mirror of
https://github.com/gophish/gophish
synced 2024-11-15 00:37:14 +00:00
More work implementing pages.
More cleanup - changing *all* API errors to be returned via JSON Fixed bug where /api/pages/ was not csrf exempt Changed db column/table names to be more user friendly in the case of acronyms (Id, SMTP, etc.)
This commit is contained in:
parent
c8be0ddb74
commit
669d96d279
7 changed files with 40 additions and 23 deletions
|
@ -270,18 +270,21 @@ func API_Pages(w http.ResponseWriter, r *http.Request) {
|
|||
p := models.Page{}
|
||||
// Put the request into a page
|
||||
err := json.NewDecoder(r.Body).Decode(&p)
|
||||
if checkError(err, w, "Invalid Request", http.StatusBadRequest) {
|
||||
if err != nil {
|
||||
JSONResponse(w, models.Response{Success: false, Message: "Invalid request"}, http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
_, err = models.GetPageByName(p.Name, ctx.Get(r, "user_id").(int64))
|
||||
if err != gorm.RecordNotFound {
|
||||
JSONResponse(w, models.Response{Success: false, Message: "Template name already in use"}, http.StatusConflict)
|
||||
JSONResponse(w, models.Response{Success: false, Message: "Page name already in use"}, http.StatusConflict)
|
||||
Logger.Println(err)
|
||||
return
|
||||
}
|
||||
p.ModifiedDate = time.Now()
|
||||
p.UserId = ctx.Get(r, "user_id").(int64)
|
||||
err = models.PostPage(&p)
|
||||
if checkError(err, w, "Error inserting page", http.StatusInternalServerError) {
|
||||
if err != nil {
|
||||
JSONResponse(w, models.Response{Success: false, Message: "Error inserting page"}, http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
JSONResponse(w, p, http.StatusCreated)
|
||||
|
@ -312,17 +315,19 @@ func API_Pages_Id(w http.ResponseWriter, r *http.Request) {
|
|||
Logger.Println(err)
|
||||
}
|
||||
if p.Id != id {
|
||||
http.Error(w, "Error: /:id and template_id mismatch", http.StatusBadRequest)
|
||||
JSONResponse(w, models.Response{Success: false, Message: "/:id and /:page_id mismatch"}, http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
err = p.Validate()
|
||||
/* if checkError(err, w, http.StatusBadRequest) {
|
||||
if err != nil {
|
||||
JSONResponse(w, models.Response{Success: false, Message: "Invalid attributes given"}, http.StatusBadRequest)
|
||||
return
|
||||
}*/
|
||||
}
|
||||
p.ModifiedDate = time.Now()
|
||||
p.UserId = ctx.Get(r, "user_id").(int64)
|
||||
err = models.PutPage(&p)
|
||||
if checkError(err, w, "Error updating group", http.StatusInternalServerError) {
|
||||
if err != nil {
|
||||
JSONResponse(w, models.Response{Success: false, Message: "Error updating page"}, http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
JSONResponse(w, p, http.StatusOK)
|
||||
|
|
|
@ -55,6 +55,7 @@ func CreateAdminRouter() http.Handler {
|
|||
csrfHandler.ExemptGlob("/api/campaigns/*")
|
||||
csrfHandler.ExemptGlob("/api/groups/*")
|
||||
csrfHandler.ExemptGlob("/api/templates/*")
|
||||
csrfHandler.ExemptGlob("/api/pages/*")
|
||||
csrfHandler.ExemptGlob("/api/import/*")
|
||||
csrfHandler.ExemptGlob("/static/*")
|
||||
return Use(csrfHandler.ServeHTTP, mid.GetContext)
|
||||
|
|
|
@ -56,8 +56,7 @@ func RequireAPIKey(handler http.Handler) http.HandlerFunc {
|
|||
JSONError(w, 400, "API Key not set")
|
||||
} else {
|
||||
u, err := models.GetUserByAPIKey(ak)
|
||||
/* id, err := models.Conn.SelectInt("SELECT id FROM users WHERE api_key=?", ak)
|
||||
*/if err != nil {
|
||||
if err != nil {
|
||||
JSONError(w, 400, "Invalid API Key")
|
||||
return
|
||||
}
|
||||
|
|
|
@ -71,7 +71,7 @@ func GetGroupByName(n string, uid int64) (Group, error) {
|
|||
if err != nil {
|
||||
Logger.Println(err)
|
||||
}
|
||||
return g, nil
|
||||
return g, err
|
||||
}
|
||||
|
||||
// PostGroup creates a new group in the database.
|
||||
|
|
|
@ -7,15 +7,15 @@ import (
|
|||
|
||||
// Page contains the fields used for a Page model
|
||||
type Page struct {
|
||||
Id int64 `json:"id"`
|
||||
UserId int64 `json:"-"`
|
||||
Id int64 `json:"id" gorm:"column:id; primary_key:yes"`
|
||||
UserId int64 `json:"-" gorm:"column:user_id"`
|
||||
Name string `json:"name"`
|
||||
HTML string `json:"html"`
|
||||
HTML string `json:"html" gorm:"column:html"`
|
||||
ModifiedDate time.Time `json:"modified_date"`
|
||||
}
|
||||
|
||||
// ErrPageNameNotSpecified is thrown if the name of the landing page is blank.
|
||||
var ErrPageNameNotSpecified = errors.New("Template Name not specified")
|
||||
var ErrPageNameNotSpecified = errors.New("Page Name not specified")
|
||||
|
||||
// Validate ensures that a page contains the appropriate details
|
||||
func (p *Page) Validate() error {
|
||||
|
@ -53,13 +53,14 @@ func GetPageByName(n string, uid int64) (Page, error) {
|
|||
if err != nil {
|
||||
Logger.Println(err)
|
||||
}
|
||||
return p, nil
|
||||
return p, err
|
||||
}
|
||||
|
||||
// PostPage creates a new page in the database.
|
||||
func PostPage(p *Page) error {
|
||||
err := p.Validate()
|
||||
if err != nil {
|
||||
Logger.Println(err)
|
||||
return err
|
||||
}
|
||||
// Insert into the DB
|
||||
|
|
|
@ -1,14 +1,21 @@
|
|||
package models
|
||||
|
||||
// SMTP contains the attributes needed to handle the sending of campaign emails
|
||||
type SMTP struct {
|
||||
SMTPId int64 `json:"-"`
|
||||
CampaignId int64 `json:"-"`
|
||||
SMTPId int64 `json:"-" gorm:"column:smtp_id; primary_key:yes"`
|
||||
CampaignId int64 `json:"-" gorm:"column:campaign_id"`
|
||||
Host string `json:"host"`
|
||||
Username string `json:"username,omitempty"`
|
||||
Password string `json:"password,omitempty" sql:"-"`
|
||||
FromAddress string `json:"from_address"`
|
||||
}
|
||||
|
||||
// TableName specifies the database tablename for Gorm to use
|
||||
func (s SMTP) TableName() string {
|
||||
return "smtp"
|
||||
}
|
||||
|
||||
// Validate ensures that SMTP configs/connections are valid
|
||||
func (s *SMTP) Validate() (string, bool) {
|
||||
switch {
|
||||
case s.FromAddress == "":
|
||||
|
|
|
@ -7,20 +7,25 @@ import (
|
|||
"github.com/jinzhu/gorm"
|
||||
)
|
||||
|
||||
// Template models hold the attributes for an email template to be sent to targets
|
||||
type Template struct {
|
||||
Id int64 `json:"id"`
|
||||
UserId int64 `json:"-"`
|
||||
Id int64 `json:"id" gorm:"column:id; primary_key:yes"`
|
||||
UserId int64 `json:"-" gorm:"column:user_id"`
|
||||
Name string `json:"name"`
|
||||
Subject string `json:"subject"`
|
||||
Text string `json:"text"`
|
||||
HTML string `json:"html"`
|
||||
HTML string `json:"html" gorm:"column:html"`
|
||||
ModifiedDate time.Time `json:"modified_date"`
|
||||
Attachments []Attachment `json:"attachments"`
|
||||
}
|
||||
|
||||
// ErrTemplateNameNotSpecified is thrown when a template name is not specified
|
||||
var ErrTemplateNameNotSpecified = errors.New("Template Name not specified")
|
||||
|
||||
// ErrTemplateMissingParameter is thrown when a needed parameter is not provided
|
||||
var ErrTemplateMissingParameter = errors.New("Need to specify at least plaintext or HTML format")
|
||||
|
||||
// Validate checks the given template to make sure values are appropriate and complete
|
||||
func (t *Template) Validate() error {
|
||||
switch {
|
||||
case t.Name == "":
|
||||
|
@ -77,9 +82,8 @@ func GetTemplateByName(n string, uid int64) (Template, error) {
|
|||
err := db.Where("user_id=? and name=?", uid, n).Find(&t).Error
|
||||
if err != nil {
|
||||
Logger.Println(err)
|
||||
return t, err
|
||||
}
|
||||
return t, nil
|
||||
return t, err
|
||||
}
|
||||
|
||||
// PostTemplate creates a new template in the database.
|
||||
|
|
Loading…
Reference in a new issue