mirror of https://github.com/gophish/gophish
467 lines
13 KiB
Go
467 lines
13 KiB
Go
package models
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"net/mail"
|
|
"strings"
|
|
"time"
|
|
|
|
log "github.com/gophish/gophish/logger"
|
|
"github.com/jinzhu/gorm"
|
|
"github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// Group contains the fields needed for a user -> group mapping
|
|
// Groups contain 1..* Targets
|
|
type Group struct {
|
|
Id int64 `json:"id"`
|
|
UserId int64 `json:"-"`
|
|
Name string `json:"name"`
|
|
ModifiedDate time.Time `json:"modified_date"`
|
|
Targets []Target `json:"targets" sql:"-"`
|
|
}
|
|
|
|
// GroupSummaries is a struct representing the overview of Groups.
|
|
type GroupSummaries struct {
|
|
Total int64 `json:"total"`
|
|
Groups []GroupSummary `json:"groups"`
|
|
}
|
|
|
|
// GroupSummary represents a summary of the Group model. The only
|
|
// difference is that, instead of listing the Targets (which could be expensive
|
|
// for large groups), it lists the target count.
|
|
type GroupSummary struct {
|
|
Id int64 `json:"id"`
|
|
Name string `json:"name"`
|
|
ModifiedDate time.Time `json:"modified_date"`
|
|
NumTargets int64 `json:"num_targets"`
|
|
}
|
|
|
|
// GroupTarget is used for a many-to-many relationship between 1..* Groups and 1..* Targets
|
|
type GroupTarget struct {
|
|
GroupId int64 `json:"-"`
|
|
TargetId int64 `json:"-"`
|
|
}
|
|
|
|
// Target contains the fields needed for individual targets specified by the user
|
|
// Groups contain 1..* Targets, but 1 Target may belong to 1..* Groups
|
|
type Target struct {
|
|
Id int64 `json:"id"`
|
|
BaseRecipient
|
|
}
|
|
|
|
// BaseRecipient contains the fields for a single recipient. This is the base
|
|
// struct used in members of groups and campaign results.
|
|
type BaseRecipient struct {
|
|
Email string `json:"email"`
|
|
FirstName string `json:"first_name"`
|
|
LastName string `json:"last_name"`
|
|
Position string `json:"position"`
|
|
}
|
|
|
|
// DataTable is used to return a JSON object suitable for consumption by DataTables
|
|
// when using pagination
|
|
type DataTable struct {
|
|
Draw int64 `json:"draw"`
|
|
RecordsTotal int64 `json:"recordsTotal"`
|
|
RecordsFiltered int64 `json:"recordsFiltered"`
|
|
Data []interface{} `json:"data"`
|
|
}
|
|
|
|
// FormatAddress returns the email address to use in the "To" header of the email
|
|
func (r *BaseRecipient) FormatAddress() string {
|
|
addr := r.Email
|
|
if r.FirstName != "" && r.LastName != "" {
|
|
a := &mail.Address{
|
|
Name: fmt.Sprintf("%s %s", r.FirstName, r.LastName),
|
|
Address: r.Email,
|
|
}
|
|
addr = a.String()
|
|
}
|
|
return addr
|
|
}
|
|
|
|
// FormatAddress returns the email address to use in the "To" header of the email
|
|
func (t *Target) FormatAddress() string {
|
|
addr := t.Email
|
|
if t.FirstName != "" && t.LastName != "" {
|
|
a := &mail.Address{
|
|
Name: fmt.Sprintf("%s %s", t.FirstName, t.LastName),
|
|
Address: t.Email,
|
|
}
|
|
addr = a.String()
|
|
}
|
|
return addr
|
|
}
|
|
|
|
// ErrEmailNotSpecified is thrown when no email is specified for the Target
|
|
var ErrEmailNotSpecified = errors.New("No email address specified")
|
|
|
|
// ErrGroupNameNotSpecified is thrown when a group name is not specified
|
|
var ErrGroupNameNotSpecified = errors.New("Group name not specified")
|
|
|
|
// ErrNoTargetsSpecified is thrown when no targets are specified by the user
|
|
var ErrNoTargetsSpecified = errors.New("No targets specified")
|
|
|
|
// Validate performs validation on a group given by the user
|
|
func (g *Group) Validate() error {
|
|
switch {
|
|
case g.Name == "":
|
|
return ErrGroupNameNotSpecified
|
|
case len(g.Targets) == 0:
|
|
return ErrNoTargetsSpecified
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// GetGroups returns the groups owned by the given user.
|
|
func GetGroups(uid int64) ([]Group, error) {
|
|
gs := []Group{}
|
|
err := db.Where("user_id=?", uid).Find(&gs).Error
|
|
if err != nil {
|
|
log.Error(err)
|
|
return gs, err
|
|
}
|
|
for i := range gs {
|
|
gs[i].Targets, err = GetTargets(gs[i].Id, -1, -1, "", "")
|
|
if err != nil {
|
|
log.Error(err)
|
|
}
|
|
}
|
|
return gs, nil
|
|
}
|
|
|
|
// GetGroupSummaries returns the summaries for the groups
|
|
// created by the given uid.
|
|
func GetGroupSummaries(uid int64) (GroupSummaries, error) {
|
|
gs := GroupSummaries{}
|
|
query := db.Table("groups").Where("user_id=?", uid)
|
|
err := query.Select("id, name, modified_date").Scan(&gs.Groups).Error
|
|
if err != nil {
|
|
log.Error(err)
|
|
return gs, err
|
|
}
|
|
for i := range gs.Groups {
|
|
query = db.Table("group_targets").Where("group_id=?", gs.Groups[i].Id)
|
|
err = query.Count(&gs.Groups[i].NumTargets).Error
|
|
if err != nil {
|
|
return gs, err
|
|
}
|
|
}
|
|
gs.Total = int64(len(gs.Groups))
|
|
return gs, nil
|
|
}
|
|
|
|
// GetGroup returns the group, if it exists, specified by the given id and user_id.
|
|
// Filter on number of results and starting point with 'start' and 'length' for pagination.
|
|
func GetGroup(id int64, uid int64, start int64, length int64, search string, order string) (Group, error) {
|
|
g := Group{}
|
|
err := db.Where("user_id=? and id=?", uid, id).Find(&g).Error
|
|
if err != nil {
|
|
log.Error(err)
|
|
return g, err
|
|
}
|
|
g.Targets, err = GetTargets(g.Id, start, length, search, order)
|
|
if err != nil {
|
|
log.Error(err)
|
|
}
|
|
return g, nil
|
|
}
|
|
|
|
// GetGroupSummary returns the summary for the requested group
|
|
func GetGroupSummary(id int64, uid int64) (GroupSummary, error) {
|
|
g := GroupSummary{}
|
|
query := db.Table("groups").Where("user_id=? and id=?", uid, id)
|
|
err := query.Select("id, name, modified_date").Scan(&g).Error
|
|
if err != nil {
|
|
log.Error(err)
|
|
return g, err
|
|
}
|
|
query = db.Table("group_targets").Where("group_id=?", id)
|
|
err = query.Count(&g.NumTargets).Error
|
|
if err != nil {
|
|
return g, err
|
|
}
|
|
return g, nil
|
|
}
|
|
|
|
// GetGroupByName returns the group, if it exists, specified by the given name and user_id.
|
|
func GetGroupByName(n string, uid int64) (Group, error) {
|
|
g := Group{}
|
|
err := db.Where("user_id=? and name=?", uid, n).Find(&g).Error
|
|
if err != nil {
|
|
log.Error(err)
|
|
return g, err
|
|
}
|
|
g.Targets, err = GetTargets(g.Id, -1, -1, "", "")
|
|
if err != nil {
|
|
log.Error(err)
|
|
}
|
|
return g, err
|
|
}
|
|
|
|
// PostGroup creates a new group in the database.
|
|
func PostGroup(g *Group) error {
|
|
if err := g.Validate(); err != nil {
|
|
return err
|
|
}
|
|
// Insert the group into the DB
|
|
tx := db.Begin()
|
|
err := tx.Save(g).Error
|
|
if err != nil {
|
|
tx.Rollback()
|
|
log.Error(err)
|
|
return err
|
|
}
|
|
for _, t := range g.Targets {
|
|
err = insertTargetIntoGroup(tx, t, g.Id)
|
|
if err != nil {
|
|
tx.Rollback()
|
|
log.Error(err)
|
|
return err
|
|
}
|
|
}
|
|
err = tx.Commit().Error
|
|
if err != nil {
|
|
log.Error(err)
|
|
tx.Rollback()
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// PutGroup updates the given group if found in the database.
|
|
func PutGroup(g *Group) error {
|
|
if err := g.Validate(); err != nil {
|
|
return err
|
|
}
|
|
// Fetch group's existing targets from database.
|
|
ts, err := GetTargets(g.Id, -1, -1, "", "")
|
|
if err != nil {
|
|
log.WithFields(logrus.Fields{
|
|
"group_id": g.Id,
|
|
}).Error("Error getting targets from group")
|
|
return err
|
|
}
|
|
// Preload the caches
|
|
cacheNew := make(map[string]int64, len(g.Targets))
|
|
for _, t := range g.Targets {
|
|
cacheNew[t.Email] = t.Id
|
|
}
|
|
|
|
cacheExisting := make(map[string]int64, len(ts))
|
|
for _, t := range ts {
|
|
cacheExisting[t.Email] = t.Id
|
|
}
|
|
|
|
tx := db.Begin()
|
|
// Check existing targets, removing any that are no longer in the group.
|
|
for _, t := range ts {
|
|
if _, ok := cacheNew[t.Email]; ok {
|
|
continue
|
|
}
|
|
|
|
// If the target does not exist in the group any longer, we delete it
|
|
err := tx.Where("group_id=? and target_id=?", g.Id, t.Id).Delete(&GroupTarget{}).Error
|
|
if err != nil {
|
|
tx.Rollback()
|
|
log.WithFields(logrus.Fields{
|
|
"email": t.Email,
|
|
}).Error("Error deleting email")
|
|
}
|
|
}
|
|
// Add any targets that are not in the database yet.
|
|
for _, nt := range g.Targets {
|
|
// If the target already exists in the database, we should just update
|
|
// the record with the latest information.
|
|
if id, ok := cacheExisting[nt.Email]; ok {
|
|
nt.Id = id
|
|
err = UpdateTarget(tx, nt)
|
|
if err != nil {
|
|
log.Error(err)
|
|
tx.Rollback()
|
|
return err
|
|
}
|
|
continue
|
|
}
|
|
// Otherwise, add target if not in database
|
|
err = insertTargetIntoGroup(tx, nt, g.Id)
|
|
if err != nil {
|
|
log.Error(err)
|
|
tx.Rollback()
|
|
return err
|
|
}
|
|
}
|
|
err = tx.Save(g).Error
|
|
if err != nil {
|
|
log.Error(err)
|
|
return err
|
|
}
|
|
err = tx.Commit().Error
|
|
if err != nil {
|
|
tx.Rollback()
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// DeleteGroup deletes a given group by group ID and user ID
|
|
func DeleteGroup(g *Group) error {
|
|
// Delete all the group_targets entries for this group
|
|
err := db.Where("group_id=?", g.Id).Delete(&GroupTarget{}).Error
|
|
if err != nil {
|
|
log.Error(err)
|
|
return err
|
|
}
|
|
// Delete the group itself
|
|
err = db.Delete(g).Error
|
|
if err != nil {
|
|
log.Error(err)
|
|
return err
|
|
}
|
|
return err
|
|
}
|
|
|
|
// DeleteTarget deletes a single target from a group given by target ID
|
|
func DeleteTarget(t *Target, gid int64, uid int64) error {
|
|
|
|
targetOwner, err := GetTargetOwner(t.Id)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if targetOwner != uid {
|
|
return errors.New("No such target id (wrong owner)")
|
|
}
|
|
|
|
err = db.Delete(t).Error
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = db.Where("target_id=?", t.Id).Delete(&GroupTarget{}).Error
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// Update group modification date
|
|
err = db.Model(&Group{}).Where("id=?", gid).Update("ModifiedDate", time.Now().UTC()).Error
|
|
return err
|
|
}
|
|
|
|
// UpdateGroup updates a given group (without updating the targets)
|
|
// Note: I thought about putting this in the Group() function, but we'd have to skip the validation and have a boolean
|
|
// indicating we just want to rename the group.
|
|
func UpdateGroup(g *Group) error {
|
|
if g.Name == "" {
|
|
return ErrGroupNameNotSpecified
|
|
}
|
|
err := db.Save(g).Error
|
|
return err
|
|
}
|
|
|
|
// AddTargetToGroup adds a single given target to a group by group ID
|
|
func AddTargetToGroup(nt Target, gid int64) error {
|
|
// Check if target already exists in group
|
|
tmpt, err := GetTargetByEmail(gid, nt.Email)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// If target exists in group, update it.
|
|
if len(tmpt) > 0 {
|
|
nt.Id = tmpt[0].Id
|
|
err = UpdateTarget(db, nt)
|
|
} else {
|
|
err = insertTargetIntoGroup(db, nt, gid)
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = db.Model(&Group{}).Where("id=?", gid).Update("ModifiedDate", time.Now().UTC()).Error
|
|
return err
|
|
}
|
|
|
|
func insertTargetIntoGroup(tx *gorm.DB, t Target, gid int64) error {
|
|
if _, err := mail.ParseAddress(t.Email); err != nil {
|
|
log.WithFields(logrus.Fields{
|
|
"email": t.Email,
|
|
}).Error("Invalid email")
|
|
return err
|
|
}
|
|
err := tx.Where(t).FirstOrCreate(&t).Error
|
|
if err != nil {
|
|
log.WithFields(logrus.Fields{
|
|
"email": t.Email,
|
|
}).Error(err)
|
|
return err
|
|
}
|
|
err = tx.Save(&GroupTarget{GroupId: gid, TargetId: t.Id}).Error
|
|
if err != nil {
|
|
log.Error(err)
|
|
return err
|
|
}
|
|
if err != nil {
|
|
log.WithFields(logrus.Fields{
|
|
"email": t.Email,
|
|
}).Error("Error adding many-many mapping")
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// UpdateTarget updates the given target information in the database.
|
|
func UpdateTarget(tx *gorm.DB, target Target) error {
|
|
targetInfo := map[string]interface{}{
|
|
"first_name": target.FirstName,
|
|
"last_name": target.LastName,
|
|
"position": target.Position,
|
|
}
|
|
err := tx.Model(&target).Where("id = ?", target.Id).Updates(targetInfo).Error
|
|
if err != nil {
|
|
log.WithFields(logrus.Fields{
|
|
"email": target.Email,
|
|
}).Error("Error updating target information")
|
|
}
|
|
return err
|
|
}
|
|
|
|
// GetTargets performs a many-to-many select to get all the Targets for a Group
|
|
// Start, length, and search can be supplied, or -1, -1, "" to ignore
|
|
func GetTargets(gid int64, start int64, length int64, search string, order string) ([]Target, error) {
|
|
|
|
ts := []Target{}
|
|
var err error
|
|
|
|
order = strings.TrimSpace(order)
|
|
search = strings.TrimSpace(search)
|
|
if order == "" {
|
|
order = "targets.first_name asc"
|
|
} else {
|
|
order = "targets." + order
|
|
}
|
|
|
|
// TODO: Rather than having two queries create a partial query and include the search options. Haven't been able to figure out how yet.
|
|
if search != "" {
|
|
search = "%" + search + "%"
|
|
err = db.Order(order).Table("targets").Select("targets.id, targets.email, targets.first_name, targets.last_name, targets.position").Joins("left join group_targets gt ON targets.id = gt.target_id").Where("gt.group_id=?", gid).Where("targets.first_name LIKE ? OR targets.last_name LIKE ? OR targets.email LIKE ? or targets.position LIKE ?", search, search, search, search).Offset(start).Limit(length).Scan(&ts).Error
|
|
|
|
} else {
|
|
err = db.Order(order).Table("targets").Select("targets.id, targets.email, targets.first_name, targets.last_name, targets.position").Joins("left join group_targets gt ON targets.id = gt.target_id").Where("gt.group_id=?", gid).Offset(start).Limit(length).Scan(&ts).Error
|
|
}
|
|
|
|
return ts, err
|
|
}
|
|
|
|
// GetTargetByEmail gets a single target from a group by email address and group id
|
|
func GetTargetByEmail(gid int64, email string) ([]Target, error) {
|
|
ts := []Target{}
|
|
err := db.Table("targets").Select("targets.id, targets.email, targets.first_name, targets.last_name, targets.position").Joins("left join group_targets gt ON targets.id = gt.target_id").Where("gt.group_id=?", gid).Where("targets.email=?", email).First(&ts).Error
|
|
return ts, err
|
|
}
|
|
|
|
// GetTargetOwner returns the user id owner of a given target id
|
|
func GetTargetOwner(tid int64) (int64, error) {
|
|
g := Group{}
|
|
err := db.Table("groups").Select("groups.user_id").Joins("left join group_targets on group_targets.group_id = groups.id").Where("group_targets.target_id = ?", tid).Scan(&g).Error
|
|
return g.UserId, err
|
|
}
|