gophish/auth/auth.go

package auth

import (
	"database/sql"
	"encoding/gob"
	"net/http"

	"code.google.com/p/go.crypto/bcrypt"
	ctx "github.com/gorilla/context"
	"github.com/gorilla/securecookie"
	"github.com/gorilla/sessions"
	"github.com/jordan-wright/gophish/db"
	"github.com/jordan-wright/gophish/models"
)

//init registers the necessary models to be saved in the session later
func init() {
	gob.Register(&models.User{})
}

var Store = sessions.NewCookieStore(
	[]byte(securecookie.GenerateRandomKey(64)), //Signing key
	[]byte(securecookie.GenerateRandomKey(32)))

// CheckLogin attempts to request a SQL record with the given username.
// If successful, it then compares the received bcrypt hash.
// If all checks pass, this function sets the session id for later use.
func Login(r *http.Request) (bool, error) {
	username, password := r.FormValue("username"), r.FormValue("password")
	session, _ := Store.Get(r, "gophish")
	u := models.User{}
	err := db.Conn.SelectOne(&u, "SELECT * FROM Users WHERE username=?", username)
	if err == sql.ErrNoRows {
		//Return false, but don't return an error
		return false, nil
	} else if err != nil {
		return false, err
	}
	//If we've made it here, we should have a valid user stored in u
	//Let's check the password
	err = bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(password))
	if err != nil {
		ctx.Set(r, "user", nil)
		//Return false, but don't return an error
		return false, nil
	}
	ctx.Set(r, "user", u)
	session.Values["id"] = u.Id
	return true, nil
}

// GetUserById returns the user that the given id corresponds to. If no user is found, an
// error is thrown.
func GetUserById(id int64) (models.User, error) {
	u := models.User{}
	err := db.Conn.SelectOne(&u, "SELECT id, username, api_key FROM Users WHERE id=?", id)
	if err != nil {
		return u, err
	}
	return u, nil
}

// GetUserByAPIKey returns the user that the given API Key corresponds to. If no user is found, an
// error is thrown.
func GetUserByAPIKey(key []byte) (models.User, error) {
	u := models.User{}
	err := db.Conn.SelectOne(&u, "SELECT id, username, api_key FROM Users WHERE apikey=?", key)
	if err != nil {
		return u, err
	}
	return u, nil
}
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`package auth`

			`import (`
			`"database/sql"`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`"encoding/gob"`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`"net/http"`

			`"code.google.com/p/go.crypto/bcrypt"`
			`ctx "github.com/gorilla/context"`
			`"github.com/gorilla/securecookie"`
			`"github.com/gorilla/sessions"`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`"github.com/jordan-wright/gophish/db"`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`"github.com/jordan-wright/gophish/models"`
			`)`

Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`//init registers the necessary models to be saved in the session later`
			`func init() {`
			`gob.Register(&models.User{})`
			`}`

Cleaned API even more (everything is via HandlerFunc) Sessions are now encrypted as well as signed. 2014-01-11 04:37:42 +00:00			`var Store = sessions.NewCookieStore(`
			`[]byte(securecookie.GenerateRandomKey(64)), //Signing key`
Renamed CheckLogin to Login Changed encryption cookie to be 32 bytes (64 bytes not supported) 2014-01-11 06:10:52 +00:00			`[]byte(securecookie.GenerateRandomKey(32)))`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00
			`// CheckLogin attempts to request a SQL record with the given username.`
			`// If successful, it then compares the received bcrypt hash.`
			`// If all checks pass, this function sets the session id for later use.`
Renamed CheckLogin to Login Changed encryption cookie to be 32 bytes (64 bytes not supported) 2014-01-11 06:10:52 +00:00			`func Login(r *http.Request) (bool, error) {`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`username, password := r.FormValue("username"), r.FormValue("password")`
			`session, _ := Store.Get(r, "gophish")`
			`u := models.User{}`
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`err := db.Conn.SelectOne(&u, "SELECT * FROM Users WHERE username=?", username)`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`if err == sql.ErrNoRows {`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`//Return false, but don't return an error`
			`return false, nil`
			`} else if err != nil {`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`return false, err`
			`}`
			`//If we've made it here, we should have a valid user stored in u`
			`//Let's check the password`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`err = bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(password))`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`if err != nil {`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`ctx.Set(r, "user", nil)`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`//Return false, but don't return an error`
			`return false, nil`
			`}`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`ctx.Set(r, "user", u)`
			`session.Values["id"] = u.Id`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`return true, nil`
			`}`

Added support for --setup flag to reset database 2014-01-13 04:39:40 +00:00			`// GetUserById returns the user that the given id corresponds to. If no user is found, an`
			`// error is thrown.`
Changing int to int64 Starting to implement angularjs Implemented /api/campaigns/:id GET Changed template delims to {{% and %}} 2014-02-01 02:49:22 +00:00			`func GetUserById(id int64) (models.User, error) {`
Implemented auth.GetUser(id) Impemented RequireLogin() middleware Login is now working, just need to clean up the architecture a bit 2014-01-10 04:21:12 +00:00			`u := models.User{}`
Changing int to int64 Starting to implement angularjs Implemented /api/campaigns/:id GET Changed template delims to {{% and %}} 2014-02-01 02:49:22 +00:00			`err := db.Conn.SelectOne(&u, "SELECT id, username, api_key FROM Users WHERE id=?", id)`
Implemented GetUserByAPIKey and changed GetUser to GetUserById 2014-01-13 02:00:52 +00:00			`if err != nil {`
			`return u, err`
			`}`
			`return u, nil`
			`}`

Added support for --setup flag to reset database 2014-01-13 04:39:40 +00:00			`// GetUserByAPIKey returns the user that the given API Key corresponds to. If no user is found, an`
			`// error is thrown.`
Implemented GetUserByAPIKey and changed GetUser to GetUserById 2014-01-13 02:00:52 +00:00			`func GetUserByAPIKey(key []byte) (models.User, error) {`
			`u := models.User{}`
Changing int to int64 Starting to implement angularjs Implemented /api/campaigns/:id GET Changed template delims to {{% and %}} 2014-02-01 02:49:22 +00:00			`err := db.Conn.SelectOne(&u, "SELECT id, username, api_key FROM Users WHERE apikey=?", key)`
Implemented auth.GetUser(id) Impemented RequireLogin() middleware Login is now working, just need to clean up the architecture a bit 2014-01-10 04:21:12 +00:00			`if err != nil {`
			`return u, err`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`}`
Implemented auth.GetUser(id) Impemented RequireLogin() middleware Login is now working, just need to clean up the architecture a bit 2014-01-10 04:21:12 +00:00			`return u, nil`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`}`