package models import ( "errors" "fmt" "net/mail" "strings" "time" log "github.com/gophish/gophish/logger" "github.com/jinzhu/gorm" "github.com/sirupsen/logrus" ) // Group contains the fields needed for a user -> group mapping // Groups contain 1..* Targets type Group struct { Id int64 `json:"id"` UserId int64 `json:"-"` Name string `json:"name"` ModifiedDate time.Time `json:"modified_date"` Targets []Target `json:"targets" sql:"-"` } // GroupSummaries is a struct representing the overview of Groups. type GroupSummaries struct { Total int64 `json:"total"` Groups []GroupSummary `json:"groups"` } // GroupSummary represents a summary of the Group model. The only // difference is that, instead of listing the Targets (which could be expensive // for large groups), it lists the target count. type GroupSummary struct { Id int64 `json:"id"` Name string `json:"name"` ModifiedDate time.Time `json:"modified_date"` NumTargets int64 `json:"num_targets"` } // GroupTarget is used for a many-to-many relationship between 1..* Groups and 1..* Targets type GroupTarget struct { GroupId int64 `json:"-"` TargetId int64 `json:"-"` } // Target contains the fields needed for individual targets specified by the user // Groups contain 1..* Targets, but 1 Target may belong to 1..* Groups type Target struct { Id int64 `json:"id"` BaseRecipient } // BaseRecipient contains the fields for a single recipient. This is the base // struct used in members of groups and campaign results. type BaseRecipient struct { Email string `json:"email"` FirstName string `json:"first_name"` LastName string `json:"last_name"` Position string `json:"position"` } // DataTable is used to return a JSON object suitable for consumption by DataTables // when using pagination type DataTable struct { Draw int64 `json:"draw"` RecordsTotal int64 `json:"recordsTotal"` RecordsFiltered int64 `json:"recordsFiltered"` Data []interface{} `json:"data"` } // FormatAddress returns the email address to use in the "To" header of the email func (r *BaseRecipient) FormatAddress() string { addr := r.Email if r.FirstName != "" && r.LastName != "" { a := &mail.Address{ Name: fmt.Sprintf("%s %s", r.FirstName, r.LastName), Address: r.Email, } addr = a.String() } return addr } // FormatAddress returns the email address to use in the "To" header of the email func (t *Target) FormatAddress() string { addr := t.Email if t.FirstName != "" && t.LastName != "" { a := &mail.Address{ Name: fmt.Sprintf("%s %s", t.FirstName, t.LastName), Address: t.Email, } addr = a.String() } return addr } // ErrEmailNotSpecified is thrown when no email is specified for the Target var ErrEmailNotSpecified = errors.New("No email address specified") // ErrGroupNameNotSpecified is thrown when a group name is not specified var ErrGroupNameNotSpecified = errors.New("Group name not specified") // ErrNoTargetsSpecified is thrown when no targets are specified by the user var ErrNoTargetsSpecified = errors.New("No targets specified") // Validate performs validation on a group given by the user func (g *Group) Validate() error { switch { case g.Name == "": return ErrGroupNameNotSpecified case len(g.Targets) == 0: return ErrNoTargetsSpecified } return nil } // GetGroups returns the groups owned by the given user. func GetGroups(uid int64) ([]Group, error) { gs := []Group{} err := db.Where("user_id=?", uid).Find(&gs).Error if err != nil { log.Error(err) return gs, err } for i := range gs { gs[i].Targets, err = GetTargets(gs[i].Id, -1, -1, "", "") if err != nil { log.Error(err) } } return gs, nil } // GetGroupSummaries returns the summaries for the groups // created by the given uid. func GetGroupSummaries(uid int64) (GroupSummaries, error) { gs := GroupSummaries{} query := db.Table("groups").Where("user_id=?", uid) err := query.Select("id, name, modified_date").Scan(&gs.Groups).Error if err != nil { log.Error(err) return gs, err } for i := range gs.Groups { query = db.Table("group_targets").Where("group_id=?", gs.Groups[i].Id) err = query.Count(&gs.Groups[i].NumTargets).Error if err != nil { return gs, err } } gs.Total = int64(len(gs.Groups)) return gs, nil } // GetGroup returns the group, if it exists, specified by the given id and user_id. // Filter on number of results and starting point with 'start' and 'length' for pagination. func GetGroup(id int64, uid int64, start int64, length int64, search string, order string) (Group, error) { g := Group{} err := db.Where("user_id=? and id=?", uid, id).Find(&g).Error if err != nil { log.Error(err) return g, err } g.Targets, err = GetTargets(g.Id, start, length, search, order) if err != nil { log.Error(err) } return g, nil } // GetGroupSummary returns the summary for the requested group func GetGroupSummary(id int64, uid int64) (GroupSummary, error) { g := GroupSummary{} query := db.Table("groups").Where("user_id=? and id=?", uid, id) err := query.Select("id, name, modified_date").Scan(&g).Error if err != nil { log.Error(err) return g, err } query = db.Table("group_targets").Where("group_id=?", id) err = query.Count(&g.NumTargets).Error if err != nil { return g, err } return g, nil } // GetGroupByName returns the group, if it exists, specified by the given name and user_id. func GetGroupByName(n string, uid int64) (Group, error) { g := Group{} err := db.Where("user_id=? and name=?", uid, n).Find(&g).Error if err != nil { log.Error(err) return g, err } g.Targets, err = GetTargets(g.Id, -1, -1, "", "") if err != nil { log.Error(err) } return g, err } // PostGroup creates a new group in the database. func PostGroup(g *Group) error { if err := g.Validate(); err != nil { return err } // Insert the group into the DB tx := db.Begin() err := tx.Save(g).Error if err != nil { tx.Rollback() log.Error(err) return err } for _, t := range g.Targets { err = insertTargetIntoGroup(tx, t, g.Id) if err != nil { tx.Rollback() log.Error(err) return err } } err = tx.Commit().Error if err != nil { log.Error(err) tx.Rollback() return err } return nil } // PutGroup updates the given group if found in the database. func PutGroup(g *Group) error { if err := g.Validate(); err != nil { return err } // Fetch group's existing targets from database. ts, err := GetTargets(g.Id, -1, -1, "", "") if err != nil { log.WithFields(logrus.Fields{ "group_id": g.Id, }).Error("Error getting targets from group") return err } // Preload the caches cacheNew := make(map[string]int64, len(g.Targets)) for _, t := range g.Targets { cacheNew[t.Email] = t.Id } cacheExisting := make(map[string]int64, len(ts)) for _, t := range ts { cacheExisting[t.Email] = t.Id } tx := db.Begin() // Check existing targets, removing any that are no longer in the group. for _, t := range ts { if _, ok := cacheNew[t.Email]; ok { continue } // If the target does not exist in the group any longer, we delete it err := tx.Where("group_id=? and target_id=?", g.Id, t.Id).Delete(&GroupTarget{}).Error if err != nil { tx.Rollback() log.WithFields(logrus.Fields{ "email": t.Email, }).Error("Error deleting email") } } // Add any targets that are not in the database yet. for _, nt := range g.Targets { // If the target already exists in the database, we should just update // the record with the latest information. if id, ok := cacheExisting[nt.Email]; ok { nt.Id = id err = UpdateTarget(tx, nt) if err != nil { log.Error(err) tx.Rollback() return err } continue } // Otherwise, add target if not in database err = insertTargetIntoGroup(tx, nt, g.Id) if err != nil { log.Error(err) tx.Rollback() return err } } err = tx.Save(g).Error if err != nil { log.Error(err) return err } err = tx.Commit().Error if err != nil { tx.Rollback() return err } return nil } // DeleteGroup deletes a given group by group ID and user ID func DeleteGroup(g *Group) error { // Delete all the group_targets entries for this group err := db.Where("group_id=?", g.Id).Delete(&GroupTarget{}).Error if err != nil { log.Error(err) return err } // Delete the group itself err = db.Delete(g).Error if err != nil { log.Error(err) return err } return err } // DeleteTarget deletes a single target from a group given by target ID func DeleteTarget(t *Target, gid int64, uid int64) error { targetOwner, err := GetTargetOwner(t.Id) if err != nil { return err } if targetOwner != uid { return errors.New("No such target id (wrong owner)") } err = db.Delete(t).Error if err != nil { return err } err = db.Where("target_id=?", t.Id).Delete(&GroupTarget{}).Error if err != nil { return err } // Update group modification date err = db.Model(&Group{}).Where("id=?", gid).Update("ModifiedDate", time.Now().UTC()).Error return err } // UpdateGroup updates a given group (without updating the targets) // Note: I thought about putting this in the Group() function, but we'd have to skip the validation and have a boolean // indicating we just want to rename the group. func UpdateGroup(g *Group) error { if g.Name == "" { return ErrGroupNameNotSpecified } err := db.Save(g).Error return err } // AddTargetToGroup adds a single given target to a group by group ID func AddTargetToGroup(nt Target, gid int64) error { // Check if target already exists in group tmpt, err := GetTargetByEmail(gid, nt.Email) if err != nil { return err } // If target exists in group, update it. if len(tmpt) > 0 { nt.Id = tmpt[0].Id err = UpdateTarget(db, nt) } else { err = insertTargetIntoGroup(db, nt, gid) } if err != nil { return err } err = db.Model(&Group{}).Where("id=?", gid).Update("ModifiedDate", time.Now().UTC()).Error return err } func insertTargetIntoGroup(tx *gorm.DB, t Target, gid int64) error { if _, err := mail.ParseAddress(t.Email); err != nil { log.WithFields(logrus.Fields{ "email": t.Email, }).Error("Invalid email") return err } err := tx.Where(t).FirstOrCreate(&t).Error if err != nil { log.WithFields(logrus.Fields{ "email": t.Email, }).Error(err) return err } err = tx.Save(&GroupTarget{GroupId: gid, TargetId: t.Id}).Error if err != nil { log.Error(err) return err } if err != nil { log.WithFields(logrus.Fields{ "email": t.Email, }).Error("Error adding many-many mapping") return err } return nil } // UpdateTarget updates the given target information in the database. func UpdateTarget(tx *gorm.DB, target Target) error { targetInfo := map[string]interface{}{ "first_name": target.FirstName, "last_name": target.LastName, "position": target.Position, } err := tx.Model(&target).Where("id = ?", target.Id).Updates(targetInfo).Error if err != nil { log.WithFields(logrus.Fields{ "email": target.Email, }).Error("Error updating target information") } return err } // GetTargets performs a many-to-many select to get all the Targets for a Group // Start, length, and search can be supplied, or -1, -1, "" to ignore func GetTargets(gid int64, start int64, length int64, search string, order string) ([]Target, error) { ts := []Target{} var err error order = strings.TrimSpace(order) search = strings.TrimSpace(search) if order == "" { order = "targets.first_name asc" } else { order = "targets." + order } // TODO: Rather than having two queries create a partial query and include the search options. Haven't been able to figure out how yet. if search != "" { search = "%" + search + "%" err = db.Order(order).Table("targets").Select("targets.id, targets.email, targets.first_name, targets.last_name, targets.position").Joins("left join group_targets gt ON targets.id = gt.target_id").Where("gt.group_id=?", gid).Where("targets.first_name LIKE ? OR targets.last_name LIKE ? OR targets.email LIKE ? or targets.position LIKE ?", search, search, search, search).Offset(start).Limit(length).Scan(&ts).Error } else { err = db.Order(order).Table("targets").Select("targets.id, targets.email, targets.first_name, targets.last_name, targets.position").Joins("left join group_targets gt ON targets.id = gt.target_id").Where("gt.group_id=?", gid).Offset(start).Limit(length).Scan(&ts).Error } return ts, err } // GetTargetByEmail gets a single target from a group by email address and group id func GetTargetByEmail(gid int64, email string) ([]Target, error) { ts := []Target{} err := db.Table("targets").Select("targets.id, targets.email, targets.first_name, targets.last_name, targets.position").Joins("left join group_targets gt ON targets.id = gt.target_id").Where("gt.group_id=?", gid).Where("targets.email=?", email).First(&ts).Error return ts, err } // GetTargetOwner returns the user id owner of a given target id func GetTargetOwner(tid int64) (int64, error) { g := Group{} err := db.Table("groups").Select("groups.user_id").Joins("left join group_targets on group_targets.group_id = groups.id").Where("group_targets.target_id = ?", tid).Scan(&g).Error return g.UserId, err }