Cleaning up some broken links

Changed default admin password to 'gophish'
Fixed bug in POST /api/campaigns
Starting to implements groups and users functionality

controllers/api.go

@@ -81,6 +81,10 @@ func API_Campaigns(w http.ResponseWriter, r *http.Request) {
 		c.CompletedDate = time.Time{}
 		c.Status = IN_PROGRESS
 		c.Uid, err = db.Conn.SelectInt("SELECT id FROM users WHERE api_key=?", ctx.Get(r, "api_key"))
+		if c.Uid == 0 {
+			http.Error(w, "Error: Invalid API Key", http.StatusInternalServerError)
+			return
+		}
 		if checkError(err, w, "Invalid API Key") {
 			return
 		}
@@ -112,7 +116,6 @@ func API_Campaigns_Id(w http.ResponseWriter, r *http.Request) {
 		if checkError(err, w, "No campaign found") {
 			return
 		}
-		fmt.Printf("%v\n", c)
 		cj, err := json.MarshalIndent(c, "", "  ")
 		if checkError(err, w, "Error creating JSON response") {
 			return
@@ -123,6 +126,18 @@ func API_Campaigns_Id(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+// API_Groups returns details about the requested group. If the campaign is not
+// valid, API_Groups returns null.
+func API_Groups(w http.ResponseWriter, r *http.Request) {
+	http.Redirect(w, r, "/", 302)
+}
+
+// API_Campaigns_Id returns details about the requested campaign. If the campaign is not
+// valid, API_Campaigns_Id returns null.
+func API_Groups_Id(w http.ResponseWriter, r *http.Request) {
+	http.Redirect(w, r, "/", 302)
+}
+
 func writeJSON(w http.ResponseWriter, c []byte) {
 	w.Header().Set("Content-Type", "application/json")
 	fmt.Fprintf(w, "%s", c)

controllers/route.go

@@ -21,7 +21,7 @@ func CreateRouter() *mux.Router {
 	router.HandleFunc("/login", Login)
 	router.HandleFunc("/register", Register)
 	router.HandleFunc("/", Use(Base, mid.RequireLogin))
-	router.HandleFunc("/campaigns/{id}", Use(Campaigns_Id, mid.RequireLogin))
+	router.HandleFunc("/campaigns/{id:[0-9]+}", Use(Campaigns_Id, mid.RequireLogin))
 	router.HandleFunc("/users", Use(Users, mid.RequireLogin))
 	router.HandleFunc("/settings", Use(Settings, mid.RequireLogin))
 
@@ -30,7 +30,9 @@ func CreateRouter() *mux.Router {
 	api.HandleFunc("/", Use(API, mid.RequireLogin))
 	api.HandleFunc("/reset", Use(API_Reset, mid.RequireLogin))
 	api.HandleFunc("/campaigns", Use(API_Campaigns, mid.RequireAPIKey))
-	api.HandleFunc("/campaigns/{id}", Use(API_Campaigns_Id, mid.RequireAPIKey))
+	api.HandleFunc("/campaigns/{id:[0-9]+}", Use(API_Campaigns_Id, mid.RequireAPIKey))
+	api.HandleFunc("/groups", Use(API_Groups, mid.RequireAPIKey))
+	api.HandleFunc("/groups/{id:[0-9]+}", Use(API_Groups_Id, mid.RequireAPIKey))
 
 	//Setup static file serving
 	router.PathPrefix("/").Handler(http.FileServer(http.Dir("./static/")))
@@ -63,7 +65,12 @@ func Base(w http.ResponseWriter, r *http.Request) {
 }
 
 func Users(w http.ResponseWriter, r *http.Request) {
-	getTemplate(w, "users").ExecuteTemplate(w, "base", nil)
+	params := struct {
+		User    models.User
+		Title   string
+		Flashes []interface{}
+	}{Title: "Users & Groups", User: ctx.Get(r, "user").(models.User)}
+	getTemplate(w, "users").ExecuteTemplate(w, "base", params)
 }
 
 func Settings(w http.ResponseWriter, r *http.Request) {

db/db.go

@@ -48,7 +48,7 @@ func Setup() error {
 		//Create the default user
 		init_user := models.User{
 			Username: "admin",
-			Hash:     "$2a$10$d4OtT.RkEOQn.iruVWIQ5u8CeV/85ZYF41y8wKeUwsAPqPNFvTccW",
+			Hash:     "$2a$10$IYkPp0.QsM81lYYPrQx6W.U6oQGw7wMpozrKhKAHUBVL4mkm/EvAS",
 			APIKey:   "12345678901234567890123456789012",
 		}
 		Conn.Insert(&init_user)

static/js/app/controllers.js

@@ -5,3 +5,9 @@ gophishApp.controller('CampaignCtrl', function($scope, $http) {
 		$scope.campaigns = data;
 	})
 })
+
+gophishApp.controller('GroupCtrl', function($scope, $http) {
+	$http.get('/api/groups?api_key=' + API_KEY).success(function(data) {
+		$scope.groups = data;
+	})
+})

templates/settings.html

@@ -15,7 +15,7 @@
             </li>
             <li class="active"><a href="/settings">Settings</a>
             </li>
-            <li><a href="/api/doc">API Documentation</a>
+            <li><a href="/api/">API Documentation</a>
             </li>
         </ul>
     </div>

templates/users.html

@@ -1,4 +1,4 @@
-{{%define "content"%}} {{%template "nav"%}}
+{{%define "content"%}} {{%template "nav" .User %}}
 <div class="jumbotron">
     <div class="container" style="text-align:center;">
         <h1 class="sans header">
@@ -15,15 +15,33 @@
             </li>
             <li><a href="/settings">Settings</a>
             </li>
-            <li><a href="/api/doc">API Documentation</a>
+            <li><a href="/api/">API Documentation</a>
             </li>
         </ul>
     </div>
-    <div class="col-md-9 sans">
+    <div class="col-md-9" ng-controller="GroupCtrl">
-        <h1 style="margin-top:0px"><i class="fa fa-gear"></i> Gophish API</h1>
+        <div class="row">
-        <p>Gophish runs on top of a RESTful API which allows developers to automate phishing campaigns easily. The following documentation and examples demonstrate the API functionality</p>
+            <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#newCampaignModal"><i class="fa fa-plus"></i> New Group</button>
-        <h2 class="api_heading">/api/campaigns</h2>
+        </div>
-        <p>Test.</p>
+        &nbsp;
+        <div class="row">
+            <table class="table table-hover table-striped table-bordered">
+                <thead>
+                    <tr>
+                        <th class="col-sm-1">Name</th>
+                        <th class="col-sm-2">Members</th>
+                        <th class="col-sm-1">Modified Date</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <tr ng-repeat="group in groups">
+                        <td>{{group.name}}</td>
+                        <td>{{group.status}}</td>
+                        <td>{{group.modified_date | date:'medium'}}</td>
+                    </tr>
+                </tbody>
+            </table>
+        </div>
     </div>
 </div>
 {{%end%}}