mirror of https://github.com/gophish/gophish
Cleaned up csrf exemptions
Cleaned up models Added UNIQUE constraint on many-many tables Added form parsing/ userid from API key lookup in middlewarepull/24/head
parent
4c722afe8b
commit
359fa01c1c
|
@ -37,12 +37,14 @@ func CreateRouter() *nosurf.CSRFHandler {
|
|||
api.HandleFunc("/groups", Use(API_Groups, mid.RequireAPIKey))
|
||||
api.HandleFunc("/groups/{id:[0-9]+}", Use(API_Groups_Id, mid.RequireAPIKey))
|
||||
|
||||
//Setup static file serving
|
||||
// Setup static file serving
|
||||
router.PathPrefix("/").Handler(http.FileServer(http.Dir("./static/")))
|
||||
|
||||
//Setup CSRF Protection
|
||||
// Setup CSRF Protection
|
||||
csrfHandler := nosurf.New(router)
|
||||
csrfHandler.ExemptGlob("/api/*/*")
|
||||
// Exempt API routes and Static files
|
||||
csrfHandler.ExemptGlob("/api/campaigns*")
|
||||
csrfHandler.ExemptGlob("/api/groups*")
|
||||
csrfHandler.ExemptGlob("/static/*")
|
||||
return csrfHandler
|
||||
}
|
||||
|
|
6
db/db.go
6
db/db.go
|
@ -26,7 +26,6 @@ func Setup() error {
|
|||
Conn.AddTableWithName(models.User{}, "users").SetKeys(true, "Id")
|
||||
Conn.AddTableWithName(models.Campaign{}, "campaigns").SetKeys(true, "Id")
|
||||
Conn.AddTableWithName(models.Group{}, "groups").SetKeys(true, "Id")
|
||||
Conn.AddTableWithName(models.GroupTarget{}, "group_target")
|
||||
if err != nil {
|
||||
fmt.Println("Database not found, recreating...")
|
||||
createTablesSQL := []string{
|
||||
|
@ -34,8 +33,9 @@ func Setup() error {
|
|||
`CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT NOT NULL, hash VARCHAR(60) NOT NULL, api_key VARCHAR(32));`,
|
||||
`CREATE TABLE campaigns (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, created_date TIMESTAMP NOT NULL, completed_date TIMESTAMP, template TEXT, status TEXT NOT NULL, uid INTEGER, FOREIGN KEY (uid) REFERENCES users(id));`,
|
||||
`CREATE TABLE targets (id INTEGER PRIMARY KEY AUTOINCREMENT, address TEXT NOT NULL);`,
|
||||
`CREATE TABLE groups (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL);`,
|
||||
`CREATE TABLE group_targets (gid INTEGER NOT NULL, tid INTEGER NOT NULL, FOREIGN KEY (gid) REFERENCES groups(id), FOREIGN KEY (tid) REFERENCES targets(id));`,
|
||||
`CREATE TABLE groups (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, modified_date TIMESTAMP NOT NULL);`,
|
||||
`CREATE TABLE user_groups (uid INTEGER NOT NULL, gid INTEGER NOT NULL, FOREIGN KEY (uid) REFERENCES users(id), FOREIGN KEY (gid) REFERENCES groups(id), UNIQUE(uid, gid))`,
|
||||
`CREATE TABLE group_targets (gid INTEGER NOT NULL, tid INTEGER NOT NULL, FOREIGN KEY (gid) REFERENCES groups(id), FOREIGN KEY (tid) REFERENCES targets(id), UNIQUE(gid, tid));`,
|
||||
}
|
||||
fmt.Println("Creating db at " + config.Conf.DBPath)
|
||||
//Create the tables needed
|
||||
|
|
|
@ -5,6 +5,7 @@ import (
|
|||
|
||||
ctx "github.com/gorilla/context"
|
||||
"github.com/jordan-wright/gophish/auth"
|
||||
"github.com/jordan-wright/gophish/db"
|
||||
)
|
||||
|
||||
// GetContext wraps each request in a function which fills in the context for a given request.
|
||||
|
@ -12,6 +13,11 @@ import (
|
|||
func GetContext(handler http.Handler) http.HandlerFunc {
|
||||
// Set the context here
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// Parse the request form
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
http.Error(w, "Error parsing request", http.StatusInternalServerError)
|
||||
}
|
||||
// Set the context appropriately here.
|
||||
// Set the session
|
||||
session, _ := auth.Store.Get(r, "gophish")
|
||||
|
@ -39,6 +45,12 @@ func RequireAPIKey(handler http.Handler) http.HandlerFunc {
|
|||
if ak == "" {
|
||||
JSONError(w, 500, "API Key not set")
|
||||
} else {
|
||||
id, err := db.Conn.SelectInt("SELECT id FROM users WHERE api_key=?", ak)
|
||||
if id == 0 || err != nil {
|
||||
http.Error(w, "Error: Invalid API Key", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
ctx.Set(r, "user_id", id)
|
||||
ctx.Set(r, "api_key", ak)
|
||||
handler.ServeHTTP(w, r)
|
||||
}
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
package models
|
||||
|
||||
import (
|
||||
"net/mail"
|
||||
import
|
||||
|
||||
// SMTPServer is used to provide a default SMTP server preference.
|
||||
"time"
|
||||
)
|
||||
// SMTPServer is used to provide a default SMTP server preference.
|
||||
"time"
|
||||
|
||||
type SMTPServer struct {
|
||||
Host string `json:"host"`
|
||||
|
@ -46,11 +44,6 @@ type Campaign struct {
|
|||
Uid int64 `json:"-"`
|
||||
}
|
||||
|
||||
type UserCampaigns struct {
|
||||
CampaignId int64
|
||||
UserId int64
|
||||
}
|
||||
|
||||
type Result struct {
|
||||
Id int64
|
||||
TargetId int64
|
||||
|
@ -59,16 +52,13 @@ type Result struct {
|
|||
|
||||
type Group struct {
|
||||
Id int64 `json:"id"`
|
||||
Targets []Target
|
||||
Uid int64
|
||||
}
|
||||
|
||||
type GroupTarget struct {
|
||||
Gid int64
|
||||
Tid int64
|
||||
Name string `json:"name"`
|
||||
ModifiedDate time.Time `json:"modified_date" db:"modified_date"`
|
||||
Targets []Target `json:"targets" db:"-"`
|
||||
Uid int64 `json:"-"`
|
||||
}
|
||||
|
||||
type Target struct {
|
||||
Id int64 `json:"-"`
|
||||
Email mail.Address `json:"email"`
|
||||
Email string `json:"email"`
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue