From 43417d160f9b048c29e2035a1f7e6b4787d65b7c Mon Sep 17 00:00:00 2001 From: Jordan Date: Sun, 2 Feb 2014 16:37:36 -0600 Subject: [PATCH] Cleaning up some broken links Changed default admin password to 'gophish' Fixed bug in POST /api/campaigns Starting to implements groups and users functionality --- controllers/api.go | 17 ++++++++++++++++- controllers/route.go | 13 ++++++++++--- db/db.go | 2 +- static/js/app/controllers.js | 6 ++++++ templates/settings.html | 2 +- templates/users.html | 32 +++++++++++++++++++++++++------- 6 files changed, 59 insertions(+), 13 deletions(-) diff --git a/controllers/api.go b/controllers/api.go index 236f321a..8e6b1060 100644 --- a/controllers/api.go +++ b/controllers/api.go @@ -81,6 +81,10 @@ func API_Campaigns(w http.ResponseWriter, r *http.Request) { c.CompletedDate = time.Time{} c.Status = IN_PROGRESS c.Uid, err = db.Conn.SelectInt("SELECT id FROM users WHERE api_key=?", ctx.Get(r, "api_key")) + if c.Uid == 0 { + http.Error(w, "Error: Invalid API Key", http.StatusInternalServerError) + return + } if checkError(err, w, "Invalid API Key") { return } @@ -112,7 +116,6 @@ func API_Campaigns_Id(w http.ResponseWriter, r *http.Request) { if checkError(err, w, "No campaign found") { return } - fmt.Printf("%v\n", c) cj, err := json.MarshalIndent(c, "", " ") if checkError(err, w, "Error creating JSON response") { return @@ -123,6 +126,18 @@ func API_Campaigns_Id(w http.ResponseWriter, r *http.Request) { } } +// API_Groups returns details about the requested group. If the campaign is not +// valid, API_Groups returns null. +func API_Groups(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, "/", 302) +} + +// API_Campaigns_Id returns details about the requested campaign. If the campaign is not +// valid, API_Campaigns_Id returns null. +func API_Groups_Id(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, "/", 302) +} + func writeJSON(w http.ResponseWriter, c []byte) { w.Header().Set("Content-Type", "application/json") fmt.Fprintf(w, "%s", c) diff --git a/controllers/route.go b/controllers/route.go index f3e9bbb1..9ce4e24e 100644 --- a/controllers/route.go +++ b/controllers/route.go @@ -21,7 +21,7 @@ func CreateRouter() *mux.Router { router.HandleFunc("/login", Login) router.HandleFunc("/register", Register) router.HandleFunc("/", Use(Base, mid.RequireLogin)) - router.HandleFunc("/campaigns/{id}", Use(Campaigns_Id, mid.RequireLogin)) + router.HandleFunc("/campaigns/{id:[0-9]+}", Use(Campaigns_Id, mid.RequireLogin)) router.HandleFunc("/users", Use(Users, mid.RequireLogin)) router.HandleFunc("/settings", Use(Settings, mid.RequireLogin)) @@ -30,7 +30,9 @@ func CreateRouter() *mux.Router { api.HandleFunc("/", Use(API, mid.RequireLogin)) api.HandleFunc("/reset", Use(API_Reset, mid.RequireLogin)) api.HandleFunc("/campaigns", Use(API_Campaigns, mid.RequireAPIKey)) - api.HandleFunc("/campaigns/{id}", Use(API_Campaigns_Id, mid.RequireAPIKey)) + api.HandleFunc("/campaigns/{id:[0-9]+}", Use(API_Campaigns_Id, mid.RequireAPIKey)) + api.HandleFunc("/groups", Use(API_Groups, mid.RequireAPIKey)) + api.HandleFunc("/groups/{id:[0-9]+}", Use(API_Groups_Id, mid.RequireAPIKey)) //Setup static file serving router.PathPrefix("/").Handler(http.FileServer(http.Dir("./static/"))) @@ -63,7 +65,12 @@ func Base(w http.ResponseWriter, r *http.Request) { } func Users(w http.ResponseWriter, r *http.Request) { - getTemplate(w, "users").ExecuteTemplate(w, "base", nil) + params := struct { + User models.User + Title string + Flashes []interface{} + }{Title: "Users & Groups", User: ctx.Get(r, "user").(models.User)} + getTemplate(w, "users").ExecuteTemplate(w, "base", params) } func Settings(w http.ResponseWriter, r *http.Request) { diff --git a/db/db.go b/db/db.go index 91b1a3fd..b448cfee 100644 --- a/db/db.go +++ b/db/db.go @@ -48,7 +48,7 @@ func Setup() error { //Create the default user init_user := models.User{ Username: "admin", - Hash: "$2a$10$d4OtT.RkEOQn.iruVWIQ5u8CeV/85ZYF41y8wKeUwsAPqPNFvTccW", + Hash: "$2a$10$IYkPp0.QsM81lYYPrQx6W.U6oQGw7wMpozrKhKAHUBVL4mkm/EvAS", APIKey: "12345678901234567890123456789012", } Conn.Insert(&init_user) diff --git a/static/js/app/controllers.js b/static/js/app/controllers.js index d18e9106..cbf09103 100644 --- a/static/js/app/controllers.js +++ b/static/js/app/controllers.js @@ -4,4 +4,10 @@ gophishApp.controller('CampaignCtrl', function($scope, $http) { $http.get('/api/campaigns?api_key=' + API_KEY).success(function(data) { $scope.campaigns = data; }) +}) + +gophishApp.controller('GroupCtrl', function($scope, $http) { + $http.get('/api/groups?api_key=' + API_KEY).success(function(data) { + $scope.groups = data; + }) }) \ No newline at end of file diff --git a/templates/settings.html b/templates/settings.html index c372db28..0bf739d3 100644 --- a/templates/settings.html +++ b/templates/settings.html @@ -15,7 +15,7 @@
  • Settings
  • -
  • API Documentation +
  • API Documentation
  • diff --git a/templates/users.html b/templates/users.html index e148d32a..3f90c4ce 100644 --- a/templates/users.html +++ b/templates/users.html @@ -1,4 +1,4 @@ -{{%define "content"%}} {{%template "nav"%}} +{{%define "content"%}} {{%template "nav" .User %}}

    @@ -15,15 +15,33 @@
  • Settings
  • -
  • API Documentation +
  • API Documentation
  • -
    -

    Gophish API

    -

    Gophish runs on top of a RESTful API which allows developers to automate phishing campaigns easily. The following documentation and examples demonstrate the API functionality

    -

    /api/campaigns

    -

    Test.

    +
    +
    + +
    +   +
    + + + + + + + + + + + + + + + +
    NameMembersModified Date
    {{group.name}}{{group.status}}{{group.modified_date | date:'medium'}}
    +
    {{%end%}}