2014-01-09 06:42:05 +00:00
|
|
|
package controllers
|
|
|
|
|
|
|
|
import (
|
2016-03-11 02:35:33 +00:00
|
|
|
"bytes"
|
2016-03-10 00:55:39 +00:00
|
|
|
"crypto/tls"
|
2014-01-13 02:00:20 +00:00
|
|
|
"encoding/json"
|
2015-06-12 23:22:17 +00:00
|
|
|
"errors"
|
2014-01-09 06:42:05 +00:00
|
|
|
"fmt"
|
|
|
|
"net/http"
|
2014-02-01 02:49:22 +00:00
|
|
|
"strconv"
|
2016-03-11 02:35:33 +00:00
|
|
|
"strings"
|
2014-02-11 17:39:36 +00:00
|
|
|
"text/template"
|
2014-01-31 22:25:02 +00:00
|
|
|
"time"
|
2014-01-09 06:42:05 +00:00
|
|
|
|
2015-08-24 01:42:47 +00:00
|
|
|
"github.com/PuerkitoBio/goquery"
|
2016-01-10 17:03:17 +00:00
|
|
|
"github.com/gophish/gophish/auth"
|
2016-09-15 03:24:51 +00:00
|
|
|
ctx "github.com/gophish/gophish/context"
|
2016-01-10 17:03:17 +00:00
|
|
|
"github.com/gophish/gophish/models"
|
|
|
|
"github.com/gophish/gophish/util"
|
|
|
|
"github.com/gophish/gophish/worker"
|
2016-01-17 05:51:01 +00:00
|
|
|
"github.com/gorilla/mux"
|
|
|
|
"github.com/jinzhu/gorm"
|
|
|
|
"github.com/jordan-wright/email"
|
2014-01-09 06:42:05 +00:00
|
|
|
)
|
|
|
|
|
2015-02-07 23:30:22 +00:00
|
|
|
// Worker is the worker that processes phishing events and updates campaigns.
|
2014-03-28 04:31:51 +00:00
|
|
|
var Worker *worker.Worker
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
Worker = worker.New()
|
|
|
|
go Worker.Start()
|
|
|
|
}
|
2014-01-31 22:25:02 +00:00
|
|
|
|
2014-02-01 03:49:35 +00:00
|
|
|
// API (/api) provides access to api documentation
|
2014-01-09 06:42:05 +00:00
|
|
|
func API(w http.ResponseWriter, r *http.Request) {
|
2014-02-01 03:49:35 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-02-11 17:39:36 +00:00
|
|
|
templates := template.New("template")
|
2015-12-26 04:09:32 +00:00
|
|
|
_, err := templates.ParseFiles("templates/docs.html")
|
2014-02-11 17:39:36 +00:00
|
|
|
if err != nil {
|
2016-02-22 04:18:34 +00:00
|
|
|
Logger.Println(err)
|
2014-02-11 17:39:36 +00:00
|
|
|
}
|
|
|
|
template.Must(templates, err).ExecuteTemplate(w, "base", nil)
|
2014-01-13 02:00:20 +00:00
|
|
|
}
|
2014-01-09 06:42:05 +00:00
|
|
|
}
|
|
|
|
|
2014-02-02 20:47:06 +00:00
|
|
|
// API (/api/reset) resets a user's API key
|
|
|
|
func API_Reset(w http.ResponseWriter, r *http.Request) {
|
|
|
|
switch {
|
2014-02-03 23:21:56 +00:00
|
|
|
case r.Method == "POST":
|
2014-02-02 20:47:06 +00:00
|
|
|
u := ctx.Get(r, "user").(models.User)
|
2014-03-26 04:53:51 +00:00
|
|
|
u.ApiKey = auth.GenerateSecureKey()
|
2014-03-25 03:31:33 +00:00
|
|
|
err := models.PutUser(&u)
|
2014-02-06 16:49:53 +00:00
|
|
|
if err != nil {
|
2014-05-27 01:29:12 +00:00
|
|
|
http.Error(w, "Error setting API Key", http.StatusInternalServerError)
|
2014-02-06 16:49:53 +00:00
|
|
|
} else {
|
2015-02-18 02:49:09 +00:00
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "API Key successfully reset!", Data: u.ApiKey}, http.StatusOK)
|
2014-02-06 16:49:53 +00:00
|
|
|
}
|
2014-02-02 20:47:06 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-02-01 03:49:35 +00:00
|
|
|
// API_Campaigns returns a list of campaigns if requested via GET.
|
|
|
|
// If requested via POST, API_Campaigns creates a new campaign and returns a reference to it.
|
2014-01-09 06:42:05 +00:00
|
|
|
func API_Campaigns(w http.ResponseWriter, r *http.Request) {
|
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-03-25 03:31:33 +00:00
|
|
|
cs, err := models.GetCampaigns(ctx.Get(r, "user_id").(int64))
|
2014-01-31 04:46:25 +00:00
|
|
|
if err != nil {
|
2016-02-22 04:18:34 +00:00
|
|
|
Logger.Println(err)
|
2014-01-31 04:46:25 +00:00
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, cs, http.StatusOK)
|
2014-02-02 20:47:06 +00:00
|
|
|
//POST: Create a new campaign and return it as JSON
|
2014-01-09 06:42:05 +00:00
|
|
|
case r.Method == "POST":
|
2014-01-31 22:25:02 +00:00
|
|
|
c := models.Campaign{}
|
|
|
|
// Put the request into a campaign
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&c)
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Invalid JSON structure"}, http.StatusBadRequest)
|
2014-02-20 01:40:23 +00:00
|
|
|
return
|
|
|
|
}
|
2014-03-25 03:31:33 +00:00
|
|
|
err = models.PostCampaign(&c, ctx.Get(r, "user_id").(int64))
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
2014-01-31 22:25:02 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, c, http.StatusCreated)
|
2014-01-09 06:42:05 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-02-01 03:49:35 +00:00
|
|
|
// API_Campaigns_Id returns details about the requested campaign. If the campaign is not
|
|
|
|
// valid, API_Campaigns_Id returns null.
|
2014-01-09 06:42:05 +00:00
|
|
|
func API_Campaigns_Id(w http.ResponseWriter, r *http.Request) {
|
|
|
|
vars := mux.Vars(r)
|
2014-02-06 16:49:53 +00:00
|
|
|
id, _ := strconv.ParseInt(vars["id"], 0, 64)
|
2014-06-02 04:38:21 +00:00
|
|
|
c, err := models.GetCampaign(id, ctx.Get(r, "user_id").(int64))
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
2016-01-17 05:51:01 +00:00
|
|
|
Logger.Println(err)
|
2015-02-21 06:11:22 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Campaign not found"}, http.StatusNotFound)
|
2014-06-02 04:38:21 +00:00
|
|
|
return
|
|
|
|
}
|
2014-02-01 02:49:22 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, c, http.StatusOK)
|
2014-02-01 02:49:22 +00:00
|
|
|
case r.Method == "DELETE":
|
2014-03-25 03:31:33 +00:00
|
|
|
err = models.DeleteCampaign(id)
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error deleting campaign"}, http.StatusInternalServerError)
|
2014-02-18 20:22:16 +00:00
|
|
|
return
|
|
|
|
}
|
2015-02-18 02:49:09 +00:00
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "Campaign deleted successfully!"}, http.StatusOK)
|
2014-02-01 02:49:22 +00:00
|
|
|
}
|
2014-01-09 06:42:05 +00:00
|
|
|
}
|
|
|
|
|
2016-06-08 03:31:55 +00:00
|
|
|
// API_Campaigns_Id_Results returns just the results for a given campaign to
|
|
|
|
// significantly reduce the information returned.
|
|
|
|
func API_Campaigns_Id_Results(w http.ResponseWriter, r *http.Request) {
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
id, _ := strconv.ParseInt(vars["id"], 0, 64)
|
|
|
|
cr, err := models.GetCampaignResults(id, ctx.Get(r, "user_id").(int64))
|
|
|
|
if err != nil {
|
|
|
|
Logger.Println(err)
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Campaign not found"}, http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if r.Method == "GET" {
|
|
|
|
JSONResponse(w, cr, http.StatusOK)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-07-12 03:11:40 +00:00
|
|
|
// API_Campaigns_Id_Complete effectively "ends" a campaign.
|
|
|
|
// Future phishing emails clicked will return a simple "404" page.
|
|
|
|
func API_Campaigns_Id_Complete(w http.ResponseWriter, r *http.Request) {
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
id, _ := strconv.ParseInt(vars["id"], 0, 64)
|
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
|
|
|
err := models.CompleteCampaign(id, ctx.Get(r, "user_id").(int64))
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error completing campaign"}, http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "Campaign completed successfully!"}, http.StatusOK)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-23 10:04:35 +00:00
|
|
|
// API_Groups returns a list of groups if requested via GET.
|
|
|
|
// If requested via POST, API_Groups creates a new group and returns a reference to it.
|
2014-02-02 22:37:36 +00:00
|
|
|
func API_Groups(w http.ResponseWriter, r *http.Request) {
|
2014-02-05 00:39:01 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-03-25 03:31:33 +00:00
|
|
|
gs, err := models.GetGroups(ctx.Get(r, "user_id").(int64))
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "No groups found"}, http.StatusNotFound)
|
2014-02-06 19:30:05 +00:00
|
|
|
return
|
2014-02-05 00:39:01 +00:00
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, gs, http.StatusOK)
|
2014-02-05 00:39:01 +00:00
|
|
|
//POST: Create a new group and return it as JSON
|
|
|
|
case r.Method == "POST":
|
|
|
|
g := models.Group{}
|
|
|
|
// Put the request into a group
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&g)
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Invalid JSON structure"}, http.StatusBadRequest)
|
2014-02-05 00:39:01 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
_, err = models.GetGroupByName(g.Name, ctx.Get(r, "user_id").(int64))
|
2016-03-09 04:37:55 +00:00
|
|
|
if err != gorm.ErrRecordNotFound {
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Group name already in use"}, http.StatusConflict)
|
|
|
|
return
|
|
|
|
}
|
2014-02-05 00:39:01 +00:00
|
|
|
g.ModifiedDate = time.Now()
|
2014-03-27 18:19:57 +00:00
|
|
|
g.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PostGroup(&g)
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
2014-02-05 03:08:09 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, g, http.StatusCreated)
|
2014-02-10 01:34:47 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-23 10:04:35 +00:00
|
|
|
// API_Groups_Id returns details about the requested group.
|
|
|
|
// If the group is not valid, API_Groups_Id returns null.
|
2014-02-10 01:34:47 +00:00
|
|
|
func API_Groups_Id(w http.ResponseWriter, r *http.Request) {
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
id, _ := strconv.ParseInt(vars["id"], 0, 64)
|
2014-06-02 04:38:21 +00:00
|
|
|
g, err := models.GetGroup(id, ctx.Get(r, "user_id").(int64))
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Group not found"}, http.StatusNotFound)
|
2014-06-02 04:38:21 +00:00
|
|
|
return
|
|
|
|
}
|
2014-02-10 01:34:47 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, g, http.StatusOK)
|
2014-02-07 01:16:29 +00:00
|
|
|
case r.Method == "DELETE":
|
2014-03-27 18:19:57 +00:00
|
|
|
err = models.DeleteGroup(&g)
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error deleting group"}, http.StatusInternalServerError)
|
2014-02-07 01:16:29 +00:00
|
|
|
return
|
|
|
|
}
|
2015-02-18 02:49:09 +00:00
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "Group deleted successfully!"}, http.StatusOK)
|
2014-02-11 23:32:29 +00:00
|
|
|
case r.Method == "PUT":
|
2014-07-06 18:06:18 +00:00
|
|
|
// Change this to get from URL and uid (don't bother with id in r.Body)
|
2014-06-02 04:38:21 +00:00
|
|
|
g = models.Group{}
|
2014-02-11 23:32:29 +00:00
|
|
|
err = json.NewDecoder(r.Body).Decode(&g)
|
|
|
|
if g.Id != id {
|
2015-02-21 06:11:22 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error: /:id and group_id mismatch"}, http.StatusInternalServerError)
|
2014-03-25 00:12:04 +00:00
|
|
|
return
|
|
|
|
}
|
2014-03-27 18:19:57 +00:00
|
|
|
g.ModifiedDate = time.Now()
|
|
|
|
g.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PutGroup(&g)
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
2015-08-05 05:23:05 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
2014-02-11 23:32:29 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, g, http.StatusOK)
|
2014-02-05 00:39:01 +00:00
|
|
|
}
|
2014-02-02 22:37:36 +00:00
|
|
|
}
|
|
|
|
|
2016-01-25 02:47:16 +00:00
|
|
|
// API_Templates handles the functionality for the /api/templates endpoint
|
2014-03-17 03:02:06 +00:00
|
|
|
func API_Templates(w http.ResponseWriter, r *http.Request) {
|
2014-03-17 03:18:48 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-03-25 03:31:33 +00:00
|
|
|
ts, err := models.GetTemplates(ctx.Get(r, "user_id").(int64))
|
2015-02-07 16:41:53 +00:00
|
|
|
if err != nil {
|
2016-02-22 04:18:34 +00:00
|
|
|
Logger.Println(err)
|
2014-03-17 03:18:48 +00:00
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, ts, http.StatusOK)
|
2014-05-27 01:29:12 +00:00
|
|
|
//POST: Create a new template and return it as JSON
|
2014-03-17 03:18:48 +00:00
|
|
|
case r.Method == "POST":
|
|
|
|
t := models.Template{}
|
2014-05-27 01:29:12 +00:00
|
|
|
// Put the request into a template
|
2014-03-17 03:18:48 +00:00
|
|
|
err := json.NewDecoder(r.Body).Decode(&t)
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Invalid JSON structure"}, http.StatusBadRequest)
|
2014-03-17 03:18:48 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
_, err = models.GetTemplateByName(t.Name, ctx.Get(r, "user_id").(int64))
|
2016-03-09 04:37:55 +00:00
|
|
|
if err != gorm.ErrRecordNotFound {
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Template name already in use"}, http.StatusConflict)
|
|
|
|
return
|
|
|
|
}
|
2014-03-17 03:18:48 +00:00
|
|
|
t.ModifiedDate = time.Now()
|
2014-05-28 23:48:30 +00:00
|
|
|
t.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PostTemplate(&t)
|
2015-02-18 02:49:09 +00:00
|
|
|
if err == models.ErrTemplateNameNotSpecified {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if err == models.ErrTemplateMissingParameter {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error inserting template into database"}, http.StatusInternalServerError)
|
|
|
|
Logger.Println(err)
|
2014-03-17 03:18:48 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, t, http.StatusCreated)
|
2014-03-17 03:18:48 +00:00
|
|
|
}
|
2014-03-17 03:02:06 +00:00
|
|
|
}
|
|
|
|
|
2016-01-25 02:47:16 +00:00
|
|
|
// API_Templates_Id handles the functions for the /api/templates/:id endpoint
|
2014-03-17 03:02:06 +00:00
|
|
|
func API_Templates_Id(w http.ResponseWriter, r *http.Request) {
|
2014-05-28 23:48:30 +00:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
id, _ := strconv.ParseInt(vars["id"], 0, 64)
|
2014-06-02 04:38:21 +00:00
|
|
|
t, err := models.GetTemplate(id, ctx.Get(r, "user_id").(int64))
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Template not found"}, http.StatusNotFound)
|
2014-06-02 04:38:21 +00:00
|
|
|
return
|
|
|
|
}
|
2014-05-28 23:48:30 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, t, http.StatusOK)
|
2014-05-28 23:48:30 +00:00
|
|
|
case r.Method == "DELETE":
|
2014-06-02 04:38:21 +00:00
|
|
|
err = models.DeleteTemplate(id, ctx.Get(r, "user_id").(int64))
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error deleting template"}, http.StatusInternalServerError)
|
2014-05-28 23:48:30 +00:00
|
|
|
return
|
|
|
|
}
|
2015-02-18 02:49:09 +00:00
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "Template deleted successfully!"}, http.StatusOK)
|
2014-05-28 23:48:30 +00:00
|
|
|
case r.Method == "PUT":
|
2014-06-02 04:38:21 +00:00
|
|
|
t = models.Template{}
|
2014-05-28 23:48:30 +00:00
|
|
|
err = json.NewDecoder(r.Body).Decode(&t)
|
2014-07-24 02:04:38 +00:00
|
|
|
if err != nil {
|
|
|
|
Logger.Println(err)
|
|
|
|
}
|
2014-05-28 23:48:30 +00:00
|
|
|
if t.Id != id {
|
2015-02-21 06:11:22 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error: /:id and template_id mismatch"}, http.StatusBadRequest)
|
2014-05-28 23:48:30 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
t.ModifiedDate = time.Now()
|
2014-07-06 18:06:18 +00:00
|
|
|
t.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PutTemplate(&t)
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
2014-05-28 23:48:30 +00:00
|
|
|
return
|
|
|
|
}
|
2014-06-03 01:56:30 +00:00
|
|
|
JSONResponse(w, t, http.StatusOK)
|
2014-05-28 23:48:30 +00:00
|
|
|
}
|
2014-03-17 03:02:06 +00:00
|
|
|
}
|
|
|
|
|
2015-02-07 02:24:10 +00:00
|
|
|
// API_Pages handles requests for the /api/pages/ endpoint
|
|
|
|
func API_Pages(w http.ResponseWriter, r *http.Request) {
|
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
|
|
|
ps, err := models.GetPages(ctx.Get(r, "user_id").(int64))
|
2015-02-07 16:41:53 +00:00
|
|
|
if err != nil {
|
2016-02-22 04:18:34 +00:00
|
|
|
Logger.Println(err)
|
2015-02-07 02:24:10 +00:00
|
|
|
}
|
|
|
|
JSONResponse(w, ps, http.StatusOK)
|
|
|
|
//POST: Create a new page and return it as JSON
|
|
|
|
case r.Method == "POST":
|
|
|
|
p := models.Page{}
|
|
|
|
// Put the request into a page
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&p)
|
2015-02-07 20:31:41 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Invalid request"}, http.StatusBadRequest)
|
2015-02-07 02:24:10 +00:00
|
|
|
return
|
|
|
|
}
|
2015-08-26 02:03:12 +00:00
|
|
|
// Check to make sure the name is unique
|
2015-02-07 02:24:10 +00:00
|
|
|
_, err = models.GetPageByName(p.Name, ctx.Get(r, "user_id").(int64))
|
2016-03-09 04:37:55 +00:00
|
|
|
if err != gorm.ErrRecordNotFound {
|
2015-02-07 20:31:41 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Page name already in use"}, http.StatusConflict)
|
|
|
|
Logger.Println(err)
|
2015-02-07 02:24:10 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
p.ModifiedDate = time.Now()
|
|
|
|
p.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PostPage(&p)
|
2015-02-07 20:31:41 +00:00
|
|
|
if err != nil {
|
2015-08-26 02:03:12 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusInternalServerError)
|
2015-02-07 02:24:10 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
JSONResponse(w, p, http.StatusCreated)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-01-25 02:47:16 +00:00
|
|
|
// API_Pages_Id contains functions to handle the GET'ing, DELETE'ing, and PUT'ing
|
|
|
|
// of a Page object
|
2015-02-07 02:24:10 +00:00
|
|
|
func API_Pages_Id(w http.ResponseWriter, r *http.Request) {
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
id, _ := strconv.ParseInt(vars["id"], 0, 64)
|
|
|
|
p, err := models.GetPage(id, ctx.Get(r, "user_id").(int64))
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Page not found"}, http.StatusNotFound)
|
2015-02-07 02:24:10 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
|
|
|
JSONResponse(w, p, http.StatusOK)
|
|
|
|
case r.Method == "DELETE":
|
|
|
|
err = models.DeletePage(id, ctx.Get(r, "user_id").(int64))
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error deleting page"}, http.StatusInternalServerError)
|
2015-02-07 02:24:10 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "Page Deleted Successfully"}, http.StatusOK)
|
|
|
|
case r.Method == "PUT":
|
|
|
|
p = models.Page{}
|
|
|
|
err = json.NewDecoder(r.Body).Decode(&p)
|
|
|
|
if err != nil {
|
|
|
|
Logger.Println(err)
|
|
|
|
}
|
|
|
|
if p.Id != id {
|
2015-02-07 20:31:41 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "/:id and /:page_id mismatch"}, http.StatusBadRequest)
|
2015-02-07 02:24:10 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
p.ModifiedDate = time.Now()
|
|
|
|
p.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PutPage(&p)
|
2015-02-07 20:31:41 +00:00
|
|
|
if err != nil {
|
2016-02-26 01:58:49 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error updating page: " + err.Error()}, http.StatusInternalServerError)
|
2015-02-07 02:24:10 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
JSONResponse(w, p, http.StatusOK)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-02-20 23:16:46 +00:00
|
|
|
// API_SMTP handles requests for the /api/smtp/ endpoint
|
|
|
|
func API_SMTP(w http.ResponseWriter, r *http.Request) {
|
2016-02-22 03:09:14 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
|
|
|
ss, err := models.GetSMTPs(ctx.Get(r, "user_id").(int64))
|
|
|
|
if err != nil {
|
2016-02-22 04:18:34 +00:00
|
|
|
Logger.Println(err)
|
2016-02-22 03:09:14 +00:00
|
|
|
}
|
|
|
|
JSONResponse(w, ss, http.StatusOK)
|
|
|
|
//POST: Create a new SMTP and return it as JSON
|
|
|
|
case r.Method == "POST":
|
|
|
|
s := models.SMTP{}
|
|
|
|
// Put the request into a page
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&s)
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Invalid request"}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
// Check to make sure the name is unique
|
|
|
|
_, err = models.GetSMTPByName(s.Name, ctx.Get(r, "user_id").(int64))
|
2016-03-09 04:37:55 +00:00
|
|
|
if err != gorm.ErrRecordNotFound {
|
2016-02-22 03:09:14 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "SMTP name already in use"}, http.StatusConflict)
|
|
|
|
Logger.Println(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
s.ModifiedDate = time.Now()
|
|
|
|
s.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PostSMTP(&s)
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
JSONResponse(w, s, http.StatusCreated)
|
|
|
|
}
|
2016-02-20 23:16:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// API_SMTP_Id contains functions to handle the GET'ing, DELETE'ing, and PUT'ing
|
|
|
|
// of a SMTP object
|
|
|
|
func API_SMTP_Id(w http.ResponseWriter, r *http.Request) {
|
2016-02-22 03:09:14 +00:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
id, _ := strconv.ParseInt(vars["id"], 0, 64)
|
|
|
|
s, err := models.GetSMTP(id, ctx.Get(r, "user_id").(int64))
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "SMTP not found"}, http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
|
|
|
JSONResponse(w, s, http.StatusOK)
|
|
|
|
case r.Method == "DELETE":
|
|
|
|
err = models.DeleteSMTP(id, ctx.Get(r, "user_id").(int64))
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error deleting SMTP"}, http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "SMTP Deleted Successfully"}, http.StatusOK)
|
|
|
|
case r.Method == "PUT":
|
|
|
|
s = models.SMTP{}
|
|
|
|
err = json.NewDecoder(r.Body).Decode(&s)
|
|
|
|
if err != nil {
|
|
|
|
Logger.Println(err)
|
|
|
|
}
|
|
|
|
if s.Id != id {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "/:id and /:smtp_id mismatch"}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err = s.Validate()
|
|
|
|
if err != nil {
|
2016-05-30 19:53:32 +00:00
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
2016-02-22 03:09:14 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
s.ModifiedDate = time.Now()
|
|
|
|
s.UserId = ctx.Get(r, "user_id").(int64)
|
|
|
|
err = models.PutSMTP(&s)
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error updating page"}, http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
JSONResponse(w, s, http.StatusOK)
|
|
|
|
}
|
2016-02-20 23:16:46 +00:00
|
|
|
}
|
|
|
|
|
2015-02-16 03:53:30 +00:00
|
|
|
// API_Import_Group imports a CSV of group members
|
2014-06-22 02:06:16 +00:00
|
|
|
func API_Import_Group(w http.ResponseWriter, r *http.Request) {
|
|
|
|
ts, err := util.ParseCSV(r)
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error parsing CSV"}, http.StatusInternalServerError)
|
2014-06-22 02:06:16 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
JSONResponse(w, ts, http.StatusOK)
|
2015-06-12 23:22:17 +00:00
|
|
|
return
|
2014-06-22 02:06:16 +00:00
|
|
|
}
|
|
|
|
|
2015-02-16 03:53:30 +00:00
|
|
|
// API_Import_Email allows for the importing of email.
|
|
|
|
// Returns a Message object
|
|
|
|
func API_Import_Email(w http.ResponseWriter, r *http.Request) {
|
2015-06-12 23:22:17 +00:00
|
|
|
if r.Method != "POST" {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Method not allowed"}, http.StatusBadRequest)
|
|
|
|
return
|
2015-02-16 03:53:30 +00:00
|
|
|
}
|
2016-03-11 02:35:33 +00:00
|
|
|
ir := struct {
|
|
|
|
Content string `json:"content"`
|
|
|
|
ConvertLinks bool `json:"convert_links"`
|
|
|
|
}{}
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&ir)
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error decoding JSON Request"}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
e, err := email.NewEmailFromReader(strings.NewReader(ir.Content))
|
2015-06-12 23:22:17 +00:00
|
|
|
if err != nil {
|
|
|
|
Logger.Println(err)
|
|
|
|
}
|
2016-03-11 02:35:33 +00:00
|
|
|
// If the user wants to convert links to point to
|
|
|
|
// the landing page, let's make it happen by changing up
|
|
|
|
// e.HTML
|
|
|
|
if ir.ConvertLinks {
|
|
|
|
d, err := goquery.NewDocumentFromReader(bytes.NewReader(e.HTML))
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
d.Find("a").Each(func(i int, a *goquery.Selection) {
|
|
|
|
a.SetAttr("href", "{{.URL}}")
|
|
|
|
})
|
|
|
|
h, err := d.Html()
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
e.HTML = []byte(h)
|
|
|
|
}
|
2015-09-15 04:42:29 +00:00
|
|
|
er := emailResponse{
|
|
|
|
Subject: e.Subject,
|
|
|
|
Text: string(e.Text),
|
|
|
|
HTML: string(e.HTML),
|
|
|
|
}
|
|
|
|
JSONResponse(w, er, http.StatusOK)
|
2015-06-12 23:22:17 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// API_Import_Site allows for the importing of HTML from a website
|
|
|
|
// Without "include_resources" set, it will merely place a "base" tag
|
|
|
|
// so that all resources can be loaded relative to the given URL.
|
|
|
|
func API_Import_Site(w http.ResponseWriter, r *http.Request) {
|
|
|
|
cr := cloneRequest{}
|
|
|
|
if r.Method != "POST" {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Method not allowed"}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&cr)
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error decoding JSON Request"}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if err = cr.validate(); err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2016-03-10 00:55:39 +00:00
|
|
|
tr := &http.Transport{
|
|
|
|
TLSClientConfig: &tls.Config{
|
|
|
|
InsecureSkipVerify: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
client := &http.Client{Transport: tr}
|
|
|
|
resp, err := client.Get(cr.URL)
|
2015-06-12 23:22:17 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2015-08-24 01:42:47 +00:00
|
|
|
// Insert the base href tag to better handle relative resources
|
2016-09-15 05:03:55 +00:00
|
|
|
d, err := goquery.NewDocumentFromResponse(resp)
|
2015-06-12 23:22:17 +00:00
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2015-08-24 01:42:47 +00:00
|
|
|
// Assuming we don't want to include resources, we'll need a base href
|
|
|
|
if d.Find("head base").Length() == 0 {
|
2015-10-23 23:16:54 +00:00
|
|
|
d.Find("head").PrependHtml(fmt.Sprintf("<base href=\"%s\">", cr.URL))
|
2015-08-24 01:42:47 +00:00
|
|
|
}
|
2016-08-06 23:06:18 +00:00
|
|
|
forms := d.Find("form")
|
|
|
|
forms.Each(func(i int, f *goquery.Selection) {
|
|
|
|
// We'll want to store where we got the form from
|
|
|
|
// (the current URL)
|
|
|
|
url := f.AttrOr("action", cr.URL)
|
|
|
|
if !strings.HasPrefix(url, "http") {
|
|
|
|
url = fmt.Sprintf("%s%s", cr.URL, url)
|
|
|
|
}
|
|
|
|
f.PrependHtml(fmt.Sprintf("<input type=\"hidden\" name=\"__original_url\" value=\"%s\"/>", url))
|
|
|
|
})
|
2015-08-24 01:42:47 +00:00
|
|
|
h, err := d.Html()
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
cs := cloneResponse{HTML: h}
|
2015-06-12 23:22:17 +00:00
|
|
|
JSONResponse(w, cs, http.StatusOK)
|
|
|
|
return
|
2015-02-16 03:53:30 +00:00
|
|
|
}
|
|
|
|
|
2016-01-25 02:03:53 +00:00
|
|
|
// API_Send_Test_Email sends a test email using the template name
|
|
|
|
// and Target given.
|
|
|
|
func API_Send_Test_Email(w http.ResponseWriter, r *http.Request) {
|
|
|
|
s := &models.SendTestEmailRequest{}
|
|
|
|
if r.Method != "POST" {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Method not allowed"}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err := json.NewDecoder(r.Body).Decode(s)
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: "Error decoding JSON Request"}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
// Validate the given request
|
|
|
|
if err = s.Validate(); err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2016-02-27 14:32:10 +00:00
|
|
|
|
|
|
|
// If a Template is not specified use a default
|
|
|
|
if s.Template.Name == "" {
|
|
|
|
//default message body
|
|
|
|
text := "It works!\n\nThis is an email letting you know that your gophish\nconfiguration was successful.\n" +
|
2016-02-27 14:37:02 +00:00
|
|
|
"Here are the details:\n\nWho you sent from: {{.From}}\n\nWho you sent to: \n" +
|
|
|
|
"{{if .FirstName}} First Name: {{.FirstName}}\n{{end}}" +
|
|
|
|
"{{if .LastName}} Last Name: {{.LastName}}\n{{end}}" +
|
|
|
|
"{{if .Position}} Position: {{.Position}}\n{{end}}" +
|
|
|
|
"{{if .TrackingURL}} Tracking URL: {{.TrackingURL}}\n{{end}}" +
|
|
|
|
"\nNow go send some phish!"
|
2016-02-27 14:32:10 +00:00
|
|
|
t := models.Template{
|
|
|
|
Subject: "Default Email from Gophish",
|
2016-02-27 14:37:02 +00:00
|
|
|
Text: text,
|
2016-02-27 14:32:10 +00:00
|
|
|
}
|
|
|
|
s.Template = t
|
2016-02-27 14:37:02 +00:00
|
|
|
// Try to lookup the Template by name
|
2016-02-27 14:32:10 +00:00
|
|
|
} else {
|
|
|
|
// Get the Template requested by name
|
|
|
|
s.Template, err = models.GetTemplateByName(s.Template.Name, ctx.Get(r, "user_id").(int64))
|
2016-03-09 04:37:55 +00:00
|
|
|
if err == gorm.ErrRecordNotFound {
|
2016-02-27 14:32:10 +00:00
|
|
|
Logger.Printf("Error - Template %s does not exist", s.Template.Name)
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: models.ErrTemplateNotFound.Error()}, http.StatusBadRequest)
|
|
|
|
} else if err != nil {
|
|
|
|
Logger.Println(err)
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2016-01-25 02:03:53 +00:00
|
|
|
}
|
2016-02-27 14:32:10 +00:00
|
|
|
|
|
|
|
// If a complete sending profile is provided use it
|
|
|
|
if err := s.SMTP.Validate(); err != nil {
|
|
|
|
// Otherwise get the SMTP requested by name
|
|
|
|
s.SMTP, err = models.GetSMTPByName(s.SMTP.Name, ctx.Get(r, "user_id").(int64))
|
2016-03-09 04:37:55 +00:00
|
|
|
if err == gorm.ErrRecordNotFound {
|
2016-02-27 14:32:10 +00:00
|
|
|
Logger.Printf("Error - Sending profile %s does not exist", s.SMTP.Name)
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: models.ErrSMTPNotFound.Error()}, http.StatusBadRequest)
|
|
|
|
} else if err != nil {
|
|
|
|
Logger.Println(err)
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2016-02-22 03:09:14 +00:00
|
|
|
}
|
2016-02-27 14:32:10 +00:00
|
|
|
|
2016-01-25 02:03:53 +00:00
|
|
|
// Send the test email
|
|
|
|
err = worker.SendTestEmail(s)
|
|
|
|
if err != nil {
|
|
|
|
JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
JSONResponse(w, models.Response{Success: true, Message: "Email Sent"}, http.StatusOK)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2014-06-03 01:56:30 +00:00
|
|
|
// JSONResponse attempts to set the status code, c, and marshal the given interface, d, into a response that
|
|
|
|
// is written to the given ResponseWriter.
|
|
|
|
func JSONResponse(w http.ResponseWriter, d interface{}, c int) {
|
|
|
|
dj, err := json.MarshalIndent(d, "", " ")
|
2015-02-21 06:11:22 +00:00
|
|
|
if err != nil {
|
|
|
|
http.Error(w, "Error creating JSON response", http.StatusInternalServerError)
|
|
|
|
Logger.Println(err)
|
2014-05-29 16:57:33 +00:00
|
|
|
}
|
2014-01-13 02:00:20 +00:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2014-06-03 01:56:30 +00:00
|
|
|
w.WriteHeader(c)
|
|
|
|
fmt.Fprintf(w, "%s", dj)
|
2014-01-13 02:00:20 +00:00
|
|
|
}
|
2015-06-12 23:22:17 +00:00
|
|
|
|
|
|
|
type cloneRequest struct {
|
|
|
|
URL string `json:"url"`
|
|
|
|
IncludeResources bool `json:"include_resources"`
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cr *cloneRequest) validate() error {
|
|
|
|
if cr.URL == "" {
|
|
|
|
return errors.New("No URL Specified")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type cloneResponse struct {
|
|
|
|
HTML string `json:"html"`
|
|
|
|
}
|
2015-09-15 04:42:29 +00:00
|
|
|
|
|
|
|
type emailResponse struct {
|
|
|
|
Text string `json:"text"`
|
|
|
|
HTML string `json:"html"`
|
|
|
|
Subject string `json:"subject"`
|
|
|
|
}
|