gophish/middleware/middleware.go

package middleware

import (
	"net/http"

	ctx "github.com/gorilla/context"
	"github.com/jordan-wright/gophish/auth"
	"github.com/jordan-wright/gophish/db"
)

// GetContext wraps each request in a function which fills in the context for a given request.
// This includes setting the User and Session keys and values as necessary for use in later functions.
func GetContext(handler http.Handler) http.HandlerFunc {
	// Set the context here
	return func(w http.ResponseWriter, r *http.Request) {
		// Parse the request form
		err := r.ParseForm()
		if err != nil {
			http.Error(w, "Error parsing request", http.StatusInternalServerError)
		}
		// Set the context appropriately here.
		// Set the session
		session, _ := auth.Store.Get(r, "gophish")
		// Put the session in the context so that
		ctx.Set(r, "session", session)
		if id, ok := session.Values["id"]; ok {
			u, err := db.GetUser(id.(int64))
			if err != nil {
				ctx.Set(r, "user", nil)
			}
			ctx.Set(r, "user", u)
		} else {
			ctx.Set(r, "user", nil)
		}
		handler.ServeHTTP(w, r)
		// Remove context contents
		ctx.Clear(r)
	}
}

func RequireAPIKey(handler http.Handler) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		r.ParseForm()
		ak := r.Form.Get("api_key")
		w.Header().Set("Access-Control-Allow-Origin", "*")
		if r.Method == "OPTIONS" {
			w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
			w.Header().Set("Access-Control-Max-Age", "1000")
			w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
			return
		}
		if ak == "" {
			JSONError(w, 400, "API Key not set")
		} else {
			id, err := db.Conn.SelectInt("SELECT id FROM users WHERE api_key=?", ak)
			if id == 0 || err != nil {
				JSONError(w, 400, "Invalid API Key")
				return
			}
			ctx.Set(r, "user_id", id)
			ctx.Set(r, "api_key", ak)
			handler.ServeHTTP(w, r)
		}
	}
}

// RequireLogin is a simple middleware which checks to see if the user is currently logged in.
// If not, the function returns a 302 redirect to the login page.
func RequireLogin(handler http.Handler) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		if u := ctx.Get(r, "user"); u != nil {
			handler.ServeHTTP(w, r)
		} else {
			http.Redirect(w, r, "/login", 302)
		}
	}
}

func JSONError(w http.ResponseWriter, c int, m string) {
	http.Error(w, m, c)
}
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`package middleware`

			`import (`
			`"net/http"`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00
			`ctx "github.com/gorilla/context"`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`"github.com/jordan-wright/gophish/auth"`
Cleaned up csrf exemptions Cleaned up models Added UNIQUE constraint on many-many tables Added form parsing/ userid from API key lookup in middleware 2014-02-04 21:23:09 +00:00			`"github.com/jordan-wright/gophish/db"`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`)`

			`// GetContext wraps each request in a function which fills in the context for a given request.`
			`// This includes setting the User and Session keys and values as necessary for use in later functions.`
Cleaned API even more (everything is via HandlerFunc) Sessions are now encrypted as well as signed. 2014-01-11 04:37:42 +00:00			`func GetContext(handler http.Handler) http.HandlerFunc {`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`// Set the context here`
Cleaned API even more (everything is via HandlerFunc) Sessions are now encrypted as well as signed. 2014-01-11 04:37:42 +00:00			`return func(w http.ResponseWriter, r *http.Request) {`
Cleaned up csrf exemptions Cleaned up models Added UNIQUE constraint on many-many tables Added form parsing/ userid from API key lookup in middleware 2014-02-04 21:23:09 +00:00			`// Parse the request form`
			`err := r.ParseForm()`
			`if err != nil {`
			`http.Error(w, "Error parsing request", http.StatusInternalServerError)`
			`}`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`// Set the context appropriately here.`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`// Set the session`
			`session, _ := auth.Store.Get(r, "gophish")`
Implemented auth.GetUser(id) Impemented RequireLogin() middleware Login is now working, just need to clean up the architecture a bit 2014-01-10 04:21:12 +00:00			`// Put the session in the context so that`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`ctx.Set(r, "session", session)`
Implemented auth.GetUser(id) Impemented RequireLogin() middleware Login is now working, just need to clean up the architecture a bit 2014-01-10 04:21:12 +00:00			`if id, ok := session.Values["id"]; ok {`
Added easier support for Flashes Moving DB access (as much as possible) into `db` package. 2014-02-05 16:57:53 +00:00			`u, err := db.GetUser(id.(int64))`
Implemented auth.GetUser(id) Impemented RequireLogin() middleware Login is now working, just need to clean up the architecture a bit 2014-01-10 04:21:12 +00:00			`if err != nil {`
			`ctx.Set(r, "user", nil)`
			`}`
			`ctx.Set(r, "user", u)`
			`} else {`
			`ctx.Set(r, "user", nil)`
			`}`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`handler.ServeHTTP(w, r)`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`// Remove context contents`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`ctx.Clear(r)`
Cleaned API even more (everything is via HandlerFunc) Sessions are now encrypted as well as signed. 2014-01-11 04:37:42 +00:00			`}`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`}`

- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work. 2014-01-31 04:46:25 +00:00			`func RequireAPIKey(handler http.Handler) http.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) {`
			`r.ParseForm()`
			`ak := r.Form.Get("api_key")`
Fixed invalid/unset API Key header to be 400 instead of 500 Successfully handle OPTIONS header for API 2014-02-11 06:14:58 +00:00			`w.Header().Set("Access-Control-Allow-Origin", "*")`
			`if r.Method == "OPTIONS" {`
			`w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")`
			`w.Header().Set("Access-Control-Max-Age", "1000")`
			`w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")`
			`return`
			`}`
- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work. 2014-01-31 04:46:25 +00:00			`if ak == "" {`
Fixed invalid/unset API Key header to be 400 instead of 500 Successfully handle OPTIONS header for API 2014-02-11 06:14:58 +00:00			`JSONError(w, 400, "API Key not set")`
- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work. 2014-01-31 04:46:25 +00:00			`} else {`
Cleaned up csrf exemptions Cleaned up models Added UNIQUE constraint on many-many tables Added form parsing/ userid from API key lookup in middleware 2014-02-04 21:23:09 +00:00			`id, err := db.Conn.SelectInt("SELECT id FROM users WHERE api_key=?", ak)`
			`if id == 0 \|\| err != nil {`
Fixed invalid/unset API Key header to be 400 instead of 500 Successfully handle OPTIONS header for API 2014-02-11 06:14:58 +00:00			`JSONError(w, 400, "Invalid API Key")`
Cleaned up csrf exemptions Cleaned up models Added UNIQUE constraint on many-many tables Added form parsing/ userid from API key lookup in middleware 2014-02-04 21:23:09 +00:00			`return`
			`}`
			`ctx.Set(r, "user_id", id)`
- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work. 2014-01-31 04:46:25 +00:00			`ctx.Set(r, "api_key", ak)`
			`handler.ServeHTTP(w, r)`
			`}`
			`}`
			`}`

Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`// RequireLogin is a simple middleware which checks to see if the user is currently logged in.`
			`// If not, the function returns a 302 redirect to the login page.`
Cleaned API even more (everything is via HandlerFunc) Sessions are now encrypted as well as signed. 2014-01-11 04:37:42 +00:00			`func RequireLogin(handler http.Handler) http.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) {`
Implemented auth.GetUser(id) Impemented RequireLogin() middleware Login is now working, just need to clean up the architecture a bit 2014-01-10 04:21:12 +00:00			`if u := ctx.Get(r, "user"); u != nil {`
			`handler.ServeHTTP(w, r)`
			`} else {`
			`http.Redirect(w, r, "/login", 302)`
			`}`
Cleaned API even more (everything is via HandlerFunc) Sessions are now encrypted as well as signed. 2014-01-11 04:37:42 +00:00			`}`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`}`
- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work. 2014-01-31 04:46:25 +00:00
			`func JSONError(w http.ResponseWriter, c int, m string) {`
			`http.Error(w, m, c)`
			`}`