-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathmain.go
101 lines (87 loc) · 2.17 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"errors"
"fmt"
"io/ioutil"
"net"
"net/http"
log "github.com/sirupsen/logrus"
"github.com/spf13/viper"
)
var (
errNoSignature = errors.New("header X-Gophish-Signature not provided")
errInvalidSignature = errors.New("invalid signature")
)
func validateSignature(body []byte, r *http.Request) error {
secret := viper.GetString("secret")
mac := hmac.New(sha256.New, []byte(secret))
mac.Write(body)
expected := hex.EncodeToString(mac.Sum(nil))
var actual string
if _, err := fmt.Sscanf(r.Header.Get("X-Gophish-Signature"), "sha256=%s", &actual); err != nil {
return errNoSignature
}
if !hmac.Equal([]byte(expected), []byte(actual)) {
return errInvalidSignature
}
return nil
}
func handler(w http.ResponseWriter, r *http.Request) {
defer r.Body.Close()
body, err := ioutil.ReadAll(r.Body)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
log.Debug(string(body))
if err := validateSignature(body, r); err != nil {
log.Error(err)
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
response, err := NewWebhookResponse(body)
if err != nil {
log.Error(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if response.Success {
return
}
sender, err := senderDispatch(response.Message, response, []byte(response.Details))
if err != nil {
log.Error(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
profiles := viper.GetStringSlice("profiles")
for _, profile := range profiles {
if profile == "email" {
if err := sender.SendEmail(); err != nil {
log.Error(err)
return
}
}
if profile == "slack" {
if err := sender.SendSlack(); err != nil {
log.Error(err)
return
}
}
if profile == "ghostwriter" {
if err := sender.SendGraphql(); err != nil {
log.Error(err)
return
}
}
}
w.WriteHeader(http.StatusNoContent)
}
func main() {
addr := net.JoinHostPort(viper.GetString("listen_host"), viper.GetString("listen_port"))
log.Infof("Server listening on %s%s", addr, viper.GetString("webhook_path"))
http.ListenAndServe(addr, http.HandlerFunc(handler))
}