2014-01-09 06:42:05 +00:00
|
|
|
package controllers
|
|
|
|
|
|
|
|
import (
|
2014-01-13 02:00:20 +00:00
|
|
|
"encoding/json"
|
2014-01-09 06:42:05 +00:00
|
|
|
"fmt"
|
|
|
|
"net/http"
|
2014-02-01 02:49:22 +00:00
|
|
|
"strconv"
|
2014-02-11 17:39:36 +00:00
|
|
|
"text/template"
|
2014-01-31 22:25:02 +00:00
|
|
|
"time"
|
2014-01-09 06:42:05 +00:00
|
|
|
|
2014-01-13 02:00:20 +00:00
|
|
|
ctx "github.com/gorilla/context"
|
2014-01-09 06:42:05 +00:00
|
|
|
"github.com/gorilla/mux"
|
2014-06-03 01:56:30 +00:00
|
|
|
"github.com/jinzhu/gorm"
|
2014-02-05 00:39:01 +00:00
|
|
|
"github.com/jordan-wright/gophish/auth"
|
2014-01-31 04:46:25 +00:00
|
|
|
"github.com/jordan-wright/gophish/models"
|
2014-06-22 02:06:16 +00:00
|
|
|
"github.com/jordan-wright/gophish/util"
|
2014-03-28 04:31:51 +00:00
|
|
|
"github.com/jordan-wright/gophish/worker"
|
2014-01-09 06:42:05 +00:00
|
|
|
)
|
|
|
|
|
2014-03-28 04:31:51 +00:00
|
|
|
var Worker *worker.Worker
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
Worker = worker.New()
|
|
|
|
go Worker.Start()
|
|
|
|
}
|
2014-01-31 22:25:02 +00:00
|
|
|
|
2014-02-01 03:49:35 +00:00
|
|
|
// API (/api) provides access to api documentation
|
2014-01-09 06:42:05 +00:00
|
|
|
func API(w http.ResponseWriter, r *http.Request) {
|
2014-02-01 03:49:35 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-02-11 17:39:36 +00:00
|
|
|
templates := template.New("template")
|
|
|
|
_, err := templates.ParseFiles("templates/api-docs.html")
|
|
|
|
if err != nil {
|
|
|
|
fmt.Println(err)
|
|
|
|
}
|
|
|
|
template.Must(templates, err).ExecuteTemplate(w, "base", nil)
|
2014-01-13 02:00:20 +00:00
|
|
|
}
|
2014-01-09 06:42:05 +00:00
|
|
|
}
|
|
|
|
|
2014-02-02 20:47:06 +00:00
|
|
|
// API (/api/reset) resets a user's API key
|
|
|
|
func API_Reset(w http.ResponseWriter, r *http.Request) {
|
|
|
|
switch {
|
2014-02-03 23:21:56 +00:00
|
|
|
case r.Method == "POST":
|
2014-02-02 20:47:06 +00:00
|
|
|
u := ctx.Get(r, "user").(models.User)
|
2014-03-26 04:53:51 +00:00
|
|
|
u.ApiKey = auth.GenerateSecureKey()
|
2014-03-25 03:31:33 +00:00
|
|
|
err := models.PutUser(&u)
|
2014-02-06 16:49:53 +00:00
|
|
|
if err != nil {
|
2014-05-27 01:29:12 +00:00
|
|
|
http.Error(w, "Error setting API Key", http.StatusInternalServerError)
|
2014-02-06 16:49:53 +00:00
|
|
|
} else {
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "API Key Successfully Reset", Data: u.ApiKey}, http.StatusOK)
|
2014-02-06 16:49:53 +00:00
|
|
|
}
|
2014-02-02 20:47:06 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-02-01 03:49:35 +00:00
|
|
|
// API_Campaigns returns a list of campaigns if requested via GET.
|
|
|
|
// If requested via POST, API_Campaigns creates a new campaign and returns a reference to it.
|
2014-01-09 06:42:05 +00:00
|
|
|
func API_Campaigns(w http.ResponseWriter, r *http.Request) {
|
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-03-25 03:31:33 +00:00
|
|
|
cs, err := models.GetCampaigns(ctx.Get(r, "user_id").(int64))
|
2014-01-31 04:46:25 +00:00
|
|
|
if err != nil {
|
|
|
|
fmt.Println(err)
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, cs, http.StatusOK)
|
2014-02-02 20:47:06 +00:00
|
|
|
//POST: Create a new campaign and return it as JSON
|
2014-01-09 06:42:05 +00:00
|
|
|
case r.Method == "POST":
|
2014-01-31 22:25:02 +00:00
|
|
|
c := models.Campaign{}
|
|
|
|
// Put the request into a campaign
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&c)
|
2014-02-12 16:43:54 +00:00
|
|
|
if checkError(err, w, "Invalid Request", http.StatusBadRequest) {
|
2014-02-05 00:39:01 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
if m, ok := c.Validate(); !ok {
|
2014-03-28 05:21:42 +00:00
|
|
|
http.Error(w, "Error: "+m, http.StatusBadRequest)
|
2014-02-20 01:40:23 +00:00
|
|
|
return
|
|
|
|
}
|
2014-03-25 03:31:33 +00:00
|
|
|
err = models.PostCampaign(&c, ctx.Get(r, "user_id").(int64))
|
2014-02-12 16:43:54 +00:00
|
|
|
if checkError(err, w, "Cannot insert campaign into database", http.StatusInternalServerError) {
|
2014-01-31 22:25:02 +00:00
|
|
|
return
|
|
|
|
}
|
2014-03-28 04:31:51 +00:00
|
|
|
Worker.Queue <- &c
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, c, http.StatusCreated)
|
2014-01-09 06:42:05 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-02-01 03:49:35 +00:00
|
|
|
// API_Campaigns_Id returns details about the requested campaign. If the campaign is not
|
|
|
|
// valid, API_Campaigns_Id returns null.
|
2014-01-09 06:42:05 +00:00
|
|
|
func API_Campaigns_Id(w http.ResponseWriter, r *http.Request) {
|
|
|
|
vars := mux.Vars(r)
|
2014-02-06 16:49:53 +00:00
|
|
|
id, _ := strconv.ParseInt(vars["id"], 0, 64)
|
2014-06-02 04:38:21 +00:00
|
|
|
c, err := models.GetCampaign(id, ctx.Get(r, "user_id").(int64))
|
|
|
|
if checkError(err, w, "Campaign not found", http.StatusNotFound) {
|
|
|
|
return
|
|
|
|
}
|
2014-02-01 02:49:22 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, c, http.StatusOK)
|
2014-02-01 02:49:22 +00:00
|
|
|
case r.Method == "DELETE":
|
2014-03-25 03:31:33 +00:00
|
|
|
err = models.DeleteCampaign(id)
|
2014-02-18 20:22:16 +00:00
|
|
|
if checkError(err, w, "Error deleting campaign", http.StatusInternalServerError) {
|
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "Campaign Deleted Successfully!"}, http.StatusOK)
|
2014-02-01 02:49:22 +00:00
|
|
|
}
|
2014-01-09 06:42:05 +00:00
|
|
|
}
|
|
|
|
|
2014-02-02 22:37:36 +00:00
|
|
|
// API_Groups returns details about the requested group. If the campaign is not
|
|
|
|
// valid, API_Groups returns null.
|
|
|
|
func API_Groups(w http.ResponseWriter, r *http.Request) {
|
2014-02-05 00:39:01 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-03-25 03:31:33 +00:00
|
|
|
gs, err := models.GetGroups(ctx.Get(r, "user_id").(int64))
|
2014-02-12 16:43:54 +00:00
|
|
|
if checkError(err, w, "Groups not found", http.StatusNotFound) {
|
2014-02-06 19:30:05 +00:00
|
|
|
return
|
2014-02-05 00:39:01 +00:00
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, gs, http.StatusOK)
|
2014-02-05 00:39:01 +00:00
|
|
|
//POST: Create a new group and return it as JSON
|
|
|
|
case r.Method == "POST":
|
|
|
|
g := models.Group{}
|
|
|
|
// Put the request into a group
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&g)
|
2014-02-12 16:43:54 +00:00
|
|
|
if checkError(err, w, "Invalid Request", http.StatusBadRequest) {
|
2014-02-05 00:39:01 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
_, err = models.GetGroupByName(g.Name, ctx.Get(r, "user_id").(int64))
|
|
|
|
if err != gorm.RecordNotFound {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Group name already in use"}, http.StatusConflict)
|
|
|
|
return
|
|
|
|
}
|
2014-02-05 00:39:01 +00:00
|
|
|
// Check to make sure targets were specified
|
|
|
|
if len(g.Targets) == 0 {
|
2014-02-12 16:43:54 +00:00
|
|
|
http.Error(w, "Error: No targets specified", http.StatusBadRequest)
|
2014-02-05 00:39:01 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
g.ModifiedDate = time.Now()
|
2014-03-27 18:19:57 +00:00
|
|
|
g.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PostGroup(&g)
|
2014-02-12 16:43:54 +00:00
|
|
|
if checkError(err, w, "Error inserting group", http.StatusInternalServerError) {
|
2014-02-05 03:08:09 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
w.Header().Set("Location", "http://localhost:3333/api/groups/"+string(g.Id))
|
|
|
|
JSONResponse(w, g, http.StatusCreated)
|
2014-02-10 01:34:47 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// API_Groups_Id returns details about the requested campaign. If the campaign is not
|
|
|
|
// valid, API_Campaigns_Id returns null.
|
|
|
|
func API_Groups_Id(w http.ResponseWriter, r *http.Request) {
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
id, _ := strconv.ParseInt(vars["id"], 0, 64)
|
2014-06-02 04:38:21 +00:00
|
|
|
g, err := models.GetGroup(id, ctx.Get(r, "user_id").(int64))
|
|
|
|
if checkError(err, w, "Group not found", http.StatusNotFound) {
|
|
|
|
return
|
|
|
|
}
|
2014-02-10 01:34:47 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, g, http.StatusOK)
|
2014-02-07 01:16:29 +00:00
|
|
|
case r.Method == "DELETE":
|
2014-03-27 18:19:57 +00:00
|
|
|
err = models.DeleteGroup(&g)
|
2014-02-13 18:05:22 +00:00
|
|
|
if checkError(err, w, "Error deleting group", http.StatusInternalServerError) {
|
2014-02-07 01:16:29 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "Group Deleted Successfully"}, http.StatusOK)
|
2014-02-11 23:32:29 +00:00
|
|
|
case r.Method == "PUT":
|
2014-07-06 18:06:18 +00:00
|
|
|
// Change this to get from URL and uid (don't bother with id in r.Body)
|
2014-06-02 04:38:21 +00:00
|
|
|
g = models.Group{}
|
2014-02-11 23:32:29 +00:00
|
|
|
err = json.NewDecoder(r.Body).Decode(&g)
|
|
|
|
if g.Id != id {
|
|
|
|
http.Error(w, "Error: /:id and group_id mismatch", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2014-03-25 00:12:04 +00:00
|
|
|
// Check to make sure targets were specified
|
|
|
|
if len(g.Targets) == 0 {
|
|
|
|
http.Error(w, "Error: No targets specified", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2014-03-27 18:19:57 +00:00
|
|
|
g.ModifiedDate = time.Now()
|
|
|
|
g.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PutGroup(&g)
|
2014-02-12 16:43:54 +00:00
|
|
|
if checkError(err, w, "Error updating group", http.StatusInternalServerError) {
|
2014-02-11 23:32:29 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, g, http.StatusOK)
|
2014-02-05 00:39:01 +00:00
|
|
|
}
|
2014-02-02 22:37:36 +00:00
|
|
|
}
|
|
|
|
|
2014-03-17 03:02:06 +00:00
|
|
|
func API_Templates(w http.ResponseWriter, r *http.Request) {
|
2014-03-17 03:18:48 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-03-25 03:31:33 +00:00
|
|
|
ts, err := models.GetTemplates(ctx.Get(r, "user_id").(int64))
|
2014-03-17 03:18:48 +00:00
|
|
|
if checkError(err, w, "Templates not found", http.StatusNotFound) {
|
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, ts, http.StatusOK)
|
2014-05-27 01:29:12 +00:00
|
|
|
//POST: Create a new template and return it as JSON
|
2014-03-17 03:18:48 +00:00
|
|
|
case r.Method == "POST":
|
|
|
|
t := models.Template{}
|
2014-05-27 01:29:12 +00:00
|
|
|
// Put the request into a template
|
2014-03-17 03:18:48 +00:00
|
|
|
err := json.NewDecoder(r.Body).Decode(&t)
|
|
|
|
if checkError(err, w, "Invalid Request", http.StatusBadRequest) {
|
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
_, err = models.GetTemplateByName(t.Name, ctx.Get(r, "user_id").(int64))
|
|
|
|
if err != gorm.RecordNotFound {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Template name already in use"}, http.StatusConflict)
|
|
|
|
return
|
|
|
|
}
|
2014-03-17 03:18:48 +00:00
|
|
|
t.ModifiedDate = time.Now()
|
2014-05-28 23:48:30 +00:00
|
|
|
t.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PostTemplate(&t)
|
2014-03-17 03:18:48 +00:00
|
|
|
if checkError(err, w, "Error inserting template", http.StatusInternalServerError) {
|
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, t, http.StatusCreated)
|
2014-03-17 03:18:48 +00:00
|
|
|
}
|
2014-03-17 03:02:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func API_Templates_Id(w http.ResponseWriter, r *http.Request) {
|
2014-05-28 23:48:30 +00:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
id, _ := strconv.ParseInt(vars["id"], 0, 64)
|
2014-06-02 04:38:21 +00:00
|
|
|
t, err := models.GetTemplate(id, ctx.Get(r, "user_id").(int64))
|
|
|
|
if checkError(err, w, "Template not found", http.StatusNotFound) {
|
|
|
|
return
|
|
|
|
}
|
2014-05-28 23:48:30 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, t, http.StatusOK)
|
2014-05-28 23:48:30 +00:00
|
|
|
case r.Method == "DELETE":
|
2014-06-02 04:38:21 +00:00
|
|
|
err = models.DeleteTemplate(id, ctx.Get(r, "user_id").(int64))
|
|
|
|
if checkError(err, w, "Error deleting template", http.StatusInternalServerError) {
|
2014-05-28 23:48:30 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "Template Deleted Successfully"}, http.StatusOK)
|
2014-05-28 23:48:30 +00:00
|
|
|
case r.Method == "PUT":
|
2014-06-02 04:38:21 +00:00
|
|
|
t = models.Template{}
|
2014-05-28 23:48:30 +00:00
|
|
|
err = json.NewDecoder(r.Body).Decode(&t)
|
|
|
|
if t.Id != id {
|
|
|
|
http.Error(w, "Error: /:id and template_id mismatch", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2014-07-06 18:06:18 +00:00
|
|
|
err = t.Validate()
|
|
|
|
/* if checkError(err, w, http.StatusBadRequest) {
|
|
|
|
return
|
|
|
|
}*/
|
2014-05-28 23:48:30 +00:00
|
|
|
t.ModifiedDate = time.Now()
|
2014-07-06 18:06:18 +00:00
|
|
|
t.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PutTemplate(&t)
|
2014-05-28 23:48:30 +00:00
|
|
|
if checkError(err, w, "Error updating group", http.StatusInternalServerError) {
|
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, t, http.StatusOK)
|
2014-05-28 23:48:30 +00:00
|
|
|
}
|
2014-03-17 03:02:06 +00:00
|
|
|
}
|
|
|
|
|
2014-06-22 02:06:16 +00:00
|
|
|
func API_Import_Group(w http.ResponseWriter, r *http.Request) {
|
|
|
|
Logger.Println("Parsing CSV....")
|
|
|
|
ts, err := util.ParseCSV(r)
|
|
|
|
if checkError(err, w, "Error deleting template", http.StatusInternalServerError) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
JSONResponse(w, ts, http.StatusOK)
|
|
|
|
}
|
|
|
|
|
2014-06-03 01:56:30 +00:00
|
|
|
// JSONResponse attempts to set the status code, c, and marshal the given interface, d, into a response that
|
|
|
|
// is written to the given ResponseWriter.
|
|
|
|
func JSONResponse(w http.ResponseWriter, d interface{}, c int) {
|
|
|
|
dj, err := json.MarshalIndent(d, "", " ")
|
2014-05-29 16:57:33 +00:00
|
|
|
if checkError(err, w, "Error creating JSON response", http.StatusInternalServerError) {
|
|
|
|
return
|
|
|
|
}
|
2014-01-13 02:00:20 +00:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2014-06-03 01:56:30 +00:00
|
|
|
w.WriteHeader(c)
|
|
|
|
fmt.Fprintf(w, "%s", dj)
|
2014-01-13 02:00:20 +00:00
|
|
|
}
|