Working on setting up Login functionality

Introduced working with SQLite DB - working on setting up database on first run
Added "dbpath" to config

.gitignore

@@ -20,3 +20,4 @@ _cgo_export.*
 _testmain.go
 
 *.exe
+*.db

api.go

@@ -2,24 +2,36 @@ package main
 
 import (
 	"fmt"
-	"github.com/gorilla/mux"
 	"net/http"
+
+	"github.com/gorilla/mux"
 )
 
 func API(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprintf(w, "Hello api")
 }
 
+//API_Campaigns returns a list of campaigns if requested via GET.
+//If requested via POST, API_Campaigns creates a new campaign and returns a reference to it.
 func API_Campaigns(w http.ResponseWriter, r *http.Request) {
+	switch {
+	case r.Method == "GET":
+
+	case r.Method == "POST":
+		fmt.Fprintf(w, "Hello POST!")
+	}
 	fmt.Fprintf(w, "Hello api")
 }
 
+//API_Campaigns_Id returns details about the requested campaign. If the campaign is not
+//valid, API_Campaigns_Id returns null.
 func API_Campaigns_Id(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	vars := mux.Vars(r)
 	fmt.Fprintf(w, "{\"method\" : \""+r.Method+"\", \"id\" : "+vars["id"]+"}")
 }
 
+//API_Doc renders a template describing the API documentation.
 func API_Doc(w http.ResponseWriter, r *http.Request) {
 	renderTemplate(w, "api_doc")
 }

config.json

@@ -4,5 +4,6 @@
 		"host" : "smtp.example.com:25",
 		"user" : "username",
 		"pass" : "password"
-	}
+	},
+	"dbpath" : "db/gophish.db"
 }

gophish.go

@@ -26,7 +26,10 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 */
 import (
+	"database/sql"
+	"encoding/gob"
 	"encoding/json"
+	"flag"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -34,15 +37,27 @@ import (
 )
 
 var config Config
+var db sql.DB
+var setupFlag = flag.Bool("setup", false, "Starts the initial setup process for Gophish")
+
+//init registers the necessary models to be saved in the session later
+func init() {
+	gob.Register(&User{})
+}
 
 func main() {
 	// Get the config file
-	config_file, e := ioutil.ReadFile("./config.json")
+	config_file, err := ioutil.ReadFile("./config.json")
-	if e != nil {
+	defer db.Close()
-		fmt.Printf("File error: %v\n", e)
+	if err != nil {
+		fmt.Printf("File error: %v\n", err)
 		os.Exit(1)
 	}
 	json.Unmarshal(config_file, &config)
+	_, err = Setup()
+	if err != nil {
+		fmt.Println(err)
+	}
 	fmt.Printf("Gophish server started at http://%s\n", config.URL)
 	http.Handle("/", createRouter())
 	http.ListenAndServe(config.URL, nil)

models.go

@@ -6,22 +6,14 @@ type SMTPServer struct {
 	Password string `json:"password"`
 }
 
-type Email struct {
-	Subject string
-	Body    string
-	To      []string
-	Bcc     []string
-	Cc      []string
-	From    string
-}
-
 type Config struct {
-	URL  string     `json:"url"`
+	URL    string     `json:"url"`
-	SMTP SMTPServer `json:"smtp"`
+	SMTP   SMTPServer `json:"smtp"`
+	DBPath string     `json:"dbpath"`
 }
 
 type User struct {
-	Id       string
+	Id       int
 	Username string
 	Hash     string
 	APIKey   string

route.go

@@ -27,11 +27,12 @@ THE SOFTWARE.
 */
 
 import (
+	"html/template"
+	"net/http"
+
 	"github.com/gorilla/mux"
 	"github.com/gorilla/securecookie"
 	"github.com/gorilla/sessions"
-	"html/template"
-	"net/http"
 )
 
 var store = sessions.NewCookieStore([]byte(securecookie.GenerateRandomKey(64)))
@@ -66,7 +67,7 @@ func Register(w http.ResponseWriter, r *http.Request) {
 
 func Base(w http.ResponseWriter, r *http.Request) {
 	session, _ := store.Get(r, "gophish")
-	// Example of saving session - will be removed.
+	// Example of using session - will be removed.
 	session.Save(r, w)
 	renderTemplate(w, "dashboard")
 }
@@ -85,10 +86,27 @@ func Base_Campaigns(w http.ResponseWriter, r *http.Request) {
 }
 
 func Login(w http.ResponseWriter, r *http.Request) {
-	renderTemplate(w, "login")
+	switch {
+	case r.Method == "GET":
+		renderTemplate(w, "login")
+	case r.Method == "POST":
+		//Attempt to login
+		if login(r) {
+			session, _ := store.Get(r, "gophish")
+			session.Save(r, w)
+			http.Redirect(w, r, "/", 302)
+		}
+	}
 }
 
 func renderTemplate(w http.ResponseWriter, tmpl string) {
 	t := template.Must(template.New("template").ParseFiles("templates/base.html", "templates/nav.html", "templates/"+tmpl+".html"))
 	t.ExecuteTemplate(w, "base", "T")
 }
+
+func login(r *http.Request) bool {
+	//session, _ := store.Get(r, "gophish")
+	//session.Values["user"] = User{1, "jordan", "hash", "key"}
+	//user := session.Values["user"].(*User)
+	return true
+}

setup.go

@@ -0,0 +1,39 @@
+package main
+
+import (
+	"database/sql"
+	"fmt"
+	"os"
+
+	_ "github.com/mattn/go-sqlite3"
+)
+
+//Setup creates and returns the database needed by Gophish
+func Setup() (*sql.DB, error) {
+	//If the file already exists, delete it and recreate it
+	if _, err := os.Stat(config.DBPath); err == nil {
+		os.Remove(config.DBPath)
+	}
+	fmt.Println("Creating db at " + config.DBPath)
+	db, err := sql.Open("sqlite3", config.DBPath)
+	if err != nil {
+		return nil, err
+	}
+	//Create the tables needed
+	_, err = db.Exec(
+		`CREATE TABLE Users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT, hash VARCHAR(32), apikey VARCHAR(32));`)
+	if err != nil {
+		return nil, err
+	}
+	//Create the default user
+	stmt, err := db.Prepare(`INSERT INTO Users (username, hash, apikey) VALUES (?, ?, ?);`)
+	defer stmt.Close()
+	if err != nil {
+		return nil, err
+	}
+	_, err = stmt.Exec("jordan", "12345678901234567890123456789012", "12345678901234567890123456789012")
+	if err != nil {
+		return nil, err
+	}
+	return db, nil
+}

templates/login.html

@@ -1,6 +1,6 @@
 {{define "content"}}
 <div class="container">
-    <form class="form-signin">
+    <form class="form-signin" action="/login" method="POST">
         <img id="logo" src="/images/logo.png" />
         <h2 class="form-signin-heading">Please sign in</h2>
         <input type="text" class="form-control" placeholder="Username" required autofocus>