2014-01-09 06:42:05 +00:00
package controllers
import (
2014-01-13 02:00:20 +00:00
"encoding/json"
2014-01-09 06:42:05 +00:00
"fmt"
"net/http"
2014-02-05 03:08:09 +00:00
"net/mail"
2014-02-01 02:49:22 +00:00
"strconv"
2014-01-31 22:25:02 +00:00
"time"
2014-01-09 06:42:05 +00:00
2014-01-13 02:00:20 +00:00
ctx "github.com/gorilla/context"
2014-01-09 06:42:05 +00:00
"github.com/gorilla/mux"
2014-02-02 20:47:06 +00:00
"github.com/gorilla/sessions"
2014-02-05 00:39:01 +00:00
"github.com/jordan-wright/gophish/auth"
2014-01-31 04:46:25 +00:00
"github.com/jordan-wright/gophish/db"
"github.com/jordan-wright/gophish/models"
2014-01-09 06:42:05 +00:00
)
2014-01-31 22:25:02 +00:00
const (
IN_PROGRESS string = "In progress"
WAITING string = "Waiting"
COMPLETE string = "Completed"
ERROR string = "Error"
)
2014-02-01 03:49:35 +00:00
// API (/api) provides access to api documentation
2014-01-09 06:42:05 +00:00
func API ( w http . ResponseWriter , r * http . Request ) {
2014-02-01 03:49:35 +00:00
switch {
case r . Method == "GET" :
getTemplate ( w , "api_doc" ) . ExecuteTemplate ( w , "base" , nil )
2014-01-13 02:00:20 +00:00
}
2014-01-09 06:42:05 +00:00
}
2014-02-02 20:47:06 +00:00
// API (/api/reset) resets a user's API key
func API_Reset ( w http . ResponseWriter , r * http . Request ) {
switch {
2014-02-03 23:21:56 +00:00
case r . Method == "POST" :
2014-02-02 20:47:06 +00:00
u := ctx . Get ( r , "user" ) . ( models . User )
2014-02-05 00:39:01 +00:00
u . APIKey = auth . GenerateSecureKey ( )
2014-02-02 20:47:06 +00:00
db . Conn . Exec ( "UPDATE users SET api_key=? WHERE id=?" , u . APIKey , u . Id )
session := ctx . Get ( r , "session" ) . ( * sessions . Session )
session . AddFlash ( models . Flash {
Type : "success" ,
Message : "API Key Successfully Reset" ,
} )
session . Save ( r , w )
http . Redirect ( w , r , "/settings" , 302 )
}
}
2014-02-01 03:49:35 +00:00
// API_Campaigns returns a list of campaigns if requested via GET.
// If requested via POST, API_Campaigns creates a new campaign and returns a reference to it.
2014-01-09 06:42:05 +00:00
func API_Campaigns ( w http . ResponseWriter , r * http . Request ) {
switch {
case r . Method == "GET" :
2014-01-31 04:46:25 +00:00
cs := [ ] models . Campaign { }
2014-02-02 20:47:06 +00:00
_ , err := db . Conn . Select ( & cs , "SELECT c.id, name, created_date, completed_date, status, template FROM campaigns c, users u WHERE c.uid=u.id AND u.api_key=?" , ctx . Get ( r , "api_key" ) )
2014-01-31 04:46:25 +00:00
if err != nil {
fmt . Println ( err )
}
2014-02-02 20:47:06 +00:00
/ * for c := range cs {
_ , err := db . Conn . Select ( & cs . Results , "SELECT r.id " )
} * /
2014-01-31 22:25:02 +00:00
cj , err := json . MarshalIndent ( cs , "" , " " )
if checkError ( err , w , "Error looking up campaigns" ) {
return
2014-01-31 04:46:25 +00:00
}
2014-01-31 22:25:02 +00:00
writeJSON ( w , cj )
2014-02-02 20:47:06 +00:00
//POST: Create a new campaign and return it as JSON
2014-01-09 06:42:05 +00:00
case r . Method == "POST" :
2014-01-31 22:25:02 +00:00
c := models . Campaign { }
// Put the request into a campaign
err := json . NewDecoder ( r . Body ) . Decode ( & c )
2014-02-05 00:39:01 +00:00
if checkError ( err , w , "Invalid Request" ) {
return
}
2014-01-31 22:25:02 +00:00
// Fill in the details
c . CreatedDate = time . Now ( )
c . CompletedDate = time . Time { }
c . Status = IN_PROGRESS
2014-02-05 00:39:01 +00:00
c . Uid = ctx . Get ( r , "user_id" ) . ( int64 )
2014-01-31 22:25:02 +00:00
// Insert into the DB
err = db . Conn . Insert ( & c )
if checkError ( err , w , "Cannot insert campaign into database" ) {
return
}
cj , err := json . MarshalIndent ( c , "" , " " )
if checkError ( err , w , "Error creating JSON response" ) {
return
}
writeJSON ( w , cj )
2014-01-09 06:42:05 +00:00
}
}
2014-02-01 03:49:35 +00:00
// API_Campaigns_Id returns details about the requested campaign. If the campaign is not
// valid, API_Campaigns_Id returns null.
2014-01-09 06:42:05 +00:00
func API_Campaigns_Id ( w http . ResponseWriter , r * http . Request ) {
vars := mux . Vars ( r )
2014-02-01 02:49:22 +00:00
id , err := strconv . ParseInt ( vars [ "id" ] , 0 , 64 )
if checkError ( err , w , "Invalid Int" ) {
return
}
switch {
case r . Method == "GET" :
c := models . Campaign { }
err := db . Conn . SelectOne ( & c , "SELECT campaigns.id, name, created_date, completed_date, status, template FROM campaigns, users WHERE campaigns.uid=users.id AND campaigns.id =? AND users.api_key=?" , id , ctx . Get ( r , "api_key" ) )
if checkError ( err , w , "No campaign found" ) {
return
}
cj , err := json . MarshalIndent ( c , "" , " " )
if checkError ( err , w , "Error creating JSON response" ) {
return
}
writeJSON ( w , cj )
case r . Method == "DELETE" :
//c := models.Campaign{}
}
2014-01-09 06:42:05 +00:00
}
2014-02-04 05:41:31 +00:00
func API_Campaigns_Id_Launch ( w http . ResponseWriter , r * http . Request ) {
http . Redirect ( w , r , "/" , 302 )
}
2014-02-02 22:37:36 +00:00
// API_Groups returns details about the requested group. If the campaign is not
// valid, API_Groups returns null.
2014-02-05 03:08:09 +00:00
// Example:
/ *
POST / api / groups
{ "name" : "Test Group" ,
"targets" : [ "test@example.com" , "test2@example.com" ]
}
RESULT { "name" : "Test Group" ,
"targets" : [ "test@example.com" , "test2@example.com" ]
"id" : 1
}
* /
2014-02-02 22:37:36 +00:00
func API_Groups ( w http . ResponseWriter , r * http . Request ) {
2014-02-05 00:39:01 +00:00
switch {
case r . Method == "GET" :
gs := [ ] models . Group { }
_ , err := db . Conn . Select ( & gs , "SELECT g.id, g.name, g.modified_date FROM groups g, users u WHERE g.uid=u.id AND u.api_key=?" , ctx . Get ( r , "api_key" ) )
if err != nil {
fmt . Println ( err )
}
for _ , g := range gs {
_ , err := db . Conn . Select ( & g . Targets , "SELECT t.id t.email FROM targets t, groups g, group_targets gt WHERE gt.gid=? AND gt.tid=t.id" , g . Id )
if checkError ( err , w , "Error looking up groups" ) {
return
}
}
gj , err := json . MarshalIndent ( gs , "" , " " )
if checkError ( err , w , "Error looking up groups" ) {
return
}
writeJSON ( w , gj )
//POST: Create a new group and return it as JSON
case r . Method == "POST" :
g := models . Group { }
// Put the request into a group
err := json . NewDecoder ( r . Body ) . Decode ( & g )
if checkError ( err , w , "Invalid Request" ) {
return
}
// Check to make sure targets were specified
if len ( g . Targets ) == 0 {
http . Error ( w , "Error: No targets specified" , http . StatusInternalServerError )
return
}
g . ModifiedDate = time . Now ( )
// Insert into the DB
err = db . Conn . Insert ( & g )
if checkError ( err , w , "Cannot insert group into database" ) {
return
}
2014-02-05 03:08:09 +00:00
// Let's start a transaction to handle the bulk inserting
trans , err := db . Conn . Begin ( )
if checkError ( err , w , "Error starting transaction to insert data" ) {
return
}
// Now, let's add the user->user_groups->group mapping
// TODO
for _ , t := range g . Targets {
if _ , err = mail . ParseAddress ( t . Email ) ; err != nil {
fmt . Printf ( "Found invalid email %s\n" , t . Email )
continue
}
res , err := db . Conn . Exec ( "INSERT OR IGNORE INTO targets VALUES (null, ?)" , t . Email )
if err != nil {
fmt . Printf ( "Error adding email: %s\n" , t . Email )
}
t . Id , err = res . LastInsertId ( )
if err != nil {
fmt . Printf ( "Error getting last insert id for email: %s\n" , t . Email )
}
_ , err = db . Conn . Exec ( "INSERT OR IGNORE INTO group_targets VALUES (?,?)" , g . Id , t . Id )
if err != nil {
fmt . Printf ( "Error adding many-many mapping for %s\n" , t . Email )
}
}
if checkError ( trans . Commit ( ) , w , "Error committing transaction" ) {
return
}
2014-02-05 00:39:01 +00:00
gj , err := json . MarshalIndent ( g , "" , " " )
if checkError ( err , w , "Error creating JSON response" ) {
return
}
writeJSON ( w , gj )
}
2014-02-02 22:37:36 +00:00
}
// API_Campaigns_Id returns details about the requested campaign. If the campaign is not
// valid, API_Campaigns_Id returns null.
func API_Groups_Id ( w http . ResponseWriter , r * http . Request ) {
http . Redirect ( w , r , "/" , 302 )
}
2014-01-13 02:00:20 +00:00
func writeJSON ( w http . ResponseWriter , c [ ] byte ) {
w . Header ( ) . Set ( "Content-Type" , "application/json" )
fmt . Fprintf ( w , "%s" , c )
}