/webuipoc/src/main/java/org/zaproxy/addon/webuipoc/ExtensionWebUiPoc.java

[psiinon]

For now this is ok, but for future PRs all text should be i18n'ed

[psiinon]

Whats this file for?

[njmulsqb]

For writing unit tests, actually we've created this boilerplate using https://create-react-app.dev/ so everything comes packaged.

We can/should write unit tests in this file in future PRs

[Moeez905]

@Moeez905 please remove unused logos

Removed.

[njmulsqb]

PR is ready to be reviewed.

[ricekot]

Thanks!

[thc202]

Thank you both!