diff --git a/auth/auth.go b/auth/auth.go index 6de92229..e94f93b2 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -2,15 +2,22 @@ package auth import ( "database/sql" + "encoding/gob" "net/http" "code.google.com/p/go.crypto/bcrypt" ctx "github.com/gorilla/context" "github.com/gorilla/securecookie" "github.com/gorilla/sessions" + "github.com/jordan-wright/gophish/db" "github.com/jordan-wright/gophish/models" ) +//init registers the necessary models to be saved in the session later +func init() { + gob.Register(&models.User{}) +} + var Store = sessions.NewCookieStore([]byte(securecookie.GenerateRandomKey(64))) // CheckLogin attempts to request a SQL record with the given username. @@ -19,11 +26,7 @@ var Store = sessions.NewCookieStore([]byte(securecookie.GenerateRandomKey(64))) func CheckLogin(r *http.Request) (bool, error) { username, password := r.FormValue("username"), r.FormValue("password") session, _ := Store.Get(r, "gophish") - stmt, err := db.Prepare("SELECT * FROM Users WHERE username=?") - if err != nil { - return false, err - } - hash, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost) + stmt, err := db.Conn.Prepare("SELECT * FROM Users WHERE username=?") if err != nil { return false, err } @@ -34,20 +37,20 @@ func CheckLogin(r *http.Request) (bool, error) { } //If we've made it here, we should have a valid user stored in u //Let's check the password - err = bcrypt.CompareHashAndPassword(u.Hash, hash) + err = bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(password)) if err != nil { - ctx.Set(r, User, nil) + ctx.Set(r, "user", nil) //Return false, but don't return an error return false, nil } - ctx.Set(r, models.User, u) - session.Values["id"] = GetUser(r).Id + ctx.Set(r, "user", u) + session.Values["id"] = u.Id return true, nil } -func GetUser(r *http.Request) User { - if rv := ctx.Get(r, models.User); rv != nil { +func GetUser(r *http.Request) models.User { + if rv := ctx.Get(r, "user"); rv != nil { return rv.(models.User) } - return nil + return models.User{} } diff --git a/config.json b/config.json index a9be3f72..ca489a80 100644 --- a/config.json +++ b/config.json @@ -5,5 +5,5 @@ "user" : "username", "pass" : "password" }, - "dbpath" : "db/gophish.db" + "dbpath" : "gophish.db" } \ No newline at end of file diff --git a/controllers/route.go b/controllers/route.go index 30507bb9..32ed9054 100644 --- a/controllers/route.go +++ b/controllers/route.go @@ -102,6 +102,7 @@ func Login(w http.ResponseWriter, r *http.Request) { http.Redirect(w, r, "/", 302) } else { session.AddFlash("Invalid Username/Password") + renderTemplate(w, "login") } } } diff --git a/db/db.go b/db/db.go new file mode 100644 index 00000000..88a6ef82 --- /dev/null +++ b/db/db.go @@ -0,0 +1,44 @@ +package db + +import ( + "database/sql" + "fmt" + "os" + + "github.com/jordan-wright/gophish/config" + _ "github.com/mattn/go-sqlite3" +) + +var Conn *sql.DB + +// Setup initializes the Conn object +// It also populates the Gophish Config object +func Setup() error { + //If the file already exists, delete it and recreate it + _, err := os.Stat(config.Conf.DBPath) + if err == nil { + os.Remove(config.Conf.DBPath) + } + fmt.Println("Creating db at " + config.Conf.DBPath) + Conn, err = sql.Open("sqlite3", config.Conf.DBPath) + if err != nil { + return err + } + //Create the tables needed + _, err = Conn.Exec( + `CREATE TABLE Users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT, hash VARCHAR(60), apikey VARCHAR(32));`) + if err != nil { + return err + } + //Create the default user + stmt, err := Conn.Prepare(`INSERT INTO Users (username, hash, apikey) VALUES (?, ?, ?);`) + defer stmt.Close() + if err != nil { + return err + } + _, err = stmt.Exec("jordan", "$2a$10$d4OtT.RkEOQn.iruVWIQ5u8CeV/85ZYF41y8wKeUwsAPqPNFvTccW", "12345678901234567890123456789012") + if err != nil { + return err + } + return nil +} diff --git a/gophish.go b/gophish.go index d67ed73c..25defccb 100644 --- a/gophish.go +++ b/gophish.go @@ -30,7 +30,9 @@ import ( "fmt" "net/http" + "github.com/jordan-wright/gophish/config" "github.com/jordan-wright/gophish/controllers" + "github.com/jordan-wright/gophish/db" "github.com/jordan-wright/gophish/middleware" ) @@ -38,11 +40,13 @@ var setupFlag = flag.Bool("setup", false, "Starts the initial setup process for func main() { //Setup the global variables and settings - err = Setup() + err := db.Setup() + //defer db.Conn.Close() if err != nil { fmt.Println(err) } fmt.Printf("Gophish server started at http://%s\n", config.Conf.URL) http.Handle("/", middleware.Use(controllers.CreateRouter(), middleware.GetContext)) - http.ListenAndServe(config.URL, nil) + http.ListenAndServe(config.Conf.URL, nil) + fmt.Println("Closed.") } diff --git a/middleware/middleware.go b/middleware/middleware.go index b5b648fc..9a38e7c3 100644 --- a/middleware/middleware.go +++ b/middleware/middleware.go @@ -3,6 +3,8 @@ package middleware import ( "fmt" "net/http" + + ctx "github.com/gorilla/context" ) // Use allows us to stack middleware to process the request @@ -19,8 +21,9 @@ func Use(handler http.Handler, middleware ...func(http.Handler) http.Handler) ht func GetContext(handler http.Handler) http.Handler { // Set the context here return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - fmt.Println("Get context called!") + // Set the context appropriately here. handler.ServeHTTP(w, r) + ctx.Clear(r) }) } diff --git a/setup.go b/setup.go deleted file mode 100644 index 60897f7c..00000000 --- a/setup.go +++ /dev/null @@ -1,51 +0,0 @@ -package main - -import ( - "database/sql" - "encoding/gob" - "fmt" - "os" - - "github.com/jordan-wright/gophish/config" - "github.com/jordan-wright/gophish/models" - _ "github.com/mattn/go-sqlite3" -) - -var Db sql.DB - -//init registers the necessary models to be saved in the session later -func init() { - gob.Register(&models.User{}) -} - -// Setup creates and returns the database needed by Gophish. -// It also populates the Gophish Config object -func Setup() error { - //If the file already exists, delete it and recreate it - if _, err := os.Stat(config.Conf.DBPath); err == nil { - os.Remove(Conf.DBPath) - } - fmt.Println("Creating db at " + config.Conf.DBPath) - db, err := sql.Open("sqlite3", config.Conf.DBPath) - defer db.Close() - if err != nil { - return err - } - //Create the tables needed - _, err = db.Exec( - `CREATE TABLE Users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT, hash VARCHAR(32), apikey VARCHAR(32));`) - if err != nil { - return err - } - //Create the default user - stmt, err := db.Prepare(`INSERT INTO Users (username, hash, apikey) VALUES (?, ?, ?);`) - defer stmt.Close() - if err != nil { - return err - } - _, err = stmt.Exec("jordan", "12345678901234567890123456789012", "12345678901234567890123456789012") - if err != nil { - return err - } - return nil -}