cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gophish/controllers/route.go

353 lines
11 KiB
Go
Raw Normal View History

Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package
2014-01-09 06:42:05 +00:00
package controllers
Initial commit - getting the ball rolling!
2013-12-03 04:56:55 +00:00
import (
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
"compress/gzip"
"context"
Updates the tls.Config of the phishing and admin servers to support TLS 1.2 as the minimum TLS version. This addresses #1691 and #1689. I am making this change since Microsoft, Google, and Apple have all chosen to deprecate TLS 1.0 and TLS 1.1 in early 2020. In late 2018, the companies recorded that less than 1.4 percent (max) of their connections used < TLS 1.2. Output before change: ``` docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333 Testing protocols via sockets except NPN+ALPN SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 offered (deprecated) TLS 1.1 offered (deprecated) TLS 1.2 offered (OK) TLS 1.3 offered (OK): final NPN/SPDY h2, http/1.1 (advertised) ALPN/HTTP2 h2, http/1.1 (offered) ``` Output after change: ``` docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333 Testing protocols via sockets except NPN+ALPN SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 not offered TLS 1.1 not offered TLS 1.2 offered (OK) TLS 1.3 offered (OK): final NPN/SPDY h2, http/1.1 (advertised) ALPN/HTTP2 h2, http/1.1 (offered) ```
2019-12-12 01:52:41 +00:00
"crypto/tls"
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config
2014-01-06 06:09:41 +00:00
"html/template"
"net/http"
Adding "next" parameter to support redirecting after successful login.
2017-12-11 03:40:46 +00:00
"net/url"
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
"time"
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config
2014-01-06 06:09:41 +00:00
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
"github.com/NYTimes/gziphandler"
Update bcrypt dependency and code moved to gophish group
2016-01-10 17:03:17 +00:00
"github.com/gophish/gophish/auth"
Added the version to the settings page.
2016-08-06 23:58:34 +00:00
"github.com/gophish/gophish/config"
Fixing context issues with Go 1.7.
2016-09-15 03:24:51 +00:00
ctx "github.com/gophish/gophish/context"
Refactoring API into separate package for easier management. (#1411)
2019-03-27 03:17:20 +00:00
"github.com/gophish/gophish/controllers/api"
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future.
2018-05-04 00:07:41 +00:00
log "github.com/gophish/gophish/logger"
Update bcrypt dependency and code moved to gophish group
2016-01-10 17:03:17 +00:00
mid "github.com/gophish/gophish/middleware"
"github.com/gophish/gophish/models"
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
"github.com/gophish/gophish/util"
"github.com/gophish/gophish/worker"
Fixing context issues with Go 1.7.
2016-09-15 03:24:51 +00:00
"github.com/gorilla/csrf"
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
"github.com/gorilla/handlers"
Added ability to send a test email before launching a campaign
2016-01-25 02:03:53 +00:00
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
"github.com/jordan-wright/unindexed"
Initial commit - getting the ball rolling!
2013-12-03 04:56:55 +00:00
)
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
// AdminServerOption is a functional option that is used to configure the
// admin server
type AdminServerOption func(*AdminServer)
// AdminServer is an HTTP server that implements the administrative Gophish
// handlers, including the dashboard and REST API.
type AdminServer struct {
server *http.Server
worker worker.Worker
config config.AdminServer
}
Updated the TLS configuration. This commit removes support for the TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA and TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ciphers. It also removes support for CurveP384. This is to match up with recommendations given by Cloudflare [0], Mozilla (the "Intermediate" compatibility) [1], and referencing the default ciphers in Caddy [2]. [0] https://blog.cloudflare.com/exposing-go-on-the-internet/ [1] https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 [2] https://github.com/caddyserver/caddy/blob/008415f206dec7c72c3b0abe36d5a40213abb7a2/caddytls/config.go#L492 Here is the diff of running testssl against the old and new configurations: ``` git diff --no-index -- old.txt new.txt diff --git a/old.txt b/new.txt index fc624a1..53d0c97 100644 --- a/old.txt +++ b/new.txt @@ -13,11 +13,11 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna ########################################################### Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers] - on 4831dc55e53f:$PWD/bin/openssl.Linux.x86_64 + on 41ae723da66a:$PWD/bin/openssl.Linux.x86_64 (built: "Jan 18 17:12:17 2019", platform: "linux-x86_64") - Start 2020-03-28 02:54:41 -->> 192.168.65.2:3333 (host.docker.internal) <<-- + Start 2020-03-28 03:15:21 -->> 192.168.65.2:3333 (host.docker.internal) <<-- rDNS (192.168.65.2): -- Service detected: HTTP @@ -41,15 +41,14 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna Export ciphers (w/o ADH+NULL) not offered (OK) LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK) Triple DES Ciphers / IDEA not offered (OK) - Obsolete: SEED + 128+256 Bit CBC cipher offered + Obsolete: SEED + 128+256 Bit CBC cipher not offered Strong encryption (AEAD ciphers) offered (OK) Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 - PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA - Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 + PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 + Elliptic curves offered: prime256v1 X25519 Testing server preferences @@ -58,7 +57,7 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna Negotiated protocol TLSv1.3 Negotiated cipher TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) Cipher order - TLSv1.2: ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA + TLSv1.2: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.3: TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_256_GCM_SHA384 @@ -125,7 +124,7 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna no RSA certificate, thus certificate can't be used with SSLv2 elsewhere LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) no SSL3 or TLS1 (OK) - LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches + LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) @@ -136,50 +135,48 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384 x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256 xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches + LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) @@ -136,50 +135,48 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384 x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256 xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Running client simulations (HTTP) via sockets - Android 4.4.2 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) + Android 4.4.2 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) Android 5.0.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Android 6.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - Android 7.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) - Android 8.1 (native) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) + Android 7.0 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) + Android 8.1 (native) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) Android 9.0 (native) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) - Chrome 65 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) + Chrome 65 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) Chrome 74 (Win 10) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) - Firefox 62 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) + Firefox 62 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) IE 6 XP No connection IE 8 Win 7 No connection IE 8 XP No connection - IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) - Edge 17 (Win 10) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) + IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) + Edge 17 (Win 10) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) Opera 60 (Win 10) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) - Safari 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - Safari 9 OS X 10.11 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - Safari 10 OS X 10.12 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) + Safari 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + Safari 9 OS X 10.11 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + Safari 10 OS X 10.12 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) Safari 12.1 (iOS 12.2) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) - Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) + Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) Java 6u45 No connection Java 7u25 No connection - Java 8u161 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) + Java 8u161 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_128_GCM_SHA256, 256 bit ECDH (P-256) Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_128_GCM_SHA256, 256 bit ECDH (P-256) - OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - OpenSSL 1.1.0j (Debian) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) + OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + OpenSSL 1.1.0j (Debian) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) OpenSSL 1.1.1b (Debian) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) Thunderbird (60.6) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) - Done 2020-03-28 02:57:48 [ 189s] -->> 192.168.65.2:3333 (host.docker.internal) <<-- + Done 2020-03-28 03:17:25 [ 128s] -->> 192.168.65.2:3333 (host.docker.internal) <<-- ``` Fixes #1698
2020-03-28 03:25:18 +00:00
var defaultTLSConfig = &tls.Config{
PreferServerCipherSuites: true,
CurvePreferences: []tls.CurveID{
tls.X25519,
tls.CurveP256,
},
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// Kept for backwards compatibility with some clients
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
},
}
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
// WithWorker is an option that sets the background worker.
func WithWorker(w worker.Worker) AdminServerOption {
return func(as *AdminServer) {
as.worker = w
}
}
// NewAdminServer returns a new instance of the AdminServer with the
// provided config and options applied.
func NewAdminServer(config config.AdminServer, options ...AdminServerOption) *AdminServer {
defaultWorker, _ := worker.New()
defaultServer := &http.Server{
ReadTimeout: 10 * time.Second,
Addr: config.ListenURL,
}
as := &AdminServer{
worker: defaultWorker,
server: defaultServer,
config: config,
}
for _, opt := range options {
opt(as)
}
as.registerRoutes()
return as
}
// Start launches the admin server, listening on the configured address.
Will exit on port binding failure (#1635)
2019-10-29 02:38:59 +00:00
func (as *AdminServer) Start() {
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
if as.worker != nil {
go as.worker.Start()
}
if as.config.UseTLS {
Updates the tls.Config of the phishing and admin servers to support TLS 1.2 as the minimum TLS version. This addresses #1691 and #1689. I am making this change since Microsoft, Google, and Apple have all chosen to deprecate TLS 1.0 and TLS 1.1 in early 2020. In late 2018, the companies recorded that less than 1.4 percent (max) of their connections used < TLS 1.2. Output before change: ``` docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333 Testing protocols via sockets except NPN+ALPN SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 offered (deprecated) TLS 1.1 offered (deprecated) TLS 1.2 offered (OK) TLS 1.3 offered (OK): final NPN/SPDY h2, http/1.1 (advertised) ALPN/HTTP2 h2, http/1.1 (offered) ``` Output after change: ``` docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333 Testing protocols via sockets except NPN+ALPN SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 not offered TLS 1.1 not offered TLS 1.2 offered (OK) TLS 1.3 offered (OK): final NPN/SPDY h2, http/1.1 (advertised) ALPN/HTTP2 h2, http/1.1 (offered) ```
2019-12-12 01:52:41 +00:00
// Only support TLS 1.2 and above - ref #1691, #1689
Updated the TLS configuration. This commit removes support for the TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA and TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ciphers. It also removes support for CurveP384. This is to match up with recommendations given by Cloudflare [0], Mozilla (the "Intermediate" compatibility) [1], and referencing the default ciphers in Caddy [2]. [0] https://blog.cloudflare.com/exposing-go-on-the-internet/ [1] https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 [2] https://github.com/caddyserver/caddy/blob/008415f206dec7c72c3b0abe36d5a40213abb7a2/caddytls/config.go#L492 Here is the diff of running testssl against the old and new configurations: ``` git diff --no-index -- old.txt new.txt diff --git a/old.txt b/new.txt index fc624a1..53d0c97 100644 --- a/old.txt +++ b/new.txt @@ -13,11 +13,11 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna ########################################################### Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers] - on 4831dc55e53f:$PWD/bin/openssl.Linux.x86_64 + on 41ae723da66a:$PWD/bin/openssl.Linux.x86_64 (built: "Jan 18 17:12:17 2019", platform: "linux-x86_64") - Start 2020-03-28 02:54:41 -->> 192.168.65.2:3333 (host.docker.internal) <<-- + Start 2020-03-28 03:15:21 -->> 192.168.65.2:3333 (host.docker.internal) <<-- rDNS (192.168.65.2): -- Service detected: HTTP @@ -41,15 +41,14 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna Export ciphers (w/o ADH+NULL) not offered (OK) LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK) Triple DES Ciphers / IDEA not offered (OK) - Obsolete: SEED + 128+256 Bit CBC cipher offered + Obsolete: SEED + 128+256 Bit CBC cipher not offered Strong encryption (AEAD ciphers) offered (OK) Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 - PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA - Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 + PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 + Elliptic curves offered: prime256v1 X25519 Testing server preferences @@ -58,7 +57,7 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna Negotiated protocol TLSv1.3 Negotiated cipher TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) Cipher order - TLSv1.2: ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA + TLSv1.2: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.3: TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_256_GCM_SHA384 @@ -125,7 +124,7 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna no RSA certificate, thus certificate can't be used with SSLv2 elsewhere LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) no SSL3 or TLS1 (OK) - LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches + LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) @@ -136,50 +135,48 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384 x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256 xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches + LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) @@ -136,50 +135,48 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384 x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256 xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Running client simulations (HTTP) via sockets - Android 4.4.2 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) + Android 4.4.2 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) Android 5.0.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Android 6.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - Android 7.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) - Android 8.1 (native) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) + Android 7.0 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) + Android 8.1 (native) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) Android 9.0 (native) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) - Chrome 65 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) + Chrome 65 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) Chrome 74 (Win 10) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) - Firefox 62 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) + Firefox 62 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) IE 6 XP No connection IE 8 Win 7 No connection IE 8 XP No connection - IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) - Edge 17 (Win 10) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) + IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) + Edge 17 (Win 10) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) Opera 60 (Win 10) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) - Safari 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - Safari 9 OS X 10.11 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - Safari 10 OS X 10.12 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) + Safari 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + Safari 9 OS X 10.11 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + Safari 10 OS X 10.12 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) Safari 12.1 (iOS 12.2) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) - Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) + Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) Java 6u45 No connection Java 7u25 No connection - Java 8u161 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) + Java 8u161 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_128_GCM_SHA256, 256 bit ECDH (P-256) Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_128_GCM_SHA256, 256 bit ECDH (P-256) - OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - OpenSSL 1.1.0j (Debian) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) + OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) + OpenSSL 1.1.0j (Debian) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) OpenSSL 1.1.1b (Debian) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) Thunderbird (60.6) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519) - Done 2020-03-28 02:57:48 [ 189s] -->> 192.168.65.2:3333 (host.docker.internal) <<-- + Done 2020-03-28 03:17:25 [ 128s] -->> 192.168.65.2:3333 (host.docker.internal) <<-- ``` Fixes #1698
2020-03-28 03:25:18 +00:00
as.server.TLSConfig = defaultTLSConfig
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
err := util.CheckAndCreateSSL(as.config.CertPath, as.config.KeyPath)
if err != nil {
log.Fatal(err)
}
log.Infof("Starting admin server at https://%s", as.config.ListenURL)
Will exit on port binding failure (#1635)
2019-10-29 02:38:59 +00:00
log.Fatal(as.server.ListenAndServeTLS(as.config.CertPath, as.config.KeyPath))
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
}
// If TLS isn't configured, just listen on HTTP
log.Infof("Starting admin server at http://%s", as.config.ListenURL)
Will exit on port binding failure (#1635)
2019-10-29 02:38:59 +00:00
log.Fatal(as.server.ListenAndServe())
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
}
// Shutdown attempts to gracefully shutdown the server.
func (as *AdminServer) Shutdown() error {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
defer cancel()
return as.server.Shutdown(ctx)
}
// SetupAdminRoutes creates the routes for handling requests to the web interface.
Moved models.Result into its own file Added initial dashboard template (some updates and changes will be needed) Added some documentation
2014-07-02 01:32:34 +00:00
// This function returns an http.Handler to be used in http.ListenAndServe().
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
func (as *AdminServer) registerRoutes() {
Initial commit - getting the ball rolling!
2013-12-03 04:56:55 +00:00
router := mux.NewRouter()
// Base Front-end routes
Implement User Management API (#1473) This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 18:58:18 +00:00
router.HandleFunc("/", mid.Use(as.Base, mid.RequireLogin))
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
router.HandleFunc("/login", as.Login)
Implement User Management API (#1473) This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 18:58:18 +00:00
router.HandleFunc("/logout", mid.Use(as.Logout, mid.RequireLogin))
router.HandleFunc("/campaigns", mid.Use(as.Campaigns, mid.RequireLogin))
router.HandleFunc("/campaigns/{id:[0-9]+}", mid.Use(as.CampaignID, mid.RequireLogin))
router.HandleFunc("/templates", mid.Use(as.Templates, mid.RequireLogin))
router.HandleFunc("/groups", mid.Use(as.Groups, mid.RequireLogin))
router.HandleFunc("/landing_pages", mid.Use(as.LandingPages, mid.RequireLogin))
router.HandleFunc("/sending_profiles", mid.Use(as.SendingProfiles, mid.RequireLogin))
router.HandleFunc("/settings", mid.Use(as.Settings, mid.RequireLogin))
router.HandleFunc("/users", mid.Use(as.UserManagement, mid.RequirePermission(models.PermissionModifySystem), mid.RequireLogin))
Add Webhook Support Adds support for managing outgoing webhooks. Closes #1602
2019-12-16 02:27:21 +00:00
router.HandleFunc("/webhooks", mid.Use(as.Webhooks, mid.RequirePermission(models.PermissionModifySystem), mid.RequireLogin))
Initial commit - getting the ball rolling!
2013-12-03 04:56:55 +00:00
// Create the API routes
Refactoring API into separate package for easier management. (#1411)
2019-03-27 03:17:20 +00:00
api := api.NewServer(api.WithWorker(as.worker))
router.PathPrefix("/api/").Handler(api)
Initial commit - getting the ball rolling!
2013-12-03 04:56:55 +00:00
Cleaned up csrf exemptions Cleaned up models Added UNIQUE constraint on many-many tables Added form parsing/ userid from API key lookup in middleware
2014-02-04 21:23:09 +00:00
// Setup static file serving
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
router.PathPrefix("/").Handler(http.FileServer(unindexed.Dir("./static/")))
Updated README Added CSRF Protection to login, /api/reset functions Added auto highlighting of API key when clicked
2014-02-03 23:21:56 +00:00
Cleaned up csrf exemptions Cleaned up models Added UNIQUE constraint on many-many tables Added form parsing/ userid from API key lookup in middleware
2014-02-04 21:23:09 +00:00
// Setup CSRF Protection
Added optional csrf_key to config to better support H/A configurations. Fixes #1816. Fixes #1820.
2020-04-24 04:16:44 +00:00
csrfKey := []byte(as.config.CSRFKey)
if len(csrfKey) == 0 {
csrfKey = []byte(util.GenerateSecureKey())
}
csrfHandler := csrf.Protect(csrfKey,
Fixing context issues with Go 1.7.
2016-09-15 03:24:51 +00:00
csrf.FieldName("csrf_token"),
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
csrf.Secure(as.config.UseTLS))
adminHandler := csrfHandler(router)
Implement User Management API (#1473) This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 18:58:18 +00:00
adminHandler = mid.Use(adminHandler.ServeHTTP, mid.CSRFExceptions, mid.GetContext)
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
// Setup GZIP compression
gzipWrapper, _ := gziphandler.NewGzipLevelHandler(gzip.BestCompression)
adminHandler = gzipWrapper(adminHandler)
// Setup logging
adminHandler = handlers.CombinedLoggingHandler(log.Writer(), adminHandler)
as.server.Handler = adminHandler
Added http handler for phishing endpoint - Will add content soon Updated config.go to reflect the new changes
2014-06-29 21:44:16 +00:00
}
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
type templateParams struct {
Initial commit of RBAC support. (#1366) * Initial commit of RBAC support. Closes #1333
2019-02-20 02:33:50 +00:00
Title string
Flashes []interface{}
User models.User
Token string
Version string
ModifySystem bool
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
}
// newTemplateParams returns the default template parameters for a user and
// the CSRF token.
func newTemplateParams(r *http.Request) templateParams {
Initial commit of RBAC support. (#1366) * Initial commit of RBAC support. Closes #1333
2019-02-20 02:33:50 +00:00
user := ctx.Get(r, "user").(models.User)
modifySystem, _ := user.HasPermission(models.PermissionModifySystem)
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
return templateParams{
Initial commit of RBAC support. (#1366) * Initial commit of RBAC support. Closes #1333
2019-02-20 02:33:50 +00:00
Token: csrf.Token(r),
User: user,
ModifySystem: modifySystem,
Version: config.Version,
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
}
}
Time to get back to work - starting with some simple comment fixes.
2015-01-28 23:56:56 +00:00
// Base handles the default path and template execution
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
func (as *AdminServer) Base(w http.ResponseWriter, r *http.Request) {
params := newTemplateParams(r)
params.Title = "Dashboard"
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality
2014-01-30 21:08:14 +00:00
getTemplate(w, "dashboard").ExecuteTemplate(w, "base", params)
Initial commit - getting the ball rolling!
2013-12-03 04:56:55 +00:00
}
Re-organizing files to use Jquery instead of Angular
2015-06-15 21:49:16 +00:00
// Campaigns handles the default path and template execution
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
func (as *AdminServer) Campaigns(w http.ResponseWriter, r *http.Request) {
params := newTemplateParams(r)
params.Title = "Campaigns"
Re-organizing files to use Jquery instead of Angular
2015-06-15 21:49:16 +00:00
getTemplate(w, "campaigns").ExecuteTemplate(w, "base", params)
}
// CampaignID handles the default path and template execution
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
func (as *AdminServer) CampaignID(w http.ResponseWriter, r *http.Request) {
params := newTemplateParams(r)
params.Title = "Campaign Results"
Re-organizing files to use Jquery instead of Angular
2015-06-15 21:49:16 +00:00
getTemplate(w, "campaign_results").ExecuteTemplate(w, "base", params)
}
// Templates handles the default path and template execution
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
func (as *AdminServer) Templates(w http.ResponseWriter, r *http.Request) {
params := newTemplateParams(r)
params.Title = "Email Templates"
Re-organizing files to use Jquery instead of Angular
2015-06-15 21:49:16 +00:00
getTemplate(w, "templates").ExecuteTemplate(w, "base", params)
}
Implement User Management API (#1473) This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 18:58:18 +00:00
// Groups handles the default path and template execution
func (as *AdminServer) Groups(w http.ResponseWriter, r *http.Request) {
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
params := newTemplateParams(r)
params.Title = "Users & Groups"
Implement User Management API (#1473) This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 18:58:18 +00:00
getTemplate(w, "groups").ExecuteTemplate(w, "base", params)
Re-organizing files to use Jquery instead of Angular
2015-06-15 21:49:16 +00:00
}
// LandingPages handles the default path and template execution
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
func (as *AdminServer) LandingPages(w http.ResponseWriter, r *http.Request) {
params := newTemplateParams(r)
params.Title = "Landing Pages"
Re-organizing files to use Jquery instead of Angular
2015-06-15 21:49:16 +00:00
getTemplate(w, "landing_pages").ExecuteTemplate(w, "base", params)
}
Created routes, template, js for sending_profiles page
2016-02-20 23:15:34 +00:00
// SendingProfiles handles the default path and template execution
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
func (as *AdminServer) SendingProfiles(w http.ResponseWriter, r *http.Request) {
params := newTemplateParams(r)
params.Title = "Sending Profiles"
gofmt'ing
2016-02-22 03:09:14 +00:00
getTemplate(w, "sending_profiles").ExecuteTemplate(w, "base", params)
Created routes, template, js for sending_profiles page
2016-02-20 23:15:34 +00:00
}
Time to get back to work - starting with some simple comment fixes.
2015-01-28 23:56:56 +00:00
// Settings handles the changing of settings
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
func (as *AdminServer) Settings(w http.ResponseWriter, r *http.Request) {
Implemented ChangePassword() (now password can be changed from /settings) A couple of UI fixes in tables
2014-02-10 19:02:44 +00:00
switch {
Migrated settings (at least it loads). Working on making the template syntax consistent across all the files, cleaning them up, etc.
2015-06-21 21:10:47 +00:00
case r.Method == "GET":
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
params := newTemplateParams(r)
params.Title = "Settings"
Migrated settings (at least it loads). Working on making the template syntax consistent across all the files, cleaning them up, etc.
2015-06-21 21:10:47 +00:00
getTemplate(w, "settings").ExecuteTemplate(w, "base", params)
Implemented ChangePassword() (now password can be changed from /settings) A couple of UI fixes in tables
2014-02-10 19:02:44 +00:00
case r.Method == "POST":
err := auth.ChangePassword(r)
Moving JSON Responses to a standard Response object Added cursor:pointer styling to dropdown menus
2014-06-02 03:30:23 +00:00
msg := models.Response{Success: true, Message: "Settings Updated Successfully"}
Implemented ChangePassword() (now password can be changed from /settings) A couple of UI fixes in tables
2014-02-10 19:02:44 +00:00
if err == auth.ErrInvalidPassword {
Added async settings update Removed /settings GET endpoint (not needed, since AngularJS in use) TODO: Move the anon struct in use to a model as appropriate
2014-05-29 04:29:41 +00:00
msg.Message = "Invalid Password"
msg.Success = false
Refactoring API into separate package for easier management. (#1411)
2019-03-27 03:17:20 +00:00
api.JSONResponse(w, msg, http.StatusBadRequest)
Fixed settings - can now reset password, api key.
2015-08-15 21:03:39 +00:00
return
Removing support for empty passwords - fixes #149
2016-02-13 22:37:12 +00:00
}
if err != nil {
msg.Message = err.Error()
Added async settings update Removed /settings GET endpoint (not needed, since AngularJS in use) TODO: Move the anon struct in use to a model as appropriate
2014-05-29 04:29:41 +00:00
msg.Success = false
Refactoring API into separate package for easier management. (#1411)
2019-03-27 03:17:20 +00:00
api.JSONResponse(w, msg, http.StatusBadRequest)
Fixed settings - can now reset password, api key.
2015-08-15 21:03:39 +00:00
return
Added async settings update Removed /settings GET endpoint (not needed, since AngularJS in use) TODO: Move the anon struct in use to a model as appropriate
2014-05-29 04:29:41 +00:00
}
Refactoring API into separate package for easier management. (#1411)
2019-03-27 03:17:20 +00:00
api.JSONResponse(w, msg, http.StatusOK)
Implemented ChangePassword() (now password can be changed from /settings) A couple of UI fixes in tables
2014-02-10 19:02:44 +00:00
}
Working on SendMail (currently NOT functional) Added user model for kicks - we'll see if it finds a reason to stay Setup /users and /settings routes
2013-12-12 07:00:22 +00:00
}
Implement User Management API (#1473) This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 18:58:18 +00:00
// UserManagement is an admin-only handler that allows for the registration
// and management of user accounts within Gophish.
func (as *AdminServer) UserManagement(w http.ResponseWriter, r *http.Request) {
params := newTemplateParams(r)
params.Title = "User Management"
getTemplate(w, "users").ExecuteTemplate(w, "base", params)
}
Add Webhook Support Adds support for managing outgoing webhooks. Closes #1602
2019-12-16 02:27:21 +00:00
// Webhooks is an admin-only handler that handles webhooks
func (as *AdminServer) Webhooks(w http.ResponseWriter, r *http.Request) {
params := newTemplateParams(r)
params.Title = "Webhooks"
getTemplate(w, "webhooks").ExecuteTemplate(w, "base", params)
}
Time to get back to work - starting with some simple comment fixes.
2015-01-28 23:56:56 +00:00
// Login handles the authentication flow for a user. If credentials are valid,
// a session is created
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
func (as *AdminServer) Login(w http.ResponseWriter, r *http.Request) {
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered
2014-01-10 03:21:54 +00:00
params := struct {
User models.User
Title string
Flashes []interface{}
Updated README Added CSRF Protection to login, /api/reset functions Added auto highlighting of API key when clicked
2014-02-03 23:21:56 +00:00
Token string
Fixing context issues with Go 1.7.
2016-09-15 03:24:51 +00:00
}{Title: "Login", Token: csrf.Token(r)}
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered
2014-01-10 03:21:54 +00:00
session := ctx.Get(r, "session").(*sessions.Session)
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config
2014-01-06 06:09:41 +00:00
switch {
case r.Method == "GET":
Added ability to reset API token Cleaned up session flash handling
2014-02-02 20:47:06 +00:00
params.Flashes = session.Flashes()
session.Save(r, w)
Major design change - more dashboard-ish. Working on more angularjs + gophish abstraction. Gophish for backend, AngularJS for the frontend Moved templates to partials for angular Using FlatUI color scheme
2014-05-27 01:29:12 +00:00
templates := template.New("template")
_, err := templates.ParseFiles("templates/login.html", "templates/flashes.html")
if err != nil {
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future.
2018-05-04 00:07:41 +00:00
log.Error(err)
Major design change - more dashboard-ish. Working on more angularjs + gophish abstraction. Gophish for backend, AngularJS for the frontend Moved templates to partials for angular Using FlatUI color scheme
2014-05-27 01:29:12 +00:00
}
template.Must(templates, err).ExecuteTemplate(w, "base", params)
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config
2014-01-06 06:09:41 +00:00
case r.Method == "POST":
//Attempt to login
Fixing context issues with Go 1.7.
2016-09-15 03:24:51 +00:00
succ, u, err := auth.Login(r)
Cleaned up some errors Implemented using db.* helpers (ie GetUser) Implemented ChangePassword (not reachable from UI currently) Fixed angular issue in settings.html template
2014-02-06 16:49:53 +00:00
if err != nil {
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future.
2018-05-04 00:07:41 +00:00
log.Error(err)
Implemented POST /api/campaigns Renamed "apikey" table to "api_key" for consistency Bug fix in checkError()
2014-01-31 22:25:02 +00:00
}
Working on authentication
2014-01-07 06:58:48 +00:00
//If we've logged in, save the session and redirect to the dashboard
if succ {
Fixing context issues with Go 1.7.
2016-09-15 03:24:51 +00:00
session.Values["id"] = u.Id
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config
2014-01-06 06:09:41 +00:00
session.Save(r, w)
Adding "next" parameter to support redirecting after successful login.
2017-12-11 03:40:46 +00:00
next := "/"
url, err := url.Parse(r.FormValue("next"))
if err == nil {
path := url.Path
if path != "" {
next = path
}
}
http.Redirect(w, r, next, 302)
Working on authentication
2014-01-07 06:58:48 +00:00
} else {
Added easier support for Flashes Moving DB access (as much as possible) into `db` package.
2014-02-05 16:57:53 +00:00
Flash(w, r, "danger", "Invalid Username/Password")
Change failed login status code to 401. Fixes #833
2017-12-11 00:11:32 +00:00
params.Flashes = session.Flashes()
session.Save(r, w)
templates := template.New("template")
_, err := templates.ParseFiles("templates/login.html", "templates/flashes.html")
if err != nil {
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future.
2018-05-04 00:07:41 +00:00
log.Error(err)
Change failed login status code to 401. Fixes #833
2017-12-11 00:11:32 +00:00
}
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.WriteHeader(http.StatusUnauthorized)
template.Must(templates, err).ExecuteTemplate(w, "base", params)
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config
2014-01-06 06:09:41 +00:00
}
}
Initial commit - getting the ball rolling!
2013-12-03 04:56:55 +00:00
}
Still working on pages integration. Added skeleton for page HTML previewing in a new browser. Additional cleanup, documentation Changed return values for /api/templates and /api/pages to return empty array [] if no results (like /api/campaigns was already doing)
2015-02-07 16:41:53 +00:00
// Logout destroys the current user session
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package
2018-12-15 21:42:32 +00:00
func (as *AdminServer) Logout(w http.ResponseWriter, r *http.Request) {
Still working on pages integration. Added skeleton for page HTML previewing in a new browser. Additional cleanup, documentation Changed return values for /api/templates and /api/pages to return empty array [] if no results (like /api/campaigns was already doing)
2015-02-07 16:41:53 +00:00
session := ctx.Get(r, "session").(*sessions.Session)
delete(session.Values, "id")
Flash(w, r, "success", "You have successfully logged out")
Change failed login status code to 401. Fixes #833
2017-12-11 00:11:32 +00:00
session.Save(r, w)
Still working on pages integration. Added skeleton for page HTML previewing in a new browser. Additional cleanup, documentation Changed return values for /api/templates and /api/pages to return empty array [] if no results (like /api/campaigns was already doing)
2015-02-07 16:41:53 +00:00
http.Redirect(w, r, "/login", 302)
}
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered
2014-01-10 03:21:54 +00:00
func getTemplate(w http.ResponseWriter, tmpl string) *template.Template {
Changing int to int64 Starting to implement angularjs Implemented /api/campaigns/:id GET Changed template delims to {{% and %}}
2014-02-01 02:49:22 +00:00
templates := template.New("template")
Initial commit of RBAC support. (#1366) * Initial commit of RBAC support. Closes #1333
2019-02-20 02:33:50 +00:00
_, err := templates.ParseFiles("templates/base.html", "templates/nav.html", "templates/"+tmpl+".html", "templates/flashes.html")
Changing int to int64 Starting to implement angularjs Implemented /api/campaigns/:id GET Changed template delims to {{% and %}}
2014-02-01 02:49:22 +00:00
if err != nil {
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future.
2018-05-04 00:07:41 +00:00
log.Error(err)
Changing int to int64 Starting to implement angularjs Implemented /api/campaigns/:id GET Changed template delims to {{% and %}}
2014-02-01 02:49:22 +00:00
}
return template.Must(templates, err)
Initial commit - getting the ball rolling!
2013-12-03 04:56:55 +00:00
}
- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work.
2014-01-31 04:46:25 +00:00
Still working on pages integration. Added skeleton for page HTML previewing in a new browser. Additional cleanup, documentation Changed return values for /api/templates and /api/pages to return empty array [] if no results (like /api/campaigns was already doing)
2015-02-07 16:41:53 +00:00
// Flash handles the rendering flash messages
Added easier support for Flashes Moving DB access (as much as possible) into `db` package.
2014-02-05 16:57:53 +00:00
func Flash(w http.ResponseWriter, r *http.Request, t string, m string) {
session := ctx.Get(r, "session").(*sessions.Session)
session.AddFlash(models.Flash{
Type: t,
Message: m,
})
}