gophish/controllers/api/group.go

package api

import (
	"encoding/json"
	"net/http"
	"strconv"
	"time"

	ctx "github.com/gophish/gophish/context"
	log "github.com/gophish/gophish/logger"
	"github.com/gophish/gophish/models"
	"github.com/gorilla/mux"
	"github.com/jinzhu/gorm"
)

// Groups returns a list of groups if requested via GET.
// If requested via POST, APIGroups creates a new group and returns a reference to it.
func (as *Server) Groups(w http.ResponseWriter, r *http.Request) {
	switch {
	case r.Method == "GET":
		gs, err := models.GetGroups(ctx.Get(r, "user_id").(int64))
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "No groups found"}, http.StatusNotFound)
			return
		}
		JSONResponse(w, gs, http.StatusOK)
	//POST: Create a new group and return it as JSON
	case r.Method == "POST":
		g := models.Group{}
		// Put the request into a group
		err := json.NewDecoder(r.Body).Decode(&g)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "Invalid JSON structure"}, http.StatusBadRequest)
			return
		}
		_, err = models.GetGroupByName(g.Name, ctx.Get(r, "user_id").(int64))
		if err != gorm.ErrRecordNotFound {
			JSONResponse(w, models.Response{Success: false, Message: "Group name already in use"}, http.StatusConflict)
			return
		}
		g.ModifiedDate = time.Now().UTC()
		g.UserId = ctx.Get(r, "user_id").(int64)
		err = models.PostGroup(&g)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
			return
		}
		JSONResponse(w, g, http.StatusCreated)
	}
}

// GroupsSummary returns a summary of the groups owned by the current user.
func (as *Server) GroupsSummary(w http.ResponseWriter, r *http.Request) {
	switch {
	case r.Method == "GET":
		gs, err := models.GetGroupSummaries(ctx.Get(r, "user_id").(int64))
		if err != nil {
			log.Error(err)
			JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusInternalServerError)
			return
		}
		JSONResponse(w, gs, http.StatusOK)
	}
}

// Group returns details about the requested group.
// If the group is not valid, Group returns null.
func (as *Server) Group(w http.ResponseWriter, r *http.Request) {
	vars := mux.Vars(r)
	id, _ := strconv.ParseInt(vars["id"], 0, 64)
	g, err := models.GetGroup(id, ctx.Get(r, "user_id").(int64))
	if err != nil {
		JSONResponse(w, models.Response{Success: false, Message: "Group not found"}, http.StatusNotFound)
		return
	}
	switch {
	case r.Method == "GET":
		JSONResponse(w, g, http.StatusOK)
	case r.Method == "DELETE":
		err = models.DeleteGroup(&g)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "Error deleting group"}, http.StatusInternalServerError)
			return
		}
		JSONResponse(w, models.Response{Success: true, Message: "Group deleted successfully!"}, http.StatusOK)
	case r.Method == "PUT":
		// Change this to get from URL and uid (don't bother with id in r.Body)
		g = models.Group{}
		err = json.NewDecoder(r.Body).Decode(&g)
		if err != nil {
			log.Errorf("error decoding group: %v", err)
			JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusInternalServerError)
			return
		}
		if g.Id != id {
			JSONResponse(w, models.Response{Success: false, Message: "Error: /:id and group_id mismatch"}, http.StatusInternalServerError)
			return
		}
		g.ModifiedDate = time.Now().UTC()
		g.UserId = ctx.Get(r, "user_id").(int64)
		err = models.PutGroup(&g)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
			return
		}
		JSONResponse(w, g, http.StatusOK)
	}
}

// GroupSummary returns a summary of the groups owned by the current user.
func (as *Server) GroupSummary(w http.ResponseWriter, r *http.Request) {
	switch {
	case r.Method == "GET":
		vars := mux.Vars(r)
		id, _ := strconv.ParseInt(vars["id"], 0, 64)
		g, err := models.GetGroupSummary(id, ctx.Get(r, "user_id").(int64))
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "Group not found"}, http.StatusNotFound)
			return
		}
		JSONResponse(w, g, http.StatusOK)
	}
}
Refactoring API into separate package for easier management. (#1411) 2019-03-27 03:17:20 +00:00			`package api`

			`import (`
			`"encoding/json"`
			`"net/http"`
			`"strconv"`
			`"time"`

			`ctx "github.com/gophish/gophish/context"`
			`log "github.com/gophish/gophish/logger"`
			`"github.com/gophish/gophish/models"`
			`"github.com/gorilla/mux"`
			`"github.com/jinzhu/gorm"`
			`)`

			`// Groups returns a list of groups if requested via GET.`
			`// If requested via POST, APIGroups creates a new group and returns a reference to it.`
			`func (as Server) Groups(w http.ResponseWriter, r http.Request) {`
			`switch {`
			`case r.Method == "GET":`
			`gs, err := models.GetGroups(ctx.Get(r, "user_id").(int64))`
			`if err != nil {`
			`JSONResponse(w, models.Response{Success: false, Message: "No groups found"}, http.StatusNotFound)`
			`return`
			`}`
			`JSONResponse(w, gs, http.StatusOK)`
			`//POST: Create a new group and return it as JSON`
			`case r.Method == "POST":`
			`g := models.Group{}`
			`// Put the request into a group`
			`err := json.NewDecoder(r.Body).Decode(&g)`
			`if err != nil {`
			`JSONResponse(w, models.Response{Success: false, Message: "Invalid JSON structure"}, http.StatusBadRequest)`
			`return`
			`}`
			`_, err = models.GetGroupByName(g.Name, ctx.Get(r, "user_id").(int64))`
			`if err != gorm.ErrRecordNotFound {`
			`JSONResponse(w, models.Response{Success: false, Message: "Group name already in use"}, http.StatusConflict)`
			`return`
			`}`
			`g.ModifiedDate = time.Now().UTC()`
			`g.UserId = ctx.Get(r, "user_id").(int64)`
			`err = models.PostGroup(&g)`
			`if err != nil {`
			`JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)`
			`return`
			`}`
			`JSONResponse(w, g, http.StatusCreated)`
			`}`
			`}`

			`// GroupsSummary returns a summary of the groups owned by the current user.`
			`func (as Server) GroupsSummary(w http.ResponseWriter, r http.Request) {`
			`switch {`
			`case r.Method == "GET":`
			`gs, err := models.GetGroupSummaries(ctx.Get(r, "user_id").(int64))`
			`if err != nil {`
			`log.Error(err)`
			`JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusInternalServerError)`
			`return`
			`}`
			`JSONResponse(w, gs, http.StatusOK)`
			`}`
			`}`

			`// Group returns details about the requested group.`
			`// If the group is not valid, Group returns null.`
			`func (as Server) Group(w http.ResponseWriter, r http.Request) {`
			`vars := mux.Vars(r)`
			`id, _ := strconv.ParseInt(vars["id"], 0, 64)`
			`g, err := models.GetGroup(id, ctx.Get(r, "user_id").(int64))`
			`if err != nil {`
			`JSONResponse(w, models.Response{Success: false, Message: "Group not found"}, http.StatusNotFound)`
			`return`
			`}`
			`switch {`
			`case r.Method == "GET":`
			`JSONResponse(w, g, http.StatusOK)`
			`case r.Method == "DELETE":`
			`err = models.DeleteGroup(&g)`
			`if err != nil {`
			`JSONResponse(w, models.Response{Success: false, Message: "Error deleting group"}, http.StatusInternalServerError)`
			`return`
			`}`
			`JSONResponse(w, models.Response{Success: true, Message: "Group deleted successfully!"}, http.StatusOK)`
			`case r.Method == "PUT":`
			`// Change this to get from URL and uid (don't bother with id in r.Body)`
			`g = models.Group{}`
			`err = json.NewDecoder(r.Body).Decode(&g)`
General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 2020-05-26 02:46:36 +00:00			`if err != nil {`
			`log.Errorf("error decoding group: %v", err)`
			`JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusInternalServerError)`
			`return`
			`}`
Refactoring API into separate package for easier management. (#1411) 2019-03-27 03:17:20 +00:00			`if g.Id != id {`
			`JSONResponse(w, models.Response{Success: false, Message: "Error: /:id and group_id mismatch"}, http.StatusInternalServerError)`
			`return`
			`}`
			`g.ModifiedDate = time.Now().UTC()`
			`g.UserId = ctx.Get(r, "user_id").(int64)`
			`err = models.PutGroup(&g)`
			`if err != nil {`
			`JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)`
			`return`
			`}`
			`JSONResponse(w, g, http.StatusOK)`
			`}`
			`}`

			`// GroupSummary returns a summary of the groups owned by the current user.`
			`func (as Server) GroupSummary(w http.ResponseWriter, r http.Request) {`
			`switch {`
			`case r.Method == "GET":`
			`vars := mux.Vars(r)`
			`id, _ := strconv.ParseInt(vars["id"], 0, 64)`
			`g, err := models.GetGroupSummary(id, ctx.Get(r, "user_id").(int64))`
			`if err != nil {`
			`JSONResponse(w, models.Response{Success: false, Message: "Group not found"}, http.StatusNotFound)`
			`return`
			`}`
			`JSONResponse(w, g, http.StatusOK)`
			`}`
			`}`