github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-08-19 21:13:18 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

refact: refactored api.rest to avoid using global variables

Browse source
This commit is contained in:
evilsocket 2018-03-01 18:06:42 +01:00
commit 894cbe76a1
2 changed files with 40 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

51
modules/api_rest_controller.go
View file

@ -9,11 +9,6 @@ import (
"github.com/bettercap/bettercap/session"
)
var (
ApiUsername = ""
ApiPassword = ""
)
type CommandRequest struct {
Command string `json:"cmd"`
}
@ -23,17 +18,6 @@ type APIResponse struct {
Message string `json:"msg"`
}
func checkAuth(r *http.Request) bool {
user, pass, _ := r.BasicAuth()
// timing attack my ass
if subtle.ConstantTimeCompare([]byte(user), []byte(ApiUsername)) != 1 {
return false
} else if subtle.ConstantTimeCompare([]byte(pass), []byte(ApiPassword)) != 1 {
return false
}
return true
}
func setAuthFailed(w http.ResponseWriter) {
w.Header().Set("WWW-Authenticate", `Basic realm="auth"`)
w.WriteHeader(401)
@ -52,11 +36,22 @@ func toJSON(w http.ResponseWriter, o interface{}) {
json.NewEncoder(w).Encode(o)
}
func showSession(w http.ResponseWriter, r *http.Request) {
func (api *RestAPI) checkAuth(r *http.Request) bool {
user, pass, _ := r.BasicAuth()
// timing attack my ass
if subtle.ConstantTimeCompare([]byte(user), []byte(api.username)) != 1 {
return false
} else if subtle.ConstantTimeCompare([]byte(pass), []byte(api.password)) != 1 {
return false
}
return true
}
func (api *RestAPI) showSession(w http.ResponseWriter, r *http.Request) {
toJSON(w, session.I)
}
func runSessionCommand(w http.ResponseWriter, r *http.Request) {
func (api *RestAPI) runSessionCommand(w http.ResponseWriter, r *http.Request) {
var err error
var cmd CommandRequest
@ -71,7 +66,7 @@ func runSessionCommand(w http.ResponseWriter, r *http.Request) {
}
}
func showEvents(w http.ResponseWriter, r *http.Request) {
func (api *RestAPI) showEvents(w http.ResponseWriter, r *http.Request) {
var err error
events := session.I.Events.Sorted()
@ -94,33 +89,33 @@ func showEvents(w http.ResponseWriter, r *http.Request) {
toJSON(w, events[0:n])
}
func clearEvents(w http.ResponseWriter, r *http.Request) {
func (api *RestAPI) clearEvents(w http.ResponseWriter, r *http.Request) {
session.I.Events.Clear()
}
func SessionRoute(w http.ResponseWriter, r *http.Request) {
func (api *RestAPI) sessionRoute(w http.ResponseWriter, r *http.Request) {
setSecurityHeaders(w)
if checkAuth(r) == false {
if api.checkAuth(r) == false {
setAuthFailed(w)
} else if r.Method == "GET" {
showSession(w, r)
api.showSession(w, r)
} else if r.Method == "POST" {
runSessionCommand(w, r)
api.runSessionCommand(w, r)
} else {
http.Error(w, "Bad Request", 400)
}
}
func EventsRoute(w http.ResponseWriter, r *http.Request) {
func (api *RestAPI) eventsRoute(w http.ResponseWriter, r *http.Request) {
setSecurityHeaders(w)
if checkAuth(r) == false {
if api.checkAuth(r) == false {
setAuthFailed(w)
} else if r.Method == "GET" {
showEvents(w, r)
api.showEvents(w, r)
} else if r.Method == "DELETE" {
clearEvents(w, r)
api.clearEvents(w, r)
} else {
http.Error(w, "Bad Request", 400)
}