cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cleaned up possible (very unlikely?) permission issue 

Better logging in controllers module
DRY changes to API
Added Data attribute to models.Response struct
Added GetTemplateByName (will be used in filling out campaign)
Changed modal to be 800px on large screens for better previews
pull/24/head
Jordan 2014-06-01 23:38:21 -05:00
parent c349860878
commit 96cefc4931
7 changed files with 53 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
controllers/api.go
View File

@ -45,7 +45,7 @@ func API_Reset(w http.ResponseWriter, r *http.Request) {
if err != nil { if err != nil {
http.Error(w, "Error setting API Key", http.StatusInternalServerError) http.Error(w, "Error setting API Key", http.StatusInternalServerError)
} else { } else {
writeJSON(w, []byte(u.ApiKey)) writeJSON(w, models.Response{Success: true, Message: "API Key Successfully Reset", Data: u.ApiKey})
} }
} }
} }
@ -91,24 +91,19 @@ func API_Campaigns(w http.ResponseWriter, r *http.Request) {
func API_Campaigns_Id(w http.ResponseWriter, r *http.Request) { func API_Campaigns_Id(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r) vars := mux.Vars(r)
id, _ := strconv.ParseInt(vars["id"], 0, 64) id, _ := strconv.ParseInt(vars["id"], 0, 64)
c, err := models.GetCampaign(id, ctx.Get(r, "user_id").(int64))
if checkError(err, w, "Campaign not found", http.StatusNotFound) {
return
}
switch { switch {
case r.Method == "GET": case r.Method == "GET":
c := models.Campaign{}
c, err := models.GetCampaign(id, ctx.Get(r, "user_id").(int64))
if checkError(err, w, "No campaign found", http.StatusNotFound) {
return
}
writeJSON(w, c) writeJSON(w, c)
case r.Method == "DELETE": case r.Method == "DELETE":
_, err := models.GetCampaign(id, ctx.Get(r, "user_id").(int64))
if checkError(err, w, "No campaign found", http.StatusNotFound) {
return
}
err = models.DeleteCampaign(id) err = models.DeleteCampaign(id)
if checkError(err, w, "Error deleting campaign", http.StatusInternalServerError) { if checkError(err, w, "Error deleting campaign", http.StatusInternalServerError) {
return return
} }
writeJSON(w, []byte("{\"success\" : \"true\"}")) writeJSON(w, models.Response{Success: true, Message: "Campaign Deleted Successfully!"})
} }
} }
@ -171,29 +166,21 @@ func API_Groups(w http.ResponseWriter, r *http.Request) {
func API_Groups_Id(w http.ResponseWriter, r *http.Request) { func API_Groups_Id(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r) vars := mux.Vars(r)
id, _ := strconv.ParseInt(vars["id"], 0, 64) id, _ := strconv.ParseInt(vars["id"], 0, 64)
g, err := models.GetGroup(id, ctx.Get(r, "user_id").(int64))
if checkError(err, w, "Group not found", http.StatusNotFound) {
return
}
switch { switch {
case r.Method == "GET": case r.Method == "GET":
g, err := models.GetGroup(id, ctx.Get(r, "user_id").(int64))
if checkError(err, w, "No group found", http.StatusNotFound) {
return
}
writeJSON(w, g) writeJSON(w, g)
case r.Method == "DELETE": case r.Method == "DELETE":
g, err := models.GetGroup(id, ctx.Get(r, "user_id").(int64))
if checkError(err, w, "No group found", http.StatusNotFound) {
return
}
err = models.DeleteGroup(&g) err = models.DeleteGroup(&g)
if checkError(err, w, "Error deleting group", http.StatusInternalServerError) { if checkError(err, w, "Error deleting group", http.StatusInternalServerError) {
return return
} }
writeJSON(w, []byte("{\"success\" : \"true\"}")) writeJSON(w, models.Response{Success: true, Message: "Group Deleted Successfully"})
case r.Method == "PUT": case r.Method == "PUT":
_, err := models.GetGroup(id, ctx.Get(r, "user_id").(int64)) g = models.Group{}
if checkError(err, w, "No group found", http.StatusNotFound) {
return
}
g := models.Group{}
err = json.NewDecoder(r.Body).Decode(&g) err = json.NewDecoder(r.Body).Decode(&g)
if g.Id != id { if g.Id != id {
http.Error(w, "Error: /:id and group_id mismatch", http.StatusBadRequest) http.Error(w, "Error: /:id and group_id mismatch", http.StatusBadRequest)
@ -243,25 +230,21 @@ func API_Templates(w http.ResponseWriter, r *http.Request) {
func API_Templates_Id(w http.ResponseWriter, r *http.Request) { func API_Templates_Id(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r) vars := mux.Vars(r)
id, _ := strconv.ParseInt(vars["id"], 0, 64) id, _ := strconv.ParseInt(vars["id"], 0, 64)
switch {
case r.Method == "GET":
t, err := models.GetTemplate(id, ctx.Get(r, "user_id").(int64)) t, err := models.GetTemplate(id, ctx.Get(r, "user_id").(int64))
if checkError(err, w, "No template found", http.StatusNotFound) { if checkError(err, w, "Template not found", http.StatusNotFound) {
return return
} }
switch {
case r.Method == "GET":
writeJSON(w, t) writeJSON(w, t)
case r.Method == "DELETE": case r.Method == "DELETE":
err := models.DeleteTemplate(id, ctx.Get(r, "user_id").(int64)) err = models.DeleteTemplate(id, ctx.Get(r, "user_id").(int64))
if checkError(err, w, "Error deleting group", http.StatusInternalServerError) { if checkError(err, w, "Error deleting template", http.StatusInternalServerError) {
return return
} }
writeJSON(w, models.Response{Success: true, Message: "Template Deleted Successfully"}) writeJSON(w, models.Response{Success: true, Message: "Template Deleted Successfully"})
case r.Method == "PUT": case r.Method == "PUT":
_, err := models.GetTemplate(id, ctx.Get(r, "user_id").(int64)) t = models.Template{}
if checkError(err, w, "No group found", http.StatusNotFound) {
return
}
t := models.Template{}
err = json.NewDecoder(r.Body).Decode(&t) err = json.NewDecoder(r.Body).Decode(&t)
if t.Id != id { if t.Id != id {
http.Error(w, "Error: /:id and template_id mismatch", http.StatusBadRequest) http.Error(w, "Error: /:id and template_id mismatch", http.StatusBadRequest)

17
controllers/route.go
View File

@ -1,9 +1,10 @@
package controllers package controllers
import ( import (
"fmt"
"html/template" "html/template"
"log"
"net/http" "net/http"
"os"
ctx "github.com/gorilla/context" ctx "github.com/gorilla/context"
"github.com/gorilla/mux" "github.com/gorilla/mux"
@ -15,6 +16,7 @@ import (
) )
var templateDelims = []string{"{{%", "%}}"} var templateDelims = []string{"{{%", "%}}"}
var Logger = log.New(os.Stdout, " ", log.Ldate|log.Ltime|log.Lshortfile)
func CreateRouter() *nosurf.CSRFHandler { func CreateRouter() *nosurf.CSRFHandler {
router := mux.NewRouter() router := mux.NewRouter()
@ -92,7 +94,7 @@ func Register(w http.ResponseWriter, r *http.Request) {
m = "Username already taken" m = "Username already taken"
} else { } else {
m = "Unknown error - please try again" m = "Unknown error - please try again"
fmt.Println(err) Logger.Println(err)
} }
session.AddFlash(models.Flash{ session.AddFlash(models.Flash{
Type: "danger", Type: "danger",
@ -157,14 +159,14 @@ func Login(w http.ResponseWriter, r *http.Request) {
templates.Delims(templateDelims[0], templateDelims[1]) templates.Delims(templateDelims[0], templateDelims[1])
_, err := templates.ParseFiles("templates/login.html", "templates/flashes.html") _, err := templates.ParseFiles("templates/login.html", "templates/flashes.html")
if err != nil { if err != nil {
fmt.Println(err) Logger.Println(err)
} }
template.Must(templates, err).ExecuteTemplate(w, "base", params) template.Must(templates, err).ExecuteTemplate(w, "base", params)
case r.Method == "POST": case r.Method == "POST":
//Attempt to login //Attempt to login
succ, err := auth.Login(r) succ, err := auth.Login(r)
if err != nil { if err != nil {
fmt.Println(err) Logger.Println(err)
} }
//If we've logged in, save the session and redirect to the dashboard //If we've logged in, save the session and redirect to the dashboard
if succ { if succ {
@ -182,15 +184,16 @@ func getTemplate(w http.ResponseWriter, tmpl string) *template.Template {
templates.Delims(templateDelims[0], templateDelims[1]) templates.Delims(templateDelims[0], templateDelims[1])
_, err := templates.ParseFiles("templates/base.html", "templates/"+tmpl+".html", "templates/flashes.html") _, err := templates.ParseFiles("templates/base.html", "templates/"+tmpl+".html", "templates/flashes.html")
if err != nil { if err != nil {
fmt.Println(err) Logger.Println(err)
} }
return template.Must(templates, err) return template.Must(templates, err)
} }
func checkError(e error, w http.ResponseWriter, m string, c int) bool { func checkError(e error, w http.ResponseWriter, m string, c int) bool {
if e != nil { if e != nil {
fmt.Println(e) Logger.Println(e)
http.Error(w, "Error: "+m, c) w.WriteHeader(c)
writeJSON(w, models.Response{Success: false, Message: m})
return true return true
} }
return false return false

3
middleware/middleware.go
View File

@ -29,8 +29,9 @@ func GetContext(handler http.Handler) http.HandlerFunc {
u, err := models.GetUser(id.(int64)) u, err := models.GetUser(id.(int64))
if err != nil { if err != nil {
ctx.Set(r, "user", nil) ctx.Set(r, "user", nil)
} } else {
ctx.Set(r, "user", u) ctx.Set(r, "user", u)
}
} else { } else {
ctx.Set(r, "user", nil) ctx.Set(r, "user", nil)
} }

2
models/campaign.go
View File

@ -90,7 +90,7 @@ func PostCampaign(c *Campaign, uid int64) error {
func UpdateCampaignStatus(c *Campaign, s string) error { func UpdateCampaignStatus(c *Campaign, s string) error {
// This could be made simpler, but I think there's a bug in gorm // This could be made simpler, but I think there's a bug in gorm
return db.Debug().Table("campaigns").Where("id=?", c.Id).Update("status", s).Error return db.Table("campaigns").Where("id=?", c.Id).Update("status", s).Error
} }
//DeleteCampaign deletes the specified campaign //DeleteCampaign deletes the specified campaign

1
models/models.go
View File

@ -33,6 +33,7 @@ type Flash struct {
type Response struct { type Response struct {
Message string `json:"message"` Message string `json:"message"`
Success bool `json:"success"` Success bool `json:"success"`
Data interface{} `json:"data"`
} }
// Setup initializes the Conn object // Setup initializes the Conn object

18
models/template.go
View File

@ -38,6 +38,17 @@ func GetTemplate(id int64, uid int64) (Template, error) {
return t, err return t, err
} }
// GetTemplateByName returns the template, if it exists, specified by the given name and user_id.
func GetTemplateByName(n string, uid int64) (Template, error) {
t := Template{}
err := db.Where("user_id=? and name=?", uid, n).Find(&t).Error
if err != nil {
Logger.Println(err)
return t, err
}
return t, nil
}
// PostTemplate creates a new template in the database. // PostTemplate creates a new template in the database.
func PostTemplate(t *Template) error { func PostTemplate(t *Template) error {
// Insert into the DB // Insert into the DB
@ -49,12 +60,17 @@ func PostTemplate(t *Template) error {
return nil return nil
} }
// PutTemplate edits an existing template in the database.
// Per the PUT Method RFC, it presumes all data for a template is provided.
func PutTemplate(t *Template, uid int64) error { func PutTemplate(t *Template, uid int64) error {
return nil return nil
//err :=
} }
// DeleteTemplate deletes an existing template in the database.
// An error is returned if a template with the given user id and template id is not found.
func DeleteTemplate(id int64, uid int64) error { func DeleteTemplate(id int64, uid int64) error {
err := db.Debug().Where("user_id=?", uid).Delete(Template{Id: id}).Error err := db.Where("user_id=?", uid).Delete(Template{Id: id}).Error
if err != nil { if err != nil {
Logger.Println(err) Logger.Println(err)
return err return err

2
static/bootstrap/css/bootstrap.css
View File

@ -5186,7 +5186,7 @@ button.close {
} }
@media (min-width: 768px) { @media (min-width: 768px) {
.modal-dialog { .modal-dialog {
width: 600px; width: 800px;
margin: 30px auto; margin: 30px auto;
} }
.modal-content { .modal-content {