mirror of https://github.com/gophish/gophish
More work implementing pages.
More cleanup - changing *all* API errors to be returned via JSON Fixed bug where /api/pages/ was not csrf exempt Changed db column/table names to be more user friendly in the case of acronyms (Id, SMTP, etc.)pull/24/head
unknown
parent
c8be0ddb74
commit
669d96d279
|
|
@ -270,18 +270,21 @@ func API_Pages(w http.ResponseWriter, r *http.Request) {
|
||||||
p := models.Page{}
|
p := models.Page{}
|
||||||
// Put the request into a page
|
// Put the request into a page
|
||||||
err := json.NewDecoder(r.Body).Decode(&p)
|
err := json.NewDecoder(r.Body).Decode(&p)
|
||||||
if checkError(err, w, "Invalid Request", http.StatusBadRequest) {
|
if err != nil {
|
||||||
|
JSONResponse(w, models.Response{Success: false, Message: "Invalid request"}, http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
_, err = models.GetPageByName(p.Name, ctx.Get(r, "user_id").(int64))
|
_, err = models.GetPageByName(p.Name, ctx.Get(r, "user_id").(int64))
|
||||||
if err != gorm.RecordNotFound {
|
if err != gorm.RecordNotFound {
|
||||||
JSONResponse(w, models.Response{Success: false, Message: "Template name already in use"}, http.StatusConflict)
|
JSONResponse(w, models.Response{Success: false, Message: "Page name already in use"}, http.StatusConflict)
|
||||||
|
Logger.Println(err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
p.ModifiedDate = time.Now()
|
p.ModifiedDate = time.Now()
|
||||||
p.UserId = ctx.Get(r, "user_id").(int64)
|
p.UserId = ctx.Get(r, "user_id").(int64)
|
||||||
err = models.PostPage(&p)
|
err = models.PostPage(&p)
|
||||||
if checkError(err, w, "Error inserting page", http.StatusInternalServerError) {
|
if err != nil {
|
||||||
|
JSONResponse(w, models.Response{Success: false, Message: "Error inserting page"}, http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
JSONResponse(w, p, http.StatusCreated)
|
JSONResponse(w, p, http.StatusCreated)
|
||||||
|
|
@ -312,17 +315,19 @@ func API_Pages_Id(w http.ResponseWriter, r *http.Request) {
|
||||||
Logger.Println(err)
|
Logger.Println(err)
|
||||||
}
|
}
|
||||||
if p.Id != id {
|
if p.Id != id {
|
||||||
http.Error(w, "Error: /:id and template_id mismatch", http.StatusBadRequest)
|
JSONResponse(w, models.Response{Success: false, Message: "/:id and /:page_id mismatch"}, http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
err = p.Validate()
|
err = p.Validate()
|
||||||
/* if checkError(err, w, http.StatusBadRequest) {
|
if err != nil {
|
||||||
return
|
JSONResponse(w, models.Response{Success: false, Message: "Invalid attributes given"}, http.StatusBadRequest)
|
||||||
}*/
|
return
|
||||||
|
}
|
||||||
p.ModifiedDate = time.Now()
|
p.ModifiedDate = time.Now()
|
||||||
p.UserId = ctx.Get(r, "user_id").(int64)
|
p.UserId = ctx.Get(r, "user_id").(int64)
|
||||||
err = models.PutPage(&p)
|
err = models.PutPage(&p)
|
||||||
if checkError(err, w, "Error updating group", http.StatusInternalServerError) {
|
if err != nil {
|
||||||
|
JSONResponse(w, models.Response{Success: false, Message: "Error updating page"}, http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
JSONResponse(w, p, http.StatusOK)
|
JSONResponse(w, p, http.StatusOK)
|
||||||
|
|
|
||||||
|
|
@ -55,6 +55,7 @@ func CreateAdminRouter() http.Handler {
|
||||||
csrfHandler.ExemptGlob("/api/campaigns/*")
|
csrfHandler.ExemptGlob("/api/campaigns/*")
|
||||||
csrfHandler.ExemptGlob("/api/groups/*")
|
csrfHandler.ExemptGlob("/api/groups/*")
|
||||||
csrfHandler.ExemptGlob("/api/templates/*")
|
csrfHandler.ExemptGlob("/api/templates/*")
|
||||||
|
csrfHandler.ExemptGlob("/api/pages/*")
|
||||||
csrfHandler.ExemptGlob("/api/import/*")
|
csrfHandler.ExemptGlob("/api/import/*")
|
||||||
csrfHandler.ExemptGlob("/static/*")
|
csrfHandler.ExemptGlob("/static/*")
|
||||||
return Use(csrfHandler.ServeHTTP, mid.GetContext)
|
return Use(csrfHandler.ServeHTTP, mid.GetContext)
|
||||||
|
|
|
||||||
|
|
@ -56,8 +56,7 @@ func RequireAPIKey(handler http.Handler) http.HandlerFunc {
|
||||||
JSONError(w, 400, "API Key not set")
|
JSONError(w, 400, "API Key not set")
|
||||||
} else {
|
} else {
|
||||||
u, err := models.GetUserByAPIKey(ak)
|
u, err := models.GetUserByAPIKey(ak)
|
||||||
/* id, err := models.Conn.SelectInt("SELECT id FROM users WHERE api_key=?", ak)
|
if err != nil {
|
||||||
*/if err != nil {
|
|
||||||
JSONError(w, 400, "Invalid API Key")
|
JSONError(w, 400, "Invalid API Key")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -71,7 +71,7 @@ func GetGroupByName(n string, uid int64) (Group, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
Logger.Println(err)
|
Logger.Println(err)
|
||||||
}
|
}
|
||||||
return g, nil
|
return g, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// PostGroup creates a new group in the database.
|
// PostGroup creates a new group in the database.
|
||||||
|
|
|
||||||
|
|
@ -7,15 +7,15 @@ import (
|
||||||
|
|
||||||
// Page contains the fields used for a Page model
|
// Page contains the fields used for a Page model
|
||||||
type Page struct {
|
type Page struct {
|
||||||
Id int64 `json:"id"`
|
Id int64 `json:"id" gorm:"column:id; primary_key:yes"`
|
||||||
UserId int64 `json:"-"`
|
UserId int64 `json:"-" gorm:"column:user_id"`
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
HTML string `json:"html"`
|
HTML string `json:"html" gorm:"column:html"`
|
||||||
ModifiedDate time.Time `json:"modified_date"`
|
ModifiedDate time.Time `json:"modified_date"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// ErrPageNameNotSpecified is thrown if the name of the landing page is blank.
|
// ErrPageNameNotSpecified is thrown if the name of the landing page is blank.
|
||||||
var ErrPageNameNotSpecified = errors.New("Template Name not specified")
|
var ErrPageNameNotSpecified = errors.New("Page Name not specified")
|
||||||
|
|
||||||
// Validate ensures that a page contains the appropriate details
|
// Validate ensures that a page contains the appropriate details
|
||||||
func (p *Page) Validate() error {
|
func (p *Page) Validate() error {
|
||||||
|
|
@ -53,13 +53,14 @@ func GetPageByName(n string, uid int64) (Page, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
Logger.Println(err)
|
Logger.Println(err)
|
||||||
}
|
}
|
||||||
return p, nil
|
return p, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// PostPage creates a new page in the database.
|
// PostPage creates a new page in the database.
|
||||||
func PostPage(p *Page) error {
|
func PostPage(p *Page) error {
|
||||||
err := p.Validate()
|
err := p.Validate()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Logger.Println(err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
// Insert into the DB
|
// Insert into the DB
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,21 @@
|
||||||
package models
|
package models
|
||||||
|
|
||||||
|
// SMTP contains the attributes needed to handle the sending of campaign emails
|
||||||
type SMTP struct {
|
type SMTP struct {
|
||||||
SMTPId int64 `json:"-"`
|
SMTPId int64 `json:"-" gorm:"column:smtp_id; primary_key:yes"`
|
||||||
CampaignId int64 `json:"-"`
|
CampaignId int64 `json:"-" gorm:"column:campaign_id"`
|
||||||
Host string `json:"host"`
|
Host string `json:"host"`
|
||||||
Username string `json:"username,omitempty"`
|
Username string `json:"username,omitempty"`
|
||||||
Password string `json:"password,omitempty" sql:"-"`
|
Password string `json:"password,omitempty" sql:"-"`
|
||||||
FromAddress string `json:"from_address"`
|
FromAddress string `json:"from_address"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TableName specifies the database tablename for Gorm to use
|
||||||
|
func (s SMTP) TableName() string {
|
||||||
|
return "smtp"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate ensures that SMTP configs/connections are valid
|
||||||
func (s *SMTP) Validate() (string, bool) {
|
func (s *SMTP) Validate() (string, bool) {
|
||||||
switch {
|
switch {
|
||||||
case s.FromAddress == "":
|
case s.FromAddress == "":
|
||||||
|
|
|
||||||
|
|
@ -7,20 +7,25 @@ import (
|
||||||
"github.com/jinzhu/gorm"
|
"github.com/jinzhu/gorm"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Template models hold the attributes for an email template to be sent to targets
|
||||||
type Template struct {
|
type Template struct {
|
||||||
Id int64 `json:"id"`
|
Id int64 `json:"id" gorm:"column:id; primary_key:yes"`
|
||||||
UserId int64 `json:"-"`
|
UserId int64 `json:"-" gorm:"column:user_id"`
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
Subject string `json:"subject"`
|
Subject string `json:"subject"`
|
||||||
Text string `json:"text"`
|
Text string `json:"text"`
|
||||||
HTML string `json:"html"`
|
HTML string `json:"html" gorm:"column:html"`
|
||||||
ModifiedDate time.Time `json:"modified_date"`
|
ModifiedDate time.Time `json:"modified_date"`
|
||||||
Attachments []Attachment `json:"attachments"`
|
Attachments []Attachment `json:"attachments"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ErrTemplateNameNotSpecified is thrown when a template name is not specified
|
||||||
var ErrTemplateNameNotSpecified = errors.New("Template Name not specified")
|
var ErrTemplateNameNotSpecified = errors.New("Template Name not specified")
|
||||||
|
|
||||||
|
// ErrTemplateMissingParameter is thrown when a needed parameter is not provided
|
||||||
var ErrTemplateMissingParameter = errors.New("Need to specify at least plaintext or HTML format")
|
var ErrTemplateMissingParameter = errors.New("Need to specify at least plaintext or HTML format")
|
||||||
|
|
||||||
|
// Validate checks the given template to make sure values are appropriate and complete
|
||||||
func (t *Template) Validate() error {
|
func (t *Template) Validate() error {
|
||||||
switch {
|
switch {
|
||||||
case t.Name == "":
|
case t.Name == "":
|
||||||
|
|
@ -77,9 +82,8 @@ func GetTemplateByName(n string, uid int64) (Template, error) {
|
||||||
err := db.Where("user_id=? and name=?", uid, n).Find(&t).Error
|
err := db.Where("user_id=? and name=?", uid, n).Find(&t).Error
|
||||||
if err != nil {
|
if err != nil {
|
||||||
Logger.Println(err)
|
Logger.Println(err)
|
||||||
return t, err
|
|
||||||
}
|
}
|
||||||
return t, nil
|
return t, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// PostTemplate creates a new template in the database.
|
// PostTemplate creates a new template in the database.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue