Browse Source

Cleaned API even more (everything is via HandlerFunc)

Sessions are now encrypted as well as signed.
pull/24/head
Jordan 7 years ago
parent
commit
2a62f62bc6
4 changed files with 18 additions and 15 deletions
  1. +4
    -1
      auth/auth.go
  2. +7
    -7
      controllers/route.go
  3. +1
    -1
      gophish.go
  4. +6
    -6
      middleware/middleware.go

+ 4
- 1
auth/auth.go View File

@ -18,7 +18,10 @@ func init() {
gob.Register(&models.User{})
}
var Store = sessions.NewCookieStore([]byte(securecookie.GenerateRandomKey(64)))
var Store = sessions.NewCookieStore(
[]byte(securecookie.GenerateRandomKey(64)), //Signing key
[]byte(securecookie.GenerateRandomKey(64)), //Encryption key
)
// CheckLogin attempts to request a SQL record with the given username.
// If successful, it then compares the received bcrypt hash.

+ 7
- 7
controllers/route.go View File

@ -39,16 +39,16 @@ import (
"github.com/jordan-wright/gophish/models"
)
func CreateRouter() http.Handler {
func CreateRouter() *mux.Router {
router := mux.NewRouter()
// Base Front-end routes
router.HandleFunc("/login", Login)
router.HandleFunc("/register", Register)
router.Handle("/", Use(http.HandlerFunc(Base), mid.RequireLogin))
router.Handle("/campaigns", Use(http.HandlerFunc(Campaigns), mid.RequireLogin))
router.Handle("/campaigns/{id}", Use(http.HandlerFunc(Campaigns_Id), mid.RequireLogin))
router.Handle("/users", Use(http.HandlerFunc(Users), mid.RequireLogin))
router.Handle("/settings", Use(http.HandlerFunc(Settings), mid.RequireLogin))
router.HandleFunc("/", Use(Base, mid.RequireLogin))
router.HandleFunc("/campaigns", Use(Campaigns, mid.RequireLogin))
router.HandleFunc("/campaigns/{id}", Use(Campaigns_Id, mid.RequireLogin))
router.HandleFunc("/users", Use(Users, mid.RequireLogin))
router.HandleFunc("/settings", Use(Settings, mid.RequireLogin))
// Create the API routes
api := router.PathPrefix("/api").Subrouter()
@ -64,7 +64,7 @@ func CreateRouter() http.Handler {
// Use allows us to stack middleware to process the request
// Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172
func Use(handler http.Handler, mid ...func(http.Handler) http.Handler) http.Handler {
func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc {
for _, m := range mid {
handler = m(handler)
}

+ 1
- 1
gophish.go View File

@ -46,6 +46,6 @@ func main() {
fmt.Println(err)
}
fmt.Printf("Gophish server started at http://%s\n", config.Conf.URL)
http.Handle("/", controllers.Use(controllers.CreateRouter(), middleware.GetContext))
http.Handle("/", controllers.Use(controllers.CreateRouter().ServeHTTP, middleware.GetContext))
http.ListenAndServe(config.Conf.URL, nil)
}

+ 6
- 6
middleware/middleware.go View File

@ -9,9 +9,9 @@ import (
// GetContext wraps each request in a function which fills in the context for a given request.
// This includes setting the User and Session keys and values as necessary for use in later functions.
func GetContext(handler http.Handler) http.Handler {
func GetContext(handler http.Handler) http.HandlerFunc {
// Set the context here
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
// Set the context appropriately here.
// Set the session
session, _ := auth.Store.Get(r, "gophish")
@ -31,17 +31,17 @@ func GetContext(handler http.Handler) http.Handler {
session.Save(r, w)
// Remove context contents
ctx.Clear(r)
})
}
}
// RequireLogin is a simple middleware which checks to see if the user is currently logged in.
// If not, the function returns a 302 redirect to the login page.
func RequireLogin(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
func RequireLogin(handler http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if u := ctx.Get(r, "user"); u != nil {
handler.ServeHTTP(w, r)
} else {
http.Redirect(w, r, "/login", 302)
}
})
}
}

Loading…
Cancel
Save