Cleaned API even more (everything is via HandlerFunc)

Sessions are now encrypted as well as signed.
2014-01-10 22:37:42 -06:00 · 2014-01-10 22:37:42 -06:00 · 2a62f62bc6
parent 42d7c463df
commit 2a62f62bc6
4 changed files with 18 additions and 15 deletions
--- a/auth/auth.go
+++ b/auth/auth.go
@ -18,7 +18,10 @@ func init() {
 	gob.Register(&models.User{})
 }

-var Store = sessions.NewCookieStore([]byte(securecookie.GenerateRandomKey(64)))
+var Store = sessions.NewCookieStore(
+	[]byte(securecookie.GenerateRandomKey(64)), //Signing key
+	[]byte(securecookie.GenerateRandomKey(64)), //Encryption key
+)

 // CheckLogin attempts to request a SQL record with the given username.
 // If successful, it then compares the received bcrypt hash.
--- a/controllers/route.go
+++ b/controllers/route.go
@ -39,16 +39,16 @@ import (
 	"github.com/jordan-wright/gophish/models"
 )

-func CreateRouter() http.Handler {
+func CreateRouter() *mux.Router {
 	router := mux.NewRouter()
 	// Base Front-end routes
 	router.HandleFunc("/login", Login)
 	router.HandleFunc("/register", Register)
-	router.Handle("/", Use(http.HandlerFunc(Base), mid.RequireLogin))
-	router.Handle("/campaigns", Use(http.HandlerFunc(Campaigns), mid.RequireLogin))
-	router.Handle("/campaigns/{id}", Use(http.HandlerFunc(Campaigns_Id), mid.RequireLogin))
-	router.Handle("/users", Use(http.HandlerFunc(Users), mid.RequireLogin))
-	router.Handle("/settings", Use(http.HandlerFunc(Settings), mid.RequireLogin))
+	router.HandleFunc("/", Use(Base, mid.RequireLogin))
+	router.HandleFunc("/campaigns", Use(Campaigns, mid.RequireLogin))
+	router.HandleFunc("/campaigns/{id}", Use(Campaigns_Id, mid.RequireLogin))
+	router.HandleFunc("/users", Use(Users, mid.RequireLogin))
+	router.HandleFunc("/settings", Use(Settings, mid.RequireLogin))

 	// Create the API routes
 	api := router.PathPrefix("/api").Subrouter()
@ -64,7 +64,7 @@ func CreateRouter() http.Handler {

 // Use allows us to stack middleware to process the request
 // Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172
-func Use(handler http.Handler, mid ...func(http.Handler) http.Handler) http.Handler {
+func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc {
 	for _, m := range mid {
 		handler = m(handler)
 	}
--- a/gophish.go
+++ b/gophish.go
@ -46,6 +46,6 @@ func main() {
 		fmt.Println(err)
 	}
 	fmt.Printf("Gophish server started at http://%s\n", config.Conf.URL)
-	http.Handle("/", controllers.Use(controllers.CreateRouter(), middleware.GetContext))
+	http.Handle("/", controllers.Use(controllers.CreateRouter().ServeHTTP, middleware.GetContext))
 	http.ListenAndServe(config.Conf.URL, nil)
 }
--- a/middleware/middleware.go
+++ b/middleware/middleware.go
@ -9,9 +9,9 @@ import (

 // GetContext wraps each request in a function which fills in the context for a given request.
 // This includes setting the User and Session keys and values as necessary for use in later functions.
-func GetContext(handler http.Handler) http.Handler {
+func GetContext(handler http.Handler) http.HandlerFunc {
 	// Set the context here
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
 		// Set the context appropriately here.
 		// Set the session
 		session, _ := auth.Store.Get(r, "gophish")
@ -31,17 +31,17 @@ func GetContext(handler http.Handler) http.Handler {
 		session.Save(r, w)
 		// Remove context contents
 		ctx.Clear(r)
-	})
+	}
 }

 // RequireLogin is a simple middleware which checks to see if the user is currently logged in.
 // If not, the function returns a 302 redirect to the login page.
-func RequireLogin(handler http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+func RequireLogin(handler http.Handler) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
 		if u := ctx.Get(r, "user"); u != nil {
 			handler.ServeHTTP(w, r)
 		} else {
 			http.Redirect(w, r, "/login", 302)
 		}
-	})
+	}
 }