gophish/controllers/route.go

package controllers

/*
gophish - Open-Source Phishing Framework

The MIT License (MIT)

Copyright (c) 2013 Jordan Wright

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/

import (
	"fmt"
	"html/template"
	"net/http"

	ctx "github.com/gorilla/context"
	"github.com/gorilla/mux"
	"github.com/gorilla/sessions"
	"github.com/jordan-wright/gophish/auth"
	mid "github.com/jordan-wright/gophish/middleware"
	"github.com/jordan-wright/gophish/models"
)

func CreateRouter() *mux.Router {
	router := mux.NewRouter()
	// Base Front-end routes
	router.HandleFunc("/login", Login)
	router.HandleFunc("/register", Register)
	router.HandleFunc("/", Use(Base, mid.RequireLogin))
	router.HandleFunc("/campaigns", Use(Campaigns, mid.RequireLogin))
	router.HandleFunc("/campaigns/{id}", Use(Campaigns_Id, mid.RequireLogin))
	router.HandleFunc("/users", Use(Users, mid.RequireLogin))
	router.HandleFunc("/settings", Use(Settings, mid.RequireLogin))

	// Create the API routes
	api := router.PathPrefix("/api").Subrouter()
	api.HandleFunc("/", Use(API, mid.RequireAPIKey))
	api.HandleFunc("/campaigns", Use(API_Campaigns, mid.RequireAPIKey))
	api.HandleFunc("/campaigns/{id}", Use(API_Campaigns_Id, mid.RequireAPIKey))
	api.HandleFunc("/doc", API_Doc)

	//Setup static file serving
	router.PathPrefix("/").Handler(http.FileServer(http.Dir("./static/")))
	return router
}

// Use allows us to stack middleware to process the request
// Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172
func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc {
	for _, m := range mid {
		handler = m(handler)
	}
	return handler
}

func Register(w http.ResponseWriter, r *http.Request) {
	// If it is a post request, attempt to register the account
	// Now that we are all registered, we can log the user in
	Login(w, r)
}

func Base(w http.ResponseWriter, r *http.Request) {
	// Example of using session - will be removed.
	params := struct {
		User    models.User
		Title   string
		Flashes []interface{}
	}{Title: "Dashboard", User: ctx.Get(r, "user").(models.User)}
	getTemplate(w, "dashboard").ExecuteTemplate(w, "base", params)
}

func Users(w http.ResponseWriter, r *http.Request) {
	getTemplate(w, "users").ExecuteTemplate(w, "base", nil)
}

func Settings(w http.ResponseWriter, r *http.Request) {
	params := struct {
		User  models.User
		Title string
	}{Title: "Settings", User: ctx.Get(r, "user").(models.User)}
	getTemplate(w, "settings").ExecuteTemplate(w, "base", params)
}

func Campaigns(w http.ResponseWriter, r *http.Request) {
	//session, _ := auth.Store.Get(r, "gophish")
	getTemplate(w, "dashboard").ExecuteTemplate(w, "base", nil)
}

func Campaigns_Id(w http.ResponseWriter, r *http.Request) {
	//session, _ := auth.Store.Get(r, "gophish")
	getTemplate(w, "dashboard").ExecuteTemplate(w, "base", nil)
}

func Login(w http.ResponseWriter, r *http.Request) {
	params := struct {
		User    models.User
		Title   string
		Flashes []interface{}
	}{Title: "Login"}
	session := ctx.Get(r, "session").(*sessions.Session)
	switch {
	case r.Method == "GET":
		getTemplate(w, "login").ExecuteTemplate(w, "base", params)
	case r.Method == "POST":
		//Attempt to login
		err := r.ParseForm()
		checkError(err, w, "Error parsing request")
		succ, err := auth.Login(r)
		checkError(err, w, "Error logging in")
		//If we've logged in, save the session and redirect to the dashboard
		if succ {
			session.Save(r, w)
			http.Redirect(w, r, "/", 302)
		} else {
			session.AddFlash(models.Flash{
				Type:    "danger",
				Message: "Invalid Username/Password",
			})
			params.Flashes = session.Flashes()
			getTemplate(w, "login").ExecuteTemplate(w, "base", params)
		}
	}
}

func getTemplate(w http.ResponseWriter, tmpl string) *template.Template {
	return template.Must(template.New("template").ParseFiles("templates/base.html", "templates/nav.html", "templates/"+tmpl+".html", "templates/flashes.html"))
}

func checkError(e error, w http.ResponseWriter, m string) {
	if e != nil {
		fmt.Println(e)
		http.Error(w, m, http.StatusInternalServerError)
	}
}
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`package controllers`
Initial commit - getting the ball rolling! 2013-12-03 04:56:55 +00:00
			`/*`
			`gophish - Open-Source Phishing Framework`

			`The MIT License (MIT)`

			`Copyright (c) 2013 Jordan Wright`

			`Permission is hereby granted, free of charge, to any person obtaining a copy`
			`of this software and associated documentation files (the "Software"), to deal`
			`in the Software without restriction, including without limitation the rights`
			`to use, copy, modify, merge, publish, distribute, sublicense, and/or sell`
			`copies of the Software, and to permit persons to whom the Software is`
			`furnished to do so, subject to the following conditions:`

			`The above copyright notice and this permission notice shall be included in`
			`all copies or substantial portions of the Software.`

			`THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR`
			`IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,`
			`FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE`
			`AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER`
			`LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,`
			`OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN`
			`THE SOFTWARE.`
			`*/`

			`import (`
Implemented auth.GetUser(id) Impemented RequireLogin() middleware Login is now working, just need to clean up the architecture a bit 2014-01-10 04:21:12 +00:00			`"fmt"`
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config 2014-01-06 06:09:41 +00:00			`"html/template"`
			`"net/http"`

Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`ctx "github.com/gorilla/context"`
Initial commit - getting the ball rolling! 2013-12-03 04:56:55 +00:00			`"github.com/gorilla/mux"`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`"github.com/gorilla/sessions"`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`"github.com/jordan-wright/gophish/auth"`
Moved Use() to controllers from middleware for cleaner usage (I'll consider moving it back if it doesn't logically make sense) Renamed Base_Campaigns to Campaigns 2014-01-11 04:11:44 +00:00			`mid "github.com/jordan-wright/gophish/middleware"`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`"github.com/jordan-wright/gophish/models"`
Initial commit - getting the ball rolling! 2013-12-03 04:56:55 +00:00			`)`

Cleaned API even more (everything is via HandlerFunc) Sessions are now encrypted as well as signed. 2014-01-11 04:37:42 +00:00			`func CreateRouter() *mux.Router {`
Initial commit - getting the ball rolling! 2013-12-03 04:56:55 +00:00			`router := mux.NewRouter()`
			`// Base Front-end routes`
			`router.HandleFunc("/login", Login)`
			`router.HandleFunc("/register", Register)`
Cleaned API even more (everything is via HandlerFunc) Sessions are now encrypted as well as signed. 2014-01-11 04:37:42 +00:00			`router.HandleFunc("/", Use(Base, mid.RequireLogin))`
			`router.HandleFunc("/campaigns", Use(Campaigns, mid.RequireLogin))`
			`router.HandleFunc("/campaigns/{id}", Use(Campaigns_Id, mid.RequireLogin))`
			`router.HandleFunc("/users", Use(Users, mid.RequireLogin))`
			`router.HandleFunc("/settings", Use(Settings, mid.RequireLogin))`
Initial commit - getting the ball rolling! 2013-12-03 04:56:55 +00:00
			`// Create the API routes`
			`api := router.PathPrefix("/api").Subrouter()`
- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work. 2014-01-31 04:46:25 +00:00			`api.HandleFunc("/", Use(API, mid.RequireAPIKey))`
			`api.HandleFunc("/campaigns", Use(API_Campaigns, mid.RequireAPIKey))`
			`api.HandleFunc("/campaigns/{id}", Use(API_Campaigns_Id, mid.RequireAPIKey))`
Working on adding session support Starting to add API documentation page Moved footer to base.html - Might move more later 2013-12-09 06:35:07 +00:00			`api.HandleFunc("/doc", API_Doc)`
Initial commit - getting the ball rolling! 2013-12-03 04:56:55 +00:00
			`//Setup static file serving`
			`router.PathPrefix("/").Handler(http.FileServer(http.Dir("./static/")))`
			`return router`
			`}`

Moved Use() to controllers from middleware for cleaner usage (I'll consider moving it back if it doesn't logically make sense) Renamed Base_Campaigns to Campaigns 2014-01-11 04:11:44 +00:00			`// Use allows us to stack middleware to process the request`
			`// Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172`
Cleaned API even more (everything is via HandlerFunc) Sessions are now encrypted as well as signed. 2014-01-11 04:37:42 +00:00			`func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc {`
Moved Use() to controllers from middleware for cleaner usage (I'll consider moving it back if it doesn't logically make sense) Renamed Base_Campaigns to Campaigns 2014-01-11 04:11:44 +00:00			`for _, m := range mid {`
			`handler = m(handler)`
			`}`
			`return handler`
			`}`

Initial commit - getting the ball rolling! 2013-12-03 04:56:55 +00:00			`func Register(w http.ResponseWriter, r *http.Request) {`
			`// If it is a post request, attempt to register the account`
			`// Now that we are all registered, we can log the user in`
			`Login(w, r)`
			`}`

			`func Base(w http.ResponseWriter, r *http.Request) {`
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config 2014-01-06 06:09:41 +00:00			`// Example of using session - will be removed.`
Implemented auth.GetUser(id) Impemented RequireLogin() middleware Login is now working, just need to clean up the architecture a bit 2014-01-10 04:21:12 +00:00			`params := struct {`
			`User models.User`
			`Title string`
			`Flashes []interface{}`
Added support for --setup flag to reset database 2014-01-13 04:39:40 +00:00			`}{Title: "Dashboard", User: ctx.Get(r, "user").(models.User)}`
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`getTemplate(w, "dashboard").ExecuteTemplate(w, "base", params)`
Initial commit - getting the ball rolling! 2013-12-03 04:56:55 +00:00			`}`

Working on SendMail (currently NOT functional) Added user model for kicks - we'll see if it finds a reason to stay Setup /users and /settings routes 2013-12-12 07:00:22 +00:00			`func Users(w http.ResponseWriter, r *http.Request) {`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`getTemplate(w, "users").ExecuteTemplate(w, "base", nil)`
Working on SendMail (currently NOT functional) Added user model for kicks - we'll see if it finds a reason to stay Setup /users and /settings routes 2013-12-12 07:00:22 +00:00			`}`

			`func Settings(w http.ResponseWriter, r *http.Request) {`
Updated settings template and route to show basic user info 2014-01-30 21:15:12 +00:00			`params := struct {`
			`User models.User`
			`Title string`
			`}{Title: "Settings", User: ctx.Get(r, "user").(models.User)}`
			`getTemplate(w, "settings").ExecuteTemplate(w, "base", params)`
Working on SendMail (currently NOT functional) Added user model for kicks - we'll see if it finds a reason to stay Setup /users and /settings routes 2013-12-12 07:00:22 +00:00			`}`

Moved Use() to controllers from middleware for cleaner usage (I'll consider moving it back if it doesn't logically make sense) Renamed Base_Campaigns to Campaigns 2014-01-11 04:11:44 +00:00			`func Campaigns(w http.ResponseWriter, r *http.Request) {`
			`//session, _ := auth.Store.Get(r, "gophish")`
			`getTemplate(w, "dashboard").ExecuteTemplate(w, "base", nil)`
			`}`

			`func Campaigns_Id(w http.ResponseWriter, r *http.Request) {`
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`//session, _ := auth.Store.Get(r, "gophish")`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`getTemplate(w, "dashboard").ExecuteTemplate(w, "base", nil)`
Initial commit - getting the ball rolling! 2013-12-03 04:56:55 +00:00			`}`

			`func Login(w http.ResponseWriter, r *http.Request) {`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`params := struct {`
			`User models.User`
			`Title string`
			`Flashes []interface{}`
Added support for --setup flag to reset database 2014-01-13 04:39:40 +00:00			`}{Title: "Login"}`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`session := ctx.Get(r, "session").(*sessions.Session)`
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config 2014-01-06 06:09:41 +00:00			`switch {`
			`case r.Method == "GET":`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`getTemplate(w, "login").ExecuteTemplate(w, "base", params)`
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config 2014-01-06 06:09:41 +00:00			`case r.Method == "POST":`
			`//Attempt to login`
- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work. 2014-01-31 04:46:25 +00:00			`err := r.ParseForm()`
			`checkError(err, w, "Error parsing request")`
Renamed CheckLogin to Login Changed encryption cookie to be 32 bytes (64 bytes not supported) 2014-01-11 06:10:52 +00:00			`succ, err := auth.Login(r)`
- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work. 2014-01-31 04:46:25 +00:00			`checkError(err, w, "Error logging in")`
Working on authentication 2014-01-07 06:58:48 +00:00			`//If we've logged in, save the session and redirect to the dashboard`
			`if succ {`
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config 2014-01-06 06:09:41 +00:00			`session.Save(r, w)`
			`http.Redirect(w, r, "/", 302)`
Working on authentication 2014-01-07 06:58:48 +00:00			`} else {`
Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`session.AddFlash(models.Flash{`
			`Type: "danger",`
			`Message: "Invalid Username/Password",`
			`})`
			`params.Flashes = session.Flashes()`
			`getTemplate(w, "login").ExecuteTemplate(w, "base", params)`
Working on setting up Login functionality Introduced working with SQLite DB - working on setting up database on first run Added "dbpath" to config 2014-01-06 06:09:41 +00:00			`}`
			`}`
Initial commit - getting the ball rolling! 2013-12-03 04:56:55 +00:00			`}`

Implemented Flashes (Model and functionality) Working on login functionality Changed the way templates are loaded and rendered 2014-01-10 03:21:54 +00:00			`func getTemplate(w http.ResponseWriter, tmpl string) *template.Template {`
			`return template.Must(template.New("template").ParseFiles("templates/base.html", "templates/nav.html", "templates/"+tmpl+".html", "templates/flashes.html"))`
Initial commit - getting the ball rolling! 2013-12-03 04:56:55 +00:00			`}`
- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work. 2014-01-31 04:46:25 +00:00
			`func checkError(e error, w http.ResponseWriter, m string) {`
			`if e != nil {`
			`fmt.Println(e)`
			`http.Error(w, m, http.StatusInternalServerError)`
			`}`
			`}`