gophish/models/models.go

package models

import (
	"crypto/rand"
	"fmt"
	"io"
	"time"

	"bitbucket.org/liamstask/goose/lib/goose"

	_ "github.com/go-sql-driver/mysql" // Blank import needed to import mysql
	"github.com/gophish/gophish/config"
	log "github.com/gophish/gophish/logger"
	"github.com/jinzhu/gorm"
	_ "github.com/mattn/go-sqlite3" // Blank import needed to import sqlite3
)

var db *gorm.DB
var conf *config.Config

const MaxDatabaseConnectionAttempts int = 10

const (
	CampaignInProgress string = "In progress"
	CampaignQueued     string = "Queued"
	CampaignCreated    string = "Created"
	CampaignEmailsSent string = "Emails Sent"
	CampaignComplete   string = "Completed"
	EventSent          string = "Email Sent"
	EventSendingError  string = "Error Sending Email"
	EventOpened        string = "Email Opened"
	EventClicked       string = "Clicked Link"
	EventDataSubmit    string = "Submitted Data"
	EventReported      string = "Email Reported"
	EventProxyRequest  string = "Proxied request"
	StatusSuccess      string = "Success"
	StatusQueued       string = "Queued"
	StatusSending      string = "Sending"
	StatusUnknown      string = "Unknown"
	StatusScheduled    string = "Scheduled"
	StatusRetry        string = "Retrying"
	Error              string = "Error"
)

// Flash is used to hold flash information for use in templates.
type Flash struct {
	Type    string
	Message string
}

// Response contains the attributes found in an API response
type Response struct {
	Message string      `json:"message"`
	Success bool        `json:"success"`
	Data    interface{} `json:"data"`
}

// Copy of auth.GenerateSecureKey to prevent cyclic import with auth library
func generateSecureKey() string {
	k := make([]byte, 32)
	io.ReadFull(rand.Reader, k)
	return fmt.Sprintf("%x", k)
}

func chooseDBDriver(name, openStr string) goose.DBDriver {
	d := goose.DBDriver{Name: name, OpenStr: openStr}

	switch name {
	case "mysql":
		d.Import = "github.com/go-sql-driver/mysql"
		d.Dialect = &goose.MySqlDialect{}

	// Default database is sqlite3
	default:
		d.Import = "github.com/mattn/go-sqlite3"
		d.Dialect = &goose.Sqlite3Dialect{}
	}

	return d
}

// Setup initializes the Conn object
// It also populates the Gophish Config object
func Setup(c *config.Config) error {
	// Setup the package-scoped config
	conf = c
	// Setup the goose configuration
	migrateConf := &goose.DBConf{
		MigrationsDir: conf.MigrationsPath,
		Env:           "production",
		Driver:        chooseDBDriver(conf.DBName, conf.DBPath),
	}
	// Get the latest possible migration
	latest, err := goose.GetMostRecentDBVersion(migrateConf.MigrationsDir)
	if err != nil {
		log.Error(err)
		return err
	}
	// Open our database connection
	i := 0
	for {
		db, err = gorm.Open(conf.DBName, conf.DBPath)
		if err == nil {
			break
		}
		if err != nil && i >= MaxDatabaseConnectionAttempts {
			log.Error(err)
			return err
		}
		i += 1
		log.Warn("waiting for database to be up...")
		time.Sleep(5 * time.Second)
	}
	db.LogMode(false)
	db.SetLogger(log.Logger)
	db.DB().SetMaxOpenConns(1)
	if err != nil {
		log.Error(err)
		return err
	}
	// Migrate up to the latest version
	err = goose.RunMigrationsOnDb(migrateConf, migrateConf.MigrationsDir, latest, db.DB())
	if err != nil {
		log.Error(err)
		return err
	}
	// Create the admin user if it doesn't exist
	var userCount int64
	db.Model(&User{}).Count(&userCount)
	adminRole, err := GetRoleBySlug(RoleAdmin)
	if err != nil {
		log.Error(err)
		return err
	}
	if userCount == 0 {
		initUser := User{
			Username: "admin",
			Hash:     "$2a$10$IYkPp0.QsM81lYYPrQx6W.U6oQGw7wMpozrKhKAHUBVL4mkm/EvAS", //gophish
			Role:     adminRole,
			RoleID:   adminRole.ID,
		}
		initUser.ApiKey = generateSecureKey()
		err = db.Save(&initUser).Error
		if err != nil {
			log.Error(err)
			return err
		}
	}
	return nil
}
Major refactoring - created auth, config, models, controllers, and middleware packages. Should help provide modularity and a clean architecture. Added doc.go for each package 2014-01-09 06:42:05 +00:00			`package models`
Moved structs to models.go file Changed config to have "host" string Working on simple mailing library Some basic template bug fixes (eventually I might move the side nav to a template) 2013-12-12 06:27:43 +00:00
Major refactoring - modularized models into separate files. Removed db package (moved to models) I will be looking to migrate to gorm (instead of gorp) soon! 2014-03-25 03:31:33 +00:00			`import (`
Caused API key to be generated dynamically for admin user. Fixes #60 2016-01-13 02:46:17 +00:00			`"crypto/rand"`
			`"fmt"`
			`"io"`
Wait for db (#1402) Added a loop that attempts to connect to the configured database. 2019-03-28 03:48:31 +00:00			`"time"`
Created Campaigns struct 2014-01-13 03:36:26 +00:00
Adding first round of database migrations using goose 2016-01-19 03:13:32 +00:00			`"bitbucket.org/liamstask/goose/lib/goose"`

Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 2018-05-04 00:07:41 +00:00			`_ "github.com/go-sql-driver/mysql" // Blank import needed to import mysql`
Update bcrypt dependency and code moved to gophish group 2016-01-10 17:03:17 +00:00			`"github.com/gophish/gophish/config"`
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 2018-05-04 00:07:41 +00:00			`log "github.com/gophish/gophish/logger"`
Caused API key to be generated dynamically for admin user. Fixes #60 2016-01-13 02:46:17 +00:00			`"github.com/jinzhu/gorm"`
Starting to integrate landing page functionality (still not working). Also did some minor cleanup. 2015-02-07 02:24:10 +00:00			`_ "github.com/mattn/go-sqlite3" // Blank import needed to import sqlite3`
Major refactoring - modularized models into separate files. Removed db package (moved to models) I will be looking to migrate to gorm (instead of gorp) soon! 2014-03-25 03:31:33 +00:00			`)`
Created Campaigns struct 2014-01-13 03:36:26 +00:00
Updating gorm constructs to support gorm v1.0 released yesterday. 2016-03-09 04:37:55 +00:00			`var db *gorm.DB`
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package 2018-12-15 21:42:32 +00:00			`var conf *config.Config`
Starting to integrate landing page functionality (still not working). Also did some minor cleanup. 2015-02-07 02:24:10 +00:00
Wait for db (#1402) Added a loop that attempts to connect to the configured database. 2019-03-28 03:48:31 +00:00			`const MaxDatabaseConnectionAttempts int = 10`

Initial commit of worker.go (Still work to do) Moved constants to models.go Changed Campaign.Template to be an actual template (will need to adjust all the methods to handle it) Added UpdateCampaignStatus function to update a campaign status 2014-03-28 04:31:51 +00:00			`const (`
Fixed various minor linting issues 2018-12-16 03:38:51 +00:00			`CampaignInProgress string = "In progress"`
			`CampaignQueued string = "Queued"`
			`CampaignCreated string = "Created"`
			`CampaignEmailsSent string = "Emails Sent"`
			`CampaignComplete string = "Completed"`
			`EventSent string = "Email Sent"`
			`EventSendingError string = "Error Sending Email"`
			`EventOpened string = "Email Opened"`
			`EventClicked string = "Clicked Link"`
			`EventDataSubmit string = "Submitted Data"`
			`EventReported string = "Email Reported"`
			`EventProxyRequest string = "Proxied request"`
			`StatusSuccess string = "Success"`
			`StatusQueued string = "Queued"`
			`StatusSending string = "Sending"`
			`StatusUnknown string = "Unknown"`
			`StatusScheduled string = "Scheduled"`
			`StatusRetry string = "Retrying"`
			`Error string = "Error"`
Initial commit of worker.go (Still work to do) Moved constants to models.go Changed Campaign.Template to be an actual template (will need to adjust all the methods to handle it) Added UpdateCampaignStatus function to update a campaign status 2014-03-28 04:31:51 +00:00			`)`

Fixed bug in POSTing campaign Removed gorp initialization code from models.go 2014-03-26 19:50:16 +00:00			`// Flash is used to hold flash information for use in templates.`
			`type Flash struct {`
			`Type string`
			`Message string`
			`}`

Starting to integrate landing page functionality (still not working). Also did some minor cleanup. 2015-02-07 02:24:10 +00:00			`// Response contains the attributes found in an API response`
Moving JSON Responses to a standard Response object Added cursor:pointer styling to dropdown menus 2014-06-02 03:30:23 +00:00			`type Response struct {`
Cleaned up possible (very unlikely?) permission issue Better logging in controllers module DRY changes to API Added Data attribute to models.Response struct Added GetTemplateByName (will be used in filling out campaign) Changed modal to be 800px on large screens for better previews 2014-06-02 04:38:21 +00:00			Message string `json:"message"`
			Success bool `json:"success"`
			Data interface{} `json:"data"`
Moving JSON Responses to a standard Response object Added cursor:pointer styling to dropdown menus 2014-06-02 03:30:23 +00:00			`}`

Caused API key to be generated dynamically for admin user. Fixes #60 2016-01-13 02:46:17 +00:00			`// Copy of auth.GenerateSecureKey to prevent cyclic import with auth library`
			`func generateSecureKey() string {`
			`k := make([]byte, 32)`
			`io.ReadFull(rand.Reader, k)`
			`return fmt.Sprintf("%x", k)`
			`}`

Adding support for Mysql (#442) Thanks, @svigne1! Fixes #53 2016-11-19 16:37:22 +00:00			`func chooseDBDriver(name, openStr string) goose.DBDriver {`
			`d := goose.DBDriver{Name: name, OpenStr: openStr}`

			`switch name {`
			`case "mysql":`
			`d.Import = "github.com/go-sql-driver/mysql"`
			`d.Dialect = &goose.MySqlDialect{}`

			`// Default database is sqlite3`
			`default:`
			`d.Import = "github.com/mattn/go-sqlite3"`
			`d.Dialect = &goose.Sqlite3Dialect{}`
			`}`

			`return d`
			`}`

Major refactoring - modularized models into separate files. Removed db package (moved to models) I will be looking to migrate to gorm (instead of gorp) soon! 2014-03-25 03:31:33 +00:00			`// Setup initializes the Conn object`
			`// It also populates the Gophish Config object`
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package 2018-12-15 21:42:32 +00:00			`func Setup(c *config.Config) error {`
			`// Setup the package-scoped config`
			`conf = c`
Adding first round of database migrations using goose 2016-01-19 03:13:32 +00:00			`// Setup the goose configuration`
			`migrateConf := &goose.DBConf{`
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package 2018-12-15 21:42:32 +00:00			`MigrationsDir: conf.MigrationsPath,`
Adding first round of database migrations using goose 2016-01-19 03:13:32 +00:00			`Env: "production",`
Refactor servers (#1321) * Refactoring servers to support custom workers and graceful shutdown. * Refactoring workers to support custom mailers. * Refactoring mailer to be an interface, with proper instances instead of a single global instance * Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition. * Cleaning up API middleware to be simpler * Moving template parameters to separate struct * Changed LoadConfig to return config object * Cleaned up some error handling, removing uninitialized global error in models package * Changed static file serving to use the unindexed package 2018-12-15 21:42:32 +00:00			`Driver: chooseDBDriver(conf.DBName, conf.DBPath),`
Adding first round of database migrations using goose 2016-01-19 03:13:32 +00:00			`}`
			`// Get the latest possible migration`
			`latest, err := goose.GetMostRecentDBVersion(migrateConf.MigrationsDir)`
			`if err != nil {`
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 2018-05-04 00:07:41 +00:00			`log.Error(err)`
Adding first round of database migrations using goose 2016-01-19 03:13:32 +00:00			`return err`
			`}`
			`// Open our database connection`
Wait for db (#1402) Added a loop that attempts to connect to the configured database. 2019-03-28 03:48:31 +00:00			`i := 0`
			`for {`
			`db, err = gorm.Open(conf.DBName, conf.DBPath)`
			`if err == nil {`
			`break`
			`}`
			`if err != nil && i >= MaxDatabaseConnectionAttempts {`
			`log.Error(err)`
			`return err`
			`}`
			`i += 1`
			`log.Warn("waiting for database to be up...")`
			`time.Sleep(5 * time.Second)`
			`}`
Initial commit of worker.go (Still work to do) Moved constants to models.go Changed Campaign.Template to be an actual template (will need to adjust all the methods to handle it) Added UpdateCampaignStatus function to update a campaign status 2014-03-28 04:31:51 +00:00			`db.LogMode(false)`
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 2018-05-04 00:07:41 +00:00			`db.SetLogger(log.Logger)`
Potential fix for database locking issue. Fixes #331 2016-08-03 04:28:22 +00:00			`db.DB().SetMaxOpenConns(1)`
Working on gorm integration TODO: [ ] Finish up groups (many-to-many with group_targets) [ ] Convert Template models 2014-03-26 04:53:51 +00:00			`if err != nil {`
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 2018-05-04 00:07:41 +00:00			`log.Error(err)`
Fixed bug in POSTing campaign Removed gorp initialization code from models.go 2014-03-26 19:50:16 +00:00			`return err`
Working on gorm integration TODO: [ ] Finish up groups (many-to-many with group_targets) [ ] Convert Template models 2014-03-26 04:53:51 +00:00			`}`
Adding first round of database migrations using goose 2016-01-19 03:13:32 +00:00			`// Migrate up to the latest version`
			`err = goose.RunMigrationsOnDb(migrateConf, migrateConf.MigrationsDir, latest, db.DB())`
			`if err != nil {`
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 2018-05-04 00:07:41 +00:00			`log.Error(err)`
Adding first round of database migrations using goose 2016-01-19 03:13:32 +00:00			`return err`
			`}`
Fixed the way the initial admin is created to better support MySQL installations. Fixes #948 2018-02-09 01:04:59 +00:00			`// Create the admin user if it doesn't exist`
			`var userCount int64`
			`db.Model(&User{}).Count(&userCount)`
Initial commit of RBAC support. (#1366) * Initial commit of RBAC support. Closes #1333 2019-02-20 02:33:50 +00:00			`adminRole, err := GetRoleBySlug(RoleAdmin)`
			`if err != nil {`
			`log.Error(err)`
			`return err`
			`}`
Fixed the way the initial admin is created to better support MySQL installations. Fixes #948 2018-02-09 01:04:59 +00:00			`if userCount == 0 {`
Starting to integrate landing page functionality (still not working). Also did some minor cleanup. 2015-02-07 02:24:10 +00:00			`initUser := User{`
Major refactoring - modularized models into separate files. Removed db package (moved to models) I will be looking to migrate to gorm (instead of gorp) soon! 2014-03-25 03:31:33 +00:00			`Username: "admin",`
			`Hash: "$2a$10$IYkPp0.QsM81lYYPrQx6W.U6oQGw7wMpozrKhKAHUBVL4mkm/EvAS", //gophish`
Initial commit of RBAC support. (#1366) * Initial commit of RBAC support. Closes #1333 2019-02-20 02:33:50 +00:00			`Role: adminRole,`
			`RoleID: adminRole.ID,`
Working on gorm integration TODO: [ ] Finish up groups (many-to-many with group_targets) [ ] Convert Template models 2014-03-26 04:53:51 +00:00			`}`
Caused API key to be generated dynamically for admin user. Fixes #60 2016-01-13 02:46:17 +00:00			`initUser.ApiKey = generateSecureKey()`
Starting to integrate landing page functionality (still not working). Also did some minor cleanup. 2015-02-07 02:24:10 +00:00			`err = db.Save(&initUser).Error`
Working on gorm integration TODO: [ ] Finish up groups (many-to-many with group_targets) [ ] Convert Template models 2014-03-26 04:53:51 +00:00			`if err != nil {`
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 2018-05-04 00:07:41 +00:00			`log.Error(err)`
Adding first round of database migrations using goose 2016-01-19 03:13:32 +00:00			`return err`
Working on gorm integration TODO: [ ] Finish up groups (many-to-many with group_targets) [ ] Convert Template models 2014-03-26 04:53:51 +00:00			`}`
Major refactoring - modularized models into separate files. Removed db package (moved to models) I will be looking to migrate to gorm (instead of gorp) soon! 2014-03-25 03:31:33 +00:00			`}`
Changed the init to Setup() for better control over DB creation 2014-03-25 03:38:59 +00:00			`return nil`
Working on SendMail (currently NOT functional) Added user model for kicks - we'll see if it finds a reason to stay Setup /users and /settings routes 2013-12-12 07:00:22 +00:00			`}`