Merge pull request #75 from wjwoodson/enable-server-tls

Added UseTLS config option for both Admin and Phish servers
2016-01-17 21:50:01 -06:00 · 2016-01-17 21:50:01 -06:00 · 064b56855c
parent 1d8ac6f9f3 8d0d401635
commit 064b56855c
8 changed files with 59 additions and 20 deletions
--- a/config.json
+++ b/config.json
@ -1,10 +1,20 @@
 {
-	"admin_url" : "127.0.0.1:3333",
-	"phish_url" : "0.0.0.0:80",
+	"admin_server" : {
+		"listen_url" : "127.0.0.1:3333",
+		"use_tls" : false,
+		"cert_path" : "example.crt",
+		"key_path" : "example.key"
+	},
+	"phish_server" : {
+		"listen_url" : "0.0.0.0:80",
+		"use_tls" : false,
+		"cert_path" : "example.crt",
+		"key_path": "example.key"
+	},
 	"smtp" : {
 		"host" : "smtp.example.com:25",
 		"user" : "username",
 		"pass" : "password"
 	},
-	"dbpath" : "gophish.db"
-}
+	"db_path" : "gophish.db"
+}
--- a/config/config.go
+++ b/config/config.go
@ -13,12 +13,28 @@ type SMTPServer struct {
 	Password string `json:"password"`
 }

+// AdminServer represents the Admin server configuration details
+type AdminServer struct {
+	ListenURL string `json:"listen_url"`
+	UseTLS    bool   `json:"use_tls"`
+	CertPath  string `json:"cert_path"`
+	KeyPath   string `json:"key_path"`
+}
+
+// PhishServer represents the Phish server configuration details
+type PhishServer struct {
+	ListenURL string `json:"listen_url"`
+	UseTLS    bool   `json:"use_tls"`
+	CertPath  string `json:"cert_path"`
+	KeyPath   string `json:"key_path"`
+}
+
 // Config represents the configuration information.
 type Config struct {
-	AdminURL string     `json:"admin_url"`
-	PhishURL string     `json:"phish_url"`
-	SMTP     SMTPServer `json:"smtp"`
-	DBPath   string     `json:"dbpath"`
+	AdminConf AdminServer `json:"admin_server"`
+	PhishConf PhishServer `json:"phish_server"`
+	SMTPConf  SMTPServer  `json:"smtp"`
+	DBPath    string      `json:"db_path"`
 }

 var Conf Config
--- a/controllers/api_test.go
+++ b/controllers/api_test.go
@ -32,7 +32,7 @@ func (s *ControllersSuite) SetupSuite() {
 	}
 	s.Nil(err)
 	// Setup the admin server for use in testing
-	as.Config.Addr = config.Conf.AdminURL
+	as.Config.Addr = config.Conf.AdminConf.ListenURL
 	as.Start()
 	// Get the API key to use for these tests
 	u, err := models.GetUser(1)
--- a/gophish.go
+++ b/gophish.go
@ -51,14 +51,26 @@ func main() {
 	// Start the web servers
 	go func() {
 		defer wg.Done()
-		Logger.Printf("Starting admin server at http://%s\n", config.Conf.AdminURL)
-		Logger.Fatal(http.ListenAndServe(config.Conf.AdminURL, handlers.CombinedLoggingHandler(os.Stdout, controllers.CreateAdminRouter())))
+		if config.Conf.AdminConf.UseTLS { // use TLS for Admin web server if available
+			Logger.Printf("Starting admin server at https://%s\n", config.Conf.AdminConf.ListenURL)
+			Logger.Fatal(http.ListenAndServeTLS(config.Conf.AdminConf.ListenURL, config.Conf.AdminConf.CertPath, config.Conf.AdminConf.KeyPath,
+				handlers.CombinedLoggingHandler(os.Stdout, controllers.CreateAdminRouter())))
+		} else {
+			Logger.Printf("Starting admin server at http://%s\n", config.Conf.AdminConf.ListenURL)
+			Logger.Fatal(http.ListenAndServe(config.Conf.AdminConf.ListenURL, handlers.CombinedLoggingHandler(os.Stdout, controllers.CreateAdminRouter())))
+		}
 	}()
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		Logger.Printf("Starting phishing server at http://%s\n", config.Conf.PhishURL)
-		Logger.Fatal(http.ListenAndServe(config.Conf.PhishURL, handlers.CombinedLoggingHandler(os.Stdout, controllers.CreatePhishingRouter())))
+		if config.Conf.PhishConf.UseTLS { // use TLS for Phish web server if available
+			Logger.Printf("Starting phishing server at https://%s\n", config.Conf.PhishConf.ListenURL)
+			Logger.Fatal(http.ListenAndServeTLS(config.Conf.PhishConf.ListenURL, config.Conf.PhishConf.CertPath, config.Conf.PhishConf.KeyPath,
+				handlers.CombinedLoggingHandler(os.Stdout, controllers.CreatePhishingRouter())))
+		} else {
+			Logger.Printf("Starting phishing server at http://%s\n", config.Conf.PhishConf.ListenURL)
+			Logger.Fatal(http.ListenAndServe(config.Conf.PhishConf.ListenURL, handlers.CombinedLoggingHandler(os.Stdout, controllers.CreatePhishingRouter())))
+		}
 	}()
 	wg.Wait()
 }
--- a/static/js/app/campaign_results.js
+++ b/static/js/app/campaign_results.js
@ -47,7 +47,7 @@ function deleteCampaign() {
    if (confirm("Are you sure you want to delete: " + campaign.name + "?")) {
        api.campaignId.delete(campaign.id)
            .success(function(msg) {
-                console.log(msg)
+                location.href = '/campaigns'
            })
            .error(function(e) {
                $("#modal\\.flashes").empty().append("<div style=\"text-align:center\" class=\"alert alert-danger\">\
--- a/static/js/app/campaigns.js
+++ b/static/js/app/campaigns.js
@ -58,7 +58,7 @@ function deleteCampaign(idx) {
        api.campaignId.delete(campaigns[idx].id)
            .success(function(data) {
                successFlash(data.message)
-                load()
+		location.reload()
            })
    }
 }
@ -113,10 +113,10 @@ $(document).ready(function() {
                        campaign.name,
                        moment(campaign.created_date).format('MMMM Do YYYY, h:mm:ss a'),
                        "<span class=\"label " + label + "\">" + campaign.status + "</span>",
-                        "<div class='pull-right'><a class='btn btn-primary' href='/campaigns/" + campaign.id + "'>\
+                        "<div class='pull-right'><a class='btn btn-primary' href='/campaigns/" + campaign.id + "' data-toggle='tooltip' data-placement='right' title='View Results'>\
                    <i class='fa fa-bar-chart'></i>\
                    </a>\
-                    <button class='btn btn-danger' onclick='deleteCampaign(" + i + ")'>\
+                    <button class='btn btn-danger' onclick='deleteCampaign(" + i + ")' data-toggle='tooltip' data-placement='right' title='Delete Campaign'>\
                    <i class='fa fa-trash-o'></i>\
                    </button></div>"
                    ]).draw()
--- a/static/js/app/dashboard.js
+++ b/static/js/app/dashboard.js
@ -14,6 +14,7 @@ function deleteCampaign(idx) {
        api.campaignId.delete(campaigns[idx].id)
            .success(function(data) {
                successFlash(data.message)
+		location.reload()
            })
    }
 }
@ -58,10 +59,10 @@ $(document).ready(function() {
                            campaign.name,
                            campaign_date,
                            "<span class=\"label " + label + "\">" + campaign.status + "</span>",
-                            "<div class='pull-right'><a class='btn btn-primary' href='/campaigns/" + campaign.id + "'>\
+                            "<div class='pull-right'><a class='btn btn-primary' href='/campaigns/" + campaign.id + "' data-toggle='tooltip' data-placement='right' title='View Results'>\
                    <i class='fa fa-bar-chart'></i>\
                    </a>\
-                    <button class='btn btn-danger' onclick='deleteCampaign(" + i + ")'>\
+                    <button class='btn btn-danger' onclick='deleteCampaign(" + i + ")' data-toggle='tooltip' data-placement='right' title='Delete Campaign'>\
                    <i class='fa fa-trash-o'></i>\
                    </button></div>"
                        ]).draw()
--- a/templates/campaign_results.html
+++ b/templates/campaign_results.html
@ -45,7 +45,7 @@
            </div>
 	-->
            <button type="button" class="btn btn-danger" data-toggle="tooltip" data-placement="right" title="Delete Campaign" onclick="deleteCampaign()">
-                <i class="fa fa-times fa-lg"></i>
+                <i class="fa fa-trash-o fa-lg"></i>
            </button>
        </div>
        <br />