gophish/db/db.go

package db

import (
	"database/sql"
	"errors"
	"fmt"
	"os"
	"time"

	"github.com/coopernurse/gorp"
	"github.com/jordan-wright/gophish/config"
	"github.com/jordan-wright/gophish/models"
	_ "github.com/mattn/go-sqlite3"
)

var Conn *gorp.DbMap
var DB *sql.DB
var err error
var ErrUsernameTaken = errors.New("Username already taken")

// Setup initializes the Conn object
// It also populates the Gophish Config object
func Setup() error {
	DB, err := sql.Open("sqlite3", config.Conf.DBPath)
	Conn = &gorp.DbMap{Db: DB, Dialect: gorp.SqliteDialect{}}
	//If the file already exists, delete it and recreate it
	_, err = os.Stat(config.Conf.DBPath)
	Conn.AddTableWithName(models.User{}, "users").SetKeys(true, "Id")
	Conn.AddTableWithName(models.Campaign{}, "campaigns").SetKeys(true, "Id")
	Conn.AddTableWithName(models.Group{}, "groups").SetKeys(true, "Id")
	if err != nil {
		fmt.Println("Database not found, recreating...")
		createTablesSQL := []string{
			//Create tables
			`CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT NOT NULL, hash VARCHAR(60) NOT NULL, api_key VARCHAR(32), UNIQUE(username), UNIQUE(api_key));`,
			`CREATE TABLE campaigns (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, created_date TIMESTAMP NOT NULL, completed_date TIMESTAMP, template TEXT, status TEXT NOT NULL, uid INTEGER, FOREIGN KEY (uid) REFERENCES users(id));`,
			`CREATE TABLE targets (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL, UNIQUE(email));`,
			`CREATE TABLE groups (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, modified_date TIMESTAMP NOT NULL);`,
			`CREATE TABLE user_groups (uid INTEGER NOT NULL, gid INTEGER NOT NULL, FOREIGN KEY (uid) REFERENCES users(id), FOREIGN KEY (gid) REFERENCES groups(id), UNIQUE(uid, gid))`,
			`CREATE TABLE group_targets (gid INTEGER NOT NULL, tid INTEGER NOT NULL, FOREIGN KEY (gid) REFERENCES groups(id), FOREIGN KEY (tid) REFERENCES targets(id), UNIQUE(gid, tid));`,
		}
		fmt.Println("Creating db at " + config.Conf.DBPath)
		//Create the tables needed
		for _, stmt := range createTablesSQL {
			_, err = DB.Exec(stmt)
			if err != nil {
				return err
			}
		}
		//Create the default user
		init_user := models.User{
			Username: "admin",
			Hash:     "$2a$10$IYkPp0.QsM81lYYPrQx6W.U6oQGw7wMpozrKhKAHUBVL4mkm/EvAS",
			APIKey:   "12345678901234567890123456789012",
		}
		Conn.Insert(&init_user)
		if err != nil {
			fmt.Println(err)
		}
		c := models.Campaign{
			Name:          "Test Campaigns",
			CreatedDate:   time.Now().UTC(),
			CompletedDate: time.Now().UTC(),
			Template:      "test template",
			Status:        "In progress",
			Uid:           init_user.Id,
		}
		Conn.Insert(&c)
	}
	return nil
}

// API Functions (GET, POST, PUT, DELETE)

// GetUser returns the user that the given id corresponds to. If no user is found, an
// error is thrown.
func GetUser(id int64) (models.User, error) {
	u := models.User{}
	err := Conn.SelectOne(&u, "SELECT * FROM Users WHERE id=?", id)
	if err != nil {
		return u, err
	}
	return u, nil
}

// GetUserByAPIKey returns the user that the given API Key corresponds to. If no user is found, an
// error is thrown.
func GetUserByAPIKey(key []byte) (models.User, error) {
	u := models.User{}
	err := Conn.SelectOne(&u, "SELECT id, username, api_key FROM Users WHERE apikey=?", key)
	if err != nil {
		return u, err
	}
	return u, nil
}

// GetUserByAPIKey returns the user that the given API Key corresponds to. If no user is found, an
// error is thrown.
func GetUserByUsername(username string) (models.User, error) {
	u := models.User{}
	err := Conn.SelectOne(&u, "SELECT * FROM Users WHERE username=?", username)
	if err != sql.ErrNoRows {
		return u, ErrUsernameTaken
	} else if err != nil {
		return u, err
	}
	return u, nil
}

func PutUser(u *models.User) error {
	_, err := Conn.Update(u)
	return err
}

func GetCampaigns(key interface{}) ([]models.Campaign, error) {
	cs := []models.Campaign{}
	_, err := Conn.Select(&cs, "SELECT c.id, name, created_date, completed_date, status, template FROM campaigns c, users u WHERE c.uid=u.id AND u.api_key=?", key)
	return cs, err
}

func GetCampaign(id int64) {

}
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`package db`

			`import (`
			`"database/sql"`
Added easier support for Flashes Moving DB access (as much as possible) into `db` package. 2014-02-05 16:57:53 +00:00			`"errors"`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`"fmt"`
			`"os"`
- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work. 2014-01-31 04:46:25 +00:00			`"time"`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`"github.com/coopernurse/gorp"`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`"github.com/jordan-wright/gophish/config"`
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`"github.com/jordan-wright/gophish/models"`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`_ "github.com/mattn/go-sqlite3"`
			`)`

Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`var Conn *gorp.DbMap`
			`var DB *sql.DB`
			`var err error`
Added easier support for Flashes Moving DB access (as much as possible) into `db` package. 2014-02-05 16:57:53 +00:00			`var ErrUsernameTaken = errors.New("Username already taken")`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00
			`// Setup initializes the Conn object`
			`// It also populates the Gophish Config object`
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`func Setup() error {`
			`DB, err := sql.Open("sqlite3", config.Conf.DBPath)`
			`Conn = &gorp.DbMap{Db: DB, Dialect: gorp.SqliteDialect{}}`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`//If the file already exists, delete it and recreate it`
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`_, err = os.Stat(config.Conf.DBPath)`
			`Conn.AddTableWithName(models.User{}, "users").SetKeys(true, "Id")`
			`Conn.AddTableWithName(models.Campaign{}, "campaigns").SetKeys(true, "Id")`
Cleaning up documentation Added targets, groups, group_target tables 2014-02-01 22:35:16 +00:00			`Conn.AddTableWithName(models.Group{}, "groups").SetKeys(true, "Id")`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`if err != nil {`
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`fmt.Println("Database not found, recreating...")`
Added support for --setup flag to reset database 2014-01-13 04:39:40 +00:00			`createTablesSQL := []string{`
			`//Create tables`
Implemented Registration Created auth.GenerateSecureKey to handle generating API Keys 2014-02-05 00:39:01 +00:00			`CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT NOT NULL, hash VARCHAR(60) NOT NULL, api_key VARCHAR(32), UNIQUE(username), UNIQUE(api_key));`,
Cleaning up documentation Added targets, groups, group_target tables 2014-02-01 22:35:16 +00:00			`CREATE TABLE campaigns (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, created_date TIMESTAMP NOT NULL, completed_date TIMESTAMP, template TEXT, status TEXT NOT NULL, uid INTEGER, FOREIGN KEY (uid) REFERENCES users(id));`,
Finished implementing first version of GET, POST /api/groups 2014-02-05 03:53:11 +00:00			`CREATE TABLE targets (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL, UNIQUE(email));`,
Cleaned up csrf exemptions Cleaned up models Added UNIQUE constraint on many-many tables Added form parsing/ userid from API key lookup in middleware 2014-02-04 21:23:09 +00:00			`CREATE TABLE groups (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, modified_date TIMESTAMP NOT NULL);`,
			`CREATE TABLE user_groups (uid INTEGER NOT NULL, gid INTEGER NOT NULL, FOREIGN KEY (uid) REFERENCES users(id), FOREIGN KEY (gid) REFERENCES groups(id), UNIQUE(uid, gid))`,
			`CREATE TABLE group_targets (gid INTEGER NOT NULL, tid INTEGER NOT NULL, FOREIGN KEY (gid) REFERENCES groups(id), FOREIGN KEY (tid) REFERENCES targets(id), UNIQUE(gid, tid));`,
Added support for --setup flag to reset database 2014-01-13 04:39:40 +00:00			`}`
			`fmt.Println("Creating db at " + config.Conf.DBPath)`
			`//Create the tables needed`
			`for _, stmt := range createTablesSQL {`
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`_, err = DB.Exec(stmt)`
Added support for --setup flag to reset database 2014-01-13 04:39:40 +00:00			`if err != nil {`
			`return err`
			`}`
			`}`
			`//Create the default user`
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`init_user := models.User{`
Changed to indent JSON Changed default username to admin (instead of jordan) 2014-01-31 05:11:06 +00:00			`Username: "admin",`
Cleaning up some broken links Changed default admin password to 'gophish' Fixed bug in POST /api/campaigns Starting to implements groups and users functionality 2014-02-02 22:37:36 +00:00			`Hash: "$2a$10$IYkPp0.QsM81lYYPrQx6W.U6oQGw7wMpozrKhKAHUBVL4mkm/EvAS",`
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`APIKey: "12345678901234567890123456789012",`
Added support for --setup flag to reset database 2014-01-13 04:39:40 +00:00			`}`
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`Conn.Insert(&init_user)`
Added createTableSQL script to better manage table creation Added creation of Campaigns table 2014-01-13 03:46:51 +00:00			`if err != nil {`
Adding some models - Incorporated use of `gorp` package to allow ORM'ish functionality 2014-01-30 21:08:14 +00:00			`fmt.Println(err)`
Added createTableSQL script to better manage table creation Added creation of Campaigns table 2014-01-13 03:46:51 +00:00			`}`
- Working on implementing the API (started working on /api/campaigns) - Implemented APIKey middleware - Changed settings template to look a bit nicer and to, you know, work. 2014-01-31 04:46:25 +00:00			`c := models.Campaign{`
			`Name: "Test Campaigns",`
			`CreatedDate: time.Now().UTC(),`
			`CompletedDate: time.Now().UTC(),`
			`Template: "test template",`
			`Status: "In progress",`
			`Uid: init_user.Id,`
			`}`
			`Conn.Insert(&c)`
Moved DB to root folder Created db package to handle DB connection/queries Removed Setup.go (now handled in db package) Setup context in middleware 2014-01-09 23:18:49 +00:00			`}`
			`return nil`
			`}`
Added easier support for Flashes Moving DB access (as much as possible) into `db` package. 2014-02-05 16:57:53 +00:00
			`// API Functions (GET, POST, PUT, DELETE)`

			`// GetUser returns the user that the given id corresponds to. If no user is found, an`
			`// error is thrown.`
			`func GetUser(id int64) (models.User, error) {`
			`u := models.User{}`
			`err := Conn.SelectOne(&u, "SELECT * FROM Users WHERE id=?", id)`
			`if err != nil {`
			`return u, err`
			`}`
			`return u, nil`
			`}`

			`// GetUserByAPIKey returns the user that the given API Key corresponds to. If no user is found, an`
			`// error is thrown.`
			`func GetUserByAPIKey(key []byte) (models.User, error) {`
			`u := models.User{}`
			`err := Conn.SelectOne(&u, "SELECT id, username, api_key FROM Users WHERE apikey=?", key)`
			`if err != nil {`
			`return u, err`
			`}`
			`return u, nil`
			`}`

			`// GetUserByAPIKey returns the user that the given API Key corresponds to. If no user is found, an`
			`// error is thrown.`
			`func GetUserByUsername(username string) (models.User, error) {`
			`u := models.User{}`
			`err := Conn.SelectOne(&u, "SELECT * FROM Users WHERE username=?", username)`
			`if err != sql.ErrNoRows {`
			`return u, ErrUsernameTaken`
			`} else if err != nil {`
			`return u, err`
			`}`
			`return u, nil`
			`}`

			`func PutUser(u *models.User) error {`
			`_, err := Conn.Update(u)`
			`return err`
			`}`

			`func GetCampaigns(key interface{}) ([]models.Campaign, error) {`
			`cs := []models.Campaign{}`
			`_, err := Conn.Select(&cs, "SELECT c.id, name, created_date, completed_date, status, template FROM campaigns c, users u WHERE c.uid=u.id AND u.api_key=?", key)`
			`return cs, err`
			`}`

			`func GetCampaign(id int64) {`

			`}`