2014-01-09 06:42:05 +00:00
|
|
|
package controllers
|
2013-12-03 04:56:55 +00:00
|
|
|
|
|
|
|
import (
|
2014-01-10 04:21:12 +00:00
|
|
|
"fmt"
|
2014-01-06 06:09:41 +00:00
|
|
|
"html/template"
|
|
|
|
"net/http"
|
|
|
|
|
2014-01-10 03:21:54 +00:00
|
|
|
ctx "github.com/gorilla/context"
|
2013-12-03 04:56:55 +00:00
|
|
|
"github.com/gorilla/mux"
|
2014-01-10 03:21:54 +00:00
|
|
|
"github.com/gorilla/sessions"
|
2014-01-09 06:42:05 +00:00
|
|
|
"github.com/jordan-wright/gophish/auth"
|
2014-02-05 16:57:53 +00:00
|
|
|
"github.com/jordan-wright/gophish/db"
|
2014-01-11 04:11:44 +00:00
|
|
|
mid "github.com/jordan-wright/gophish/middleware"
|
2014-01-10 03:21:54 +00:00
|
|
|
"github.com/jordan-wright/gophish/models"
|
2014-02-03 23:21:56 +00:00
|
|
|
"github.com/justinas/nosurf"
|
2013-12-03 04:56:55 +00:00
|
|
|
)
|
|
|
|
|
2014-02-01 02:49:22 +00:00
|
|
|
var templateDelims = []string{"{{%", "%}}"}
|
|
|
|
|
2014-02-03 23:21:56 +00:00
|
|
|
func CreateRouter() *nosurf.CSRFHandler {
|
2013-12-03 04:56:55 +00:00
|
|
|
router := mux.NewRouter()
|
|
|
|
// Base Front-end routes
|
|
|
|
router.HandleFunc("/login", Login)
|
2014-02-02 22:55:26 +00:00
|
|
|
router.HandleFunc("/logout", Use(Logout, mid.RequireLogin))
|
2013-12-03 04:56:55 +00:00
|
|
|
router.HandleFunc("/register", Register)
|
2014-01-11 04:37:42 +00:00
|
|
|
router.HandleFunc("/", Use(Base, mid.RequireLogin))
|
2014-02-02 22:37:36 +00:00
|
|
|
router.HandleFunc("/campaigns/{id:[0-9]+}", Use(Campaigns_Id, mid.RequireLogin))
|
2014-01-11 04:37:42 +00:00
|
|
|
router.HandleFunc("/users", Use(Users, mid.RequireLogin))
|
|
|
|
router.HandleFunc("/settings", Use(Settings, mid.RequireLogin))
|
2013-12-03 04:56:55 +00:00
|
|
|
|
|
|
|
// Create the API routes
|
|
|
|
api := router.PathPrefix("/api").Subrouter()
|
2014-03-18 18:58:08 +00:00
|
|
|
api = api.StrictSlash(true)
|
2014-02-01 03:49:35 +00:00
|
|
|
api.HandleFunc("/", Use(API, mid.RequireLogin))
|
2014-02-02 20:47:06 +00:00
|
|
|
api.HandleFunc("/reset", Use(API_Reset, mid.RequireLogin))
|
2014-02-08 01:40:16 +00:00
|
|
|
api.HandleFunc("/campaigns/", Use(API_Campaigns, mid.RequireAPIKey))
|
2014-02-02 22:37:36 +00:00
|
|
|
api.HandleFunc("/campaigns/{id:[0-9]+}", Use(API_Campaigns_Id, mid.RequireAPIKey))
|
2014-02-08 01:40:16 +00:00
|
|
|
api.HandleFunc("/groups/", Use(API_Groups, mid.RequireAPIKey))
|
2014-02-02 22:37:36 +00:00
|
|
|
api.HandleFunc("/groups/{id:[0-9]+}", Use(API_Groups_Id, mid.RequireAPIKey))
|
2014-03-17 03:18:48 +00:00
|
|
|
api.HandleFunc("/templates/", Use(API_Templates, mid.RequireAPIKey))
|
2014-03-17 03:02:06 +00:00
|
|
|
api.HandleFunc("/templates/{id:[0-9]+}", Use(API_Templates_Id, mid.RequireAPIKey))
|
2013-12-03 04:56:55 +00:00
|
|
|
|
2014-02-04 21:23:09 +00:00
|
|
|
// Setup static file serving
|
2013-12-03 04:56:55 +00:00
|
|
|
router.PathPrefix("/").Handler(http.FileServer(http.Dir("./static/")))
|
2014-02-03 23:21:56 +00:00
|
|
|
|
2014-02-04 21:23:09 +00:00
|
|
|
// Setup CSRF Protection
|
2014-02-03 23:21:56 +00:00
|
|
|
csrfHandler := nosurf.New(router)
|
2014-02-04 21:23:09 +00:00
|
|
|
// Exempt API routes and Static files
|
2014-02-10 01:34:47 +00:00
|
|
|
csrfHandler.ExemptGlob("/api/campaigns/*")
|
|
|
|
csrfHandler.ExemptGlob("/api/groups/*")
|
2014-03-17 03:02:06 +00:00
|
|
|
csrfHandler.ExemptGlob("/api/templates/*")
|
2014-02-03 23:21:56 +00:00
|
|
|
csrfHandler.ExemptGlob("/static/*")
|
|
|
|
return csrfHandler
|
2013-12-03 04:56:55 +00:00
|
|
|
}
|
|
|
|
|
2014-01-11 04:11:44 +00:00
|
|
|
// Use allows us to stack middleware to process the request
|
|
|
|
// Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172
|
2014-01-11 04:37:42 +00:00
|
|
|
func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc {
|
2014-01-11 04:11:44 +00:00
|
|
|
for _, m := range mid {
|
|
|
|
handler = m(handler)
|
|
|
|
}
|
|
|
|
return handler
|
|
|
|
}
|
|
|
|
|
2013-12-03 04:56:55 +00:00
|
|
|
func Register(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// If it is a post request, attempt to register the account
|
|
|
|
// Now that we are all registered, we can log the user in
|
2014-02-05 00:39:01 +00:00
|
|
|
params := struct {
|
|
|
|
Title string
|
|
|
|
Flashes []interface{}
|
|
|
|
User models.User
|
|
|
|
Token string
|
|
|
|
}{Title: "Register", Token: nosurf.Token(r)}
|
|
|
|
session := ctx.Get(r, "session").(*sessions.Session)
|
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
|
|
|
params.Flashes = session.Flashes()
|
|
|
|
session.Save(r, w)
|
|
|
|
getTemplate(w, "register").ExecuteTemplate(w, "base", params)
|
|
|
|
case r.Method == "POST":
|
|
|
|
//Attempt to register
|
|
|
|
succ, err := auth.Register(r)
|
|
|
|
//If we've registered, redirect to the login page
|
|
|
|
if succ {
|
|
|
|
session.AddFlash(models.Flash{
|
|
|
|
Type: "success",
|
|
|
|
Message: "Registration successful!.",
|
|
|
|
})
|
|
|
|
session.Save(r, w)
|
|
|
|
http.Redirect(w, r, "/login", 302)
|
|
|
|
} else {
|
|
|
|
// Check the error
|
|
|
|
m := ""
|
2014-02-05 16:57:53 +00:00
|
|
|
if err == db.ErrUsernameTaken {
|
2014-02-05 00:39:01 +00:00
|
|
|
m = "Username already taken"
|
|
|
|
} else {
|
|
|
|
m = "Unknown error - please try again"
|
|
|
|
fmt.Println(err)
|
|
|
|
}
|
|
|
|
fmt.Println(m)
|
|
|
|
session.AddFlash(models.Flash{
|
|
|
|
Type: "danger",
|
|
|
|
Message: m,
|
|
|
|
})
|
|
|
|
session.Save(r, w)
|
|
|
|
http.Redirect(w, r, "/register", 302)
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
2013-12-03 04:56:55 +00:00
|
|
|
}
|
|
|
|
|
2014-02-02 22:55:26 +00:00
|
|
|
func Logout(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// If it is a post request, attempt to register the account
|
|
|
|
// Now that we are all registered, we can log the user in
|
|
|
|
session := ctx.Get(r, "session").(*sessions.Session)
|
|
|
|
delete(session.Values, "id")
|
2014-02-05 16:57:53 +00:00
|
|
|
Flash(w, r, "success", "You have successfully logged out")
|
2014-02-02 22:55:26 +00:00
|
|
|
http.Redirect(w, r, "login", 302)
|
|
|
|
}
|
|
|
|
|
2013-12-03 04:56:55 +00:00
|
|
|
func Base(w http.ResponseWriter, r *http.Request) {
|
2014-01-06 06:09:41 +00:00
|
|
|
// Example of using session - will be removed.
|
2014-01-10 04:21:12 +00:00
|
|
|
params := struct {
|
|
|
|
User models.User
|
|
|
|
Title string
|
|
|
|
Flashes []interface{}
|
2014-01-13 04:39:40 +00:00
|
|
|
}{Title: "Dashboard", User: ctx.Get(r, "user").(models.User)}
|
2014-01-30 21:08:14 +00:00
|
|
|
getTemplate(w, "dashboard").ExecuteTemplate(w, "base", params)
|
2013-12-03 04:56:55 +00:00
|
|
|
}
|
|
|
|
|
2013-12-12 07:00:22 +00:00
|
|
|
func Users(w http.ResponseWriter, r *http.Request) {
|
2014-02-02 22:37:36 +00:00
|
|
|
params := struct {
|
|
|
|
User models.User
|
|
|
|
Title string
|
|
|
|
Flashes []interface{}
|
|
|
|
}{Title: "Users & Groups", User: ctx.Get(r, "user").(models.User)}
|
|
|
|
getTemplate(w, "users").ExecuteTemplate(w, "base", params)
|
2013-12-12 07:00:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func Settings(w http.ResponseWriter, r *http.Request) {
|
2014-01-30 21:15:12 +00:00
|
|
|
params := struct {
|
2014-02-02 20:47:06 +00:00
|
|
|
User models.User
|
|
|
|
Title string
|
|
|
|
Flashes []interface{}
|
2014-02-04 05:41:31 +00:00
|
|
|
Token string
|
2014-01-30 21:15:12 +00:00
|
|
|
}{Title: "Settings", User: ctx.Get(r, "user").(models.User)}
|
2014-02-02 20:47:06 +00:00
|
|
|
session := ctx.Get(r, "session").(*sessions.Session)
|
2014-02-10 19:02:44 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
|
|
|
params.Token = nosurf.Token(r)
|
|
|
|
params.Flashes = session.Flashes()
|
|
|
|
session.Save(r, w)
|
|
|
|
getTemplate(w, "settings").ExecuteTemplate(w, "base", params)
|
|
|
|
case r.Method == "POST":
|
|
|
|
err := auth.ChangePassword(r)
|
|
|
|
if err == auth.ErrInvalidPassword {
|
|
|
|
Flash(w, r, "danger", "Invalid Password")
|
|
|
|
} else if err != nil {
|
|
|
|
Flash(w, r, "danger", "Unknown Error")
|
|
|
|
} else {
|
|
|
|
Flash(w, r, "success", "Password successfully reset")
|
|
|
|
}
|
|
|
|
http.Redirect(w, r, "/settings", 302)
|
|
|
|
}
|
2013-12-12 07:00:22 +00:00
|
|
|
}
|
|
|
|
|
2014-01-11 04:11:44 +00:00
|
|
|
func Campaigns_Id(w http.ResponseWriter, r *http.Request) {
|
2014-02-01 03:49:35 +00:00
|
|
|
params := struct {
|
|
|
|
User models.User
|
|
|
|
Title string
|
|
|
|
Flashes []interface{}
|
|
|
|
}{Title: "Results", User: ctx.Get(r, "user").(models.User)}
|
2014-03-13 20:12:03 +00:00
|
|
|
getTemplate(w, "campaign_results").ExecuteTemplate(w, "base", params)
|
2013-12-03 04:56:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func Login(w http.ResponseWriter, r *http.Request) {
|
2014-01-10 03:21:54 +00:00
|
|
|
params := struct {
|
|
|
|
User models.User
|
|
|
|
Title string
|
|
|
|
Flashes []interface{}
|
2014-02-03 23:21:56 +00:00
|
|
|
Token string
|
|
|
|
}{Title: "Login", Token: nosurf.Token(r)}
|
2014-01-10 03:21:54 +00:00
|
|
|
session := ctx.Get(r, "session").(*sessions.Session)
|
2014-01-06 06:09:41 +00:00
|
|
|
switch {
|
|
|
|
case r.Method == "GET":
|
2014-02-02 20:47:06 +00:00
|
|
|
params.Flashes = session.Flashes()
|
|
|
|
session.Save(r, w)
|
2014-01-10 03:21:54 +00:00
|
|
|
getTemplate(w, "login").ExecuteTemplate(w, "base", params)
|
2014-01-06 06:09:41 +00:00
|
|
|
case r.Method == "POST":
|
|
|
|
//Attempt to login
|
2014-01-11 06:10:52 +00:00
|
|
|
succ, err := auth.Login(r)
|
2014-02-06 16:49:53 +00:00
|
|
|
if err != nil {
|
|
|
|
fmt.Println(err)
|
2014-01-31 22:25:02 +00:00
|
|
|
}
|
2014-01-07 06:58:48 +00:00
|
|
|
//If we've logged in, save the session and redirect to the dashboard
|
|
|
|
if succ {
|
2014-01-06 06:09:41 +00:00
|
|
|
session.Save(r, w)
|
|
|
|
http.Redirect(w, r, "/", 302)
|
2014-01-07 06:58:48 +00:00
|
|
|
} else {
|
2014-02-05 16:57:53 +00:00
|
|
|
Flash(w, r, "danger", "Invalid Username/Password")
|
2014-02-02 20:47:06 +00:00
|
|
|
http.Redirect(w, r, "/login", 302)
|
2014-01-06 06:09:41 +00:00
|
|
|
}
|
|
|
|
}
|
2013-12-03 04:56:55 +00:00
|
|
|
}
|
|
|
|
|
2014-01-10 03:21:54 +00:00
|
|
|
func getTemplate(w http.ResponseWriter, tmpl string) *template.Template {
|
2014-02-01 02:49:22 +00:00
|
|
|
templates := template.New("template")
|
|
|
|
templates.Delims(templateDelims[0], templateDelims[1])
|
|
|
|
_, err := templates.ParseFiles("templates/base.html", "templates/nav.html", "templates/"+tmpl+".html", "templates/flashes.html")
|
|
|
|
if err != nil {
|
|
|
|
fmt.Println(err)
|
|
|
|
}
|
|
|
|
return template.Must(templates, err)
|
2013-12-03 04:56:55 +00:00
|
|
|
}
|
2014-01-31 04:46:25 +00:00
|
|
|
|
2014-02-12 16:43:54 +00:00
|
|
|
func checkError(e error, w http.ResponseWriter, m string, c int) bool {
|
2014-01-31 04:46:25 +00:00
|
|
|
if e != nil {
|
|
|
|
fmt.Println(e)
|
2014-02-12 16:43:54 +00:00
|
|
|
http.Error(w, "Error: "+m, c)
|
2014-01-31 22:25:02 +00:00
|
|
|
return true
|
2014-01-31 04:46:25 +00:00
|
|
|
}
|
2014-01-31 22:25:02 +00:00
|
|
|
return false
|
2014-01-31 04:46:25 +00:00
|
|
|
}
|
2014-02-05 16:57:53 +00:00
|
|
|
|
|
|
|
func Flash(w http.ResponseWriter, r *http.Request, t string, m string) {
|
|
|
|
session := ctx.Get(r, "session").(*sessions.Session)
|
|
|
|
session.AddFlash(models.Flash{
|
|
|
|
Type: t,
|
|
|
|
Message: m,
|
|
|
|
})
|
|
|
|
session.Save(r, w)
|
|
|
|
}
|