Cleaned API even more (everything is via HandlerFunc)

Sessions are now encrypted as well as signed.

auth/auth.go

@@ -18,7 +18,10 @@ func init() {
 	gob.Register(&models.User{})
 }
 
-var Store = sessions.NewCookieStore([]byte(securecookie.GenerateRandomKey(64)))
+var Store = sessions.NewCookieStore(
+	[]byte(securecookie.GenerateRandomKey(64)), //Signing key
+	[]byte(securecookie.GenerateRandomKey(64)), //Encryption key
+)
 
 // CheckLogin attempts to request a SQL record with the given username.
 // If successful, it then compares the received bcrypt hash.

controllers/route.go

@@ -39,16 +39,16 @@ import (
 	"github.com/jordan-wright/gophish/models"
 )
 
-func CreateRouter() http.Handler {
+func CreateRouter() *mux.Router {
 	router := mux.NewRouter()
 	// Base Front-end routes
 	router.HandleFunc("/login", Login)
 	router.HandleFunc("/register", Register)
-	router.Handle("/", Use(http.HandlerFunc(Base), mid.RequireLogin))
+	router.HandleFunc("/", Use(Base, mid.RequireLogin))
-	router.Handle("/campaigns", Use(http.HandlerFunc(Campaigns), mid.RequireLogin))
+	router.HandleFunc("/campaigns", Use(Campaigns, mid.RequireLogin))
-	router.Handle("/campaigns/{id}", Use(http.HandlerFunc(Campaigns_Id), mid.RequireLogin))
+	router.HandleFunc("/campaigns/{id}", Use(Campaigns_Id, mid.RequireLogin))
-	router.Handle("/users", Use(http.HandlerFunc(Users), mid.RequireLogin))
+	router.HandleFunc("/users", Use(Users, mid.RequireLogin))
-	router.Handle("/settings", Use(http.HandlerFunc(Settings), mid.RequireLogin))
+	router.HandleFunc("/settings", Use(Settings, mid.RequireLogin))
 
 	// Create the API routes
 	api := router.PathPrefix("/api").Subrouter()
@@ -64,7 +64,7 @@ func CreateRouter() http.Handler {
 
 // Use allows us to stack middleware to process the request
 // Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172
-func Use(handler http.Handler, mid ...func(http.Handler) http.Handler) http.Handler {
+func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc {
 	for _, m := range mid {
 		handler = m(handler)
 	}

gophish.go

@@ -46,6 +46,6 @@ func main() {
 		fmt.Println(err)
 	}
 	fmt.Printf("Gophish server started at http://%s\n", config.Conf.URL)
-	http.Handle("/", controllers.Use(controllers.CreateRouter(), middleware.GetContext))
+	http.Handle("/", controllers.Use(controllers.CreateRouter().ServeHTTP, middleware.GetContext))
 	http.ListenAndServe(config.Conf.URL, nil)
 }

middleware/middleware.go

@@ -9,9 +9,9 @@ import (
 
 // GetContext wraps each request in a function which fills in the context for a given request.
 // This includes setting the User and Session keys and values as necessary for use in later functions.
-func GetContext(handler http.Handler) http.Handler {
+func GetContext(handler http.Handler) http.HandlerFunc {
 	// Set the context here
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
 		// Set the context appropriately here.
 		// Set the session
 		session, _ := auth.Store.Get(r, "gophish")
@@ -31,17 +31,17 @@ func GetContext(handler http.Handler) http.Handler {
 		session.Save(r, w)
 		// Remove context contents
 		ctx.Clear(r)
-	})
+	}
 }
 
 // RequireLogin is a simple middleware which checks to see if the user is currently logged in.
 // If not, the function returns a 302 redirect to the login page.
-func RequireLogin(handler http.Handler) http.Handler {
+func RequireLogin(handler http.Handler) http.HandlerFunc {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
 		if u := ctx.Get(r, "user"); u != nil {
 			handler.ServeHTTP(w, r)
 		} else {
 			http.Redirect(w, r, "/login", 302)
 		}
-	})
+	}
 }